nginx port binding issues - http

Of course the port is already in use! hence my desire to redirect it! - I don't understand how I'm suppose to be able to redirect an app on 8787 to the https version if I can't start nginx due to this bind error?
nginx: configuration file /etc/nginx/nginx.conf test is successful
nginx: [emerg] bind() to 0.0.0.0:8787 failed (98: Address already in use)
server block:
server {
listen 8787;
listen [::]:8787 ipv6only=on;
server_name www.example.* example.* 45.224.123.199;
# SSL
ssl_certificate /etc/nginx/ssl/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/sample.key;
port_in_redirect off;
return 302 https://example.com$request_uri;
}

Each application , in this case the upstream application and nginx, need their own unique ip and port binding pair. Generally, ONE application per IP can anybind.
You need to either:
choose a unique port for the proxy and upstream pairing (change nginx port, or change application port)
OR
chose a unique IP binding for your application.
Very often, a good practice is to application bind to the LAN ip instead of the public IP, to better isolate your application from the public internet.

Related

No resolver defined to resolve myipp.com in nginx on google cloud

My puprose is to use nginx as a proxy for another application and I get an error above and I get 502 badgateway when I try to access my app.
My nginx configurations are shown below and I already unlinked the default nginx configurations but I still get the error below in /var/log/nginx/error.log.
Any clues ?
server{
listen 80 default_server ;
listen [::]:80 default_server;
server_name pivot.staging.ippen.space;
location / {
resolver 127.0.0.53
proxy_pass https://$server_name:443/;
}
}
and when i used 127.0.0.1 / 8.8.8.8 as a resolver I get the folowing error:
nginx: [emerg] host not found in resolver "proxy_pass" in /etc/nginx/sites-enabled/custom_server.conf:9
I use nginx as a VM instance on Google cloud and I have two firewall rules (allow http and allow ssh access); OS is ubuntu 16.04.

Nginx proxy conf for minecraft not working

Hi I am trying to get a nginx conf working with minecraft.
I created several subdomains (A-records) and I want to use only the subdomains (without port).
Therefore I installed nginx (stable release) on CentOS 7.
Added portforward in my router on 25565 to this VM (fixed IP) and added 25565 (tcp, permanent) to the firewall. Testing nginx with default ip (port 80) => Welcome to nginx....
Testing port 25565 (with minecraft) also works.
Left nginx.conf and default.conf intact (no changes) and added my minecraft.conf in /etc/nginx/conf.d/
Minecraft uses tcp protocol (I asume this is supported by nginx) and listens default to 25565 that's why I run my instances on 25566 and 25567
As far as I understood main directives like http(s), stream etc. should be declared in nginx.conf
It's not posible to declare a stream in the minecraft.conf (in ./conf.d/)
Also not possible to proxy_pass to the upstream (directive proxy_pass not allowed here)
(I can use location / { http://..} but that's not tcp)
What do I miss to make it work as I want to use a proxy (Network Solutions does not allow SRV records for subdomains)
my minecraft.conf:
upstream mcserver1 {
server 192.168.1.14:25566;
}
upstream mcserver2 {
server 192.168.1.14:25567;
}
server {
listen 25565;
server_name camelot.xyz.net;
access_log /var/log/nginx/mcs1.access;
error_log /var/log/nginx/mcs1.error;
proxy_pass mcserver1;
}
server {
listen 25565;
server_name cityworld.xyz.net;
access_log /var/log/nginx/mcs2.access;
error_log /var/log/nginx/mcs2.error;
proxy_pass mcserver2;
}
In the default error.log I find
2021/04/11 21:37:12 [notice] 5525#5525: signal process started
2021/04/11 21:37:12 [emerg] 2325#2325: bind() to 0.0.0.0:25565 failed (98: Address already in use)
2021/04/11 21:37:12 [emerg] 2325#2325: still could not bind()

Using proxy_pass to forward http requests based on headers

I'm using a combination of ip6tables and nginx to process http requests from clients. The nginx server listens on port 8081 and must forward a request after examining the header.
Clients can send two types of requests:
GET/POST with no headers. These should be re-directed to https://jaguar.mydomain.com
GET/POST with specific header elb-jaguar.mydomain.com. These should be redirected to https://elb-jaguar.mydomain.com
When run as nginx -c /home/build/v6-only.conf, nginx fails because one server{} directive already has listen on port 8081
nginx: [emerg] duplicate listen options for [::]:8081 in /etc/nginx/v6/v6-only.conf:13
My config is as below:
server {
listen [::]:8081 ssl ipv6only=on;
server_name elb-jaguar.mydomain.com;
ssl_certificate /etc/ssl/elb.crt;
ssl_certificate_key /etc/ssl/elb.key;
location / {
proxy_pass https://elb-jaguar.mydomain.com:443;
}
}
server {
listen [::]:8081 ssl ipv6only=on;
ssl_certificate /etc/ssl/regular.crt;
ssl_certificate_key /etc/ssl/regular.key;
server_name jaguar.mydomain.com;
location / {
proxy_pass https://jaguar.mydomain.com:443;
}
}
How can I fix the above config to get the desired forwarding with proxy_pass?
Difficult to see because that setup should work.
But looking closer at the NGINX docs and your need for IPv6 only, it says (my emphasis):
ipv6only=on|off
this parameter (0.7.42) determines (via the IPV6_V6ONLY socket option) whether an IPv6 socket listening on a wildcard address [::] will accept only IPv6 connections or both IPv6 and IPv4 connections. This parameter is turned on by default. It can only be set once on start.
Because the error message complains of 'duplicate listen options', not 'already listening on that port' or similar, it suggests it is complaining about trying to set ipv6only a second time (even to the same value).
Also, it does say This parameter is turned on by default, so you could easily just remove it altogether, if only to try it.

nginx listen directive confusion

I am trying to configure nginx i m trying to find how listen directive in server block works.
suppose i have this config:
server {
listen 192.168.11.12:80;
}
Does it mean nginx will listen for requests on port 80 which is coming from ip: 192.168.11.22 . or does it mean it will listen on ip 192.168.11.12 and on port 80. I searched for docs but they simply mention how server block works.
The second one, it will listen on that ip and port.

How to make nginx to listen to server_name:port

In my nginx conf file, I have :
listen 80;
server_name $hostname;
however if I do netstat I see that it is listening on 0.0.0.0:80
what I want to happen, is the nginx to listen to $hostname:80 , is there a way to configure it to do that?
I tried different settings with no success so far. Appreciate your help.
The server_namedocs directive is used to identify virtual hosts, they're not used to set the binding.
netstat tells you that nginx listens on 0.0.0.0:80 which means that it will accept connections from any IP.
If you want to change the IP nginx binds on, you have to change the listendocs rule.
So, if you want to set nginx to bind to localhost, you'd change that to:
listen 127.0.0.1:80;
In this way, requests that are not coming from localhost are discarded (they don't even hit nginx).

Resources