I've got a pretty basic nginx/nginx.conf but unfortunately I can't get 1 of the servers to match properly, I'm pretty sure it's because they use some text which is exactly the same as another domain
I've tested the regex's on regex101.com and they seem to be matching the way they should be, but nginx is doing something else with them
this is what my whole nginx conf looks like
https://pastebin.com/E3N8awGk
key area:
# lopudesigns
server {
listen 80;
server_name ~^(.*|)(\.|)lopudesigns\.dev$;
keepalive_timeout 70;
location / {
proxy_set_header x-real-IP $remote_addr;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection $connection_upgrade;
proxy_set_header host $host;
proxy_pass http://127.0.0.1:7777;
}
}
# lopudesigns example sites
server {
listen 80;
server_name ~^ozledgrowlights\.lopudesigns\.dev$;
keepalive_timeout 70;
location / {
proxy_set_header x-real-IP $remote_addr;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection $connection_upgrade;
proxy_set_header host $host;
proxy_pass http://127.0.0.1:1337;
}
}
# ozledgrowlights
server {
listen 80;
server_name ~^(.*|)(\.|)ozledgrowlights\.dev\.au$;
keepalive_timeout 70;
location / {
proxy_set_header x-real-IP $remote_addr;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection $connection_upgrade;
proxy_set_header host $host;
proxy_pass http://127.0.0.1:1337;
}
}
# a lopu client
server {
listen 80;
server_name ~^(.*|)(\.|)alopu\.com$;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name ~^(.*|)(\.|)alopu\.com$;
keepalive_timeout 70;
location / {
proxy_set_header x-real-IP $remote_addr;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header host $host;
proxy_pass http://127.0.0.1:8888;
}
ssl_certificate /usr/local/etc/nginx/certs/alopu/server.crt.pem;
ssl_certificate_key /usr/local/etc/nginx/certs/alopu/server.key.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
}
ozledgrowlights.dev.au matches correctly
alopu.com matches correctly
but lopudesigns.dev gets proxied to http://127.0.0.1:8888 instead of http://127.0.0.1:7777
which is evident because the url doesn't change, so it doesn't actually get redirected to alopu.com, which means that the alopu.com regex/server block is capturing those http requests, which is pretty weird since the regex
~^(.*|)(\.|)lopudesigns\.dev$; captures lopudesigns.dev perfectly and ~^(.*|)(\.|)alopu\.com$; doesn't capture lopudesigns.dev at all
I should also note that ~^(.*|)(\.|)ozledgrowlights\.dev\.au$; doesn't capture anything at all, so ozledgrowlights.lopudesigns.dev doesn't load anything at all
so I'm a bit confused? :O
Sorry but it was some local issue with the .dev domain, not sure what it was but changing .dev to .ved made it work... odd
Related
I have tried a lots of ways to reverse proxy but nothing works but my other domain works like https://jinpots.space or https://kanpots.jinpots.space but on this domain it doesn't works for some reason.
server {
listen 80;
listen [::]:80;
server_name *.tsukushi.site;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:3728/;
proxy_redirect off;
}
}
I expect I am doing something just simply incorrect here. Essentially I have 3 apps that I have configured a NGINX reverse proxy for. Each one seems to start to load but what I think is happening is something wrong with the re-write. So I can see in chrome network trace each load the first item ok but then instead of example.com/app1/applicationdirx it attempts example.com/applicationdirx (this returns a 404 for every item it tries to load) This is happening for all 3 apps running on seperate machines. So I expect its my config somewhere. Please dont judge my config. I have spent hours and hours playing with it so its a bit of a mess. haha. I would assume its proxy_redirect but I have tried every combination (including default and off with no avail). If i change the location to root "/" and update the config accordingly, the apps work fine. its just when I am trying to do it under /app1/,/app2/ and /app3/ it doesnt. :(
Any assistance would be greatly appreciated.
çmap $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
set $app1 192.168.5.3:443;
set $app2 192.168.5.3:8443;
set $app3 192.168.5.79:8123;
**app1*
location /app1/ {
proxy_pass https://$app1/;
proxy_redirect https://$app1 https://$server_name/app1/;
proxy_cache off;
proxy_store off;
proxy_buffering off;
proxy_http_version 1.1;
proxy_read_timeout 36000s;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Referer "";
client_max_body_size 0;
}
## app2 ##
location /app2/
{
proxy_pass https://$app2/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_redirect https://$app2/ https://$server_name/app2/;
}
## app3##
location /app3/ {
proxy_pass http://$app3/;
proxy_set_header Host $host;
#proxy_redirect http://$app3 https://$server_name/app3;
proxy_redirect http://192.168.5.79:8123/ https://$server_name/app3/;
# proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
#proxy_set_header Connection $connection_upgrade;
}
server_name example.com;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullcapp3in.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
I am having multiple apps each listening on different ports and i am trying to configure nginx so i can proxy pass to each of them separately.
I am able to configure the root location of my domain to proxy pass to a bokeh app which is listening on port 5006 using this config:
server {
listen 80 default_server;
listen 443 ssl;
root /var/www/mydomain/html;
index index.html index.htm index.nginx-debian.html;
server_name mydomain www.mydomain;
ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem;
location / {
proxy_pass http://127.0.0.1:5006;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$server_port;
proxy_buffering off;
}
The above part works. However, when i try to create an additional location so that i can have the location / serving a landing page (from root) and then location /env to proxy to localhost:5006 it shows empty page at mydomain/env. Here is the config i am trying with:
server {
listen 80 default_server;
listen 443 ssl;
root /var/www/mydomain/html;
index index.html index.htm index.nginx-debian.html;
server_name mydomain www.mydomain;
ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem;
location / {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$server_port;
proxy_buffering off;
}
location /env/ {
rewrite ^/env/(.*)$ /$1 break;
proxy_cache_bypass $http_upgrade
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host:$server_port;
proxy_buffering off;
proxy_pass http://127.0.0.1:5006;
}
}
It would be great if someone could point out on where i am making the mistake.
Thanks.
I am running a few services from my VM at home, and I'm having some issue in connection with bad bots and setting up a https redirect for my subdomains. I would highly appreciate any help in fixing these issues.
The bad_bot issue is that if I enable it in the Nginx file, it won't let me open the webpage from any browser (throws a 403 error). The code is below:
map $http_user_agent $bad_bot {
default 1;
"~*\bUptimeRobot/2.0\b" 0;
}
The other issue is that if I visit any of my subdomains by typing out the link in a browser, it redirects me to Port 80 instead of Port 443 by default. I would like to redirect to Port 443 for all cases. My default file contents are below:
include /etc/nginx/blockuseragents.rules;
include /etc/nginx/bad_bots.rules;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
#server {
# listen 80 default_server;
# listen [::]:80 default_server;
# server_name *.example.in;
# return 301 https://$server_name$request_uri;
#}
#Main Server Configuration Part
server {
#BlockedAgent
if ($blockedagent) {
return 403;
}
#Bad Bots Filtering
#if ($bad_bot) {
# return 403;
#}
#Block Request Method
#if ($request_method !~ ^(GET|HEAD|POST)$) {
# return 444;
#}
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name example.in;
include /etc/nginx/conf.d/*.conf;
#location / {
#root /usr/share/nginx/html;
#index index.html index.htm index.nginx-debian.html;
#try_files $uri /index.html;
#}
#SSL Configuration
include /etc/nginx/ssl.conf;
#Tautulli
location /tautulli {
proxy_pass http://192.168.0.12:8181;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
}
#Transmission Torrent Client
location /transmission {
proxy_pass http://192.168.0.12:9091;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
#Radarr Movies
location /radarr {
proxy_pass http://192.168.0.12:7878;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
#Sonarr TV Shows
location /sonarr {
proxy_pass http://192.168.0.12:8989;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
#Ombi
location /ombi/ {
proxy_pass http://192.168.0.12:5000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 90;
proxy_redirect http://192.168.0.12:5000 https://$host;
}
if ($http_referer ~* /ombi/) {
rewrite ^/dist/([0-9\d*]).js /ombi/dist/$1.js last;
}
#Sabnzbd
location /sabnzbd {
proxy_pass http://192.168.0.12:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
#Jackett
location /jackett {
proxy_pass http://192.168.0.12:9117;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
#Home Assistant Block
#Add entry in Cloudflare DNS ("CNAME home example.DynamicDNSProvider.com") to enable
server {
##BlockedAgent
#if ($blockedagent) {
# return 403;
#}
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name home.example.in;
#return 301 https://$host$request_uri;
include /etc/nginx/conf.d/*.conf;
#SSL Configuration
include /etc/nginx/ssl.conf;
#Home Assistant
location / {
proxy_pass http://192.168.0.12:8123/;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
#Home Assistant Google Assistant Block
location /api/google_assistant {
proxy_pass http://192.168.0.12:8123;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
#Home Assistant API and Websocket
location /api/websocket {
proxy_pass http://192.168.0.12:8123/api/websocket;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
#Home Assistant Notifications Fix
location /api/notify.html5/callback {
if ($http_authorization = "") { return 403; }
allow all;
proxy_pass http://192.168.0.12:8123;
proxy_set_header Host $host;
proxy_redirect http:// https://;
}
}
#pfSense Block
#Add entry in Cloudflare DNS ("CNAME pfsense example.DynamicDNSProvider.com") to enable
server {
#BlockedAgent
if ($blockedagent) {
return 403;
}
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name pfsense.example.in;
#return 301 https://$host$request_uri;
include /etc/nginx/conf.d/*.conf;
#SSL Configuration
include /etc/nginx/ssl.conf;
location / {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_pass https://192.168.0.1:443;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_buffering off;
}
}
#UniFi Controller Block
#Add entry in Cloudflare DNS ("CNAME unifi example.DynamicDNSProvider.com") to enable
server {
#BlockedAgent
if ($blockedagent) {
return 403;
}
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name unifi.example.in;
#return 301 https://$host$request_uri;
include /etc/nginx/conf.d/*.conf;
#SSL Configuration
include /etc/nginx/ssl.conf;
location / {
#auth_basic "Restricted";
#auth_basic_user_file /etc/nginx/.htpasswd;
proxy_pass https://localhost:8443;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_buffering off;
}
}
#FreeNAS Block
#Add entry in Cloudflare DNS ("CNAME newton example.DynamicDNSProvider.com") to enable
server {
#BlockedAgent
if ($blockedagent) {
return 403;
}
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name newton.example.in;
#return 301 https://$host$request_uri;
include /etc/nginx/conf.d/*.conf;
#SSL Configuration
include /etc/nginx/ssl.conf;
location / {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_pass https://192.168.0.10:443;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_buffering off;
}
}
#IPMI Block
#Add entry in Cloudflare DNS ("CNAME ipmi example.DynamicDNSProvider.com") to enable
server {
#BlockedAgent
if ($blockedagent) {
return 403;
}
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name ipmi.example.in;
#return 301 https://$server_name$request_uri;
include /etc/nginx/conf.d/*.conf;
#SSL Configuration
include /etc/nginx/ssl.conf;
location / {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_pass https://192.168.0.8:443;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_buffering off;
}
}
Your map directive is back to front. You also need to move the ~* outside the quotes of your regex.
map $http_user_agent $bad_bot {
default 1; #This sets $bad_bot to 1 is nothing else matches
"~*\bUptimeRobot/2.0\b" 0; #This sets $bad_bot to 0 if the regex matches
}
So at this point, if you fixed your regex then UptimeRobot would be $bad_bot 0 and everyone else would be $bad_bot 1
It's not looking good for most people when they get to this part of your config:
if ($bad_bot) {
return 403;
}
I have very limited knowledge with rewriting url in nginx. I have a plex media server running behind on nginx, i can access the dashboard with http://domain.com/web/index.html with these config i found on github:
upstream plex-upstream {
server plex-server.example.com:32400;
}
server {
listen 80;
server_name domain.com
location / {
if ($http_x_plex_device_name = '') {
rewrite ^/$ http://$http_host/web/index.html;
}
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_pass http://plex-upstream;
}
}
What i want is to remove /web/index.html so when i go to http://domain.com, the PMS dashboard will load. I tried some one liner rewrite rules already but all failed. Thanks.
I am not nginx specialist, but I had similar problem.
The diference is that I was not trying to alias domain.name/ to domain.name/web/,
My goal was to alias domain.name/plex/ to domain.name/web/.
I was getting redirects to web/index.html with all solutions I could find except this one Configure Plex Media Server Reverse Proxy nginx Linux.
The only one problem with this one was that if you go to web/ you will stay there.
So here is my creepy yet working solution:
upstream plex {
server localhost:32400;
}
server {
listen 80;
server_name domain.name;
server_name_in_redirect off;
location / {
proxy_pass http://localhost:8888;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
# Enables WS support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
}
location /web/index.html {
if ($http_x_should_not_redirect = ""){
return 301 https://domain.name/plex/index.html;
}
proxy_pass https://plex;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header x_should_not_redirect $host;
}
location /web {
proxy_pass https://plex;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header x_should_not_redirect $host;
}
location /plex {
proxy_pass https://127.0.0.1/web;
proxy_set_header X-should-not-redirect $host;
}
location /transmission/rpc {
proxy_pass http://localhost:9091;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
# Enables WS support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
}
location /transmission/web {
proxy_pass http://localhost:9091;
proxy_pass_header X-Transmission-Session-Id;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Enables WS support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/dovgastreetnas.viewdns.net/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/dovgastreetnas.viewdns.net/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
}
Hope this will help somebody.