Nginx to serve static files and also proxy to backend server - nginx

I'm using nginx to serve static files, and also proxy to a backend java server. I'm using a templating language in my backend java server, that will eventually replace all html files.
I don't know nginx, so I wanted to ask for some help on the most efficient way to do this.
Files:
/assets // Lots more files in this folder
/index.html
/android-chrome-192x192.png
/android-chrome-512x512.png
/apple-touch-icon.png
/browserconfig.xml
/favicon.ico
/favicon-16x16.ico
/favicon-32x32.ico
/mstile-15x150.png
/safari-pinned-tab.svg
/site.webmanifest
Here is my conf file so far. I'm serving the static files, but not proxying:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /root/web;
index index.html;
server_name _;
location /assets/ {
try_files $uri =404;
sendfile on;
sendfile_max_chunk 512k;
}
location / {
try_files $uri =404;
sendfile on;
sendfile_max_chunk 512k;
}
location ~* \.(jpg|jpeg|png|gif|ico|webp|mp4)$ {
expires 30d;
}
location ~* \.(css|js)$ {
expires 10d;
}
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied any;
gzip_types application/javascript application/json application/x-font-ttf font/opentype image/* text/plain text/css text/xml text/javascript application/x-javascript application/xml;
gzip_disable "MSIE [1-6]\.";
gunzip on;
# error_log /root/nginx-log.txt debug;
}
My backend server will serve urls with patterns like this:
/basic-url-here // This style will serve html files built with a templating language from the server, so they need to be at the root path
/api/*
What is the right / efficient way to serve all these files with nginx while also proxying to a backend server?

I've found a solution that works, but I don't know how efficient it is. If I remove the /asset location block, and replace the / location block with this, it works:
location / {
try_files $uri $uri/ #backend;
}
location #backend {
proxy_pass http://backend:8080;
}
This is my final file:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /root/web;
index index.html;
server_name _;
access_log off;
sendfile on;
sendfile_max_chunk 512k;
location / {
try_files $uri $uri/ #backend;
}
location #backend {
proxy_pass http://backend:8080;
}
location ~* \.(jpg|jpeg|png|gif|ico|webp|mp4)$ {
expires 30d;
}
location ~* \.(css|js)$ {
expires 10d;
}
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied any;
gzip_types application/javascript application/json application/x-font-ttf font/opentype image/* text/plain text/css text/xml text/javascript application/x-javascript application/xml;
gzip_disable "MSIE [1-6]\.";
gunzip on;
# error_log /root/nginx-log.txt debug;
}
I'm not sure if this is the proper way to do this though.

You can use another location block to map your api, and say, your Java backend server will run on port 4000:
location /api/ {
proxy_pass http://localhost:4000:
..... <other configurations>
}
You can read more about this plus other configurations in the documentation.
Hope that helps!

Related

Nginx location regex configuration issue - Not capturing subdomains of location specified

I am using below nginx file. I have hosted multiple frontend (angular) projects on single server. So, I want to access different project on different path.
When I hit url www.*********.com/st_admit/dashboard
I want to access project place in directory /usr/share/nginx/html2; but nginx is redirecting to root domain i.e. "/" and open the project placed in /usr/share/nginx/html;
Please check below configuration file and let me know how I can fix the nginx location regex.
client_max_body_size 10M;
upstream django {
ip_hash;
server django_gunicorn:8001;
}
server {
server_name *************.*** www.******.***;
listen 443 ssl;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
ssl_certificate /etc/nginx/***********.crt;
ssl_certificate_key /etc/nginx/*************.key;
client_max_body_size 4G;
proxy_read_timeout 20000;
proxy_connect_timeout 20000;
proxy_send_timeout 20000;
keepalive_timeout 200;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
server_tokens off;
ssl_protocols TLSv1.2 TLSv1.3;
root /usr/share/nginx/html;
location ^~ /st_admin/(.*) {
alias /usr/share/nginx/html2;
index index.html index.htm;
include /etc/nginx/mime.types;
gzip on;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
try_files $uri $uri/ /index.html;
}
location /api/ {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_redirect off;
if (!-f $request_filename) {
proxy_pass http://django;
break;
}
}
location / {
root /usr/share/nginx/html;
index index.html index.htm;
include /etc/nginx/mime.types;
gzip on;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
try_files $uri $uri/ /index.html;
}
}
I tried below location configurations, but none of these are working.
location ^~ /st_admin
location ^~ /st_admin/*
location ^~ /st_admin/(.*)

nginx: [warn] conflicting server name "" on 0.0.0.0:80, ignored

I have three nginx server blocks and when i run nginx -t get error "nginx: [warn] conflicting server name "" on 0.0.0.0:80, ignored"
I have three nginx server blocks:
One: /etc/nginx/sites-available/default
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
}
Two: /etc/nginx/sites-available/example.com
server {
listen 80;
return 301 https://$host$request_uri;
}
server {
# Document Root
root /var/www/example.com;
index index.php index.html index.htm;
server_name .example.com;
client_max_body_size 0;
listen [::]:443 ssl http2 ipv6only=on;
listen 443 ssl http2;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 20m;
ssl_ciphers 'TLS13+AESGCM+AES128:EECDH+AES128';
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
# Rocket-Nginx configuration
include rocket-nginx/conf.d/default.conf;
# security
include nginxconfig.io/security.conf;
# Block XMLRPC
location = /xmlrpc.php {
deny all;
}
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~* \.php$ {
if ($uri !~ "^/uploads/") {
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
}
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
log_not_found off;
access_log off;
allow all;
}
location ~* .(css|gif|svg|ico|woff2|eot|jpeg|webp|jpg|js|png)$ {
expires 1y;
log_not_found off;
}
# Enable Gzip compression.
gzip on;
# Disable Gzip on IE6.
gzip_disable "msie6";
# Allow proxies to cache both compressed and regular version of file.
# Avoids clients that don't support Gzip outputting gibberish.
gzip_vary on;
# Compress data, even when the client connects through a proxy.
gzip_proxied any;
# The level of compression to apply to files. A higher compression level increases
# CPU usage. Level 5 is a happy medium resulting in roughly 75% compression.
gzip_comp_level 5;
# Compress the following MIME types.
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
}
Three: /etc/nginx/sites-available/example1.com
server {
listen 80;
return 301 https://$host$request_uri;
}
server {
# Document Root
root /var/www/example1.com;
index index.php index.html index.htm;
server_name .example1.com;
client_max_body_size 0;
listen [::]:443 ssl http2;
listen 443 ssl http2;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_certificate /etc/letsencrypt/live/example1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example1.com/privkey.pem;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 20m;
ssl_ciphers 'TLS13+AESGCM+AES128:EECDH+AES128';
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
# Rocket-Nginx configuration
include rocket-nginx/conf.d/default.conf;
# security
include nginxconfig.io/security.conf;
# Block XMLRPC
location = /xmlrpc.php {
deny all;
}
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~* \.php$ {
if ($uri !~ "^/uploads/") {
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
}
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
log_not_found off;
access_log off;
allow all;
}
location ~* .(css|gif|svg|ico|woff2|eot|jpeg|webp|jpg|js|png)$ {
expires 1y;
log_not_found off;
}
# Enable Gzip compression.
gzip on;
# Disable Gzip on IE6.
gzip_disable "msie6";
# Allow proxies to cache both compressed and regular version of file.
# Avoids clients that don't support Gzip outputting gibberish.
gzip_vary on;
# Compress data, even when the client connects through a proxy.
gzip_proxied any;
# The level of compression to apply to files. A higher compression level increases
# CPU usage. Level 5 is a happy medium resulting in roughly 75% compression.
gzip_comp_level 5;
# Compress the following MIME types.
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
}
When i run: $ sudo nginx -t
This answer appears:
nginx: [warn] conflicting server name "" on 0.0.0.0:80, ignored
How do i solve this?
example.com and example1.com both are identical, you have to add server_name on the listen 80 of both blocks.
Corrected Server blocks is:
Two: /etc/nginx/sites-available/example.com
server {
listen 80;
server_name .example.com;
return 301 https://example.com$request_uri;
}
server {
# Document Root
root /var/www/example.com;
index index.php index.html index.htm;
server_name .example.com;
client_max_body_size 0;
listen [::]:443 ssl http2 ipv6only=on;
listen 443 ssl http2;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 20m;
ssl_ciphers 'TLS13+AESGCM+AES128:EECDH+AES128';
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
# Rocket-Nginx configuration
include rocket-nginx/conf.d/default.conf;
# security
include nginxconfig.io/security.conf;
# Block XMLRPC
location = /xmlrpc.php {
deny all;
}
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~* \.php$ {
if ($uri !~ "^/uploads/") {
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
}
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
log_not_found off;
access_log off;
allow all;
}
location ~* .(css|gif|svg|ico|woff2|eot|jpeg|webp|jpg|js|png)$ {
expires 1y;
log_not_found off;
}
# Enable Gzip compression.
gzip on;
# Disable Gzip on IE6.
gzip_disable "msie6";
# Allow proxies to cache both compressed and regular version of file.
# Avoids clients that don't support Gzip outputting gibberish.
gzip_vary on;
# Compress data, even when the client connects through a proxy.
gzip_proxied any;
# The level of compression to apply to files. A higher compression level increases
# CPU usage. Level 5 is a happy medium resulting in roughly 75% compression.
gzip_comp_level 5;
# Compress the following MIME types.
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-poli
}
Three: /etc/nginx/sites-available/example1.com
server {
listen 80;
server_name .example1.com;
return 301 https://example1.com$request_uri;
}
server {
# Document Root
root /var/www/example1.com;
index index.php index.html index.htm;
server_name .example1.com;
client_max_body_size 0;
listen [::]:443 ssl http2;
listen 443 ssl http2;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_certificate /etc/letsencrypt/live/example1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example1.com/privkey.pem;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 20m;
ssl_ciphers 'TLS13+AESGCM+AES128:EECDH+AES128';
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
# Rocket-Nginx configuration
include rocket-nginx/conf.d/default.conf;
# security
include nginxconfig.io/security.conf;
# Block XMLRPC
location = /xmlrpc.php {
deny all;
}
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~* \.php$ {
if ($uri !~ "^/uploads/") {
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
}
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
log_not_found off;
access_log off;
allow all;
}
location ~* .(css|gif|svg|ico|woff2|eot|jpeg|webp|jpg|js|png)$ {
expires 1y;
log_not_found off;
}
# Enable Gzip compression.
gzip on;
# Disable Gzip on IE6.
gzip_disable "msie6";
# Allow proxies to cache both compressed and regular version of file.
# Avoids clients that don't support Gzip outputting gibberish.
gzip_vary on;
# Compress data, even when the client connects through a proxy.
gzip_proxied any;
# The level of compression to apply to files. A higher compression level increases
# CPU usage. Level 5 is a happy medium resulting in roughly 75% compression.
gzip_comp_level 5;
# Compress the following MIME types.
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
}
no need to do changes on default one.

nginx request_uri not working redirects to root

I am using the nginxinc/nginx-unprivileged:1.21-alpine Docker Image.
My config file looks like this:
server {
listen ${LISTEN_PORT};
server_name example.de www.example.de;
return 301 https://example.de$request_uri;
}
server {
listen ${LISTEN_PORT_HTTPS};
server_name www.example.de;
ssl_certificate *****;
ssl_certificate_key *****;
return 301 https://example.de$request_uri;
}
server {
server_name example.de;
listen ${LISTEN_PORT_HTTPS} ssl http2;
ssl_certificate *****;
ssl_certificate_key *****;
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript application/xml;
gzip_disable "MSIE [1-6]\.";
location /static {
alias /vol/static;
add_header Cache-Control "public,max-age=31536000,immutable";
}
location / {
uwsgi_pass ${APP_HOST}:${APP_PORT};
include /etc/nginx/uwsgi_params;
client_max_body_size 10M;
}
}
The problem I have is that http and www redirect to https non-www but no matter what url it always redirects to the home page. it looks like $request_uri is empty
EDIT: Got it working with: rewrite (.*)$ https://example.de$1 permanent; but as far as im concerned it's not best practice

Url matches wrong nginx location

Using the nginx conf below, I can't seem to match /api/v2/macs/, but rather it goes to /api/. The issue is that I've tried the same conf in multiple environments and it's failing in my main production environment only. Any ideas?
server {
listen 80 default_server;
client_max_body_size 0;
charset UTF-8;
proxy_read_timeout 300;
proxy_intercept_errors on;
error_page 403 /403;
error_page 404 /404;
error_page 502 /502;
server_tokens off;
add_header X-Frame-Options SAMEORIGIN;
# Enable Gzip
gzip on;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_min_length 1100;
gzip_buffers 4 8k;
gzip_proxied any;
gzip_types
# text/html is always compressed by HttpGzipModule
text/css
text/javascript
text/xml
text/plain
text/x-component
application/javascript
application/json
image/svg+xml;
# Serve index.html
location / {
root /usr/share/nginx/html;
index index.html index.htm;
autoindex off;
error_page 404 /404;
# Cache busting
if_modified_since off;
expires -1;
}
location /api/v2/macs/ {
rewrite ^/api/v2/macs/(.*) /$1 break;
proxy_pass http://my-server:80;
}
#
# API
#
location /api/ {
rewrite ^/api/(.*) /api/$1 break;
proxy_pass http://other-server;
}
#
# Ping
#
location = /ping {
return 200;
}
#
# Errors
#
location = /403 {
root /usr/share/nginx/html/templates/error;
index 403.html;
}
location = /404 {
root /usr/share/nginx/html/templates/error;
index 404.html;
}
location = /502 {
root /usr/share/nginx/html/templates/error;
index maintenance.html;
}
}
According to my understanding, nginx should match using the longest prefix before stopping, but that's not what's happening.
Thanks!

Nginx http to https redirect not working for some clients

I have configured nginx to redirect http to https for my site. Here is my configuration block:
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl on;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# ......
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
root /var/www/example;
index index.php index index.html index.htm;
server_name www.example.com example.com;
location / {
try_files $uri $uri/ =404;
}
gzip on;
gzip_disable "msie6";
gzip_comp_level 6;
gzip_min_length 1100;
gzip_buffers 16 8k;
gzip_proxied any;
gzip_types
text/plain
text/css
text/js
text/xml
text/javascript
application/javascript
application/x-javascript
application/json
application/xml
application/rss+xml
image/svg+xml;
gzip_vary on;
location ~* \.(jpg|jpeg|png|gif|ico|css|cur|js)$ {
expires 7d;
}
}
Http does not redirect to https for some clients and it takes long time with no response from server.But it redirects for some others! For example it does not work for my desktop browsers but redirects fine when accessed by my mobile browser.
This can be traced in nginx logs where there are 499 error codes for those than do not redirect and there are 301 codes for those that redirect.
Of course everything is fine on every browser when accessed directly from https.

Resources