I am currently serving my website using Nginx and Gunicorn.
In particular, Nginx is serving static files and Gunicorn is serving rest-api.
This is my current Nginx configuration:
worker_processes 2;
user nobody nogroup;
# 'user nobody nobody;' for systems with 'nobody' as a group instead
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024; # increase if you have lots of clients
accept_mutex on; # set to 'on' if nginx worker_processes > 1
# 'use epoll;' to enable for Linux 2.6+
# 'use kqueue;' to enable for FreeBSD, OSX
}
http {
include mime.types;
# fallback in case we can't determine a type
default_type application/octet-stream;
access_log /var/log/nginx/access.log combined;
sendfile on;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
upstream app_server {
# fail_timeout=0 means we always retry an upstream even if it failed
# to return a good HTTP response
# for UNIX domain socket setups
# server unix:/tmp/gunicorn.sock fail_timeout=0;
# for a TCP configuration
server 127.0.0.1:8181 fail_timeout=0;
}
server {
listen 80;
listen [::]:80;
server_name www.miralytics.social;
return 301 https://www.miralytics.social$request_uri;
}
server {
# if no Host match, close the connection to prevent host spoofing
listen 443 default ssl;
ssl_certificate /certificates/fullchain1.pem;
ssl_certificate_key /certificates/privkey1.pem;
server_name www.miralytics.social;
gzip on;
gzip_vary on;
gzip_types text/plain text/html text/xml text/css application/x-javascript image/png image/jpeg application/javascript application/octet-stream application/json;
gzip_proxied any;
gzip_http_version 1.1;
gzip_min_length 0;
gzip_comp_level 9;
gzip_buffers 16 8k;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
keepalive_timeout 5;
# path for static files
root /home/edge7/UIBackend/dist;
location ~ ^/(images|javascript|js|css|flash|media|static)/ {
root /home/edge7/UIBackend/dist;
expires 1d;
}
location /auth/register {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
# we don't want nginx trying to do something clever with
# redirects, we set the Host: header above already.
proxy_redirect off;
proxy_pass http://localhost:8181;
}
location /auth/login {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
# we don't want nginx trying to do something clever with
# redirects, we set the Host: header above already.
proxy_redirect off;
proxy_pass http://localhost:8181;
}
location / {
# checks for static file, if not found proxy to app
try_files $uri #proxy_to_app;
}
location #proxy_to_app {
proxy_pass http://localhost:8181;
}
add_header Cache-Control no-cache; #(no cache for testing reasons)
}
}
Here the official prerender configuration for Nginx, but as you can see it does not fit my current configuration because I already have #proxy_to_app.
Has anyone experience with this?
You can just modify your config a little bit so where you have this:
location / {
# checks for static file, if not found proxy to app
try_files $uri #proxy_to_app;
}
You would want to change that to:
location / {
proxy_set_header X-Prerender-Token YOUR_TOKEN;
set $prerender 0;
if ($http_user_agent ~* "googlebot|bingbot|yandex|baiduspider|twitterbot|facebookexternalhit|rogerbot|linkedinbot|embedly|quora link preview|showyoubot|outbrain|pinterest|slackbot|vkShare|W3C_Validator") {
set $prerender 1;
}
if ($args ~ "_escaped_fragment_") {
set $prerender 1;
}
if ($http_user_agent ~ "Prerender") {
set $prerender 0;
}
if ($uri ~* "\.(js|css|xml|less|png|jpg|jpeg|gif|pdf|doc|txt|ico|rss|zip|mp3|rar|exe|wmv|doc|avi|ppt|mpg|mpeg|tif|wav|mov|psd|ai|xls|mp4|m4a|swf|dat|dmg|iso|flv|m4v|torrent|ttf|woff|svg|eot)") {
set $prerender 0;
}
#resolve using Google's DNS server to force DNS resolution and prevent caching of IPs
resolver 8.8.8.8;
if ($prerender = 1) {
#setting prerender as a variable forces DNS resolution since nginx caches IPs and doesnt play well with load balancing
set $prerender "service.prerender.io";
rewrite .* /$scheme://$host$request_uri? break;
proxy_pass http://$prerender;
}
# checks for static file, if not found proxy to app
try_files $uri #proxy_to_app;
}
Related
This is my nginx configuration:
upstream itw_upstream {
server 127.0.0.1:2019 fail_timeout=3s;
}
proxy_cache_path /var/cache/nginx/mpword levels=2:2 keys_zone=itw_cache:10m inactive=300d max_size=1g;
proxy_temp_path /var/cache/nginx/tmp;
#
# the reverse proxy server as www
#
server {
listen 80;
server_name blog.demo.com;
root /opt/mpword/none;
access_log /opt/mpword/log/www_access.log;
error_log /opt/mpword/log/www_error.log;
client_max_body_size 2m;
gzip on;
gzip_min_length 1024;
gzip_buffers 4 8k;
gzip_types text/css application/x-javascript application/json;
sendfile on;
location = /favicon.ico {
proxy_pass http://source.blog.demo.com; // this is the line 14.
}
location = /robots.txt {
proxy_pass http://source.blog.demo.com;
}
location ~ /static/ {
rewrite ^(.*) http://static.blog.demo.com$1 permanent;
}
location ~ /files/ {
rewrite ^(.*) http://static.blog.demo.com$1 permanent;
}
location / {
proxy_pass http://itw_upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
#
# the source server that serves static files and uploaded files
#
server {
listen 80;
server_name source.blog.demo.com;
root /opt/mpword/../src/main/resources;
access_log /opt/mpword/log/source_access.log;
error_log /opt/mpword/log/source_error.log;
client_max_body_size 1m;
gzip on;
gzip_min_length 1024;
gzip_buffers 4 8k;
gzip_types text/css application/x-javascript application/json;
sendfile on;
location ~ /static/ {
}
location ~ /files/ {
proxy_pass http://itw_upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache itw_cache;
proxy_cache_key $uri;
proxy_cache_valid 1d;
expires 1d;
}
}
#
# the simulated CDN server
#
server {
listen 80;
server_name static.blog.demo.com;
access_log /opt/mpword/log/static_access.log;
error_log /opt/mpword/log/static_error.log;
client_max_body_size 1m;
gzip on;
gzip_min_length 1024;
gzip_buffers 4 8k;
gzip_types text/css application/x-javascript application/json;
sendfile on;
location ~ /static/ {
add_header "Access-Control-Allow-Origin" "http://blog.demo.com";
add_header "Access-Control-Allow-Methods" "GET, POST";
proxy_pass http://source.blog.demo.com;
proxy_read_timeout 3s;
}
location ~ /files/ {
add_header "Access-Control-Allow-Origin" "http://blog.demo.com";
add_header "Access-Control-Allow-Methods" "GET, POST";
proxy_pass http://source.blog.demo.com;
proxy_read_timeout 3s;
}
}
but when I run nginx -t I get error:
nginx: [emerg] host not found in upstream "source.blog.demo.com" in /etc/nginx/conf.d/blog.demo.com.conf:14
nginx: configuration file /etc/nginx/nginx.conf test failed
I didn't find the issue? how to solve it?
This is your config:
server {
server_name blog.demo.com;
location = /favicon.ico {
proxy_pass http://source.blog.demo.com; # here you ask for a upstream server
}
}
server {
server_name source.blog.demo.com; # here you spin up the upstream server
}
Didn't test it, but I think the problem is, that nginx is looking for upstream servers given in proxy_pass. But the server source.blog.demo.com is not running at the time where the proxy_pass directive is loaded in the server blog.demo.com.
So 1.) make the second server the first one to spin up and the third the second. Finally run the blog.demo.com.
Or 2.) use the workaround preventing nginx checking for upstream servers in proxy_pass:
server {
resolver 8.8.8.8 valid=30s; # or any other reachable DNS, e.g. 127.0.0.11 for docker
location = /favicon.ico {
set $upstream_source source.blog.demo.com;
proxy_pass http://$upstream_source/favicon.ico;
}
}
I am trying to implement Dynamic Rendering for google.
I have a server on Laravel Forge for serving a Nuxt.js application and I want to use prerender.io
Prerender.io gives an nginx config to use but my current config seems a lot different from it. I don't have any experience with it so I am asking for help if there is anyone who can help.
This is my current nginx config
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/beta.example.com/before/*;
map $sent_http_content_type $expires {
"text/html" epoch;
"text/html; charset=utf-8" epoch;
default off;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name beta.example.com;
root /home/forge/beta.example.com/dist;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/beta.example.com/50331/server.crt;
ssl_certificate_key /etc/nginx/ssl/beta.example.com/50331/server.key;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
charset utf-8;
gzip on;
gzip_types text/plain application/xml text/css application/javascript;
gzip_min_length 1000;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/beta.example.com/server/*;
location / {
expires $expires;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 1m;
proxy_connect_timeout 1m;
proxy_pass http://127.0.0.1:3000; # set the adress of the Node.js
}
access_log off;
error_log /var/log/nginx/beta.example.com-error.log error;
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/beta.example.com/after/*;
This is how it should look like
https://gist.github.com/thoop/8165802
My main question basically is what happens to the current location / block.
You have two ways to achieve your goal:
Nuxt.js has its own pre-render solution. you could find it here.
If you still want to use prerender.io, here is an example:
I saw that your Nginx is proxying all traffic to http://127.0.0.1:3000, which is presumably a backend written in Node.js. So you could directly update your location / block to use prerender.io to catch everything.
...
location / {
proxy_set_header X-Prerender-Token YOUR_TOKEN;
set $prerender 0;
if ($http_user_agent ~* "googlebot|bingbot|yandex|baiduspider|twitterbot|facebookexternalhit|rogerbot|linkedinbot|embedly|quora link preview|showyoubot|outbrain|pinterest|slackbot|vkShare|W3C_Validator") {
set $prerender 1;
}
if ($args ~ "_escaped_fragment_") {
set $prerender 1;
}
if ($http_user_agent ~ "Prerender") {
set $prerender 0;
}
if ($uri ~* "\.(js|css|xml|less|png|jpg|jpeg|gif|pdf|doc|txt|ico|rss|zip|mp3|rar|exe|wmv|doc|avi|ppt|mpg|mpeg|tif|wav|mov|psd|ai|xls|mp4|m4a|swf|dat|dmg|iso|flv|m4v|torrent|ttf|woff|svg|eot)") {
set $prerender 0;
}
#resolve using Google's DNS server to force DNS resolution and prevent caching of IPs
resolver 8.8.8.8;
if ($prerender = 1) {
#setting prerender as a variable forces DNS resolution since nginx caches IPs and doesnt play well with load balancing
set $prerender "service.prerender.io";
rewrite .* /$scheme://$host$request_uri? break;
proxy_pass http://$prerender;
}
try_files #backend;
}
location #backend {
expires $expires;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 1m;
proxy_connect_timeout 1m;
proxy_pass http://127.0.0.1:3000; # set the adress of the Node.js
}
...
I have a cloud server and my application is on my server. I currently do not have a domain but i would like to use nginx as a webserver for my application. So i configured in the nginx the following for this application.
I do not have a domain so example.com is just used as a proxy_pass url but it doesnt seem to be working.
/etc/nginx/sites-enabled/example.com
upstream puma_example {
server unix:///home/deploy/sites/example.com/shared/tmp/sockets/example.sock;
}
server {
listen 80 ;
server_name example.com;
gzip on;
gzip_http_version 1.0;
gzip_disable "msie6";
gzip_vary on;
gzip_min_length 1100;
gzip_buffers 64 8k;
gzip_comp_level 3;
gzip_proxied any;
gzip_types text/css text/xml application/x-javascript application/atom+xml text/mathml text/plain text/vnd.sun.j2me.app-descriptor text/vnd.wap.wml text/x-component;
root /home/deploy/sites/example.com/current/public;
access_log /home/deploy/sites/example.com/current/log/nginx.access.log;
error_log /home/deploy/sites/example.com/current/log/nginx.error.log info;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri #puma_example;
location #puma_example {
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://puma_example;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 25M;
keepalive_timeout 10;
}
When i run my rails application i can see that is running but i cant seem to link it via nginx. So when i so http://example.com, it doesnt load my application.
What am i missing? how do i get my application to connect locally via nginx with no domain name on my cloud server.
Any help is appreciated.
You can use your ip address, here is a simplified example.
upstream 127.0.0.1 {
server unix:///var/run/yourapp.sock;
}
server {
listen 80;
server_name 127.0.0.1;
root /var/www/yourapp/current/public;
location / {
proxy_pass http://127.0.0.1/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
I'd like to run two instance of Odoo v10 on different links.
the 1st instance will include multiple databases for our testing purposes running on this link mydoamin.com
And for the second instance will be holding demo databases for our clients to demonstrate Odoo for them on this link clients.mydomain.com
Both instances should be running on the same server.
I did a lot of research to figure out how to achieve this approach, but I didn't find any guide can help me to do it by using Nginx reverse proxy.
Here's my Nginx configuration file:
upstream backend-odoo {
server 127.0.0.1:8069;
}
upstream backend-odoo-im {
server 127.0.0.1:8072;
}
server {
listen 80;
add_header Strict-Transport-Security max-age=2592000;
rewrite ^/.*$ https://example.com$request_uri? permanent;
}
server {
listen 443 default;
# ssl settings
ssl on;
ssl_certificate
/etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.pem;
keepalive_timeout 60;
#increase the upload file size limit
client_max_body_size 300M;
# proxy header and settings
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
# odoo log files
access_log /var/log/nginx/odoo-access.log;
error_log /var/log/nginx/odoo-error.log;
# increase proxy buffer size
proxy_buffers 16 64k;
proxy_buffer_size 128k;
# force timeouts if the backend dies
proxy_next_upstream error timeout invalid_header http_500
http_502 http_503;
# enable data compression
gzip on;
gzip_min_length 1100;
gzip_buffers 4 32k;
gzip_types text/plain application/x-javascript text/xml text/css;
gzip_vary on;
location / {
proxy_pass http://backend-odoo;
}
location ~* /web/static/ {
# cache static data
proxy_cache_valid 200 60m;
proxy_buffering on;
expires 864000;
proxy_pass http://backend-odoo;
}
location /longpolling {
proxy_pass http://backend-odoo-im;
}
}
PS. I tried to set db filter = ^%d$ in odoo configuration file but it I get nothing.
Try dbfilter = %h$ that works for me better.
You have to rename your databases that it matches the URL's.
yourdomain.com get yourdomain_com as DB name.
I have a reverse-proxy setup(I think), for gunicorn running a falcon app. I was also able to setup SSL on the nginx server. The /etc/nginx/nginx.conf:
worker_processes 1;
user nobody nogroup;
pid /tmp/nginx.pid;
error_log /tmp/nginx.error.log;
events {
worker_connections 1024; # increase if you have lots of clients
accept_mutex off; # set to 'on' if nginx worker_processes > 1
}
http {
include mime.types;
# fallback in case we can't determine a type
default_type application/json;
access_log /tmp/nginx.access.log combined;
sendfile on;
gzip on;
gzip_http_version 1.0;
gzip_proxied any;
gzip_min_length 500;
gzip_disable "MSIE [1-6]\.";
gzip_types application/json;
upstream app_server {
# fail_timeout=0 means we always retry an upstream even if it failed
# to return a good HTTP response
server 127.0.0.1:6789 fail_timeout=0;
}
server {
# if no Host match, close the connection to prevent host spoofing
listen 80 default_server;
return 444;
}
server {
listen 443 ssl;
client_max_body_size 4G;
# set the correct host(s) for your site
server_name 0.0.0.0;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
keepalive_timeout 2;
location / {
proxy_bind $server_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_redirect off;
proxy_pass http://app_server;
}
}
}
What do I need to change so that the response headers from gunicorn are preserved? Also, I am completely new to this. So is there anything that I should change?