So im wondering if its possible to run a multiple sub directories with my current config of nginx. I would like to have the directories as www.hostname.org/service1 www.hostname.org/service2 is this achievable ? This is my nginx.conf
server {
# Update this line to be your domain
server_name www.hostname.org;
# Ensure these lines point to your SSL certificate and key
# ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# Use these lines instead if you created a self-signed certificate
ssl_certificate /etc/nginx/ssl/www_hostname_org_ee.crt;
ssl_certificate_key /etc/nginx/ssl/hostname.key;
# Ensure this line points to your dhparams file
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# These shouldn't need to be changed
listen [::]:32776 default_server ipv6only=off; # if your nginx version is >= 1.9.5 you can also add the "http2" flag here
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
proxy_buffering off;
location / {
proxy_pass http://10.0.0.8:8123;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
}
location ~ ^/service1 {
proxy_pass http://ipforservice1:8123;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
location ~ ^/service2 {
proxy_pass http://ipforservice2:8123;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
Is this what you wanted? Go to different ips for different services?
Related
I want to proxy pass based on the path to another port (multiple) using NginX.
Example:
/ -> :3000
/test -> :3001
I already config my nginx.conf like this:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.xxx.domain.com;
gzip off;
proxy_max_temp_file_size 0;
ssl_certificate /etc/nginx/ssl/xxx.co.id.pem;
ssl_certificate_key /etc/nginx/ssl/xxx.co.id.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers XXX
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_redirect off;
location / {
proxy_pass http://10.184.0.4:3000;
}
location = /test {
proxy_pass http://10.184.0.4:3001;
}
}
It's success for the /, but for the /test route it's get redirected to port :3000 to the Not Found Page.
Any suggestion to success the proxy pass?
I have a server running on Ubuntu/Nginx. I have subdomains running from different internal ports. I want to expose one application to the public but not associate it with any domain/server name.
Below is my configuration file:
server {
server_name app.example.com www.app.example.com;
access_log /home/hub-app/logs/app.example.com.access.log;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8082;
proxy_redirect off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_cache_bypass $http_upgrade;
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/app.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/app.example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
server_name example.com www.example.com;
access_log /home/hub-public/logs/example.com.access.log;
location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8081;
proxy_redirect off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_cache_bypass $http_upgrade;
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
The above works well and points to the specified domains ie example.com and app.example.com. Now I want to add another virtual server to run at MY_PUBLIC_IP:8080. The port 8080 should not be accessible on the other domains i.e. example.com:8080/app.example.com:8080 should not be available.
I have already deployed in HTTPS. This is my nginx.conf
server {
listen 3000 ssl;
listen [::]:3000 ssl;
server_name localhost hostname.com;
ssl_certificate ssl-bundle.crt;
ssl_certificate_key privatekey.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:4000/;
proxy_redirect off;
proxy_read_timeout 240s;
}
}
I want to run new app with new port on the same domain, I try to add this:
server {
listen 4000 ssl;
listen [::]:4000 ssl;
server_name localhost hostname.com;
ssl_certificate ssl-bundle.crt;
ssl_certificate_key privatekey.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:8000/;
proxy_redirect off;
proxy_read_timeout 240s;
}
}
When run two app I can use https only port 3000 but can not use app on port 4000. How to config file?
I have a Nginx on host, a Rancher server in Docker container. I want to use Nginx reverse proxy Rancher:
Here is my Nginx config:
map $http_upgrade $connection_upgrade {
default Upgrade;
'' close;
}
location /rancher {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
But when I try to access https://mydomain/rancher , static files can not be loaded. I want to know:
Does it common to run Rancher server behind a Nginx proxy?
How can I make my config work?
I am guessing you want to access your application over TLS. Try the following configuration,
server {
listen 443 default_server;
server_name mydomain;
ssl_certificate www.example.com.crt;
ssl_certificate_key www.example.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location /rancher {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
I'm having trouble addressing Neo4j via a reverse proxy with NGINX.
The web client works without problems, but I have no idea about the Bolt protocol.
Here's how the web client works:
server {
listen 80;
server_name XXX;
location / {
proxy_pass http://YYY:7474/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_buffering off;
}
}
But how does the Bolt protocol over port 7687 work?
Thanks.
PS: Google translator ftw.
You need to use nginx compiled with --with-stream. Then you can add below section to your nginx config
stream {
server {
listen 7687;
proxy_pass neo4j:7687;
}
}
Basically you need to use tcp reverse proxy and not http proxy. The above configuration section will be at top level and not inside http or server block
You will need to open port 7687 between your laptop and the server hsoting neo4j.
If you are using let's encrypt and try to connect though SSL. neo4j embedded certificate were not signed by an Authority which was generating the error in my chrome browser.
To make it works, I had to copy my certs in neo4j certificates :
sudo su
cp /etc/letsencrypt/live/MYDOMAIN/fullchain.pem /var/lib/neo4j/certificates/neo4j.cert
cp /etc/letsencrypt/live/MYDOMAIN/privkey.pem /var/lib/neo4j/certificates/neo4j.key
service neo4j restart
Here is what works:
worker_processes auto;
events {
worker_connections 1024;
}
http {
map $http_upgrade $connection_upgrade {
"" close;
default upgrade;
}
upstream neo4j_bolt {
server neo4j:7687;
}
upstream neo4j_insecure {
server neo4j:7474;
}
upstream neo4j_secure {
server neo4j:7473;
}
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://neo4j_insecure;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $host;
}
}
server {
listen 443 ssl;
server_name localhost;
#SSL/https
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_ecdh_curve secp384r1;
ssl_certificate /etc/nginx/conf.d/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/conf.d/ssl/nginx.key;
ssl_dhparam /etc/nginx/conf.d/ssl/dhparam.pem;
location / {
proxy_pass https://neo4j_secure;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 7687 ssl;
server_name localhost;
#SSL/https
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_ecdh_curve secp384r1;
ssl_certificate /etc/nginx/conf.d/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/conf.d/ssl/nginx.key;
ssl_dhparam /etc/nginx/conf.d/ssl/dhparam.pem;
location / {
proxy_pass https://neo4j_bolt;
proxy_http_version 1.1;
proxy_set_header Connection Upgrade;
proxy_set_header Host $host;
proxy_set_header Upgrade $connection_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 7688;
server_name localhost;
location / {
proxy_pass http://neo4j_bolt;
proxy_http_version 1.1;
proxy_set_header Connection Upgrade;
proxy_set_header Host $host;
proxy_set_header Upgrade $connection_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}
Dockerized solution here: https://github.com/joehoeller/nginx-server-neo4j-graph-db