I've setup nginx as a proxy for my local dev environment. I'm using webpack-serve for local dev as well, and a local ssl cert i've setup. I have the site working but I'm having issues the HMR.
I see this error when the web sockets try to connect
WebSocket connection to 'wss://local.way.com:7879/' failed: Error in connection establishment: net::ERR_SSL_PROTOCOL_ERROR
I can't tell if it's an issue with the certificate or the nginx setup.
server {
listen 7879 ssl;
server_name local.way.com;
ssl_certificate /usr/local/way-fe/config/proxy/ssl/certificate.crt;
ssl_certificate_key /usr/local/way-fe/config/proxy/ssl/certificate.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://websocket;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-Proto $proxy_protocol_port;
}
}
upstream websocket {
server local.way.com:7879;
}
and the webpack-serve config
module.exports = {
clipboard: true,
host: 'local.way.com',
port: 7878,
'https-cert':
'/usr/local/way-fe/config/proxy/ssl/certificate.crt',
'https-key':
'/usr/local/way-fe/config/proxy/ssl/certificate.key',
hotClient: {
port: 7879,
https: true,
},
};
Related
I want to proxy pass based on the path to another port (multiple) using NginX.
Example:
/ -> :3000
/test -> :3001
I already config my nginx.conf like this:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.xxx.domain.com;
gzip off;
proxy_max_temp_file_size 0;
ssl_certificate /etc/nginx/ssl/xxx.co.id.pem;
ssl_certificate_key /etc/nginx/ssl/xxx.co.id.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers XXX
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_redirect off;
location / {
proxy_pass http://10.184.0.4:3000;
}
location = /test {
proxy_pass http://10.184.0.4:3001;
}
}
It's success for the /, but for the /test route it's get redirected to port :3000 to the Not Found Page.
Any suggestion to success the proxy pass?
I have encountered some problems running APIM with Analytics 3.1.0, seems to be stuck in some point and finally shows an error due it cannot load or find API list. We have checked every step in documentation and logs don’t show us any configuration error. The certificates seems to be ok cause I haven't seen SSL connection error in log. API Manager module connects ok with worker
My deployment consists on nginx proxy and a all-in-one node with SQL Server Databases (I have tested MySQL getting the same behaviour).
Any ideas please ?
Thanks in advance,
David
img capture when error is shown
================
nginx
================
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events { }
http {
upstream am-back.inda.es {
server 172.x.x.33:9443;
}
upstream gw-back.inda.es {
server 172.x.x.33:8243;
}
upstream an-back.inda.es {
server 172.x.x.33:9643;
}
server {
listen 80;
server_name apiam.inda.es;
rewrite ^/(.*) https://apiam.inda.es/$1 permanent;
}
server {
listen 443;
server_name apiam.inda.es;
proxy_set_header X-Forwarded-Port 443;
ssl on;
#ssl_certificate /etc/nginx/ssl/STAR_inda_es.crt;
#ssl_certificate_key /etc/nginx/ssl/private.key;
ssl_certificate /root/autocerts/inda_auto.crt;
ssl_certificate_key /root/autocerts/inda_auto.key;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_read_timeout 5m;
proxy_send_timeout 5m;
proxy_pass https://am-back.inda.es;
}
access_log /etc/nginx/log/am/https/access.log;
error_log /etc/nginx/log/am/https/error.log;
}
server {
listen 443;
server_name apigw.inda.es;
proxy_set_header X-Forwarded-Port 443;
ssl on;
#ssl_certificate /etc/nginx/ssl/STAR_inda_es.crt;
#ssl_certificate_key /etc/nginx/ssl/private.key;
ssl_certificate /root/autocerts/inda_auto.crt;
ssl_certificate_key /root/autocerts/inda_auto.key;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_read_timeout 5m;
proxy_send_timeout 5m;
proxy_pass https://gw-back.inda.es;
}
access_log /etc/nginx/log/gw/https/access.log;
error_log /etc/nginx/log/gw/https/error.log;
}
server {
listen 443;
server_name apian.inda.es;
proxy_set_header X-Forwarded-Port 443;
ssl on;
#ssl_certificate /etc/nginx/ssl/STAR_inda_es.crt;
#ssl_certificate_key /etc/nginx/ssl/private.key;
ssl_certificate /root/autocerts/inda_auto.crt;
ssl_certificate_key /root/autocerts/inda_auto.key;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_read_timeout 5m;
proxy_send_timeout 5m;
proxy_pass https://an-back.inda.es;
}
access_log /etc/nginx/log/an/https/access.log;
error_log /etc/nginx/log/an/https/error.log;
}
}
================
WSO2 APIM deployment.toml
================
[transport.https.properties]
proxyPort = 443
[server]
hostname = "apiam.inda.es"
node_ip = "127.0.0.1"
#offset=0
mode = "single" #single or ha
base_path = "${carbon.protocol}://${carbon.host}:${carbon.management.port}"
#discard_empty_caches = false
server_role = "default"
[super_admin]
username = "admin"
password = "admin"
create_admin_account = true
.
.
.
[apim.analytics]
enable = true
store_api_url = "https://localhost:7444"
#username = "$ref{super_admin.username}"
#password = "$ref{super_admin.password}"
#event_publisher_type = "default"
#event_publisher_impl = "org.wso2.carbon.apimgt.usage.publisher.APIMgtUsageDataBridgeDataPublisher"
#publish_response_size = true
.
.
.
================
extract from dashboard deployment.yaml
================
.
.
.
## Authentication configuration
auth.configs:
type: apim
ssoEnabled: true
properties:
adminScope: apim_analytics:admin_carbon.super
allScopes: apim_analytics:admin apim_analytics:product_manager apim_analytics:api_developer apim_analytics:app_developer apim_analytics:devops_engineer apim_analytics:analytics_viewer apim_analytics:everyone openid apim:api_view apim:subscribe
adminUsername: admin
adminPassword: admin
kmDcrUrl: https://localhost.inda.es:9443/client-registration/v0.16/register
kmTokenUrlForRedirection: https://apiam.inda.es/oauth2
kmTokenUrl: https://localhost.inda.es:9443/oauth2
kmUsername: admin
kmPassword: admin
portalAppContext: analytics-dashboard
businessRulesAppContext : business-rules
cacheTimeout: 30
baseUrl: https://apian.inda.es
grantType: authorization_code
publisherUrl: https://localhost.inda.es:9443
devPortalUrl: https://localhost.inda.es:9443
externalLogoutUrl: https://localhost.inda.es:9443/oidc/logout
.
.
.
Well, I had the same problem, I solved this using this headers in my nginx configs:
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
Source: https://medium.com/microservices-on-wso2/configuring-analytics-with-api-manager-bde5ef7ee741
Solved with transparent proxy option (nginx plus or hapoxy) and exposing source IP to endpoint.
I'm having trouble addressing Neo4j via a reverse proxy with NGINX.
The web client works without problems, but I have no idea about the Bolt protocol.
Here's how the web client works:
server {
listen 80;
server_name XXX;
location / {
proxy_pass http://YYY:7474/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_buffering off;
}
}
But how does the Bolt protocol over port 7687 work?
Thanks.
PS: Google translator ftw.
You need to use nginx compiled with --with-stream. Then you can add below section to your nginx config
stream {
server {
listen 7687;
proxy_pass neo4j:7687;
}
}
Basically you need to use tcp reverse proxy and not http proxy. The above configuration section will be at top level and not inside http or server block
You will need to open port 7687 between your laptop and the server hsoting neo4j.
If you are using let's encrypt and try to connect though SSL. neo4j embedded certificate were not signed by an Authority which was generating the error in my chrome browser.
To make it works, I had to copy my certs in neo4j certificates :
sudo su
cp /etc/letsencrypt/live/MYDOMAIN/fullchain.pem /var/lib/neo4j/certificates/neo4j.cert
cp /etc/letsencrypt/live/MYDOMAIN/privkey.pem /var/lib/neo4j/certificates/neo4j.key
service neo4j restart
Here is what works:
worker_processes auto;
events {
worker_connections 1024;
}
http {
map $http_upgrade $connection_upgrade {
"" close;
default upgrade;
}
upstream neo4j_bolt {
server neo4j:7687;
}
upstream neo4j_insecure {
server neo4j:7474;
}
upstream neo4j_secure {
server neo4j:7473;
}
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://neo4j_insecure;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $host;
}
}
server {
listen 443 ssl;
server_name localhost;
#SSL/https
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_ecdh_curve secp384r1;
ssl_certificate /etc/nginx/conf.d/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/conf.d/ssl/nginx.key;
ssl_dhparam /etc/nginx/conf.d/ssl/dhparam.pem;
location / {
proxy_pass https://neo4j_secure;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 7687 ssl;
server_name localhost;
#SSL/https
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_ecdh_curve secp384r1;
ssl_certificate /etc/nginx/conf.d/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/conf.d/ssl/nginx.key;
ssl_dhparam /etc/nginx/conf.d/ssl/dhparam.pem;
location / {
proxy_pass https://neo4j_bolt;
proxy_http_version 1.1;
proxy_set_header Connection Upgrade;
proxy_set_header Host $host;
proxy_set_header Upgrade $connection_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 7688;
server_name localhost;
location / {
proxy_pass http://neo4j_bolt;
proxy_http_version 1.1;
proxy_set_header Connection Upgrade;
proxy_set_header Host $host;
proxy_set_header Upgrade $connection_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}
Dockerized solution here: https://github.com/joehoeller/nginx-server-neo4j-graph-db
I have ameteor ap which i am running as is the norm and it runs on my server like
http://my-ip:3000
I have nginx installed and i can access the meteor app using this sites-enabled configuration
My file looks like this
server {
listen *:80;
server_name _;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
I am following this tutorial to get letsencrypt to work https://gist.github.com/cecilemuller/a26737699a7e70a7093d4dc115915de8
How would i enable ssl in my configuration above
To run with ssl,make sure you have a letencrypt certificate and this is my configuration
server {
listen 80;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name domain.com;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/meteor.access.log;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass http://localhost:3000;
proxy_read_timeout 90;
proxy_redirect http://localhost:3000 https://domain.com;
}
}
The above runs the meteor app with ssl enabled.
Nginx noob. Trying to configure Nginx to act as an SSL proxy server in front of another web server running at http://localhost:8082. That is, I want all requests to http://localhost to be redirected to https://localhost. That part is working just fine.
Problem is, the app on port 8082 also uses WebSocket connections at ws://localhost:8082/public-api/repossession-requests-socket. I'm trying to redirect any connections to ws://localhost/public-api/repossession-requests-socket to wss://localhost/public-api/repossession-requests-socket and have Nginx proxy those WebSocket requests to ws://localhost:8082/public-api/repossession-requests-socket.
Instead, the WebSocket connections are failing because Nginx is returning a 301 for both ws://localhost/public-api/repossession-requests-socket & wss://localhost/public-api/repossession-requests-socket. My configuration is below; I'm using the Docker image nginx:alpine in my tests ($PWD is mapped to /app).
How do I need to change this so that I no longer see 301s?
events {
worker_connections 1024;
}
http {
server {
listen 80;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name localhost;
ssl_certificate /app/docker/public.pem;
ssl_certificate_key /app/docker/private.pem;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /app/access-443.log;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8082;
proxy_read_timeout 90;
proxy_redirect http://localhost:8082 https://localhost;
}
location /public-api/repossession-requests-socket/ {
proxy_pass http://localhost:8082;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
}
Found the problem. The trailing slash on the end of the location stanza.
location /public-api/repossession-reqeuests-socket/ should have been location /public-api/repossession-reqeuests-socket.