We have 10 Microservices-based applications. Each of them has about 15 services. So, we have 150 different service URLs for our product.
My question: How to design the Nginx location?
1) One location per application
2) One location per URL
3) Other way
I thinks there are something to trade off.
a. config complexity
b. conflict location issue
c. affection when micro-service refactor
d. nginx.conf size
Could someone give me some guidance or the best practice?
Just to give you an example of one of my own configuration. I cannot say this is the best way to do it, but I did refer/read a lot of blogs before making this up.
worker_processes 1;
events { worker_connections 10000; }
http {
sendfile on;
gzip on;
gzip_http_version 1.0;
gzip_proxied any;
gzip_min_length 999;
gzip_disable "MSIE [1-6]\.";
gzip_types text/plain text/xml text/css
text/comma-separated-values
text/javascript
application/x-javascript;
# List of application servers
upstream company_api_servers {
server company.xxxx.xxxx:port_number;
}
upstream community_api_servers {
server community.xxxx.xxxx:port_number;
}
upstream devices_api_servers {
server devices.xxxx.xxxx:port_number;
}
# Configuration for the server
server {
# Running port
listen 80;
# Proxying the Companies API
location /companies {
proxy_pass http://company_api_servers;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
# Proxying the Communities API
location /communities {
proxy_pass http://community_api_servers;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
# Proxying the Devices API
location /devices {
proxy_pass http://devices_api_servers;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
}
Related
All zammad functionality is working fine except for login/signup with Microsoft
Error:
My nginx reverse proxy config is:
# Settings for a TLS enabled server.
upstream backend
{
server 192.168.99.99:443;
}
server
{
ssl on;
listen 9443 ssl http2 default_server;
ssl_certificate "/etc/pki/nginx/bundle.pem";
ssl_certificate_key "/etc/pki/nginx/private/tpsonline.com.key";
location /
{
proxy_set_header CLIENT_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header Host $host;
proxy_pass https://backend;
}
}
}
My nginx config from zammad-helm is:
server_tokens off;
upstream zammad-railsserver {
server localhost:3000;
}
upstream zammad-websocket {
server localhost:6042;
}
server {
listen 8080;
server_name _;
root /opt/zammad/public;
access_log /dev/stdout;
error_log /dev/stderr;
client_max_body_size 50M;
location ~ ^/(assets/|robots.txt|humans.txt|favicon.ico) {
expires max;
}
location /ws {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header CLIENT_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 86400;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
proxy_pass http://zammad-websocket;
}
location / {
proxy_set_header Host $http_host;
proxy_set_header CLIENT_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 180;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
proxy_pass http://zammad-railsserver;
gzip on;
gzip_types text/plain text/xml text/css image/svg+xml application/javascript application/x-javascript application/json application/xml;
gzip_proxied any;
}
}
What could be the reason that only functionality that's not working is sign up with microsoft?
p.s. i did follow these carefully: https://admin-docs.zammad.org/en/3.6/settings/security/third-party/microsoft.html
I did set headers as described in previous zammad issue https://github.com/zammad/zammad/issues/2758#issuecomment-536465142 but still no luck.
I'm running a docker containerized django app with nginx as a reverse proxy and want to include several shiny apps I've inherited. I want django to sit between shiny-server (which serves the apps) and the client (i.e. NOT reverse proxy certain urls directly to shiny-server). However shiny-server seems to be trying to use some kind of websocket and hence while some elements of the ui render properly, the main files (leaflet maps, plots etc) don't. Instead I get a gray overlay. The console displays some cryptic error messages i.e. Connection closed. Info: {"isTrusted":false}. My nginx configuration is as follows:
#Connect to upstream shiny apps server
upstream shiny {
server shiny:80;
}
#Connect upstream django server via uWSGI
upstream django {
server django:8001;
}
#Required for shiny's WebSockets
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
server_name 127.0.0.1;
resolver 127.0.0.11;
#Production settings
#listen 8000;
#server_name 195.134.90.182;
charset utf-8;
client_max_body_size 100M;
#Serve django's media (Not Implemented)
location /media/ {
alias /var/www/media;
}
location /static/ {
alias /var/www/static;
}
location / {
proxy_http_version 1.1; # you need to set this in order to use params below.
proxy_pass http://django;
proxy_set_header X-forwarded-FOR $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
# include /usr/src/wastewater_app/uwsgi_params;
proxy_temp_file_write_size 64k;
proxy_connect_timeout 100800s;
proxy_send_timeout 100800;
proxy_read_timeout 100800;
proxy_buffer_size 64k;
proxy_buffers 16 32k;
proxy_busy_buffers_size 64k;
proxy_redirect off;
proxy_request_buffering off;
proxy_buffering off;
keepalive_timeout 650000;
}
#Proxy shiny requests to shiny-server
location ~* /shiny/(.+) {
rewrite ^/shiny/(.*)$ /$1 break;
proxy_pass http://shiny/$1/;
proxy_redirect http://shiny/ $scheme://$host/shiny/;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 100800s;
proxy_send_timeout 100800;
proxy_read_timeout 100800;
keepalive_timeout 650000;
# required for WebSockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
location /__sockjs__/{
proxy_pass http://shiny/;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 100800s;
proxy_send_timeout 100800;
proxy_read_timeout 100800;
keepalive_timeout 650000;
}
location /ws {
proxy_pass http://shiny/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 100800s;
proxy_send_timeout 100800;
proxy_read_timeout 100800;
keepalive_timeout 650000;
}
I've also tried disabling sockets via:
#shiny-server.conf
sanitize_errors off;
disable_protocols websocket xdr-streaming xhr-streaming iframe-eventsource iframe- htmlfile;
However the problem persists.I've tried pretty much every solution suggested on the web and several permutations thereof but none have worked for this case. Open to any and all suggestions (please note I'm not familiar with websockets)
The following Nginx config correctly returns /pages/subdomain/index.vue when visiting {tenant}.mysalon.test.
However (!), after 0.5s it automatically changes the view to /pages/index.vue, why?!
The issue dissapears when I remove the second location block location /_nuxt/ {}, but without that block I'm not able to access anything within {tenant}.mysalon.test/_nuxt/, because the _nuxt folder isn't located within /pages/subdomain/ obviously.
How to solve?
GIF: https://imgur.com/a/WfIBYmK
server {
listen 80;
server_name ~^(?<tenant>.+)\.mysalon\.test$;
gzip on;
gzip_types text/plain application/xml text/css application/javascript;
gzip_min_length 1000;
location / {
expires $expires;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-Tenant $tenant;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 1m;
proxy_connect_timeout 1m;
proxy_pass http://127.0.0.1:3000/subdomain/;
}
location /_nuxt/ {
expires $expires;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-Tenant $tenant;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 1m;
proxy_connect_timeout 1m;
proxy_pass http://127.0.0.1:3000/_nuxt/;
}
}
This is my current Nginx server block:
server {
listen 80;
server_name ~^(?<tenant>.+)\.mysalon\.test$;
gzip on;
gzip_types text/plain application/xml text/css application/javascript;
gzip_min_length 1000;
location / {
expires $expires;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-Tenant $tenant;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 1m;
proxy_connect_timeout 1m;
proxy_pass http://127.0.0.1:3000/subdomain/;
}
}
It's a reverse proxy for {tenant}.mysalon.test to http://127.0.0.1:3000/subdomain/.
The issue:
It works correctly, but it returns 404's for everything within {tenant}.mysalon.test/_nuxt/, that's because /_nuxt does not live in the /subdomain/ directory, but in the parent http://127.0.0.1:3000/.
So I added the following:
location ^~ /_nuxt/ {
proxy_pass http://127.0.0.1:3000/_nuxt/;
}
So that even on the subdomains, it can access /_nuxt.
However, this new location block makes the first location block inactive for some reason.
When visiting {tenant}.mysalon.test it returns http://127.0.0.1:3000 instead of http://127.0.0.1:3000/subdomain/.
I can't tell you why your second location block breaks the workflow, I didn't see any problems with this config, but you can try to use single location block and append the /subdomain prefix to the requested URI inside this block if the requested URI doesn't start with /_nuxt/:
location / {
expires $expires;
rewrite ^(?!/_nuxt)(/.*) /subdomain$1 break;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header x-Tenant $tenant;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 1m;
proxy_connect_timeout 1m;
proxy_pass http://127.0.0.1:3000;
}
I wanted to forward the web-socket request to microservice using nginx.
I am hitting https://some-host/download-zip-service/downloadFile
By this, the calls are landing on download-zip-service and downloadFile API get the call.
in downloadFile I am using the socket to forward the request to microservice
but when I tried to call socket API from download-zip-service
I do something like var socket = io('https://some-host/download-zip-service/');
the calls are directly landing on
wss://some-host/socket.io/?EIO=3&transport=websocket&sid=12345678
instead of https://some-host/download-zip-service/socket.io/?EIO=3&transport=websocket&sid=12345678
as a reason, I explicitly added the root / path for download-zip-service.
Below is my NGINX.conf file
worker_processes 4;
events { worker_connections 1024; }
http {
sendfile on;
upstream download-zip-service {
server xx.xx.xx.xx:9012;
}
server {
listen 8765;
#Changed for implementing WEB Socket
location / {
proxy_pass http://download-zip-service/;
proxy_redirect off;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Host $server_name;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
#new property added
proxy_request_buffering off;
proxy_buffering off;
}
location /download-zip-service/ {
proxy_pass http://download-zip-service/;
proxy_redirect off;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Host $server_name;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
#socket timeout setting added
fastcgi_read_timeout 7200s;
send_timeout 7200s;
proxy_connect_timeout 7200s;
proxy_send_timeout 7200s;
proxy_read_timeout 7200s;
#new property added
proxy_request_buffering off;
proxy_buffering off;
}
}
}
I want to remove the root / path for download-zip-service.
and it should work with /download-zip-service/
Please let me know where I am doing mistake