running Sonarqube behind a reverse proxy (Nginx) - nginx

We are trying to run sonarqube behind a reverse proxy (nginx).
We have nginx running on once instance within our AWS VPC, and sonarqube on another instance. Below is our sonarqube location block. NGINX is set to listen on port 80…
Sonarqube is running in a docker container with port 9000 mapped to 9000 on the host.
Our default location (below) redirects anything other than a valid location to the jira location.
When we try to access sonarqube using the address of the machine running NGINX and /sonarqube, we just get redirected to Jira.
It is worth noting that all our other applications that have a location block in the nginx config work as expected.
location / {
return 301 /jira;
}
location /sonarqube {
proxy_pass http://<ip-address of machine running sonarqube>:9000/sonarqube;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
client_max_body_size 8m;
client_body_buffer_size 128k;
}

Is your sonar.properties correctly configured?
sonar.web.port: 9000
sonar.web.context: /sonarqube
After that you can change your nginx config as
location /sonarqube {
proxy_pass http://<sonarqube_ip>:9000;
...
}

Related

Using reverse proxy to expose code-server to the internet

I have installed code-server on my Plesk VPS, and i was wondering how to expose it to the outside world using a reverse proxy.
Currently code-server is bound to 127.0.0.1:8080, and if i use wget via SSH i get the expected page.
How do i go about exposing code-server to the internet (using reverse proxy) on Plesk/CentOS
I’ve tried using vhost_nginx.config file but to no luck
location ~ / {
proxy_pass http://localhost:8080;
proxy_read_timeout 90;
}
You can try using my nginx config, change app URL and app port if needed, put it in /etc/nginx/sites-available than use symlink to /etc/nginx/sites-enabled, and don't forget to restart nginx.
server {
listen 80;
server_name example.com; #change app url
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080; #change app port
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# location /overview {
# proxy_pass http://127.0.0.1:8080$request_uri; #change app port
# proxy_redirect off;
# }
}
}

Reverse Proxy HTTPS Requests as HTTP to Upstream Server

We are using NGINX on our cPanel server to reverse proxy ZKTeco ZKBioSecurity servers. Due to compatibility with some of their devices not supporting HTTPS, all our servers use HTTP, but, of course, all sessions to our NGINX server is secured with HTTPS and a Sectigo certificate provided by cPanel’s AutoSSL.
Here’s the problem: it seems that the ZKBioSecurity servers are detecting that the client is using HTTPS to connect to them through NGINX, and because of this, give the following prompt each time you want to log in, advising you to download and install the ISSOnline driver and certificate. The certificate, however, is issued to the ZKBioSecurity server for 127.0.0.1, so of course this is rather pointless as we are connecting to the NGINX server using a FQDN. This does not happen if we use HTTP:
So my question: is there something in the request (the HTTP header perhaps?) that NGINX forwards to the upstream server that contains the protocol (HTTPS) the client used to connect to the server? Because this somehow seems to be the case.
Here’s our NGINX config for ZKBioSecurity servers:
location /.well-known {
root /home/novacloud/public_html/subdomain/.well-known;
allow all;
try_files $uri = 404;
}
location / {
if ($scheme = http) {
return 301 https://$host$request_uri;
}
proxy_pass http://192.168.0.1:8080;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
The server_name directive is, of course, managed by cPanel. The above is an example of the include files we use in the main cPanel NGINX configuration file. I thought it was the proxy_set_header X-Forwarded-Proto $scheme, but even if I remove this, I still get the Driver Detection Exception prompt.
Here’s a Pastebin of a cURL of the ZKBioSecurity server from our cPanel/NGINX server

I want to host a static website on EC2 with nodejs app too

I am trying to host a static website on EC2 but no luck.
here is my config file node
server {
listen 80;
server_name localhost;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass "http://127.0.0.1:3000";
}
}
I want to host static website too.
How can I do that on EC2
I'm not sure how I can explain it end to end. I hope you got a basic idea of how it works.
From your question, I can understand that you are having some problems with the Nginx configuration.
your Nginx config file should look like this,
location / {
# This would be the directory where your frontend code resides
root /var/www/html/;
try_files $uri /index.html;
}
location /api {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:3000/;
proxy_set_header Host $http_host;
proxy_redirect off;
}
You can use PM2 for running the nodejs app in your VM.
Here Nginx would be webserver for your frontend application and a proxy to your backend application, all the request is going to hit on your Nginx server.
I hope this is what you are looking for.

Nginx docker reverse proxy with http/https and tcp (ssh)

I have a docker container with nginx (v. 1.17, no plus version) set up as a reverse-proxy (http/https) to other docker containers and machines.
An example configuration I have is the following:
server {
resolver 127.0.0.11;
listen 443 ssl;
server_name gitlab.mydomain.com;
location / {
proxy_pass http://gitlab:30000;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
And this works perfectly.
What is missing is the configuration for accessing gitlab (and other machines I need) trough SSH.
I saw in some other questions that you can use streams and other new nginx features, but I didn't quite get how to embed this with my current configuration.
Can someone help me with this settings? How can we combine http/https reverse proxy with ssh reverse-proxy?

WildFly 8.2.1 and nGinX

I have 2 servers(CentOS7) in LAN WildflyAPP and nGinX.
nGinX is having 2 eth cards. One connected with LAN(192.X.X.X network) and second up to the wild world (external static IP).
I'm trying to use nGinX as Proxy to Wildfly 8.2.1(as a service) using subdomains:
app.mydomain.com to be used as proxy to Wildfly application (8080 port)
wildfly.mydomain.com for management to wildfly (9000 port)
In both cases im receiving 502 error
I used default configuration for nGinx:
server {
listen 80;
server_name app.mydomain.com;
error_log /var/log/nginx/app-error.log;
access_log /var/log/nginx/app-access.log;
location / {
proxy_pass http://192.X.X.X:8080/;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
add_header Cache-Control "no-cache, no-store";
}
}
I also tried versions with:
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
Nothing i found anywhere in net helped (standalone file checked and looks ok, APP accessible from LAN at 8080 without any problems).
Please help me what i am doing wrong here.

Resources