I would like to use dashboard as my nginx location for my grafana install.
The problems is grafana uses dashboard in some of it url's like https://example.com/grafana/dashboard/new?orgId=1, where I would like it to be https://example.com/dashboard/dashboard/new?orgId=1 and I think my nginx location is rewriting to https://example.com/dashboard/new?orgId=1.
When I have it setup to use grafana as the subpath it all work as expected;
grafana.ini:
[server]
http_addr = 127.0.0.1
domain = example.com
root_url = %(protocol)s://%(domain)s/grafana/
nginx config:
# Upstream Servers
upstream grafana_server {
server localhost:3000;
}
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
root /var/www/example.com/html;
index index.html index.htm;
server_name example.com www.example.com;
location /grafana/ {
proxy_pass http://grafana_server/;
proxy_set_header Host $host;
}
}
But changing it to dashboard and navigating to https://example.com/dashboard/dashboard/new?orgId=1 results in the url been rewritten to https://example.com/dashboard/new?orgId=1
grafana.ini:
[server]
http_addr = 127.0.0.1
domain = example.com
root_url = %(protocol)s://%(domain)s/dashboard/
nginx config:
# Upstream Servers
upstream grafana_server {
server localhost:3000;
}
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
root /var/www/example.com/html;
index index.html index.htm;
server_name example.com www.example.com;
location /dashboard/ {
proxy_pass http://grafana_server/;
proxy_set_header Host $host;
}
}
so I have tried a to do a rewrite in the nginx location but can't get it to work as required (really have no clue what to do here)
location ~ (\/dashboard\/) {
proxy_pass http://grafana_server$1;
proxy_set_header Host $host;
}
location ~ /dashboard/ {
rewrite ^ /dashboard/$1;
proxy_pass http://grafana_server;
proxy_set_header Host $host;
}
Any help would be much appreciated.
Regards,
I know this is a bit late - but I stumbled upon the same issue and thought I'd going to share in case somebody else hits this thread:
This isn't an issue with nginx, but with grafana itself.
I could not solve it any other way but renaming the last part of the root_url in something different than /dashboard
Related
I'm trying to find an solution for following problem:
I have an backend working on http://localhost:8080/api.
I want to expose this backend via NGINX.
The backend does not support HTTP but I need to pass the link with HTTPS to OAuth working on it.
So I have two solutions:
Have HTTPS server in NGINX and proxy for location to /api
Redirect from HTTPS URL to HTTP.
Unfortunately, noone of these is working.
I tried
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name example.com;
location /api {
proxy_pass http://localhost:8080/api;
}
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
include /etc/nginx/snippets/self-signed.conf;
include /etc/nginx/snippets/ssl-params.conf;
server_name example.com;
return 301 http://$server_name$request_uri;
}
and
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name 149.156.43.57/p22;
return 302 https://$server_name$request_uri;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
location /api {
proxy_pass http://localhost:8080/api;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}
I have got 2 different URLs that are correctly redirected by Proxy_Pass.
However as soon as I add the default_server (first server below), my 2 URLs are not redirected anymore. They fall into the catch all.
Why is that? I don't understand what is wrong in the default configuration. Thanks for your help!
# default server for this IP
server{
listen xx.xx.xx.xx:8443 default_server;
server_name _;
return 404;
}
server{
listen xx.xx.xx.xx:8443;
server_name *.staging1.yyyy.com staging1.yyyy.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/yyyy.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yyyy.com/privkey.pem;
location / {
proxy_pass http://127.0.0.1:6981;
proxy_set_header Host $host;
}
}
server{
listen xx.xx.xx.xx:8443;
server_name *.staging2.yyyy.com .staging2.yyyy.com
ssl on;
ssl_certificate /etc/letsencrypt/live/yyyy.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yyyy.com/privkey.pem;
location / {
proxy_pass http://127.0.0.1:6982;
proxy_set_header Host $host;
}
}
I would like to redirect my website after entering www.lombo.pl to only lombo.pl (with SSL certificate).
Now when something write www.lombo.pl it does not redirect. I tried to change my nginx file but still to no avail. The user can visit my website via www.lombo.pl (which at the same time shows an error because I do not have a SSL certificate configured for this domain).
upstream app_server {
server unix:/home/app/run/gunicorn.sock fail_timeout=0;
}
server {
#listen 80;
# add here the ip address of your server
# or a domain pointing to that ip (like example.com or www.example.com)
listen 443 ssl;
server_name lombo.pl;
ssl_certificate /etc/letsencrypt/live/lombo.pl/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/lombo.pl/privkey.pem;
server_name 157.245.228.127;
keepalive_timeout 5;
client_max_body_size 4G;
access_log /home/app/logs/nginx-access.log;
error_log /home/app/logs/nginx-error.log;
location /static/ {
alias /home/app/static/;
}
# checks for static file, if not found proxy to app
location / {
try_files $uri #proxy_to_app;
}
location #proxy_to_app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_server;
}
}
server {
listen 80;
server_name lombo.pl;
return 301 https://$host$request_uri;
}
server {
listen 80;
server_name www.lombo.pl;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name www.lombo.pl;
return 301 https://$host$request_uri;
}
Setup: Ubuntu 18.04 Nginx Apache Varnish PHP Server
Nginx handles the traffic in the first place.
I have two domains pointing to the same server.
The first Domain works correct, the second one only redirects to the first one.
What is wrong with my configs?
First config which works fine
(Here the nginx works as an reverse proxy for the varnish and Apache.)
upstream varnish {
server 127.0.0.1:6081;
}
upstream apache {
server 127.0.0.1:8080;
}
server {
if ($host = domain1.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80 default_server;
server_name domain1.com;
include inc/acme-challenge.conf;
location / {
return 301 https://domain1.com$request_uri;
}
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2;
#client_max_body_size 120M;
server_name domain1.com;
location /wp-content/uploads {
alias /var/www/website/wp-content/uploads;
include inc/gzip.conf;
include inc/browser-cache.conf;
}
error_page 502 /502.html;
location = /502.html {
alias /var/www/website/502.html;
}
location / {
proxy_pass http://varnish;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Host $host;
}
location ^~ /phpmyadmin {
allow 45.77.141.32; #qundg
allow 87.191.170.222; #qundg
deny all;
proxy_pass http://varnish;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Host $host;
}
ssl_certificate /etc/letsencrypt/live/domain1.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain1.com/privkey.pem; # managed by Certbot
}
And here ist the second config (this one does not work)
The Domain should only be managed by the nginx without the Apache or Varnish service.
server {
listen 80;
listen [::]:80;
server_name domain2.com *.domain2.com;
root /var/www/domain2.com;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name domain2.com *.domain2.com;
root /var/www/domain2.com;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
Here ist the default config
server {
server_name _;
listen *:80 default_server deferred;
error_log /var/log/nginx/default_server_error.log;
return 444;
}
You're using a wildcard in the second DNS name, that should be something that's not recognized in your certificate.
To get a wildcard you could follow instruction here https://medium.com/#saurabh6790/generate-wildcard-ssl-certificate-using-lets-encrypt-certbot-273e432794d7
I have few case in which I have more than 1 DNS pointing to the same website and for those I created different nginx configuration files, and applied for each che certbot authentication. I noticed that using 3rd level dns (something.mysyte.com) in the same config file brouth certbot to override certificates when I had more than 1.
In your specific case you have 2 dns name in the second configuration and one has a wildcard. If you try to remove the dns with the wildcard and reinstall certificates it should work. You can then setup a new block with each 3rd level domain and get certificate for each one, or follow the guide to get the wildcard certificate.
In my Nginx configuration, I would like to keep one service to be accessible with http, while all the others should be accessed through https, and forced to ssl when trying to connect with http. This is my config:
server{
server_name localhost;
listen 80;
proxy_http_version 1.1;
location /services/ {
proxy_pass http://localhost:47440/;
}
listen / {
rewrite ^ https://$server_name$request_uri? permanent;
}
server{
server_name localhost_ssl;
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/mycert.crt;
ssl_certificate_key /etc/nginx/ssl/mycert.key;
proxy_http_version 1.1;
location /db/ {
proxy_pass http://localhost_ssl:8084/;
}
}
My problem is that when trying to reload I get this error:
host not found in upstream "localhost_ssl" in /etc/nginx/nginx.conf:46
Any idea of why this happens?
It seems your DNS resolver is failing for some reason.
Try adding:
options single-request
to /etc/resolv.conf
This causes IPv6/v4 lookups to be done sequentially.
You got this error because nginx can't find the host "localhost_ssl". Indeed it doesn't exist unless you specify it with upstream directive (or in the hosts file I think).
You should set it to proxy_pass http://localhost:8084/; assuming your service is really listening on 127.0.0.1:8084.
Furthermore you may want to replace listen / { with location / {.
UPDATE : If you access your server with your IP (you don't have a domain name), then you can remove server_name directive :
server {
listen 80;
proxy_http_version 1.1;
location /services {
proxy_pass http://localhost:47440/;
proxy_set_header Host $host;
}
location / {
return 301 https://$host$request_uri?; # Replace $server_name by $host
}
server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/mycert.crt;
ssl_certificate_key /etc/nginx/ssl/mycert.key;
proxy_http_version 1.1;
location /db {
proxy_pass http://localhost:8084/;
proxy_set_header Host $host;
}
}
That config redirects requests received on port 80 to 443 if they don't match location /services. Requests received on port 443 are proxied if they match location /db.
But is this what you really want to achieve ? I mean a request on port 443 for /test would not match any location as there is only /db.