I have load balancing nginx server 192.168.2.168 with the following nginx config:
upstream balancer {
server 192.168.2.165;
server 192.168.2.166 backup;
}
server {
listen 80;
server_name 192.168.2.168;
error_log /var/log/nginx/balancer-error_log;
location /something {
proxy_pass http://balancer;
}
}
Then I try 192.168.2.168/something it gives 403 Forbiden
tailf /var/log/error.log on the 192.168.2.165 shows:
*47 directory index of "/usr/share/nginx/html/glpi/" is forbidden, client: 192.168.2.168, server: localhost, request: "GET /glpi/ HTTP/1.0", host: "balancer"
But if I replace http://balancer with http://192.168.2.165 it works fine.
proxy_pass http://192.168.2.165;
What am I doing wrong and how to make upsream servers work?
The problem is solved using server_name balancer.home; instead of server_name 192.168.2.168; + I added some headers.
Here is my config:
upstream backend {
server 192.168.2.165;
server 192.168.2.166;
server 192.168.2.167 backup;
}
server {
listen 80;
server_name balancer.home;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name balancer.home;
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
error_log /var/log/nginx/balancer-error_log;
access_log /var/log/nginx/balancer-access_log;
location / {
proxy_pass_header Server;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://backend;
}
}
PS: On upstream servers, the same server_name as on the balance server (domain name) should be specified.
Related
I've read similar questions with same error, but nothing matches my problem, because my upstream servers have local IPs.
The server is a proxmox machine with some different vms.
One is for nginx reverse gateway/proxy, the other are vms with several docker containers.
I want to setup a fallback (backup) for one container.
The config of the nginx reverse gateway/proxy containing these machines is:
server {
listen 80;
server_name my-web.page;
return 301 http://www.my-web.page$request_uri;
}
server {
listen 80;
listen [::]:80;
server_name www.my-web.page;
location / {
return 301 https://www.my-web.page$request_uri;
}
}
server {
listen 443 ssl;
server_name my-web.page;
return 301 https://www.my-web.page$request_uri;
ssl_certificate /etc/ssl/my/my-web.page.chained.crt;
ssl_certificate_key /etc/ssl/my/my-web.page.key.pem;
}
upstream backend {
server 192.168.200.210:8030 max_fails=1 fail_timeout=600s;
server 192.168.200.211:8031 backup;
}
server {
listen 443 ssl;
ssl_certificate /etc/ssl/my/my-web.page.chained.crt;
ssl_certificate_key /etc/ssl/my/my-web.page.key.pem;
server_name www.my-web.page;
location ~ ^/$ {
# rewrite only the root page, other urls see next rule
return 301 https://www.my-web-page-microsite.de/;
}
location / {
resolver 127.0.0.1 valid=30s;
# pass to backend-client, failover to second container for the next 5 minutes
proxy_pass http://backend;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Server-Address $server_addr;
proxy_ssl_verify off;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
}
If something is wrong with my backend-client-servers, nginx won't start.
Isn't there a possibilty to override the check on starting/restarting nginx?
My application is running on AWS EC2 instance. I have a domain name using HTTPS from cloudflare. I have added "A record" at cloudflare to EC2 IP address
The following in the Nginx configuration i used
step 1)
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name inzack.com www.inzack.com;
rewrite ^\/[^\/]+\/(.*) /$1 redirect;
location / {
return 301 https://$server_name$request_uri;
}
}
server {
listen 443;
server_name inzack.com www.inzack.com;
ssl on;
ssl_certificate /home/ubuntu/certificates/inzack.crt;
ssl_certificate_key /home/ubuntu/certificates/inzack.key;
real_ip_header X-Forwarded-For;
set_real_ip_from 127.0.0.1;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://127.0.0.1:5000;
}
}
step 2) sudo nano /etc/nginx/sites-available/inzack.com
The following is the entry in the file:
upstream inzack.com {
server 127.0.0.1:5000;
}
server {
listen 80;
listen [::]:80;
server_name inzack.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarder-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass https://inzack.com;
proxy_redirect on;
}
}
I tried all these links:
http to https redirection on nginx
Node.js + Nginx - What now?
Any help on this would be really great...
Thanks
k
No need to change in etc/Nginx/Sites-available/ folder
Step 1) # cloudflare changed page rules to Https
Step 2)
server{
listen 80;
server_name inzack.com www.inzack.com;
location /
{
proxy_pass http://127.0.0.1:4000;
}
}
server {
listen 443;
server_name inzack.com www.inzack.com;
ssl on;
# copy these files from cloudflare save it as .crt and .key
# cop
ssl_certificate /home/ubuntu/certificates/inzack.crt;
ssl_certificate_key /home/ubuntu/certificates/inzack.key;
real_ip_header X-Forwarded-For;
set_real_ip_from 127.0.0.1;
location / {
proxy_pass http://127.0.0.1:4000;
}
}
Restart the Nginx server
I have Nextcloud server running fine with ip 192.168.0.1
Installed collabora online server on another machine with IP 192.168.0.2
I have one public IP and two separate domains for those servers pointing at the same piblic IP
what I try to do is use nginx to distribute the traffic accordingly.
The configuration for the Nextcloud is working fine:
upstream php-handler {
server unix:/var/run/php/php7.0-fpm.sock;
}
server {
listen 80;
listen [::]:80;
server_name first.domain.com;
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name first.domain.com;
...
now I am putting second config for collabora server:
server {
listen 80;
listen [::]:80;
server_name second.domain.com;
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name second.domain.com;
ssl_certificate /etc/ssl/private/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;
ssl_password_file /etc/ssl/private/server.pass;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://second.domain.com;
}
}
I have added 192.168.0.2 second.domain.com to the hosts file
this server also has nginx running:
server {
listen 443 ssl;
server_name second.domain.com;
ssl_certificate /etc/ssl/private/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;
ssl_password_file /etc/ssl/private/server.pass;
# static files
location ^~ /loleaflet {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# main websocket
location ~ ^/lool/(.*)/ws$ {
proxy_pass https://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
# download, presentation and image upload
location ~ ^/lool {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# Admin Console websocket
location ^~ /lool/adminws {
proxy_pass https://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
}
the collabora window opens blank in nextcloud when i open a file
nginx on the nextcloud server gives response 400.
"GET /lool/https%3A%2F%2Ffirst.domain.com%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F6932_ocqfsn9n2v8v%3Faccess_token%3DOObPuPjPgz7ycgmvNAklYGo1clIANWXU%26access_token_ttl%3D0%26permission%3Dedit/ws?WOPISrc=https%3A%2F%2Ffirst.domain.com%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F6932_ocqfsn9n2v8v&compat=/ws HTTP/1.1" 400 0
So somehow I am not doing the redirection right. I need help with the nginx configurations. I know collabora server works because when I set second.domain.com 192.168.0.2 in the hosts file of the client and no redirection from nginx then it works fine
Nginx server is at 192.168.5.13.
I have Nginx as reverse proxy for SSL Letsencrypt which works fine.
I would like to add ollowing:
www.nonprofitcloud.be is working fine and returns https://www.nonprofitcloud.be located at 192.168.5.26.
However I would like to add webmail.nonprofitcloud.be to point to 192.168.5.1/mewebmail where my Mailenable Server is residing (Windows Server, IIS 7).
So: webmail.nonprofitcloud.be should point to 192.168.5.1/mewebmail
Any idea?
My conf:
server {
listen 443 ssl;
server_name www.nonprofitcloud.be nonprofitcloud.be;
ssl_certificate /etc/letsencrypt/live/www.nonprofitcloud.be/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.nonprofitcloud.be/privkey.pem;
location / {
proxy_pass http://192.168.5.26;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 80;
server_name www.nonprofitcloud.be nonprofitcloud.be;
location /.well-known/acme-challenge {
root /var/www/letsencrypt;
}
location / {
return 301 https://$host$request_uri;
}
}
You need to add another server block:
server {
listen 80;
server_name webmail.nonprofitcloud.be;
location / {
proxy_pass http://192.168.5.1/mewebmail;
}
}
I was trying to organize my nginx config file a little better by adding an http block.
This is the working config file.
upstream node_server {
server 127.0.0.1:5000 fail_timeout=0;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
index index.html;
server_name _;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://node_server;
}
}
However when I wrap this code in a http block it breaks. i.e.
http{
upstream node_server {
server 127.0.0.1:5000 fail_timeout=0;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
index index.html;
server_name _;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://node_server;
}
}
}
Can anyone explain why this might be the case. To my knowledge you can wrap server blocks inside the http block.