Nginx - Create Multiple Sub Domains - nginx

I would like to create multiple subdomains using nginx from 1 IP address. So it would be something like this:
http://demo1.192.168.0.27
http://demo2.192.168.0.27
Someone already asked this question in the past.
nginx - two subdomain configuration
I tried the same way but I'm not able to do it.
Here's my code:
events {
}
http {
server {
server_name demo1.192.167.0.27;
root /data/sites/demo1;
index index.html;
location / {
try_files $uri $uri/ /404.html;
}
}
server {
server_name demo2.192.167.0.27;
root /data/sites/demo2;
index index.html;
location / {
try_files $uri $uri/ /404.html;
}
}
}
When I go to
http://demo1.192.168.0.27
http://demo2.192.168.0.27
It said, This site can’t be reached
Not sure why it's not working for me.

You can't create subdomains on IP addresses.
In the answer you're referencing, they're using domain names, like this:
server_name sub1.example.com;
server_name sub2.example.com;
That's why it works, as opposed to what you have, with IP addresses:
server_name demo1.192.167.0.27;
server_name demo2.192.167.0.27;

Your domain names are not public. You can resolve to a DNS provider to make them public.
You also can add xxx.xxx.xxx.xxx demo1.192.168.0.27 to your local hosts file C:\Windows\System32\drivers\etc\hosts, to make them avaliable to your local machine.

Related

Nginx reverse proxy return 502

I'm very new to nginx and server game and i'm trying to setup a reverse proxy. Basically what i need is when i enter my server ip it should open a particular website (Ex: https://example.com).
So for example if i enter my ip (Ex: 45.10.127.942) it should open the website example.com , but the url should remain as http://45.10.127.942.
I tried to set my server configuration as follows but it returns a 502 error.
server {
listen 80;
location / {
proxy_pass http://example.com;
}
}
It returns a 502 error. Can you please explain what i need to do?
You can have something like this in your configuration file:
server {
root /var/www/html;
server_name _;
location / {
try_files $uri $uri/ /index.html;
}
}
Place the index.html file in root folder specified.
Then just restart the NGINX and it should work.
What is the problem with your configuration file is you should not proxy_pass.
If you want to open the other website, you should have DNS record pointing to that IP. What actually happens is the thing you are trying to do is known as CLICKJACKING. For more details, search CLICKJACKING on google and you will find a lot of references.

How to route different webservers to different URL using nginx

creating a website for my self and need to host projects.
Basically, i hhave different projects with different framework. ie, Flask, Django, Node.JS and some html file projects. I would like to host them at projects.domain.com/<project name>
I tried to set server_name projects.domain.com/asdf but in error.log it says, server name "projects.domain.com/asdf" has suspicious symbols
Next up, i tried to nest location blocks (which i presume isn't how its supposed to be)
location /asdf {
location /static/ {
root blah blah;
}
location / {
..
proxy_pass http://localhost:3000 ;
}
}
But, this errors out saying location static is outside asdf
Some suggested to alias instead of root in the location /static/ block, but that doesnt work too.
Any help is appreciated :)
First of all a server_name can not contain URI segments. So a hostname or IP should be used as a value.
If you want to mix different local directories and proxy-locations a configuration could look like this.
Notice: Your location URI (/one, /two) will be appended to the root path.
The root directive can be used in every location block to set the document root.
http://nginx.org/en/docs/http/ngx_http_core_module.html#root
This is the reason why alias exists. With alias the location will not be part of the directory path. Check this out:
http://nginx.org/en/docs/http/ngx_http_core_module.html#alias
server {
server_name project.domain.com;
listen 80;
location / {
proxy_pass http://localhost:3000;
}
location /one/ {
alias/var/www/html/project1/;
index index.html;
}
location /two/ {
alias/var/www/html/project2/;
index index.html;
}
}

.well-known/acme-challenge nginx 404 error

I'm trying to verify a file upload for SSL certificate.
The file needs to be .well-known/acme-challenge/file
I have successfully placed the file as above, but while accessing the same file from the web http://weburl.com/.well-known/acme-challenge/file, 404 error is coming up.
When I place the same file in .well-known/ the file can be access from the path http://weburl.com/.well-known/file successfully.
My nginx configuration:
server {
listen 80;
server_name weburl.com;
root /var/www/html;
location ~ /.well-known {
allow all;
}
location ~ /\.well-known/acme-challenge/ {
allow all;
root /var/www/html;
try_files $uri =404;
break;
}
}
You have to grant permissions for www-data user.
sudo chown -R www-data:www-data .well-known
In the first case it looks for /var/www/html/.well-known/file.
In the second case it looks for /var/www/html/file.
What you intend is for it to find /var/www/html/.well-known/acme-challenge/file
This is because you specify root in the location block, which changes where it reads the file from.
So instead of this:
location ~ /\.well-known/acme-challenge/ {
allow all;
root /var/www/html; # <================= Your problem, sir
try_files $uri =404;
break;
}
You should have this:
location ~ /\.well-known/acme-challenge/ {
allow all;
try_files $uri =404;
break;
}
Shameless plug: If you're just doing simple virtual hosting and you're familiar with node at all you might like Greenlock.
If you have installed the LetsEcnrypt module on Plesk, but for some reason you need to authorize for eg. example.com manually like we do.
Add you authorization code to
/var/www/vhosts/default/htdocs/.well-known/acme-challenge
instead of expected (domain webroot)
/var/www/vhosts/example.com/htdocs/.well-known/acme-challenge
To find so I had to check /var/www/vhosts/system/example.com/conf/httpd.conf

How can I hide a file from the browser, yet still use it on the webserver with NGINX?

Here's my scenario:
I have a vagrant cloud set up at an IAAS provider. It uses a .json file as its catalog to direct download requests from vagrant over to their corresponding .box files on the server.
My goal is to hide the .json file from the browser so that a surfer cannot hit it directly at, say: http://example.com/catalog.json and see the json output as that output lists the url of the box file itself. However, I still need vagrant to be able to download and use the file so it can grab the box.
In the NGINX docs, it mentions the "internal" directive which seems to offer what I want to do via try_files, but I think I'm either mis-interpreting what it does or just plain doing it wrong. Here's what I'm working with as an example:
First, I have two sub-domains.
One for the .json catalog at: catalog.example.com
A second for the box files at: boxes.example.com
These are mapped, of course, to respective folders on the server, etc.
With that in mind, in sites-available/site.conf, I have the following server blocks:
server {
listen 80;
listen [::]:80;
server_name catalog.example.com;
server_name www.catalog.example.com;
root /var/www/catalog;
# Use try_files to trigger internal directive to serve json files
location / {
try_files $uri =404;
}
# Serve json files to scripts only with content type header application/json
location ~ \.json$ {
internal;
add_header Content-Type application/json;
}
}
server {
listen 80;
listen [::]:80;
server_name boxes.example.com;
server_name www.boxes.example.com;
root /var/www/boxes;
# Use try_files to trigger internal directive to serve json files
location / {
try_files $uri =404;
}
# Serve box files to scripts only with content type application/octet-stream
location ~ \.box$ {
internal;
add_header Content-Type application/octet-stream;
}
}
The NGINX documentation for the internal directive states:
Specifies that a given location can only be used for internal requests. For external requests, the client error 404 (Not Found) is returned. Internal requests are the following:
requests redirected by the error_page, index, random_index, and try_files directives;
Based on that, my understanding is that my server blocks grab any path for those sub-domains and then, passing it through try_files, should make that available when called via vagrant, yet hide it from the browser if I hit the catalog or a box url directly.
I can confirm that the files are not accessible from the browser; however, they're also unaccessible to vagrant as well.
Am I mis-understanding internal here? Is there a way to achieve my goal?
Make sure for the sensitive calls the server listens on localhost only
Create a tunnel between the machine running vagrant (using an arbitrary port) and your IAAS provider machine (on the web server port, for example).
Create a user on your IAAS machine who is only allowed to interact with the forwarded web-server port (via sshd_config)
Use details from below
https://askubuntu.com/questions/48129/how-to-create-a-restricted-ssh-user-for-port-forwarding
Reference the tunneled server using http://:/path in both your catalog.json url and your box file url
Use a server block in your NGINX config which listens to the 127.0.0.1:80 only and doesn't use server_name. You can even add default_server to this so that anything that doesn't match other virtual host will hit this block
Use two locations in your config with different roots to serve files from /var/www/catalog and /var/www/boxes respectively.
Set regex locations for your .json and .box files and use a try_files block to accept the $uri or redirect to 444 (so you know it hit your block)
Deny the /boxes and /catalog otherwise.
See the below nginx config for example
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name example.com;
server_name www.example.com;
root /var/www;
location ~ /(catalog|boxes) {
deny all;
return 403;
}
}
server {
listen 80;
listen [::]:80;
server_name store.example.com; # I will use an eCommerce platform eventually
root /var/www/store;
}
server {
listen 127.0.0.1:80;
listen [::]:80;
root /var/www;
location ~ \.json$ {
try_files $uri $uri/ =444;i
add_header Content-Type application/json;
}
location ~ \.box$ {
try_files $uri $uri/ =444;
add_header Content-Type octet/stream;
}
location ~ /(catalog|boxes) {
deny all;
return 403;
}
}
I think all you need here is to change the access level to the file. There is 3 access level (execute, read and write) you can remove the execute access level from your file. On the server consul run the command:
chmod 766 your_file_name
you can see:
here
and here
for more information.

How to host 2 virtual hosts on nginx on www subdomains?

I am new to all this and trying hard already for 4 days without any big success. Maybe it's just a small thing and hopefully you can help me! Was not able to find an answer here so far (at least nothing worked out until now):
I have a domain, say example.com registered. I also added a subdomain test.example.com and added it as a CNAME to example.com.
Then I installed nginx and set it up following th tutorial on https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-server-blocks-virtual-hosts-on-ubuntu-14-04-lts with the minor change that I have both servers in one config file by now. In short, it looks like this:
in etc/nginx/sites-enabled/example.com
server {
listen 80;
root /var/www/example.com/html;
index index.html index.htm;
server_name example.com www.example.com;
location / {
try_files $uri $uri/ =404;
}
}
server {
listen 80;
root /var/www/test.example.com/html;
index index.html index.htm;
server_name test.example.com www.test.example.com;
location / {
try_files $uri $uri/ =404;
}
}
example.com works fine and shows me "welcome to example.com" in broswer tab and some text that example.com server is running as expected (defined index.html by me as in the example).
BUT: If I go to test.example.com it shows me in the tab "welcome to example.com" either although it should be "welcome to **test.**example.com" and there is no html page at all shown to me. it's just a blank page.
Can someone help me? I don't know, if I already got the stuff with the cname domain or whether there might be something wrong.
Thank you very muh in advance!:-)
I was able to solve my problem. It was not on the server but a wrong setting in my domain provider. I don't have to forward my domain but just set it in the nameservers instead pointing to the ip!

Resources