All my xml files are stored in a AWS S3, I want to show them via my website :
Nginx conf:
location ~ \.xml$ {
proxy_pass https://s3-eu-west-1.amazonaws.com/bucket-name/sitemap$request_uri;
}
But I get a 502 and log says
[error] 13295#13295: *26 no resolver defined to resolve s3-eu-west-1.amazonaws.com
If I define a resolver like
resolver s3-eu-west-1.amazonaws.com;
I get
[error] 14430#14430: *7 s3-eu-west-1.amazonaws.com could not be resolved (110: Operation timed out),
Thank you for helping
The AWS DNS is likely at 10.0.0.2 in your VPC (it's the base CIDR plus two).
Add resolver and resolver_timeout:
location ~ \.xml$ {
resolver 10.0.0.2 valid=300s;
resolver_timeout 10s;
proxy_pass https://s3-eu-west-1.amazonaws.com/bucketname/sitemap$request_uri;
}
Note: In EC2 Classic the AWS DNS server is located at 172.16.0.23.
I found a solution:
location ~ \.xml$ {
rewrite ^ /<bucket>/sitemap$request_uri break;
proxy_pass https://s3-eu-west-1.amazonaws.com;
}
Your resolver in this instance would be your local or external DNS server you would use to resolve dns names, not the s3 url.
Related
I have X applications running on your servers and domains.
Separately they work fine.
To improve access, I want to use one alias for all applications instead of an alias for each application.
For example:
App1: http://app1.server.com
App2: http://app2.server.com
AppN: http://appN.server.com
In this way I want to make a proxy with NGINX to access applications like this:
App1: http://www.home.com/app1
App2: http://www.home.com/app2
AppN: http://www.home.com/appN
To do this a im using this configuration:
location ~/app1(.*)$ {
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=20s;
proxy_pass http://app1.server.com$1$is_args$args;
}
location ~/app2(.*)$ {
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
proxy_pass http://app2.server.com$1$is_args$args;
}
location ~/appN(.*)$ {
include /config/nginx/proxy.conf;
resolver 127.0.0.11 valid=30s;
proxy_pass http://appN.server.com$1$is_args$args;
}
But when a access the address, they return 404 or the page broke the img, css, because they need run in a root address.
Someone knows how to do it?
So I have the following proxy_pass:
server {
listen server:443 ssl;
server_name test.test.com;
location /api/testapi/v1/users
proxy_connection_timeout 120;
proxy_pass https://api.test.com/testapi/v1/users
}
I've noticed that out of the blue, I'd get 503 or 504 timeouts on my service that I'm proxying to. I suspect it is because the IP address of api.test.com is being switched because I can restart my NGINX and everything is back to normal.
What's the proper way of having an either 0 TTL or some way to resolve everytime the proxy_pass is done because I wouldn't know if the IP changed.
I did notice you can do this:
resolver 10.0.0.2 valid=10s;
server {
location / {
set $backend_servers backends.example.com;
proxy_pass http://$backend_servers:8080;
}
}
However, will it work if I don't put a resolver in there? I just want to use whatever my default resolver is without specifying resolver.
I'd like to configure my nginx as reverse-proxy which will allow me such things:
requests like:
test.xxx.dev.example.com -> xxx.domain.dev.example.com
test.yyy.dev.example.com -> yyy.domain.dev.example.com
My current config:
server_name ~^test/.(?<app>\w+)\.dev\.example\.com
location / {
proxy_pass http://$app.domain.dev.example.com/;
}
I'm getting 502 error. Logs say: no resolver defined to resolve .domain.dev.example.com :( Any help?
Edit1: When added resolver 127.0.0.11 (this is docker-compose based env), error "no resolver defined to resolve..." disappears, but new one appear:
.domain.dev.example.com could not be resolved, host not found. It seems like for some reasons, variable $app is not passed to proxy_pass directive. Any idea ?
Well, It seems like the problem was with resolver and wrong regex. Below config works as expected for me:
resolver 127.0.0.11;
server {
listen 80;
server_name ~^test\.(?<app>.+)\.dev\.example\.com$;
location / {
proxy_pass http://$app.domain.dev.example.com$url;
}
}
#Richard in my regex, I'm declaring variable and value :) this is done by "?<'app>" where app is variable name.
Thanks for all the hints and help!
This question already has answers here:
DNS does not resolve with NGINX in Kubernetes
(3 answers)
Closed 4 years ago.
So, I would like to have nginx resolve hostnames for backends at request time. I expect to get HTTP 502 Bad Gateway when back-end service is down and I expect service response, when it's up.
I use nginx:1.15-alpine image for nginx and here is what I have in it's config:
server {
resolver kube-dns.kube-system.svc.cluster.local valid=5s;
server_name mysystem.com;
listen 80;
client_max_body_size 20M;
location = /nginx_status {
stub_status on;
access_log off;
}
# Services configuration
location ~ /my-service/ {
set $service_endpoint http://my-service.namespace:8080;
proxy_pass $service_endpoint$request_uri;
include includes/defaults-inc.conf;
include includes/proxy-inc.conf;
}
}
So, when I make the request to the nginx, I get 502 Bad Gateway response. Nginx's log say the name is not found:
2018/06/28 19:49:18 [error] 7#7: *1 my-service.namespace could not be resolved (3: Host not found), client: 10.44.0.1, server: mysystem.com, request: "GET /my-service/version HTTP/1.1", host: "35.229.17.63:8080"
However, when I log into the container with shell (kubectl exec ... -- sh) and test the DNS resolution, it works perfectly.
# nslookup my-service.namespace kube-dns.kube-system.svc.cluster.local
Server: 10.47.240.10
Address 1: 10.47.240.10 kube-dns.kube-system.svc.cluster.local
Name: my-service.namespace
Address 1: 10.44.0.75 mysystem-namespace-mysystem-namespace-my-service-0.my-service.namespace.svc.cluster.local
Moreover, I can wget http://my-service.namespace:8080/ and get a response.
Why nginx cannot resolve the hostname?
Update: How I managed to resolve it:
In nginx.conf at the server level I have added a resolver setting:
resolver kube-dns.kube-system.svc.cluster.local valid=10s;
Then I used a FQDN in proxy_pass:
proxy_pass http://SERVICE-NAME.YOUR-NAMESPACE.svc.cluster.local:8080;
It fails because you need to use the FQDN to Resolve the name.
Using just the hostname will usually work because in kubernetes the resolv.conf is configured with search domains so that you don't usually need to provide a service's FQDN.
However, specifying the FQDN is necessary when you tell nginx to use a custom name server because it does not get the benefit of these domain search specs.
In nginx.conf added at the server level:
resolver kube-dns.kube-system.svc.cluster.local valid=10s;
Then used a FQDN in proxy_pass:
proxy_pass http://SERVICE-NAME.YOUR-NAMESPACE.svc.cluster.local:8080;
I configured my Nginx as simple reverse proxy.
I'm just using basic setting
location / {
proxy_pass foo.dnsalias.net;
proxy_pass_header Set-Cookie;
proxy_pass_header P3P;
}
The problem is that after some time (few days) the site behind nginx become unaccessible. Indead nginx try to call a bad ip (the site behind nginx is at my home behind my box and I'm a using a dyn-dns because my ip is not fixe). This dyn-dns is always valid (I can call my site directly) but for obscure reason Nginx get stuck with that..
So as said, nginx just give me 504 Gateway Time-out after some time. It looks like the error come when my ip change at home.
Here is a sample of error log:
[error] ... upstream timed out (110: Connection timed out) while connecting to upstream, client: my.current.ip, server: myreverse.server.com, request: "GET /favicon.ico HTTP/1.1", upstream: "http://my.old
.home.ip", host: "myreverse.server.com"
So do you know why nginx is using ip instead of the DN ?
If the proxy_pass value doesn't contain variables, nginx will resolve domain names to IPs while loading the configuration and cache them until you restart/reload it. This is quite understandable from a performance point of view.
But, in case of dynamic DNS record change, this may not be desired. So two options are available depending on the license you possess or not.
Commercial version (Nginx+)
In this case, use an upstream block and specify which domain name need to be resolved periodically using a specific resolver. Records TTL can be overriden using valid=time parameter. The resolve parameter of the server directive will force the DN to be resolved periodically.
http {
resolver X.X.X.X valid=5s;
upstream dynamic {
server foo.dnsalias.net resolve;
}
server {
server_name www.example.com;
location / {
proxy_pass http://dynamic;
...
}
}
}
This feature was added in Nginx+ 1.5.12.
Community version (Nginx)
In that case, you will also need a custom resolver as in the previous solution. But to workaround the unavailable upstream solution, you need to use a variable in your proxy_pass directive. That way nginx will use the resolver too, honoring the caching time specified with the valid parameter. For instance, you can use the domain name as a variable :
http {
resolver X.X.X.X valid=5s;
server {
server_name www.example.com;
set $dn "foo.dnsalias.net";
location / {
proxy_pass http://$dn;
...
}
}
}
Then, you will likely need to add a proxy_redirect directive to handle redirects.
Maybe check this out http://forum.nginx.org/read.php?2,215830,215832#msg-215832
resolver 127.0.0.1;
set $backend "foo.example.com";
proxy_pass http://$backend;
In such setup ip address of "foo.example.com" will be looked up
dynamically and result will be cached for 5 minutes.