Develop Reference

How to setup Ngrok like server for TCP connections?

I would setup an ngrok like self-hosted server. But have some troubles with TCP connections. It works well with https protocol with below Nginx config (it forward my local web server with ssh command):
ssh -R 8888:localhost:5000 abc.xyz
upstream tunnel {
server 127.0.0.1:8888;
}
server {
server_name abc.xyz;
access_log /var/log/nginx/$host;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_pass http://localhost:8888/;
}
error_page 502 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
Then I step up with TCP connections with forwarding my vnc server port 5900 with below config:
stream {
log_format dns '$remote_addr - - [$time_local] $protocol $status $bytes_sent $bytes_received $session_time "$upstream_addr"';
access_log /var/log/nginx/access.log dns;
error_log /var/log/nginx/error.log;
upstream stream_backend {
server 127.0.0.1:5902;
}
server {
listen 5903;
#TCP traffic will be forwarded to the "stream_backend" upstream group
proxy_pass stream_backend;
}
}
I expect It would forward my local vnc server to internet like we could do with ngrok with ssh command.
ssh -L 5902:127.0.0.1:5900 root#ip
Is there anything wrong this that configs?
Here is the acess log and error on my server after trying connect with port 5903:
Error Log:
2022/02/19 09:32:54 [notice] 35807#35807: signal process started
2022/02/19 09:33:09 [error] 35808#35808: *9 connect() failed (111: Unknown error) while connecting to upstream, client: 14.186.105.235, server: 0.0.0.0:5903, upstream: "127.0.0.1:5902", bytes from/to client:0/0, bytes from/to upstream:0/0
2022/02/19 09:34:05 [error] 35808#35808: *11 connect() failed (111: Unknown error) while connecting to upstream, client: 14.186.105.235, server: 0.0.0.0:5903, upstream: "127.0.0.1:5902", bytes from/to client:0/0, bytes from/to upstream:0/0
Access Log:
14.186.105.235 - - [19/Feb/2022:09:33:09 +0000] TCP 502 0 0 0.000 "127.0.0.1:5902"
14.186.105.235 - - [19/Feb/2022:09:34:05 +0000] TCP 502 0 0 0.000 "127.0.0.1:5902"

Redirect Https request to local Http application server

I have the following task:
I need to use Google Chrome browser to navigate to:
https://mytestserver.com/users/list
and this should be redirected to my local Java server that listens to Http requests on port 8080.
I'm running on Mac OSX, to achieve that I did the following:
Added 127.0.0.1 mytestserver.com to /etc/host file.
Installed Nginx server on Docker container with the following config:
events {
worker_connections 1024;
}
http {
server {
listen 443 ssl;
server_name mytestserver.com;
ssl_certificate /etc/nginx/certs/star_com.crt;
ssl_certificate_key /etc/nginx/certs/star_com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
proxy_set_header X-Forwarded-Proto $scheme;
location / {
proxy_pass http://127.0.0.1:8080/;
}
}
}
Then I run my local application server and listen to incoming Http requests on 8080,
and finally I try to run https://mytestserver.com/users/list and I'm getting 502 error.
In the Nginx logs I can see this error:
2021/07/06 20:37:47 [error] 23#23: *3 connect() failed (111: Connection refused)
while connecting to upstream, client: 172.17.0.1, server: mytestserver.com, request:
"GET /users/list HTTP/1.1", upstream: "http://127.0.0.1:8080/users/list", host: "mytestserver.com"
What am I missing here?

What worked for me was setting host.docker.internal as the address for the host container.

NGINX proxy to anycable websocket server causing "111: Connection refused"

This is my NGINX config:
upstream app {
server 127.0.0.1:3000;
}
upstream websockets {
server 127.0.0.1:3001;
}
server {
listen 80 default_server deferred;
root /home/malcom/dev/scrutiny/public;
server_name localhost 127.0.0.1;
try_files $uri #app;
location #app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app;
}
location /cable {
proxy_pass http://websockets/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
"app" is a puma server serving a Rails app, and "websockets" points to an anycable-go process as the backend for CableReady.
The Rails app is working fine, apart from the websockets.
The browser says:
WebSocket connection to 'ws://127.0.0.1/cable' failed:
And the NGINX error_log the following:
2021/07/14 13:47:59 [error] 16057#16057: *14 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: localhost, request: "GET /cable HTTP/1.1", upstream: "http://127.0.0.1:3001/", host: "127.0.0.1"
The websocket setup per se is working, since everything's fine if I point the ActionCable config directly to 127.0.0.1:3001. It's trying to pass it through NGINX that's giving me headaches.
All the documentation and advice I've found so far makes me believe that this config should do the trick, but it's really not.
Thanks in advance!

So the problem seemed to be the trailing slash in
proxy_pass http://websockets/;
Looks like it's working now.

Running Multiple Web Applciations on the Same LAN Server nginx

I'm serving 2 docker containers on a LAN network, a cloud server on port 5234 and a flask application other on 8080.
I'm trying to use nginx as a reverse proxy to run them both on the same ip with different extensions. My config:
server {
listen 80 default_server;
server_name 192.168.1.23;
location /web {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
access_log /var/log/nginx/flaskapp.access.log;
error_log /var/log/nginx/flaskapp.error.log;
}
location /cloud {
proxy_pass http://127.0.0.1:5234;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
access_log /var/log/nginx/nextcloud.access.log;
error_log /var/log/nginx/nextcloud.error.log;
}
}
but I'm getting a 502 Bad Gateway when accessing 192.168.1.23/web or 192.168.1.23/cloud.
In flaskapp.error.log:
connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.72, server: 192.168.1.23, request: "GET /web HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "192.168.1.23"
In nextcloud.error.log:
recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 192.168.1.72, server: 192.168.1.23, request: "GET /cloud HTTP/1.1", upstream: "http://127.0.0.1:5234/cloud", host: "192.168.1.23"
Is there a way to run multiple web applications on the same ip like this or using different ports?

0.0.0.0 is not a valid IP Address. Try 127.0.0.1 which refers to the local host.
like this:
proxy_pass http://127.0.0.1:8080;

nginx 502 Bad Gateway with NodeBB

I get 502 bad gateway when connecting to my NodeBB installation using my domain
NodeBB is running on default port (4567)
My nginx seems to be configured properly (when connecting using the IP): http://puu.sh/mLI7U/0e03691d4c.png
My nodebb seems to be configured properly (when connecting using the IP):
http://puu.sh/mLI95/5fdafcaed9.png
My A record directing the IP to my VPS is configured properly.
Here is my etc/nginx/conf.d/example.com.conf
server {
listen 80;
server_name sporklounge.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:4567/;
proxy_redirect off;
# Socket.IO Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
My NodeBB config.json
{
"url": "http://localhost:4567",
"secret": "25d0d6a2-0444-49dc-af0c-bd693f5829d8",
"database": "redis",
"redis": {
"host": "127.0.0.1",
"port": "6379",
"password": "",
"database": "0"
}
}
Here is my var/log/nginx/error.log
2016/01/27 12:04:42 [error] 22026#0: *4062 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 50.186.224.26, server: sporklounge.com, request: "GET /favicon.ico HTTP/1.1", upstream: "http://127.0.0.1:80/favicon.ico", host: "sporklounge.com", referrer: "http://sporklounge.com/"
2016/01/27 12:21:06 [crit] 974#0: *1 connect() to 127.0.0.1:4567 failed (13: Permission denied) while connecting to upstream, client: 50.186.224.26, server: sporklounge.com, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:4567/", host: "sporklounge.com"
2016/01/27 12:21:07 [crit] 974#0: *1 connect() to 127.0.0.1:4567 failed (13: Permission denied) while connecting to upstream, client: 50.186.224.26, server: sporklounge.com, request: "GET /favicon.ico HTTP/1.1", upstream: "http://127.0.0.1:4567/favicon.ico", host: "sporklounge.com", referrer: "http://sporklounge.com/"
All help is greatly appreciated and I will answer all questions that i can to help get a solution, thank you!

The one thing I see is that according to the docs, your url config value should be the full web-accessible address that points to your NodeBB. That would be sporklounge.com, not the current value.
It could also be that the backend is just sometimes responding slowly. Try very high values of this value in Nginx to see if the backend eventually responds:
# For testing, allow very long response times.
proxy_read_timeout 5m;
Also, use netstat to confirm the backend is running on port 4567:
sudo netstat -nlp | grep ':4567'
Wait, the answer may right in your logs, which give you the reason for the connection failure:
(13: Permission denied) while connecting to upstream
See the related question:
(13: Permission denied) while connecting to upstream:[nginx]