I have a NGINX server that serves a UI at /. The UI is running on localhost:8081 and the server runs on localhost:8080.
I need any pathname that is entered to be passed to the root of the UI.
For example:
localhost:8080/search should proxy_pass to localhost:8081
but files should not be changed:
localhost:8080/main.css => localhost:8081/main.css
This works but isn't dynamic
I tried to use a separate location for each pathname however I want the configuration to be dynamic for future development.
location / {
proxy_pass http://localhost:8081;
}
location /search {
proxy_pass http://localhost:8081/;
}
location /foobar {
proxy_pass http://localhost:8081/;
}
File name handler
I tried catching the file names but you can't proxy_pass within a regex location block.
location ~* \.(.*?)$ {
proxy_pass http://localhost:8081/;
}
try_files
I tried using try_files but nginx didn't serve anything (gave me a prompt to set up nginx)
location / {
try_files $uri $uri/ #app;
}
location #app {
proxy_pass http://localhost:8081;
}
My Nginx config looks like this without the location blocks
worker_processes 1;
error_log /usr/local/etc/nginx/logs/error.log notice;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '[$time_local] $remote_addr - "$request" '
'$status "$http_referer" => "$proxy_host" $uri';
log_format log_server escape=json '$request_body';
access_log /usr/local/etc/nginx/logs/access.log main;
proxy_max_temp_file_size 0;
proxy_buffering off;
sendfile on;
keepalive_timeout 65;
gzip on;
server {
listen 8080;
server_name localhost;
rewrite_log on;
add_header 'Access-Control-Allow-Origin' 'http://localhost';
add_header 'Access-Control-Allow_Credentials' 'true';
add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH';
location / {
# stuff from above + headers
}
}
}
I am using webpack dev server for local development however the final bundle has the structure:
/root
bundle.js
main.css
index.html
cd6c777f1945164224dee082abaea03a.woff2
etc...
Related
I need to redirect both www to non www and HTTP to HTTPS with nginx. I can get it to redirect but then I get a `too many redirects' error.
I'm using the Azure AppService version of WordPress. This version uses the wordpress-alpine-php docker image, running nginx version 1.20.2.
The nginx.conf file includes:
/etc/nginx/conf.d/*.conf
/etc/nginx/modules-enabled/*.conf
I don't see a modules-enabled directory.
For the HTTP to https redirect, I added the following server directive to default.conf:
server {
listen 80;
server_name ---.com www.---.com;
return 301 https://---.com$request_uri;
}
After this, I get the "too many redirects" error.
I noticed the following server block also listens on port 80, so I changed it to 443. I still get the "too many redirects".
Below are my conf files. The only change I made was adding the server directive above, and changing the port to 443 in the original server directive.
How do I get these redirects to work?
Could there be other files involved?
/etc/nginx/nginx.conf
user nginx;
worker_processes auto;
# send nginx error logs to stderr
error_log /dev/stderr error;
pid /var/run/nginx.pid;
load_module modules/ngx_http_brotli_static_module.so;
load_module modules/ngx_http_brotli_filter_module.so;
events {
worker_connections 10000;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log off;
sendfile on;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/modules-enabled/*.conf;
}
/etc/nginx/conf.d/default.conf
upstream php {
server unix:/var/run/php/php-fpm.sock;
#server 127.0.0.1:9000;
}
server {
listen 80;
server_name ---.com www.---.com;
return 301 https://---.com$request_uri;
}
server {
listen 443;
## Your website name goes here.
server_name _;
if ($http_x_forwarded_proto = "http") {
return 301 https://---.com$request_uri;
}
## Your only path reference.
root /home/site/wwwroot;
## This should be in your http block and if it is, it's not needed here.
index index.php;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Add locations of phpmyadmin here.
location /phpmyadmin {
root /home/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
root /home/;
fastcgi_pass unix:/var/run/php/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /home/;
}
}
location /phpMyAdmin {
rewrite ^/* /phpmyadmin last;
}
# Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html
sendfile off;
set $skip_cache 0;
# POST requests and urls with a query string should always go to PHP
if ($request_method = POST) {
set $skip_cache 1;
}
if ($query_string != "") {
set $skip_cache 1;
}
# Don't cache uris containing the following segments
if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
set $skip_cache 1;
}
# Don't use the cache for logged in users or recent commenters
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
set $skip_cache 1;
}
# Don't cache WooCommerce URLs
# Cart widgets are still a problem: https://github.com/emcniece/docker-wordpress/issues/3
if ($request_uri ~* "/(cart|checkout|my-account)/*$") {
set $skip_cache 1;
}
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location ~* \.php$ {
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include fastcgi.conf;
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_pass php;
fastcgi_read_timeout 300;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache off;
fastcgi_cache_valid 60m;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}
You need to add ssl flag to your listen directive if you want to use HTTPS. And specify your SSL certificate - something like this:
server {
listen 443 ssl http2;
server_name ---.com;
ssl_session_cache shared:SSL:4m; # measured in megabytes, not minutes
ssl_buffer_size 4k; # reduced from the default 16k to minimize TTFB
ssl_session_timeout 30m;
ssl_session_tickets on; # Requires nginx >= 1.5.9 (SSL labs testing leads to SSL: error:14094085:SSL routines:SSL3_READ_BYTES:ccs received early)
ssl_dhparam /etc/ssl/dhparam.pem; # Generate with "openssl dhparam -out dhparam.pem 4096"
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1 valid=300s ipv6=off;
resolver_timeout 4s;
ssl_certificate /etc/ssl/fullchain.pem;
ssl_certificate_key /etc/ssl/key.pem;
.......
}
I am not very familiar with Nginx URL redirect. But I have followed some suggestions from Google search and unfortunately none of them meet my expectation.
I need to redirect at least 100 old URLs to different new URLs. I already have another server.conf file under /etc/nginx/conf.d/ for some URL redirect and other settings. But I would like to create another nginx_redirect.txt file to store those 100 URLs redirect and keep away from server.conf. Furthermore, some of the old 100 URLs are also defined in server.conf file, but I was hoping the new nginx_rewrite.txt file can override the redirect URLs defined in server.conf file.
I use multiple "include" in the nginx.conf as below:
include /etc/nginx/conf.d/*.conf;
Server {
...
include /etc/nginx/conf.d/nginx_rewrite.txt;
...
}
The existing server.conf file for some URL redirect as below:
server {
...
location ~ ^/lp/old/ {
rewrite ^(.*)$ https://currenturl.com/ permanent;
}
}
I create new nginx_redirect.txt and hope to override the redirect URL in server.conf.
location ~ ^/lp/old/ {
rewrite ^(.*)$ https://newurl.com/ permanent;
}
I used below commands to ensure those .conf and .txt can be seen by Nginx.
nginx -T
nginx -s reload
However I found those old URLs defined in nginx_rewrite.txt didn't redirect to newurl.com/ but still to currenturl.com/. Even I set up some new URL in nginx_rewrite.txt, which is not defined in server.conf. Those new URL will show 404 instead of redirecting to other URL. Unless I defined those new URL in server.conf.
My questions:
Is my setting in nginx.conf, server.conf and nginx_rewrite.txt correct?
Is there not possible to override URL in permanent redirect of .conf?
Updated on 5/10 to share the result of nginx -T. Sorry I have remove some lines since it is not suitable to share with public.
sh-4.2$ sudo nginx -T
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
listen [::]:80;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
include /etc/nginx/conf.d/nginx_rewrite.txt;
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
# configuration file /etc/nginx/conf.d/server.conf:
upstream nginx-internal-sock {
server unix:/var/www/server/shared/tmp/unicorn.sock;
}
server {
listen 80;
server_name server.com;
location / {
root /var/www/server/current/public/;
}
}
server {
listen 80;
server_name stg.server.com;
real_ip_header X-Forwarded-For;
location / {
proxy_set_header Accept-Encoding "";
proxy_pass http://nginx-internal-sock/sales/;
}
location /sales {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Accept-Encoding "";
proxy_pass http://nginx-internal-sock/sales;
}
location ~ ^/(assets)/ {
root /var/www/server/current/public;
add_header Cache-Control no-cache;
expires 7d;
# add_header Last-Modified "";
# add_header ETag "";
}
location ~ ^/lp/old/ {
rewrite ^(.*)$ https://currenturl.com/ permanent;
}
...
}
# configuration file /etc/nginx/conf.d/nginx_rewrite.txt:
location ~ ^/lp/old/ {
rewrite ^(.*)$ https://newurl.com/ permanent;
}
}
I searched enough but couldn't sort out how to configure mpeg-dash in nginx plus .
rtmp module is supporting it i guess but i dont understand it much how can i configure it and request it in nginx plus server.
When i configured rtmp in nginx.conf getting the error
unknown directive "rtmp" in /etc/nginx/nginx.conf:13
Configuration is
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
rtmp {
server {
listen 98;
server_name 127.0.0.1;
application dash {
live on;
dash on;
dash_path /usr/share/nginx/html/dash;
}
}
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
server {
listen 99;
server_name 127.0.0.1;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
rewrite ^(.*)$ /crossdomain.xml;
}
location = /crossdomain.xml {
root /var/www/crossdomain;
}
location /images {
root /usr;
}
location /flv {
root /usr;
flv;
mp4_buffer_size 1m;
mp4_max_buffer_size 5m;
mp4_limit_rate on;
mp4_limit_rate_after 30s;
}
location /video {
root /usr;
mp4;
mp4_buffer_size 1m;
mp4_max_buffer_size 5m;
mp4_limit_rate on;
mp4_limit_rate_after 30s;
}
location /hls {
root /usr/share/nginx/html;
hls;
hls_fragment 5s;
hls_buffers 10 10m;
hls_mp4_buffer_size 1m;
hls_mp4_max_buffer_size 5m;
types
{
application/vnd.apple.mpegurl m3u8;
video/mp2t ts;
}
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Cache-Control' 'no-cache';
}
location /dash {
root /usr/share/nginx/html;
add_header Cache-Control no-cache;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
include /etc/nginx/conf.d/*.conf;
}
How can i enable rtmp in nginx-plus
The rtmp section must be placed outside the http, like this:
rtmp {
server {
...
}
http {
server {
...
}
For a full example see the Readme: https://github.com/arut/nginx-rtmp-module
I have Wordpress running on nginx which also runs gunicorn (to run django). Wordpress should be accessed on the subfolder www.mySite.de/blog/. The main page on this URL can be accessed, but when I open a link to a page (e.g. a page on www.mySite.de/blog/testpage ) then I get 404 errors.
My nginx configuration is as follows:
nginx.conf
#user nobody;
user nginx nginx;
worker_processes 4;
pid /run/nginx.pid;
error_log /var/log/nginx/error.log debug;
#error_log logs/error.log notice;
#error_log logs/error.log info;
events {
worker_connections 1024;
accept_mutex on; # "on" if nginx worker_processes > 1
# use epoll; # enable for Linux 2.6+
# use kqueue; # enable for FreeBSD, OSX
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log;
sendfile on;
tcp_nopush on;
tcp_nodelay off;
#keepalive_timeout 0;
keepalive_timeout 65;
types_hash_max_size 2048;
# Gzip Settings
gzip on;
gzip_http_version 1.0;
gzip_proxied any;
gzip_min_length 500;
gzip_disable "MSIE [1-6]\.";
gzip_types text/plain text/xml text/css
text/comma-separated-values
text/javascript application/x-javascript
application/atom+xml;
# Virtual Host Configs
include /etc/nginx/sites-enabled/*;
}
production.conf (imported from 'sites-enabled' folder)
upstream production_nginx {# fail_timeout=0 means we always retry an upstream even if it failed
# to return a good HTTP response (in case the Unicorn master nukes a
# single worker for timing out).
# for UNIX domain socket setups:
server unix:/home/mySite/production/run/gunicorn.sock fail_timeout=0;
}
upstream production_php {
server unix:/var/run/php5-fpm.sock;
}
server {
listen 80;
server_name mySite.de
www.mySite.de;
return 301 https://www.mySite.de$request_uri;
}
server {
listen 443;
server_name mySite.de;
return 301 https://www.mySite.de$request_uri;
}
server {
listen 443 ssl default_server;
client_max_body_size 4G;
server_name www.mySite.de;
ssl_certificate /etc/ssl/certs/www.mySite.de.crt;
ssl_certificate_key /etc/ssl/private/www.mySite.de.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
# ~2 seconds is often enough for most folks to parse HTML/CSS and
# retrieve needed images/icons/frames, connections are cheap in
# nginx so increasing this is generally safe...
keepalive_timeout 5;
access_log /var/log/nginx/production-access.log;
error_log /var/log/nginx/production-error.log;
location /static/ {
alias /home/mySite/production/htdocs/static/;
}
location /media/ {
alias /home/mySite/production/htdocs/media/;
}
location /blog/ {
alias /home/mySite/production/htdocs/blog/;
index index.php index.html index.htm;
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /blog/index.php?q=$uri;
location ~ \.php$ {
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
fastcgi_split_path_info ^(/blog)(/.*)$;
fastcgi_intercept_errors on;
fastcgi_pass production_php;
fastcgi_index index.php;
include fastcgi.conf;
}
}
location /favicon.ico {
alias /home/mySite/production/htdocs/static/favicon.ico;
log_not_found off;
access_log off;
}
# path for static files
root /home/mySite/production/htdocs/;
location / {
# an HTTP header important enough to have its own Wikipedia entry:
# http://en.wikipedia.org/wiki/X-Forwarded-For
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# enable this if and only if you use HTTPS, this helps Rack
# set the proper protocol for doing redirects:
proxy_set_header X-Forwarded-Proto https;
# pass the Host: header from the client right along so redirects
# can be set properly within the Rack application
proxy_set_header Host $http_host;
# we don't want nginx trying to do something clever with
# redirects, we set the Host: header above already.
proxy_redirect off;
# set "proxy_buffering off" *only* for Rainbows! when doing
# Comet/long-poll stuff. It's also safe to set if you're
# using only serving fast clients with Unicorn + nginx.
# Otherwise you _want_ nginx to buffer responses to slow
# clients, really.
# proxy_buffering off;
# Try to serve static files from nginx, no point in making an
# *application* server like Unicorn/Rainbows! serve static files.
if (!-f $request_filename) {
proxy_pass http://production_nginx;
break;
}
}
# Error pages
error_page 500 502 503 504 /500.html;
location = /500.html {
root /home/mySite/production/htdocs;
}
pagespeed on;
pagespeed EnableFilters convert_meta_tags;
pagespeed EnableFilters collapse_whitespace; # Remove whitespace
pagespeed EnableFilters combine_javascript; # Merge JS files
pagespeed EnableFilters rewrite_javascript; # Minimize JS
pagespeed EnableFilters defer_javascript; # Load important JS first
pagespeed EnableFilters combine_css; # Merge CSS files
pagespeed EnableFilters rewrite_css; # Minimize CSS
pagespeed EnableFilters move_css_to_head; # Move CSS to head
pagespeed EnableFilters move_css_above_scripts; # Move CSS above JS
pagespeed EnableFilters prioritize_critical_css; # Load important CSS first
pagespeed EnableFilters fallback_rewrite_css_urls; # Fallback if CSS could not be parsed
pagespeed EnableFilters remove_comments; # Remove comments
pagespeed FileCachePath /var/ngx_pagespeed_cache; # Use tmpfs for best results.
# Ensure requests for pagespeed optimized resources go to the pagespeed
# handler and no extraneous headers get set.
location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" { add_header "" ""; }
location ~ "^/ngx_pagespeed_static/" { }
location ~ "^/ngx_pagespeed_beacon$" { }
location /ngx_pagespeed_statistics { allow 127.0.0.1; deny all; }
location /ngx_pagespeed_global_statistics { allow 127.0.0.1; deny all; }
location /ngx_pagespeed_message { allow 127.0.0.1; deny all; }
location /pagespeed_console { allow 127.0.0.1; deny all; }
location /mod_pagespeed_example {
location ~* \.(jpg|jpeg|gif|png|js|css)$ {
add_header Cache-Control "public, max-age=600";
}
}
}
nginx error log
2014/06/18 00:56:53 [error] 22133#0: *102248 open() "/home/mySite/production/htdocsindex.php" failed (2: No such file or directory), client: 92.227.135.241, server: www.mySite.de, request: "GET /blog/page1 HTTP/1.1", host: "www.mySite.de"
nginx access log
xx.xxx.135.241 - - [18/Jun/2014:01:35:02 +0200] "GET /blog/page1 HTTP/1.1" 404 200 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36"
Questions:
I don't understand, why my configuration makes nginx search for index.php in
/home/mySite/production/htdocsindex.php
instead of
/home/mySite/production/htdocs/blog/index.php
Why is there a slash missing between htdocs and index.php and/or why is the /blog part missing completely?
When i changed the trailing location block of production.conf from
location /blog/ {
alias /home/mySite/production/htdocs/blog/;
to this
location /blog {
alias /home/mySite/production/htdocs/blog/;
(removed the trailing slash) I did not get the nginx error page anymore, but then gunicorn and django kicked in an gave me a django 404 page. Why is django kicking in here?
Also using
try_files $uri $uri/ /blog/index.php?q=$uri&$args;
instead of
try_files $uri $uri/ /blog/index.php?q=$uri;
did not solve the issue. What is wrong up with my configuration and how I can get Wordpress to work with nginx, gunicorn and django?
Thanks a lot, Chris
This is correct rewrites if your wordpress in subfolder (for example blog subfolder).
location /blog/ {
index index.php index.html index.htm;
try_files $uri $uri/ /blog/index.php?$args;
}
You have root path it your config
root /home/mySite/production/htdocs/
so you can don't use alias in location (if your blog directory located in root folder).
I have an application which will be served using GET & POST method's. For better security, I have configured Nginx to serve the pages using only POST requests. Below is the config I have used in Nginx.
Config in Nginx:
if ($request_method !~ ^(POST)$ ){
return 404; }
This is working perfectly.
Now, I wanted to change above configuration in Nginx to serve certain pages with both GET & POST requests. But, I am unable to do it.
I have used lot of combinations, but no luck.
Can some one please help me in configuring nginx for the same.
Below is my Nginx configuration file.
Note: I am using Nginx (at front end) as a webserver and apache (at back end) for serving application. I have configured nginx to redirect the web pages requested to apache successfully.
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 8081;
server_name localhost;
#charset koi8-r;
access_log /logs/host.access.log;
location /WebGoat {
#root html;
#index index.html index.htm;
proxy_pass http://localhost:8080/WebGoat/;
}
location /application { ##sample project
#root html;
#index index.html index.htm;
if ($request_method !~ ^(POST)$){
return 404;
}
proxy_pass http://localhost:8080/application/;
}
location ~ ^register\.html {##register.html page should be served with GET & POST requests
if ($request_method !~ ^(GET|POST)$){
return 500;
}
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443;
# server_name localhost;
# ssl on;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_timeout 5m;
# ssl_protocols SSLv2 SSLv3 TLSv1;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
Thanks in Advance,
Sandeep
I would write something like this:
location /application {
proxy_pass http://<host>;
limit_except POST {
deny all;
}
}
## Below three pages should be served with GET & POST
location ~ ^/application/(RegisterServet|pd|LoginServlet)$ {
proxy_pass http://<host>;
}
Changes:
There is almost no reason to write limit_except GET POST. A don't think that it's important to you to forbid OPTIONS request to these addresses.
Do you really want to allow urls like /APPLICATION/Pd/? I don't think so, and I've changed ~* to ~.
Removed path parts from proxy_pass, so nginx will proxy original path.
Removed named location.
Easy way to allow only required request methods
if ($request_method !~ ^(GET|HEAD)$ ) {
return 444;
}