How to setup nginx for ipfs gateway? - nginx

I need to make ipfs http gateway through nginx with certbot installed together with redirecting websockets to port 9999, but I am unable to make it work as intended.
The code for running websocket service is on "location /" .
Code for ipfs gateway is at "location /ipfs" .
server {
location /ipfs {
proxy_pass http://0.0.0.0:9001;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
allow all;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_redirect http://0.0.0.0:9999/ /;
proxy_redirect ws://0.0.0.0:9999/ /;
proxy_pass http://0.0.0.0:9999/;
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
allow all; # Any IP can perform any other requests
proxy_set_header Connection "Upgrade";
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Cache-Control,Content-Type,Authorization';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'application/json charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
if ($request_method = 'POST') {
# add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type,Authorization';
}
if ($request_method = 'GET') {
# add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
}
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/recall.network/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/recall.network/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = recall.network) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name recall.network;
return 404; # managed by Certbot
}
My custom code:
location /ipfs {
proxy_pass http://0.0.0.0:9001;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
allow all;
}
do not work as intended
I would like to have an ipfs gateway accessible at https:recall.network/ipfs/HASH*

Resolution is to put correct prefix ^~ in location.
location ^~ /ipfs {
proxy_pass http://0.0.0.0:9001;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
allow all;
}

Related

nginx reverse proxy: ERR_TOO_MANY_REDIRECTS but second site is working

i'm relatively new to linux. My server is running Ubuntu 22.04 and i got a little problem here in my nginx configuration. I set up a reverse proxy (nginx) in /etc/nginx/sites-enabled/reverse-proxy.conf and wrote this into the file:
server {
if ($host = domain.de) {
return 301 https://$host$request_uri;
}
listen 80;
server_name domain.de;
return 404;
}
server {
server_name domain.de;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/domain.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.de/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
proxy_buffering off;
server_tokens off;
location ^~ /swagger {
return 404;
}
location / {
root /var/www/html/domain.de;
try_files $uri $uri/ /index-one.html ;
proxy_pass http://127.0.1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header X-Powered-By;
proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range;
# proxy_set_header X-Real-IP $http_CF_Connecting_IP;
add_header 'Referrer-Policy' 'origin-when-cross-origin';
add_header Strict-Transport-Security "max-age=15552000; preload" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
}
}
server {
if ($host = second.domain.de) {
return 301 https://$host$request_uri;
}
listen 80;
server_name second.domain.de;
return 404;
}
server {
server_name second.domain.de;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/second.domain.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/second.domain.de/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
proxy_buffering off;
server_tokens off;
location ^~ /swagger {
return 404;
}
location / {
proxy_pass http://192.168.198.40:8096;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header X-Powered-By;
proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range;
# proxy_set_header X-Real-IP $http_CF_Connecting_IP;
add_header 'Referrer-Policy' 'origin-when-cross-origin';
add_header Strict-Transport-Security "max-age=15552000; preload" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
}
}
The second domain is a streaming service called emby and it works, the first domain is a website i want to host and it is based in /var/www/html/domain.de. The directive /var/www/html/domain.de is owned by www-data.
This config gives me an ERR_TOO_MANY_REDIRECTS on domain.de but the second.domain.de is working fine. Why? What am i doing wrong here?
When i change the ip address in the first domain from 127.0.2.1 to 192.168.198.40 the same error occurs. When i add a port to the address like 127.0.2.1:8080; or 192.168.198.40:8080; i get a 502 Bad Gateway error message.
The second domain is working fine in all constellations but i can't get the first domain to work and i don't know how to fix this.
I hope anybody can help me out here. :)

connect() failed (110: Connection timed out) while connecting to upstream

I have configured nginx setup like below
Nginx running as front end reverse proxy and routing live traffic to couple of upstream servers onprem and aws (Refer nginx site conf below). Here we trying to mirror the original On-Prem hosted application traffic to AWS hosted application which we using it as pre-production testing before completely migrate application to AWS cloud.
We noticed below things,
All original live traffic routed to onprem upstream server which is running on localhost:10200
We see few request failed with connection timeout while mirroring to aws upstream server which is running in AWS cloud
I am getting below error in nginx error log
connect() failed (110: Connection timed out) while connecting to
upstream
upstream onprem {
server localhost:10200;
keepalive 1024;
}
upstream aws {
server <myserver-name>:443;
keepalive 1024;
}
server {
server_name _;
listen 80 default_server;
client_header_buffer_size 16k;
client_header_timeout 900s;
client_max_body_size 100M;
client_body_buffer_size 100M;
client_body_timeout 900s;
proxy_connect_timeout 200s;
proxy_send_timeout 1200s;
proxy_read_timeout 1200s;
send_timeout 1200s;
proxy_buffers 16 128k;
proxy_buffer_size 16k;
proxy_redirect off;
proxy_busy_buffers_size 256k;
port_in_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
location / {
mirror /mirror;
proxy_pass http://onprem;
}
location = /mirror {
add_header 'Access-Control-Allow-Origin' 'https://myserver-name';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH';
internal;
set $delimiter "?";
if ($is_args) {
set $delimiter "&";
}
#log_subrequest on;
set $flag "${delimiter}useTest=true";
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' 'https://myserver-name';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
proxy_ssl_server_name on;
set $new_uri $request_uri;
if ($request_uri ~ "^/ingest(.*)$") {
set $new_uri /test$1;
}
proxy_pass https://aws$new_uri$flag;
}
}

Configure NGINX for client side routing

I have a side made with React running on Digital Ocean and I'm trying to use client side routing but can't get it to work. This is my Nginx default file
upstream site {
server 123.456.78.90:8080;
keepalive 64;
}
server {
server_name site.xyz www.site.xyz;
try_files $uri /index.html;
location / {
index index.html;
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
#
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
#
# Tell client that this pre-flight info is valid for 20 days
#
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
if ($request_method = 'POST') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
try_files $uri index.html;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
proxy_max_temp_file_size 0;
proxy_pass http://site/;
proxy_redirect off;
proxy_read_timeout 240s;
}
error_page 404 /index.html;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/site.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/site.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.site.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = site.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name site.xyz www.site.xyz;
return 404; # managed by Certbot
}
I added the try_files line and the error_page 404 /index.html so that it would default to index.html where the route could be loaded from my code there but it doesn't work at all. I need the ssl certificate and I need the cors code for another function. I'm not sure why it doesn't direct how I want.
Here's what worked for me:
...
location / {
...
proxy_intercept_errors on;
error_page 404 = /index.html;
...
}

Nginx auth before return

Im using nginx with auth.
All auths works properly in the locations is set, but I have a location /marathon that return same url with other port. I have added auth to this location, but it does not work. I think is regarding to the return directive but I dont know why and how to handle it or solve it. I've been searching but I can't find nothing about this
Any ideas why or how to handle it?
user root;
worker_processes 4; # 2 per core
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
use epoll;
}
http {
upstream mypelotweb {
least_conn;
server myweb.marathon.mesos:8001;
server myweb.marathon.mesos:8002;
server myweb.marathon.mesos:8003;
server myweb.marathon.mesos:8004;
}
upstream mypelotwebsockets {
least_conn;
server myweb.marathon.mesos:8001;
server myweb.marathon.mesos:8002;
server myweb.marathon.mesos:8003;
server myweb.marathon.mesos:8004;
}
upstream wingmantracker {
least_conn;
server mywing-tracker.marathon.mesos:8011;
server mywing-tracker.marathon.mesos:8012;
}
upstream club {
server club.marathon.mesos:5000;
}
upstream soccerint {
server soccerint.marathon.mesos:5005;
}
upstream enet {
server enet-web.marathon.mesos:5003;
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format uri $request_uri;
access_log /var/log/nginx/access.log;
keepalive_timeout 65;
proxy_read_timeout 200;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
gzip on;
gzip_min_length 1000;
gzip_proxied any;
gzip_types text/plain text/html text/css text/xml
application/x-javascript application/xml
application/atom+xml text/javascript;
proxy_next_upstream error;
server {
server_name mytree.com;
listen 80;
error_log /var/log/nginx/errorhttp.log;
access_log /var/log/nginx/accesshttp.log;
return 301 https://$host$request_uri;
}
server {
server_name mytree.com;
listen 443;
error_log /var/log/nginx/errorhttps.log;
access_log /var/log/nginx/accesshttps.log uri;
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
location / {
root /www/mytree;
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/.htpasswd;
}
location /mypelot {
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass http://mypelotweb;
proxy_set_header 'Access-Control-Allow-Origin' '*';
proxy_set_header 'Access-Control-Allow-Credentials' 'true';
proxy_set_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
}
location ~* ^/mypelot$ {
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass http://mypelotweb;
proxy_set_header 'Access-Control-Allow-Origin' '*';
proxy_set_header 'Access-Control-Allow-Credentials' 'true';
proxy_set_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
}
location /mypelot/ws {
proxy_pass http://mypelotwebsockets;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
location /wingmantracker {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://wingmantracker;
proxy_set_header 'Access-Control-Allow-Origin' '*';
proxy_set_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
}
location /club {
proxy_pass http://club;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Authorization';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
}
location /soccerint {
proxy_pass http://soccerint;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Authorization';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
}
location /enet {
proxy_pass http://enet;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Authorization';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
}
location /mypelot-messenger {
return 301 http://mypelot-messenger.marathon.mesos:15672;
}
location /mesos {
return 301 http://mytree.com:5050;
}
location /marathon {
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/.htpasswd;
return http://mytree.com:8080;
}
location /jenkins {
return 301 http://myserver.ovh.net:8082;
}
location /jira {
return 301 https://mymymy.atlassian.net;
}
location /bitbucket {
return 301 https://bitbucket.org/statistics/;
}
location /confluence {
return 301 https://stats.atlassian.net/wiki/;
}
}
}

Nginx: (111: Connection refused) while connecting to upstream

I'm trying to use to Nginx for reverse proxy. I have 1 Node.js app on port 3333 and Golang app on port 3334. When calling to Golang API, I see this message in /var/log/nginx/error.log:
2016/07/15 10:18:36 [error] 4835#0: *131 connect() failed (111: Connection refused) while connecting to upstream,
client: 27.69.66.52,
server: video1.techmaster.vn,
request: "GET /stream/dash/5klRyUnPVyDWouxscIT42uWs5JL4x9nHFol9ecg5g0GLf7aTaI/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJwcmljZSI6MCwiZnVsbCI6dHJ1ZSwidmlkZW8iOnsiaWQiOjEwODcsIm5hbWUiOiJtcDNaaW5nU2hvd0RhdGEtMjY0Lm1wNCIsInBhdGgiOiIvbWVkaWEvODIxNyJ9LCJhdHRhY2htZW50IjpbXSwiZXhwIjoxNDY4NTU2NTE2fQ.qc9d_XPhCepHf5iJyf9ORBPOo3pTvF8Th_VMadNSM2o/43f_vid_19.m4s HTTP/1.1",
upstream: "http://127.0.0.1:3334/stream/dash/5klRyUnPVyDWouxscIT42uWs5JL4x9nHFol9ecg5g0GLf7aTaI/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJwcmljZSI6MCwiZnVsbCI6dHJ1ZSwidmlkZW8iOnsiaWQiOjEwODcsIm5hbWUiOiJtcDNaaW5nU2hvd0RhdGEtMjY0Lm1wNCIsInBhdGgiOiIvbWVkaWEvODIxNyJ9LCJhdHRhY2htZW50IjpbXSwiZXhwIjoxNDY4NTU2NTE2fQ.qc9d_XPhCepHf5iJyf9ORBPOo3pTvF8Th_VMadNSM2o/43f_vid_19.m4s",
host: "video1.techmaster.vn",
referrer: "https://techmaster.vn/khoa-hoc-online/8217/lap-trinh-ios-swift/96/Location-Notification"
I don't know what's the problem from. Maybe I have done some mistake in Nginx config. Here is my Nginx configuration:
server {
listen 80;
server_name video1.techmaster.vn www.video1.techmaster.vn;
return 301 https://$server_name$request_uri;
}
server {
listen 443 spdy ssl;
server_name video1.techmaster.vn www.video1.techmaster.vn;
keepalive_timeout 30;
# Allow upload video up to 100M
client_max_body_size 100M;
# Config SSL
ssl on;
ssl_certificate /etc/ssl/cert_chain.crt;
ssl_certificate_key /etc/ssl/private/sv.video1.techmaster.vn.key;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "xxxxxxxxxx";
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
ssl_stapling on;
location ~* /.*\.(xml)$ {
root /var/www/videos.techmaster.vn/public;
expires 7d;
}
location /stream/ {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3334;
set $cors '';
if ($http_origin ~* (localhost|www\.techmaster\.vn|techmaster\.vn)) {
set $cors 'true';
}
if ($cors = 'true') {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Range';
}
}
location / {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3333;
set $cors '';
if ($http_origin ~* (localhost|www\.techmaster\.vn|techmaster\.vn)) {
set $cors 'true';
}
if ($cors = 'true') {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Range';
}
}
}
I have edited Nginx config and it works
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
listen 443 ssl;
server_name 192.168.1.10;
keepalive_timeout 30;
# Config SSL
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
ssl_stapling on;
# Allow upload video up to 100M
client_max_body_size 100M;
location ~* /.*\.(xml)$ {
root /var/www/videos.techmaster.vn/public;
expires 7d;
}
location /stream/* {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3334;
set $cors '';
if ($http_origin ~* (localhost|tech\.dev)) {
set $cors 'true';
}
if ($cors = 'true') {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Range';
}
}
location / {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3333;
set $cors '';
if ($http_origin ~* (localhost|tech\.dev)) {
set $cors 'true';
}
if ($cors = 'true') {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Range';
}
}
}
I had got same issue while configuring AWS with node platform.
I used 3000 port to start the application.
When I changed my port to 8081 it worked.

Resources