Configure NGINX for client side routing - nginx

I have a side made with React running on Digital Ocean and I'm trying to use client side routing but can't get it to work. This is my Nginx default file
upstream site {
server 123.456.78.90:8080;
keepalive 64;
}
server {
server_name site.xyz www.site.xyz;
try_files $uri /index.html;
location / {
index index.html;
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
#
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
#
# Tell client that this pre-flight info is valid for 20 days
#
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
if ($request_method = 'POST') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
try_files $uri index.html;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
proxy_max_temp_file_size 0;
proxy_pass http://site/;
proxy_redirect off;
proxy_read_timeout 240s;
}
error_page 404 /index.html;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/site.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/site.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.site.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = site.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name site.xyz www.site.xyz;
return 404; # managed by Certbot
}
I added the try_files line and the error_page 404 /index.html so that it would default to index.html where the route could be loaded from my code there but it doesn't work at all. I need the ssl certificate and I need the cors code for another function. I'm not sure why it doesn't direct how I want.

Here's what worked for me:
...
location / {
...
proxy_intercept_errors on;
error_page 404 = /index.html;
...
}

Related

Nginx Server Config Causing CORs Errors

I have a Dotnet Core API I am hosting w/ NGINX. I had this working at one point but something must of changed because I'm getting CORs errors. the Dotnet app has no set settings for CORs and my NGINX site config looks like this.
server {
server_name myapi.com www.myapi.com;
set $cors "";
if ($http_origin ~* (.*)) {
set $cors "true";
}
location / {
proxy_pass http://localhost:52003;
#proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
if ($cors = "true") {
}
if ($request_method = 'OPTIONS') {
#
# Om nom nom cookies
#
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Origin' "$http_origin";
#add_header 'Access-Control-Allow-Authorization' 'true';
add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE, HEAD';
#
# Custom headers and headers various browsers *should* be OK with but aren't
#
add_header 'Access-Control-Allow-Headers' 'Authorization,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
#
# Tell client that this pre-flight info is valid for 20 days
#
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
if ($request_method = 'POST') {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE, HEAD';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Headers' 'Authorization,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
if ($request_method = 'PUT') {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE, HEAD';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Headers' 'Authorization,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
if ($request_method = 'DELETE') {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE, HEAD';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Headers' 'Authorization,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE, HEAD';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Headers' 'Authorization,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/royaletracker.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/royaletracker.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.myapi.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = myapi.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name myapi.com www.myapi.com;
return 404; # managed by Certbot
}
It seemed like it stopped working overnight so I'm pretty stumped. Any help would be greatly appreciated!

Lit-html not found when using polymer build

I have a fairly basic lit-html app that works locally when it's not build.
However when I build it using polymer build using the following config:
{
"entrypoint": "index.html",
"shell": "src/school-home.js",
"sources": [
"src/**.js",
"package.json"
],
"extraDependencies": [
"node_modules/#webcomponents/webcomponentsjs/bundles/**"
],
"builds": [
{"preset": "es6-bundled"}
]
}
This results in a successful build but for some reason I keep getting an error:
I just don't get why it doesn't work. This like the basics of the basics yet it doesn't get found?
Aside: I use nginx for windows since I want to test E2E with my developed APIs.
An additional issue is that I keep getting CORS error for my API calls even though they are on the exact same location?!!
Please help.
Edit:
My NGINX config:
worker_processes 1;
events {
worker_connections 1024;
}
http {
include cors-settings.conf;
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 8000;
server_name localhost;
location /school {
root /html/ing-school;
try_files $uri $uri/ $uri.html /index.html;
}
location ~ ^/(api|login|logout) {
proxy_pass http://localhost:8080;
proxy_set_header Connection "";
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
if ($request_method = 'POST') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested- With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content- Range';
}
}
location /ws {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}

How to setup nginx for ipfs gateway?

I need to make ipfs http gateway through nginx with certbot installed together with redirecting websockets to port 9999, but I am unable to make it work as intended.
The code for running websocket service is on "location /" .
Code for ipfs gateway is at "location /ipfs" .
server {
location /ipfs {
proxy_pass http://0.0.0.0:9001;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
allow all;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_redirect http://0.0.0.0:9999/ /;
proxy_redirect ws://0.0.0.0:9999/ /;
proxy_pass http://0.0.0.0:9999/;
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
allow all; # Any IP can perform any other requests
proxy_set_header Connection "Upgrade";
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Cache-Control,Content-Type,Authorization';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'application/json charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
if ($request_method = 'POST') {
# add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type,Authorization';
}
if ($request_method = 'GET') {
# add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
}
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/recall.network/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/recall.network/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = recall.network) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name recall.network;
return 404; # managed by Certbot
}
My custom code:
location /ipfs {
proxy_pass http://0.0.0.0:9001;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
allow all;
}
do not work as intended
I would like to have an ipfs gateway accessible at https:recall.network/ipfs/HASH*
Resolution is to put correct prefix ^~ in location.
location ^~ /ipfs {
proxy_pass http://0.0.0.0:9001;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
allow all;
}

NGINX Enable CORS for a Google Places API call

I would like to enable CORS for Google Places API in order to call it from an Ionic 2 app with a WkWebView.
I am doing this in my nginx default config:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
server_name _;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Nginx doesn't support nested If statements, so we
# concatenate compound conditions on the $cors variable
# and process later
# If request comes from allowed subdomain
# (*.googleapis.com) then we enable CORS
if ($http_origin ~* (https?://.*\.googleapis\.com(:[0-9]+)?$)) {
set $cors "1";
}
# OPTIONS indicates a CORS pre-flight request
if ($request_method = 'OPTIONS') {
set $cors "${cors}o";
}
# Append CORS headers to any request from
# allowed CORS domain, except OPTIONS
if ($cors = "1") {
more_set_headers 'Access-Control-Allow-Origin: $http_origin' always;
more_set_headers 'Access-Control-Allow-Credentials: true' always;
proxy_pass http://111.111.111.111:80;
}
# OPTIONS (pre-flight) request from allowed
# CORS domain. return response directly
if ($cors = "1o") {
more_set_headers 'Access-Control-Allow-Origin: $http_origin';
more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Headers: Origin,Content-Type,Accept';
add_header Content-Length 0;
add_header Content-Type text/plain;
return 204;
}
# Requests from non-allowed CORS domains
proxy_pass http://111.111.111.111:80;
}
}
But I am geeting a 502 Bad Gateway everytime I call:
http://111.111.111.111/maps/api/place/textsearch/json?key=APIKEY&query=starbucks
Any help, please?
Ok, I've found my mystake, proxy_pass should redirect to google not to my server:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
server_name _;
#location / {
# # First attempt to serve request as file, then
# # as directory, then fall back to displaying a 404.
# try_files $uri $uri/ =404;
#}
location / {
proxy_pass https://maps.googleapis.com;
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'POST,GET,OPTIONS' always;
#preflight request
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Max-Age' '1728000';
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' '0';
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'POST,GET,OPTIONS' always;
return 204;
}
}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}

Nginx auth before return

Im using nginx with auth.
All auths works properly in the locations is set, but I have a location /marathon that return same url with other port. I have added auth to this location, but it does not work. I think is regarding to the return directive but I dont know why and how to handle it or solve it. I've been searching but I can't find nothing about this
Any ideas why or how to handle it?
user root;
worker_processes 4; # 2 per core
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
use epoll;
}
http {
upstream mypelotweb {
least_conn;
server myweb.marathon.mesos:8001;
server myweb.marathon.mesos:8002;
server myweb.marathon.mesos:8003;
server myweb.marathon.mesos:8004;
}
upstream mypelotwebsockets {
least_conn;
server myweb.marathon.mesos:8001;
server myweb.marathon.mesos:8002;
server myweb.marathon.mesos:8003;
server myweb.marathon.mesos:8004;
}
upstream wingmantracker {
least_conn;
server mywing-tracker.marathon.mesos:8011;
server mywing-tracker.marathon.mesos:8012;
}
upstream club {
server club.marathon.mesos:5000;
}
upstream soccerint {
server soccerint.marathon.mesos:5005;
}
upstream enet {
server enet-web.marathon.mesos:5003;
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format uri $request_uri;
access_log /var/log/nginx/access.log;
keepalive_timeout 65;
proxy_read_timeout 200;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
gzip on;
gzip_min_length 1000;
gzip_proxied any;
gzip_types text/plain text/html text/css text/xml
application/x-javascript application/xml
application/atom+xml text/javascript;
proxy_next_upstream error;
server {
server_name mytree.com;
listen 80;
error_log /var/log/nginx/errorhttp.log;
access_log /var/log/nginx/accesshttp.log;
return 301 https://$host$request_uri;
}
server {
server_name mytree.com;
listen 443;
error_log /var/log/nginx/errorhttps.log;
access_log /var/log/nginx/accesshttps.log uri;
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
location / {
root /www/mytree;
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/.htpasswd;
}
location /mypelot {
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass http://mypelotweb;
proxy_set_header 'Access-Control-Allow-Origin' '*';
proxy_set_header 'Access-Control-Allow-Credentials' 'true';
proxy_set_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
}
location ~* ^/mypelot$ {
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass http://mypelotweb;
proxy_set_header 'Access-Control-Allow-Origin' '*';
proxy_set_header 'Access-Control-Allow-Credentials' 'true';
proxy_set_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
}
location /mypelot/ws {
proxy_pass http://mypelotwebsockets;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
location /wingmantracker {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://wingmantracker;
proxy_set_header 'Access-Control-Allow-Origin' '*';
proxy_set_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
}
location /club {
proxy_pass http://club;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Authorization';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
}
location /soccerint {
proxy_pass http://soccerint;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Authorization';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
}
location /enet {
proxy_pass http://enet;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Authorization';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
}
location /mypelot-messenger {
return 301 http://mypelot-messenger.marathon.mesos:15672;
}
location /mesos {
return 301 http://mytree.com:5050;
}
location /marathon {
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/.htpasswd;
return http://mytree.com:8080;
}
location /jenkins {
return 301 http://myserver.ovh.net:8082;
}
location /jira {
return 301 https://mymymy.atlassian.net;
}
location /bitbucket {
return 301 https://bitbucket.org/statistics/;
}
location /confluence {
return 301 https://stats.atlassian.net/wiki/;
}
}
}

Resources