How to authenticate nginx with ldap? - nginx

I follow this reference https://github.com/kvspb/nginx-auth-ldap/blob/master/README.md and try to integrate nginx and LDAP.
my nginx.conf setting:
user nginx;
worker_processes 4;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
ldap_server ldap_local {
url "ldap://localhost/cn=Manager,dc=xinhua?uid?sub?(objectClass=posixAccount)";
binddn "cn=Manager,dc=xinhua,dc=org";
binddn_passwd "xxxxxx";
require group "cn=config,ou=People,dc=xinhua,dc=org";
group_attribute "memberUid";
group_attribute_is_dn off;
require valid_user;
satisfy all;
}
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
conf.d/default.conf
server {
listen 8000;
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
auth_ldap "Forbidden";
auth_ldap_servers ldap_local;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
My question is how to authenticate the username and password which are in LDAP.
This is my first time to use LDAP.
Now, I don't know what is the username and password.
When I try the username and password in .htpasswd. It doesn't work.

Why not via https://github.com/nginxinc/nginx-ldap-auth ? It's daemon, use something like
location = /auth-proxy {
internal;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_pass http://127.0.0.1:8888;
proxy_set_header X-Ldap-URL "ldap://127.0.0.1:389";
proxy_set_header X-Ldap-Template "(uid=%(username)s)";
proxy_set_header X-Ldap-BaseDN "dc=example,dc=com";
}
location /private-storage {
auth_request /auth-proxy;
proxy_pass http://application-backend;
}

Related

nginx is not proxy passing to my nest app

I am trying to configure NGINX to serve my nest app(which is running on docker).
My app is listening on port 3000
The server is amazon linux 2(ec2-user)
The conf file looks like this:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
#include /etc/nginx/conf.d/nginx.conf;
server {
listen 80;
listen [::]:80;
server_name <ip.adress>;
#web
location / {
add_header X-yahav $uri; # this gets mounted
}
#api
location = /api { # this one is never approached
add_header X-yahav "Api-pass";
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header Host $http_host;
#proxy_pass http://127.0.0.1:3000/;
}
}
}
I want to redirect /api to my nest app but it just wont have it i'm getting a simple 404 without the header i'm attaching(as you can see in the conf file)
Another thing is when I go to the root (location /) I do get my header mounted as expected
Any have any idea what is wrong?
Don't forget to add "/api" to your requests, like http://your-server:80/api/

How to remove Index of / from search engine results?

The problem
I have a website developed with NextJS, it is running on a server with Nginx. The website files are inside the public_html folder and running on port 3004, and i have a proxy_pass that redirect the requests to the NextJS website on port 3004.
But when I search for my domain or my site on google, it shows up in the results: Index of / (and the files inside)
I would like to remove this (and all the listing of files inside) to just put Home - Domain, for example.
Research and issue photos
My next.conf file
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
listen [::]:80;
server_name _;
root /usr/share/nginx/html;
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
server {
listen 80;
server_name computadorsolidario.tec.br www.computadorsolidario.tec.br;
location / {
autoindex off;
proxy_pass http://localhost:3004;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
}
}
}
How can i solve this?
You can turn off the feature of nginx where it creates directory listings:
autoindex off;
If you want to replace "index if /" with an actual home page, you would need to create an index.html file in document root directory.
You should also add as a last location in your conf
location ~ /\. {
deny all;
}
to block file access to dot files .env file or other sensitive data

Nginx redirect request based path variable

I have an html web server running on my EC2 instance on port 80 (HTTP). I'm using Nginx as a reverse proxy (which is also installed on the instance) to redirect requests from port 8080 based on the path ('/blue') to my HTML web server. So I'm requesting HTTP://ec2_instance_dns:8080/blue and expect to redirect to HTTP://ec2_instance_dns:80.
However, I'm having issues redirecting the request based on the path variable. My /etc/nginx/conf.d/deafult.conf attached below:
server {
listen 8080;
server_name default;
client_max_body_size 32M;
underscores_in_headers on;
root /var/www/html/index.html;
location /blue {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_read_timeout 120;
proxy_next_upstream error timeout invalid_header http_500;
proxy_connect_timeout 90;
proxy_pass http://localhost:80;
}
}
My /etc/nginx/nginx.conf attached bellow:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
listen 8080;
listen [::]:8080;
server_name localhost;
root /var/www/html/index.html;
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
When trying to request HTTP://ec2_instance_dns:8080/blue I'm getting the above error:
What further configuration should I do? Thank you.

how to make nginx only redirect requests from sepcific server and pass other requests to their original servers like fiddler?

I am trying to make nginx have two functions like fiddler does:
1、Redirect requests from data.abc.com to 127.0.0.1:9000
2、Pass all other requests to their original servers
my nginx.conf is:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
listen 8008;
server_name data.abc.com;
root /usr/share/nginx/html;
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass https://127.0.0.1:9000/;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
However, right now every request via port 8008 is redirected, it seems like server_name doesn't work, how to make other requests go to original server?
Your configuration is to redirect all request to https://127.0.0.1:9000
Add 2 different server block like follows
1) Redirect data.abc.com to https://127.0.0.1:9000
server {
listen 8008;
server_name data.abc.com;
return 301 https://127.0.0.1:9000$request_uri
}
2) Serve request for another website:
server {
listen 8008 default_server;;
root /usr/share/nginx/html;
include /etc/nginx/default.d/*.conf;
}

NGINX Serving large files (mp4), extremely inefficiently

I am currently running nginx/1.0.15 on a Centos 6.6 OS.
The server has the following specs:
Intel(R) Atom(TM) CPU C2750 # 2.40GHz (8 cores)
32GB Ram
5 x 6000 GB 7200 RPM (Raid 10)
The Problem
The server has a 1Gbit/s connection, however it tops out and bottlenecks after 400-500 mbit/s. Service starts to decline at roughly 100 connections.. and the speed with the server drops dramatically (despite having 50% bandwidth still available)
The NGINX server is strictly for serving static .mp4 files. Each file is typically 400-1200MB (700mb being the avg.)
I have tried many many configurations and just about all of them give me the same results.
Is there anything blatantly wrong or misguided in my configuration?
The Configurations
/etc/nginx/nginx.conf
user nginx;
worker_processes 9;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 51200;
use epoll;
}
worker_rlimit_nofile 600000;
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log /var/log/nginx/access.log main;
access_log off;
aio on;
sendfile off;
tcp_nopush off;
tcp_nodelay on;
#keepalive_timeout 0;
keepalive_timeout 65;
output_buffers 1 3m;
#gzip on;
include /etc/nginx/conf.d/*.conf;
open_file_cache max=10000 inactive=5m;
open_file_cache_valid 2m;
open_file_cache_min_uses 1;
open_file_cache_errors on;
}
/etc/nginx/conf.d/default.conf
server {
listen 80 default_server sndbuf=32k;
server_name _;
#charset koi8-r;
#access_log logs/host.access.log main;
include /etc/nginx/default.d/*.conf;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
location /Videos/ {
root /home;
gzip off;
gzip_static off;
mp4;
mp4_max_buffer_size 300m;
}
location /stats {
stub_status on;
}
error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}

Resources