Nginx. Directory of index is forbiden - nginx

I have load balancing nginx server 192.168.2.168 with the following nginx config:
upstream balancer {
server 192.168.2.165;
server 192.168.2.166 backup;
}
server {
listen 80;
server_name 192.168.2.168;
error_log /var/log/nginx/balancer-error_log;
location /something {
proxy_pass http://balancer;
}
}
Then I try 192.168.2.168/something it gives 403 Forbiden
tailf /var/log/error.log on the 192.168.2.165 shows:
*47 directory index of "/usr/share/nginx/html/glpi/" is forbidden, client: 192.168.2.168, server: localhost, request: "GET /glpi/ HTTP/1.0", host: "balancer"
But if I replace http://balancer with http://192.168.2.165 it works fine.
proxy_pass http://192.168.2.165;
What am I doing wrong and how to make upsream servers work?


The problem is solved using server_name balancer.home; instead of server_name 192.168.2.168; + I added some headers.
Here is my config:
upstream backend {
server 192.168.2.165;
server 192.168.2.166;
server 192.168.2.167 backup;
}
server {
listen 80;
server_name balancer.home;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name balancer.home;
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
error_log /var/log/nginx/balancer-error_log;
access_log /var/log/nginx/balancer-access_log;
location / {
proxy_pass_header Server;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://backend;
}
}
PS: On upstream servers, the same server_name as on the balance server (domain name) should be specified.

Related

nginx: [emerg] host not found in upstream with local IPs

I've read similar questions with same error, but nothing matches my problem, because my upstream servers have local IPs.
The server is a proxmox machine with some different vms.
One is for nginx reverse gateway/proxy, the other are vms with several docker containers.
I want to setup a fallback (backup) for one container.
The config of the nginx reverse gateway/proxy containing these machines is:
server {
listen 80;
server_name my-web.page;
return 301 http://www.my-web.page$request_uri;
}
server {
listen 80;
listen [::]:80;
server_name www.my-web.page;
location / {
return 301 https://www.my-web.page$request_uri;
}
}
server {
listen 443 ssl;
server_name my-web.page;
return 301 https://www.my-web.page$request_uri;
ssl_certificate /etc/ssl/my/my-web.page.chained.crt;
ssl_certificate_key /etc/ssl/my/my-web.page.key.pem;
}
upstream backend {
server 192.168.200.210:8030 max_fails=1 fail_timeout=600s;
server 192.168.200.211:8031 backup;
}
server {
listen 443 ssl;
ssl_certificate /etc/ssl/my/my-web.page.chained.crt;
ssl_certificate_key /etc/ssl/my/my-web.page.key.pem;
server_name www.my-web.page;
location ~ ^/$ {
# rewrite only the root page, other urls see next rule
return 301 https://www.my-web-page-microsite.de/;
}
location / {
resolver 127.0.0.1 valid=30s;
# pass to backend-client, failover to second container for the next 5 minutes
proxy_pass http://backend;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Server-Address $server_addr;
proxy_ssl_verify off;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
}
If something is wrong with my backend-client-servers, nginx won't start.
Isn't there a possibilty to override the check on starting/restarting nginx?

nginx redirect http to https domain

My application is running on AWS EC2 instance. I have a domain name using HTTPS from cloudflare. I have added "A record" at cloudflare to EC2 IP address
The following in the Nginx configuration i used
step 1)
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name inzack.com www.inzack.com;
rewrite ^\/[^\/]+\/(.*) /$1 redirect;
location / {
return 301 https://$server_name$request_uri;
}
}
server {
listen 443;
server_name inzack.com www.inzack.com;
ssl on;
ssl_certificate /home/ubuntu/certificates/inzack.crt;
ssl_certificate_key /home/ubuntu/certificates/inzack.key;
real_ip_header X-Forwarded-For;
set_real_ip_from 127.0.0.1;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://127.0.0.1:5000;
}
}
step 2) sudo nano /etc/nginx/sites-available/inzack.com
The following is the entry in the file:
upstream inzack.com {
server 127.0.0.1:5000;
}
server {
listen 80;
listen [::]:80;
server_name inzack.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarder-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass https://inzack.com;
proxy_redirect on;
}
}
I tried all these links:
http to https redirection on nginx
Node.js + Nginx - What now?
Any help on this would be really great...
Thanks
k

No need to change in etc/Nginx/Sites-available/ folder
Step 1) # cloudflare changed page rules to Https
Step 2)
server{
listen 80;
server_name inzack.com www.inzack.com;
location /
{
proxy_pass http://127.0.0.1:4000;
}
}
server {
listen 443;
server_name inzack.com www.inzack.com;
ssl on;
# copy these files from cloudflare save it as .crt and .key
# cop
ssl_certificate /home/ubuntu/certificates/inzack.crt;
ssl_certificate_key /home/ubuntu/certificates/inzack.key;
real_ip_header X-Forwarded-For;
set_real_ip_from 127.0.0.1;
location / {
proxy_pass http://127.0.0.1:4000;
}
}
Restart the Nginx server

two servers on different machine with one IP

I have Nextcloud server running fine with ip 192.168.0.1
Installed collabora online server on another machine with IP 192.168.0.2
I have one public IP and two separate domains for those servers pointing at the same piblic IP
what I try to do is use nginx to distribute the traffic accordingly.
The configuration for the Nextcloud is working fine:
upstream php-handler {
server unix:/var/run/php/php7.0-fpm.sock;
}
server {
listen 80;
listen [::]:80;
server_name first.domain.com;
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name first.domain.com;
...
now I am putting second config for collabora server:
server {
listen 80;
listen [::]:80;
server_name second.domain.com;
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name second.domain.com;
ssl_certificate /etc/ssl/private/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;
ssl_password_file /etc/ssl/private/server.pass;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://second.domain.com;
}
}
I have added 192.168.0.2 second.domain.com to the hosts file
this server also has nginx running:
server {
listen 443 ssl;
server_name second.domain.com;
ssl_certificate /etc/ssl/private/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;
ssl_password_file /etc/ssl/private/server.pass;
# static files
location ^~ /loleaflet {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# main websocket
location ~ ^/lool/(.*)/ws$ {
proxy_pass https://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
# download, presentation and image upload
location ~ ^/lool {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# Admin Console websocket
location ^~ /lool/adminws {
proxy_pass https://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
}
the collabora window opens blank in nextcloud when i open a file
nginx on the nextcloud server gives response 400.
"GET /lool/https%3A%2F%2Ffirst.domain.com%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F6932_ocqfsn9n2v8v%3Faccess_token%3DOObPuPjPgz7ycgmvNAklYGo1clIANWXU%26access_token_ttl%3D0%26permission%3Dedit/ws?WOPISrc=https%3A%2F%2Ffirst.domain.com%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F6932_ocqfsn9n2v8v&compat=/ws HTTP/1.1" 400 0
So somehow I am not doing the redirection right. I need help with the nginx configurations. I know collabora server works because when I set second.domain.com 192.168.0.2 in the hosts file of the client and no redirection from nginx then it works fine

nginx proxy transfer to another server

Nginx server is at 192.168.5.13.
I have Nginx as reverse proxy for SSL Letsencrypt which works fine.
I would like to add ollowing:
www.nonprofitcloud.be is working fine and returns https://www.nonprofitcloud.be located at 192.168.5.26.
However I would like to add webmail.nonprofitcloud.be to point to 192.168.5.1/mewebmail where my Mailenable Server is residing (Windows Server, IIS 7).
So: webmail.nonprofitcloud.be should point to 192.168.5.1/mewebmail
Any idea?
My conf:
server {
listen 443 ssl;
server_name www.nonprofitcloud.be nonprofitcloud.be;
ssl_certificate /etc/letsencrypt/live/www.nonprofitcloud.be/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.nonprofitcloud.be/privkey.pem;
location / {
proxy_pass http://192.168.5.26;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 80;
server_name www.nonprofitcloud.be nonprofitcloud.be;
location /.well-known/acme-challenge {
root /var/www/letsencrypt;
}
location / {
return 301 https://$host$request_uri;
}
}

You need to add another server block:
server {
listen 80;
server_name webmail.nonprofitcloud.be;
location / {
proxy_pass http://192.168.5.1/mewebmail;
}
}

Http block in nginx config breaks my server configuration

I was trying to organize my nginx config file a little better by adding an http block.
This is the working config file.
upstream node_server {
server 127.0.0.1:5000 fail_timeout=0;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
index index.html;
server_name _;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://node_server;
}
}
However when I wrap this code in a http block it breaks. i.e.
http{
upstream node_server {
server 127.0.0.1:5000 fail_timeout=0;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
index index.html;
server_name _;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://node_server;
}
}
}
Can anyone explain why this might be the case. To my knowledge you can wrap server blocks inside the http block.

Resources