I have an Amazon EC2 box, and I am trying to host my node js REST API in the box. I run the application as a background process using PM2. To expose the locally running background application to the web, I create a Nginix web server. Now when I try to access the public DNS of the EC2 box, I can access the api like ec2-bla-bla.amazonaws.com/api and I can have it consumed by the front end applications. All the communication is going on HTTP for right now.
But I cant let people use this DNS to consume my API as the DNS is owned by Amazon and not by us. So we created a separate sub domain called api.our-company.com and point it to EC2 public IP. But when I go to api.our-company.com, its displays the nginix index page, so that means its hitting the EC2 box. But when I call api.our-company.com/api, it gives me a nginix 404 error and wont let me access my api.
I need to be able to use api.our-company.com/api to consume my API.
I tried changing the root in my applications config file in sites-enabled. Tried removing index.html completely from the file. but it still displays the index page. I am following this digital ocean article: https://www.digitalocean.com/community/tutorials/how-to-set-up-a-node-js-application-for-production-on-ubuntu-14-04
Here is my project config file in sites-enabled.
upstream app_nodejs {
server 127.0.0.1:8080;
keepalive 8;
}
server {
listen 80;
listen [::]:80 default_server ipv6only=on;
listen 443 default ssl;
root /var/www/express-api/public/api;
index index.html index.html;
# Make site accessible from http://localhost/
server_name api.our-company.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwar$
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:8080/;
proxy_redirect off;
}
}
Here is the nginx.conf file
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
I don't have much experience on hosting web servers. Any suggestions are greatly appreciated.
I resolved my problem. It was not a configuration setting. It was just that the C Name of the sub-domain (api.our-company.com) was not pointing to Amazon's EC2 public DNS. We changed the C Name and now I can access my api from api.our-company.com/api .
As you are using upstream, try passing
proxy_pass app_nodejs;
and
server {
listen 80 default_server;
Use below references, as you are newbie to NGINX webserver
Reference:
https://www.nginx.com/resources/wiki/start/topics/examples/full/
https://nginxconfig.io/
Related
I have installed nginx on a VM (OS: Ubuntu 18). I am following this tutorial but the issue is that I am not able to see the content getting served on your_domain.com. Here's my nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
Files in sites-enabled and sites-available directory: default your_domain
your_domain (both in sites-enabled and sites-available)
server {
listen 80;
listen [::]:80;
root /var/www/your_domain/html;
index index.html index.htm index.nginx-debian.html;
server_name your_domain.com www.your_domain.com;
location / {
try_files $uri $uri/ =404;
}
}
index.html file in /var/www/your_domain/html
<html>
<head>
<title>Welcome to your_domain!</title>
</head>
<body>
<h1>Success! The your_domain server block is working!</h1>
</body>
</html>
Lastly, this is my /etc/hosts
127.0.0.1 localhost
127.0.0.1 your_domain.com (trying out)
35.188.213.229 your_domain.com (trying out)
10.128.0.48 your_domain.com (trying out)
I am not sure where the issue is because whenever I open your_domain.com, it says the following in chrome browser
This site can’t be reached
your_domain.com’s server IP address could not be found.
I have tried doing traceroute your_domain.com as well:
traceroute: unknown host your_domain.com
Tried nginx in macOS, it works there but I need to set it up in ubuntu VM for my project.
Given that traceroute is unable to resolve host name into ip address, I suppose that problem is caused by your /etc/hosts or some other issues with name resolution process on client side.
Most probably linux resolver library is unhappy with () in lines. Try removing them, keeping statement as clean as possible - e.g.:
127.0.0.1 your_domain.com
Note - this thing may be cached, so you may also need to restart your browser after making changes.
On MacOS you may even need to flush system-level dns cache:
dscacheutil -flushcache && killall -HUP mDNSResponder
I made webpage using R(shiny) and deployed it on shiny-server. And tried to use NGINX to achieve multi-threaded sort of stuff. I found on some posts that NGINX can also help to achieve concurrency but I don't know how to do it. Could you please help me to do that.
In case I misunderstand the definition of concurrency, my desired result is that when different users accessed to the webpage and use some function at the same time, they don't need to wait in the queue and my server could handle those requests at the same time.
Below is the configuration:
`
user www-data;
worker_processes 4;
worker_rlimit_nofile 20960;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
use epoll;
worker_connections 1024;
accept_mutex on;
accept_mutex_delay 500ms;
multi_accept on;
}
http {
underscores_in_headers on;
aio threads;
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
upstream shiny-server {
ip_hash;
server 127.0.0.1:3838;
}
map $http_app_version $app1_url {
"1.0" http://35.78.39.174:3838;
}
server {
aio threads;
listen 80;
listen [::]:80;
server_name 35.78.39.174:3838;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
if ($http_user_agent !~* "MicroMessenger"){
set $app1_url http://35.78.39.174:3838;
}
aio threads;
proxy_pass http://localhost:3838;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header Accept-Encoding '';
proxy_buffering off;
}
location ^~ /mathjax/ {
alias /usr/share/mathjax2/;
}
}
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*.*;
server_names_hash_bucket_size 128;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
}
I have also edited the shiny-server configuration:
# Instruct Shiny Server to run applications as the user "shiny"
run_as shiny;
sanitize_errors false;
preserve_logs true;
# Define a server that listens on port 3838
server {
listen 3838;
# Define a location at the base URL
location / {
# Host the directory of Shiny Apps stored in this directory
site_dir /home/rstudio/;
# Log all Shiny output to files in this directory
log_dir /var/log/shiny-server/port_3838;
# When a user visits the base URL rather than a particular application,
# an index of the applications available in this directory will be shown.
directory_index on;
app_init_timeout 1800;
app_idle_timeout 1800;
}
}
`
Really appreciate your help. Thanks a lot.
In case I misunderstand the definition of concurrency, my desired result is that when different users accessed to the webpage and use some function at the same time, they don't need to wait in the queue and my server could handle those requests at the same time.
Could you please how to set the configuration to achieve that?
I have an upstream block in an Nginx config file. This block lists multiple backend servers across which to load balance requests to.
...
upstream backend {
server backend1.com;
server backend2.com;
server backend3.com;
}
...
Each of the above 3 backend servers is running a Node application.
If I stop the application process on backend1 - Nginx recognises this, via passive health check, traffic is only directed to backend2 and backend3, as expected.
However, if I power down the server on which backend1 is hosted, Nginx does not recognise that it is offline and continues to attempt to send traffic/requests to it. Nginx still tries to direct traffic to the offline server, resulting in an error: 504.
Can someone shed some light on why this (scenario 2 above) may happen and if there is some further configuration needed that I am missing?
Update:
I'm beginning to wonder if the behaviour I'm seeing is because the above upstream block is located with an HTTP {} Nginx context. If backend1 was indeed powered down, this would be a connection error and so (maybe off the mark here, but just thinking aloud) should this be a TCP health check?
Update 2:
nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
upstream backends {
server xx.xx.xx.37:3000 fail_timeout=2s;
server xx.xx.xx.52:3000 fail_timeout=2s;
server xx.xx.xx.69:3000 fail_timeout=2s;
}
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_certificate …
ssl_certificate_key …
ssl_ciphers …;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
default
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
#server_name ...;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
# SSL configuration
...
# Add index.php to the list if you are using PHP
index index.html index.htm;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.html;
#try_files $uri $uri/ =404;
}
location /api {
rewrite /api/(.*) /$1 break;
proxy_pass http://backends;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
# Requests for socket.io are passed on to Node on port 3000
location /socket.io/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://backends;
}
}
The reason for you to get a 504 is when nginx does HTTP health check it tries to connect to the location(ex: / for 200 status code) which you configured. Since the backend1 is powered down and the port is not listening and the socket is closed.
It will take some time to get timeout exception and hence the 504: gateway timeout.
It's a different case when you stop the application process.The port will not be listening and it will get connection refused which is identified pretty quick and marks the instance as unavailable.
To overcome this you can set fail_timeout=2s to mark the server as unavailable default is 10 seconds.
https://nginx.org/en/docs/http/ngx_http_upstream_module.html?&_ga=2.174685482.969425228.1595841929-1716500038.1594281802#fail_timeout
relatively new with nginx servers, and trying to do relatively tricky stuff. Go easy please.
I don't know what's wrong with my config. I'm trying to do a pretty basic reverse proxy. The first server block that does the SSL encryption definitely works. And if i uncomment the second server block, all my traffic is forwarded over to my main server, which works perfectly. The problem is, I only want certain subdomains exposed to the internet, like my gitea server. so I've commented out the second block and added the server block at the bottom, which only matches with the gitea subdomain. When I do that, all I get is a 404.
I'm also seeing some weird issues where if I go to the site without specifying a subdomain, I get a page from a site I'm no longer hosting, like it's been cached. I saw a stackoverflow post that recommended removing the sendfile option, which didn't seem to affect anything. Thought I'd ask you guys.
I should also mention that the address I'm forwarding through is on the other side of a wireguard tunnel. I don't think that's an issue since I've seen it work regardless, but it could be.
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
stream
{
server
{
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
proxy_pass 127.0.0.1:80;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
# server
# {
# listen 80;
# proxy_pass 10.67.19.2:80;
# }
}
http {
##
# Basic Settings
##
# sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
# ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
# include /etc/nginx/conf.d/*.conf;
# include /etc/nginx/sites-enabled/*.conf;
server
{
listen 80;
server_name gitea.*;
location /
{
proxy_pass http://10.76.91.3:80;
}
}
}
If anyone else has this problem. I didn't realize that when you proxy a website with a url based on a subdomain, you have to include the subdomain on the proxied address.
So instead of forwarding to the IP address, I added an entry in my /etc/hosts file: 10.76.91.3 tunnel tunnel.lan gitea.tunnel.lan and modified the nginx conf with the new hostname:
server
{
listen 80;
server_name gitea.*;
location /
{
proxy_pass http://gitea.tunnel.lan;
}
}
and that fixed everything.
I have Odoo running on my server. and I just installed iredmail on the same server.
The output of hostname -f is kvm.mgbcomputers.com.
In my /etc/hostname file I only have kvm as my entry.
Here are the outputs from my /etc/hosts file:
# Generated by SolusVM
127.0.0.1 kvm.mgbcomputers.com kvm localhost localhost.localdomain
::1 localhost localhost.localdomain
198.23.61.15 kvm.mgbcomputers.com
I'm using the same domain "mgbcomputers" for my email. From my nginx configuration file, I included the paths to Odoo application conf file running on port 8069 as well as the path to the configuration file used for my email service but only the email works. I can only access my website if I remove the reference to my email configuration file in the nginx conf file.
How do I make sure that the Odoo website shows when I enter my domain/IP address in the browser and the mail shows when I append /mail to the domain/IP address?
Here are the contents of my nginx.conf file:
user www-data;
worker_processes 4;
pid /var/run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
##
# nginx-naxsi config
##
# Uncomment it if you installed nginx-naxsi
##
#include /etc/nginx/naxsi_core.rules;
##
# nginx-passenger config
##
# Uncomment it if you installed nginx-passenger
##
#passenger_root /usr;
#passenger_ruby /usr/bin/ruby;
##
# Virtual Host Configs
##
upstream php_workers {
server unix:/var/run/php-fpm.socket;
}
include /etc/nginx/sites-enabled/*;
#include /etc/nginx/conf.d/*.conf;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
Here are the contents of sites-enabled directory file:
upstream backend-odoo{
server 127.0.0.1:8069;
}
server {
server_name mgbcomputers.com;
listen 80;
add_header Strict-Transport-Security max-age=2592000;
rewrite ^/.*$ https://$host$request_uri? permanent;
}
server {
listen 443 default;
#ssl settings
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
keepalive_timeout 60;
# proxy header and settings
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
# odoo log files
access_log /var/log/nginx/odoo-access.log;
error_log /var/log/nginx/odoo-error.log;
# increase proxy buffer size
proxy_buffers 16 64k;
proxy_buffer_size 128k;
# force timeouts if the backend dies
proxy_next_upstream error timeout invalid_header http_500
http_502 http_503;
# enable data compression
gzip on;
gzip_min_length 1100;
gzip_buffers 4 32k;
gzip_types text/plain application/x-javascript text/xml text/css;
gzip_vary on;
location / {
proxy_pass http://backend-odoo;
}
location ~* /web/static/ {
# cache static data
proxy_cache_valid 200 60m;
proxy_buffering on;
expires 864000;
proxy_pass http://backend-odoo;
}
location /longpolling { proxy_pass http://backend-odoo-im;}
}
upstream backend-odoo-im { server 127.0.0.1:8072; }
and here are the contents of my file in /etc/nginx/conf.d directory:
# Note: This file must be loaded before other virtual host config files,
#
# HTTP
server {
# Listen on ipv4
listen 80;
# Listen on ipv6.
# Note: this setting listens on both ipv4 and ipv6 with Nginx release
# shipped in some Linux/BSD distributions.
#listen [::]:80;
server_name _;
root /var/www/html;
index index.php index.html;
# Enable Roundcube/SOGo/iRedAdmin in http mode if working with HAProxy
# with SSL termination enabled.
#include /etc/nginx/templates/roundcube.tmpl;
#include /etc/nginx/templates/sogo.tmpl;
#include /etc/nginx/templates/iredadmin.tmpl;
#include /etc/nginx/templates/awstats.tmpl;
include /etc/nginx/templates/php-catchall.tmpl;
include /etc/nginx/templates/redirect_to_https.tmpl;
include /etc/nginx/templates/misc.tmpl;
}
# HTTPS
server {
listen 443;
server_name _;
ssl on;
ssl_certificate /etc/ssl/certs/iRedMail.crt;
ssl_certificate_key /etc/ssl/private/iRedMail.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# Fix 'The Logjam Attack'.
ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/dh2048_param.pem;
root /var/www/html;
index index.php index.html;
# HTTP Strict Transport Security (HSTS)
#include /etc/nginx/templates/hsts.tmpl;
# Web applications.
#include /etc/nginx/templates/adminer.tmpl;
include /etc/nginx/templates/roundcube.tmpl;
include /etc/nginx/templates/sogo.tmpl;
include /etc/nginx/templates/iredadmin.tmpl;
include /etc/nginx/templates/awstats.tmpl;
# PHP applications. WARNING: php-catchall.tmpl should be loaded after
# other php web applications.
include /etc/nginx/templates/php-catchall.tmpl;
include /etc/nginx/templates/misc.tmpl;
}