I have following nginx config. if I remove the cache config for css everything works and all css files load perfectly via reverse proxy. but when I put in cache config for .css that results in 404 for all my css resources:
location ~* \.css {
add_header Cache-Control public;
add_header Pragma public;
add_header Vary Accept-Encoding;
expires 1M;
}
location / {
proxy_pass http://localhost:8080;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
}
Nginx chooses a single location to process a request. That location needs to be complete. See how Nginx processes a request.
Your location ~* \.css block is missing the proxy_pass statement.
The proxy_set_header statements can be moved to the outer block and inherited by both location blocks.
For example:
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
location / {
proxy_pass http://localhost:8080;
}
location ~* \.css {
add_header Cache-Control public;
add_header Pragma public;
add_header Vary Accept-Encoding;
expires 1M;
proxy_pass http://localhost:8080;
}
Related
i use nginx as a reverse proxy to connect a api. The problem is when i send a query after add or remove something. Nginx send me the old json value. I tried to disabled cache but it's not working.
my nginx config:
location / {
sendfile off;
add_header Last-Modified $date_gmt;
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
proxy_no_cache 1;
proxy_cache_bypass 1;
proxy_pass http://127.0.0.1:5000;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header HTTPS $https;
}
i tried query without nginx and all work well in console
thank you!
According to the documentation proxy_cache you have to replace
proxy_no_cache 1;
proxy_cache_bypass 1;
proxy_no_cache and proxy_cache_bypass defines conditions under which the response will not be saved to a cache.
Then to disable the cache, you can replace these two condition with
proxy_cache off;
Here a full exemple that you can use to configure a proxy for a stateless api server
location /myapi {
# Proxy
proxy_set_header X-Localhost true;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8080/myapi;
proxy_redirect off;
proxy_buffers 32 16k;
proxy_busy_buffers_size 64k;
proxy_cache off;
# Headers for client browser NOCACHE + CORS origin filter
add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
expires off;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept' always;
allow all;
}
I'm using Nginx in front of Glassfish (java application server) to serve my static content. I'm using following setting to set the expire headers
location /javax.faces.resource/images/ {
proxy_pass http://xx.xxx.xx:8080/javax.faces.resource/images/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
expires 365d;
add_header Pragma public;
add_header Cache-Control "public";
}
I have also CSS and JS files inside /javax.faces.resource/ and want to set another expire header. How can I achieve this without breaking the setting for images?
Another question: I noticed that sometimes there is many Cache-Control entries in Response header. Is there a possibility to reset the properties instead of using add_header? Thanks
EDITED
server {
listen xx.x.yy.xxx:80;
server_name mydomain.com www.mydomain.com ;
rewrite ^/(.*) https://www.$server_name/$1 permanent;
}
server {
listen xx.x.yy.xxx:443; ## listen for ipv4
server_name www.mydomain.com;
ssl on;
ssl_certificate /etc/ssl/www.mydomain.com.2018.pem;
# Path to an SSL certificate;
ssl_certificate_key /etc/ssl/www.mydomain.com.2018.key;
# Path to the key for the SSL certificate;
client_max_body_size 20M;
access_log /var/log/nginx/mydomain.com.access.log upstreamlog;
error_log /var/log/nginx/mydomain.com.error.log;
rewrite_log on;
location / {
proxy_pass http://xx.x.yy.xxx:8080;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header HTTPS "on";
}
location /nginx_status {
stub_status on;
access_log off;
# allow 1.1.1.1;
# deny all;
}
location /images/ {
proxy_pass http://xx.x.yy.xxx:8080/images/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
expires 365d;
add_header Pragma public;
add_header Cache-Control "public";
#add_header X-Cache-Status $upstream_cache_status;
#add_header Strict-Transport-Security max-age=15768000;
}
location /resources/desktop/images/ {
proxy_pass http://xx.x.yy.xxx:8080/resources/desktop/images/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
expires 365d;
add_header Pragma public;
add_header Cache-Control "public";
#add_header X-Cache-Status $upstream_cache_status;
#add_header Strict-Transport-Security max-age=15768000;
}
location /javax.faces.resource/images/ {
proxy_pass http://xx.x.yy.xxx:8080/javax.faces.resource/images/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
expires 365d;
add_header Pragma public;
add_header Cache-Control "public";
}
}
i want nginx to service http://myhost.com/v2 staic content directly ,
but proxy http://myhost.com/ to http://mytomcat:8080/
my config of /etc/nginx/sites-enabled/default
location /v2/static {
}
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# try_files $uri $uri/ =404;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080/;
}
now , got HTTP ERROR 404 when accessing http://myhost.com/ ,but http://mytomcat:8080/ is working,
any one can tell me how to config nginx ?
Set port_in_redirect off; Set your config exactly as below:
location / {
proxy_pass http://127.0.0.1:8080/;
port_in_redirect off;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
Hope that helps
I have the following nginx configuration for one of my virtual servers:
upstream app_example_https {
server 127.0.0.1:1340;
}
proxy_cache_path /Users/jaanus/dev/nginxcache levels=1:2 keys_zone=S3CACHE:10m;
proxy_cache_key "$scheme$request_method$host$request_uri";
server {
listen 0.0.0.0:1338;
server_name localhost;
ssl on;
ssl_certificate /Users/jaanus/dev/devHttpsCert.pem;
ssl_certificate_key /Users/jaanus/dev/devHttpsKey.pem;
location = / {
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host 'something.s3-website-us-east-1.amazonaws.com';
proxy_set_header Authorization '';
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-request-id;
proxy_hide_header Set-Cookie;
proxy_ignore_headers Set-Cookie;
proxy_cache S3CACHE;
proxy_cache_valid any 60m;
add_header X-Cached $upstream_cache_status;
proxy_pass http://something.s3-website-us-east-1.amazonaws.com/;
}
location /static/ {
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host 'something.s3-website-us-east-1.amazonaws.com';
proxy_set_header Authorization '';
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-request-id;
proxy_hide_header Set-Cookie;
proxy_ignore_headers Set-Cookie;
proxy_cache S3CACHE;
proxy_cache_valid any 60m;
add_header X-Cached $upstream_cache_status;
proxy_pass http://something.s3-website-us-east-1.amazonaws.com/static/;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://app_example_https/;
proxy_redirect off;
}
}
What this does in English:
There’s an nginx frontend which serves requests either from a static Amazon S3 site, or an application server.
All requests to / (site root) and /static are reverse-proxied from Amazon S3. All other requests are reverse-proxied from the application server.
Now, the problem: there are two almost identical Location blocks for the S3. This was the only way how I could make this configuration work, where two specific folders (root and /static) are served from S3, and everything else goes to the application server.
Two almost-identical blocks look dumb and are not scalable. When I add such folders, I don’t want to keep duplicating the blocks.
How do I merge the two locations into one Location block, while keeping everything working the same way?
You could put repeating part into external file and include it.
amazon.inc
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host 'something.s3-website-us-east-1.amazonaws.com';
proxy_set_header Authorization '';
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-request-id;
proxy_hide_header Set-Cookie;
proxy_ignore_headers Set-Cookie;
proxy_cache S3CACHE;
proxy_cache_valid any 60m;
add_header X-Cached $upstream_cache_status;
proxy_pass http://something.s3-website-us-east-1.amazonaws.com;
your config
location = / {
include amazon.inc;
}
location /static/ {
include amazon.inc;
}
location / {
# proxy to you app
}
If you prefer to keep all in one file, you could use this trick:
error_page 470 = #amazon;
location = / {
return 470;
}
location /static/ {
return 470;
}
location #amazon {
# proxy to amazon
}
You could use regexp to merge several locations together, but I would not recommend to do that because it's hard to read and understand and is less efficient than simple prefix locations. But, just as an example:
# NOT RECOMMENDED
location ~ ^/($|static/) {
# proxy to amazon
}
I've got an Elasticsearch cluster plus Logstash and Kibana, and I only want to expose a read-only window into the indexes, with the exception of the index kibana-int so that dashboards can be saved.
I've found a suitable ES proxy config, and I've modified it to use limit_except to disallow write/modify to other indexes, but much of the config is needlessly duplicated. Is there a cleaner way to define this?
upstream elasticsearch {
server es-01.iad.company.com:9200;
server es-02.iad.company.com:9200;
}
server {
listen 9200;
server_name elasticsearch.proxy;
client_max_body_size 50m;
location / {
limit_except GET POST HEAD OPTIONS {
deny all;
}
proxy_pass http://elasticsearch;
proxy_redirect off;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass_header Access-Control-Allow-Origin;
proxy_pass_header Access-Control-Allow-Methods;
proxy_hide_header Access-Control-Allow-Headers;
add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type';
add_header Access-Control-Allow-Credentials true;
}
location /kibana-int/ {
proxy_pass http://elasticsearch;
proxy_redirect off;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass_header Access-Control-Allow-Origin;
proxy_pass_header Access-Control-Allow-Methods;
proxy_hide_header Access-Control-Allow-Headers;
add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type';
add_header Access-Control-Allow-Credentials true;
}
}
There are several ways:
Solution 1
You could put repeating config into file and include it.
Your config:
upstream elasticsearch {
server es-01.iad.company.com:9200;
server es-02.iad.company.com:9200;
}
server {
listen 9200;
server_name elasticsearch.proxy;
client_max_body_size 50m;
location / {
limit_except GET POST HEAD OPTIONS {
deny all;
}
include proxy.inc;
}
location /kibana-int/ {
include proxy.inc;
}
}
proxy.inc:
proxy_pass http://elasticsearch;
proxy_redirect off;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_hide_header Access-Control-Allow-Headers;
add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type';
add_header Access-Control-Allow-Credentials true;
Solution 2
Other way is use nginx's directive inheritance.
upstream elasticsearch {
server es-01.iad.company.com:9200;
server es-02.iad.company.com:9200;
}
server {
listen 9200;
server_name elasticsearch.proxy;
client_max_body_size 50m;
proxy_redirect off;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_hide_header Access-Control-Allow-Headers;
add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type';
add_header Access-Control-Allow-Credentials true;
location / {
limit_except GET POST HEAD OPTIONS {
deny all;
}
proxy_pass http://elasticsearch;
}
location /kibana-int/ {
proxy_pass http://elasticsearch;
}
}
BTW, your proxy_pass_header directives are needless. Nginx proxies almost all headers by default.