I am facing problem with rewriting url in nginx.
The issue is if the url contains domain/.well-known/acme-challenge/ it should be replaced by domain/folder/.well-known/acme-challenge.
How can I rewrite nginx for this so that it points to proper location.
The request for the nginx configuration works with this url:
domain/folder/.well-known/acme-challenge
but I want it to redirect when it finds something like
domain/.well-known/acme-challenge/
Here is my nginx conf:-
#upstream jboss {
# server domain:8080;
#}
server {
listen ip:80;
server_name domain;
access_log /var/log/nginx/domian_access.log;
error_log /var/log/nginx/domain_error.log warn;
# location ~* .(jpg|jpeg|png|gif|ico|css|js)$ {
# expires 365d;
#}
location /folder/ {
# ModSecurityEnabled on;
# ModSecurityConfig modsecurity.conf;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header X-Forwarded-Host $host;
# proxy_set_header X-Forwarded-Server $host;
proxy_pass http://ip:8080/folder/;
proxy_connect_timeout 6000;
proxy_send_timeout 6000;
proxy_read_timeout 6000;
send_timeout 6000;
index Main.jsp index.html;
}
#index index.html ;
# try_files $uri $uri/ =404;
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root html;
#}
I don't think you need to rewrite the url, but to send the url to the correct folder.
.well-known/acme-challenge is known to be a challenge for ssl certificates that are made automatically (lets'encrypt), so simply set the alias to the folder where your bot writes the "challenge" and you are good to go.
location /.well-known/acme-challenge {
auth_basic off;
alias /directory/to/challenge;
default_type text/plain;
}
That way it will "accept" and respond the challenge correctly
Even if you keep wanting to rewrite it, set a redirec to to domain/folder/$request_uri line:
location /.well-known/acme-challenge {
return 301 http://$host/folder/$request_uri;
}
Related
Basically I have two local application hosted on 2 different local port.
I'm trying to access http://localhost/admin which is serve via reverse_proxy but I got http://localhost/admin/main.css net::ERR_ABORTED 404 (Not Found).
Ive also tried below (without slash) but I still got the same error.
location /admin{
proxy_pass http://127.0.0.1:8090
....
}
app1.conf
server{
listen 80;
listen [::]:80;
root /var/www/first_app/dist;
index index.html;
access_log /var/log/nginx/first_app.access.log;
error_log /var/log/nginx/first_app.error.log;
location / {
try_files $uri $uri/ /index.html =404;
}
location /admin/{
proxy_pass http://127.0.0.1:8090/
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
client_max_body_size 0;
}
location ~* .(ico|jpg|png|gif|jpeg|css|swf|js|woff)$ {
access_log off;
gzip_static on;
gzip_comp_level 5;
expires 1M;
#add_header Cache-Control private;
add_header Cache-Control public;
}
}
app2.conf
server{
listen 8090;
listen [::]:8090;
root /var/www/second_app/dist;
location /{
try_files $uri /index.html;
}
}
It would be great if someone can explain to me what I'd miss? Thanks much.
I have configured nginx in production to server our website app, it was working fine till today. Last update I pushed was one month back, today I pushed updated code and restarted nginx but nginx is still serving old file not the updated files.
Configuration from nginx.conf
user root;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http{
sendfile off;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
expires off;
open_file_cache off;
gzip on;
gzip_disable "msie6";
server{
listen 80;
server_name ****.****.com;
root /etc/nginx/www/app/public/;
include www/app/proxy.conf;
}
include www/app/staticserver.conf;
}
proxy.conf
location /api/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://10.0.3.2:3003;
proxy_redirect off;
access_log app;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://10.0.3.2:3003;
proxy_redirect off;
access_log app;
}
location /socket.io/ {
proxy_pass http://10.0.3.2:3003;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
#js and html
location ~* ^.+\.(js)$ {
proxy_pass http://10.0.3.2:8197;
}
#css and image and Fonts.. etc..
location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|pdf|txt|tar|wav|bmp|rtf|flv|swf|woff|eot|ttf|svg|html|htm|less)$ {
proxy_pass http://10.0.3.2:8198;
}
staticserver.conf
#For serve java script files
server {
listen 8197;
server_name 10.0.3.2;
location / {
root /etc/nginx/www/app/public;
access_log app_js;
}
#error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
#For serve css | less | images |fonts..
server {
listen 8198;
server_name 10.0.3.2;
location / {
root /etc/nginx/www/app/public/;
access_log app_others;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
set sendfile off; is not working for me, any other configuration should I do to stop nginx serve old files.
I tried clear browser cache as well but no use.
I am having issues getting my nginx + tomcat 7 reverse proxy setup working.
Basically I want https://192.168.10.101 to serve content from the upstream cluster/webapp/; However I am getting a 404 page from my applicaton.
Any hints on whats going wrong would be greatly appreciated.
My configuration is given below.
server {
server_name 192.168.10.101;
access_log /var/log/nginx/mysite-access.log;
listen 443;
ssl on;
ssl_certificate /etc/nginx/ssl/mysite.crt;
ssl_certificate_key /etc/nginx/ssl/private/mysite_pvt.key;
location / {
proxy_redirect off;
proxy_pass https://tccluster/webapp/;
rewrite_log on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_max_temp_file_size 0;
}
}
upstream tccluster {
server 192.168.56.103:8443;
server 192.168.56.104:8443;
}
Finally figured it out. The app has a filter that redirects to /webapp/index.html , which made nginx make the request for /webapp/webapp/index.html which was giving the 404.
I added a rewrite rule
location / {
proxy_pass https://backend/webapp/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
rewrite ^/webapp/(.*)$ /$1 last;
}
And this seems to be working for now !
full nginx config to pass to tomcat context :
server {
listen 80; # e.g., listen 192.168.1.1:80; In most cases *:80 is a good idea
listen [::]:80;
server_name tomcat-context.domain.com ;
# individual nginx logs for this vhost
access_log /var/log/nginx/tomcat-context_domain_access.log main;
error_log /var/log/nginx/tomcat-context_domain_error.log;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/www;
}
location / {
proxy_pass http://127.0.0.1:10080/tomcat-context/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
rewrite ^/tomcat-context/(.*)$ /$1 last;
}
location /tomcat-context {
rewrite ^/tomcat-context(.*)$ $1 redirect;
}
}
I am trying to get Basic Authentification to work with Rails 3.2 nginx and Unicorn
The configuration works for hosting my site. I used the Rails Basic Authentification in the Controller but i have to many problems while testing. The .htpasswd file is also working i could restrict the access to a static site.
In the location config i tried
location /
location /home/deployer/apps/rails/current/public
location /home/deployer/apps/rails/current/
Any ideas?
This is my config:
upstream unicorn {
server unix:/tmp/unicorn.blog.sock fail_timeout=0;
}
server {
listen 80 default deferred;
server_name railsserver;
root /home/deployer/apps/rails/current/public;
location / {
auth_basic "Restricted";
auth_basic_user_file /var/www/prototyp/.htpasswd;
}
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri #unicorn;
location #unicorn {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://unicorn;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}
I tried it with this config now but it does not work
server {
listen 80 default deferred;
server_name rails.com;
root /home/deployer/apps/rails/current/public;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri /;
location / {
auth_basic "Restricted";
auth_basic_user_file /var/www/prototyp/.htpasswd;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://unicorn;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}
Do it like this to get it to work:
location / {
auth_basic "Restricted";
auth_basic_user_file /var/www/prototyp/.htpasswd;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://unicorn;
}
You don't need the #unicorn location
I'm attempting to have nginx reverse proxy static files from an application if the application is serving them, else serve them itself. Currently, I have this configuration:
upstream app_server {
server unix:/tmp/gunicorn.sock fail_timeout=0;
}
server {
listen 8080;
server_name example.com;
access_log /var/log/nginx.access.log;
error_log /var/log/nginx.error.log;
keepalive_timeout 5;
location /static {
try_files $uri #proxy_to_app;
alias /path/to/__static;
sendfile off;
}
location / {
try_files $uri #proxy_to_app;
}
location #proxy_to_app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_server;
}
}
This works if the files don't exist in /path/to/__static; it sends the request to the application server. However, if the files also exist in /path/to/__static, nginx serves the files itself.
Reversing the try_files line (try_files #proxy_to_app $uri) fails in both cases. If the client requests /static/css/test.css, the application receives a request for /css/test.css, and it never seems to try /path/to/__static even though the application returns a 404.
Updated to include full configuration.
location /static/ {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_server;
proxy_intercept_errors on;
error_page 404 =200 /local$uri;
}
location /local/static/ {
internal;
alias /path/to/__static/;
}