ratchet, wss & nginx configuration - nginx

my current nginx conf file:
server {
listen 443 ssl default_server;
listen [::]:80 ipv6only=on;
ssl_certificate /etc/letsencrypt/live/domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain/privkey.pem;
access_log /var/log/nginx/domain-access.log;
error_log /var/log/nginx/domain-error.log;
root /var/www/domain/public;
index index.php index.html index.htm;
server_name domain;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# PHP-FPM Configuration Nginx
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
I want to be able to run 2 secure WebSocket servers (wss://) - one running over 8443 port and the other over 8444.
I tried many configuration suggestions but none of them seems to work (connection timeout).
UPDATE:
I want to be able to connect to the WebSocket server like this:
conn = new ab.Session('wss://domain:8443',....)
Is it possible? or should I change the connection URI?
Any advice?

After lots of digging, I managed to solve my problem:
I already tried the settings below from the beginning, but in my case all of my problem was firewall settings.. and yes, it's pretty dumb
First - the cause of time out problem was the firewall
So, in order to enable your tcp port, use (Centos 7):
firewall-cmd --zone=public --add-port=80/tcp --permanent
then,
firewall-cmd --reload
great guide: http://ask.xmodulo.com/open-port-firewall-centos-rhel.html
My settings:
upstream websocket{
server 127.0.0.1:8443;
}
map $http_upgrade $connection_upgrade {
default Upgrade;
'' close;
}
server {
listen 443 ssl default_server;
listen [::]:443 default_server ssl http2 ipv6only=on;
ssl on;
ssl_prefer_server_ciphers on;
ssl_certificate /etc/letsencrypt/live/domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain/privkey.pem;
if ($request_uri ~ "^[^?]*//") {
rewrite "(.*)" $scheme://$host$1 permanent;
}
access_log /var/log/nginx/domain-access.log;
error_log /var/log/nginx/domain-error.log;
root /var/www/domain/public;
index index.php index.html index.htm;
server_name domain
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# PHP-FPM Configuration Nginx
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location /ws/ {
proxy_pass http://websocket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_redirect off;
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
keepalive_timeout 86400s;
# prevents 502 bad gateway error
proxy_buffers 8 32k;
proxy_buffer_size 64k;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
reset_timedout_connection on;
}
}
Hope it will help others :)

Related

Symfony nginx reverse proxy on folder

I have a simple Symfony application, using Webpack Encore.
I also have a nginx server, with this below configuration to access to my Symfony app:
server {
listen 8080;
server_name localhost;
root D:/Projects/SampleApp/public;
location / {
root D:/Projects/SampleApp/;
try_files /public/$uri /public/$uri /assets/$uri /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_pass php_farm;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
}
}
When I access to http://localhost:8080, my Symfony app works well.
I would like to add another nginx as a reverse proxy, that point http://localhost/SampleApp to http://localhost:8080.
I create this nginx configuration file :
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
ssl_certificate D:/Projects/certificate.crt;
ssl_certificate_key D:/Projects/certificate.key;
server_name localhost;
location /SampleApp/ {
rewrite ^/SampleApp(/.*)$ $1 break;
proxy_pass http://localhost:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
}
}
When I access to http://localhost/SampleApp/login, my Symfony login page works. But :
Assets are not loaded because the base doesn't contains the "SampleApp" prefix (it call http://localhost/assets/app.css instead of http://localhost/SampleApp/assets/app.css)
Links and redirections doesn't works too for the same problem
Do you have any ideas to resolve this problem please ?
Thanks

ERROR SUBDOMAIN DOES NOT REDIRECT IN NGINX

I have a domain like www.app.com and a subdomain like www.server.app.com
I just configure my sites-available, sites-enabled and hosts but my error is when I try to acced to subdomain, always redirect to domain. This is my code:
SERVER | SUBDOMAIN
upstream server.app.com {
server 127.0.0.1:3000;
}
server {
listen 0.0.0.0:80;
root /var/www/server.app.com/html;
server_name server.app.com;
access_log /var/log/nginx/server.app.access.log;
error_log /var/log/nginx/server.app.error.log debug;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarder-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:3000;
proxy_redirect off;
}
}
DOMAIN
server {
listen 80;
server_name app.com;
return 301 http://www.app.com$request_uri;
}
server {
listen 80;
#listen [::]:80 default_server ipv6only=on;
root /var/www/app.com/html;
index index.php index.html index.htm;
server_name www.app.com;
location / {
# try_files $uri $uri/ /index.php?$query_string;
try_files $uri $uri/ /index.php?q=$uri&$args;
}
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
What is wrong, I have the same in other app and is good? thanks in advance

Nested Nginx location with or without trailing slash

I am building an application that consists of Laravel at the back end and Nodejs at the front end. To join them I would like to create location in Nginx conf for Laravel via https://localhost/admin/? route with or without trailing slash. I have managed to do that with trailing slash but not without.
Here is my config:
server {
listen 443 ssl http2;
server_name localhost;
ssl_certificate /certs/localhost.crt;
ssl_certificate_key /certs/localhost.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
location / {
proxy_pass https://nodejs:3000;
proxy_ssl_verify off;
}
# Backend
location /admin/ {
alias /var/www/api/public;
try_files $uri #admin;
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_pass php-upstream;
fastcgi_index index.php;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
fastcgi_param SCRIPT_FILENAME $request_filename;
#fixes timeouts
fastcgi_read_timeout 600;
include fastcgi_params;
}
}
location #admin {
rewrite /admin/(.*)$ /admin/index.php?/$1 last;
}
# BrowserSync websocket
location /browser-sync/socket.io/ {
proxy_pass http://nodejs:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
I have tried the following location ~ /admin/?(.*)$ { but was unable to get it running as Nginx was looking for a location that doesn't exist. How can I achieve that?
Thanks in advance.
The URI /admin should result in a redirect anyway, so why not simply add:
location = /admin {
return 301 /admin/;
}

nginx - proxy/rewrite based on location

I am trying to redirect all requests beginning with /api/ to a node server on localhost. I've been unable to get nginx to rewrite the request properly.
My server.conf (I included the whole file in case there is something conflicting I'm not noticing):
server {
listen 80;
root /var/www/sites/my.server;
index index.php index.html index.htm;
server_name .my.server;
access_log /var/log/nginx/my.server-access.log;
error_log /var/log/nginx/my.server-error.log;
location / {
try_files $uri $uri/ /index.html;
}
## Redirect api to node server
location /api {
rewrite ^/api/(.*)$ /$1 last;
proxy_pass http://127.0.0.1:3030/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/www;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
if (!-e $request_filename){
rewrite ^(.*)$ /index.php?q=$1 last;
break;
}
# SSL Related Setup
listen 443 ssl;
ssl on;
ssl_certificate /etc/ssl/certs/ssl-bundle.crt;
ssl_certificate_key /etc/ssl/private/my.server.key;
#enables all versions of TLS, but not SSLv2 or 3 which are weak and now deprecated.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#Disables all weak ciphers
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
}
Using this config, http://my.server/api is redirected properly to the node server, but http://my.server/api/jobs is not.
After much trial and error and searching, I found the following works:
location ^~ /api/ {
rewrite ^/api/(.*) /$1 break;
proxy_pass http://127.0.0.1:3030/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

Can multi laravel based sites be accessed by folder not by port?

Now, I have two projects(sites) based on Laravel + PHP + MySQL + Nginx, vistors can access them by typing:
http://www.mysite.com:80
http://www.mysite.com:8001
Can I change the accessing method to virtual folder not by port?
http://www.mysite.com/project1
http://www.mysite.com/project2
The nginx conf files are (at /etc/nginx/conf.d/):
project1.conf
server {
listen *:80;
server_name mysite.com www.mysite.com;
server_tokens off;
root /var/www/html/project1/public;
client_max_body_size 100m;
access_log /var/log/nginx/project1_access.log;
error_log /var/log/nginx/project1_error.log;
location / {
index index.php index.html;
if (!-f $request_filename){
rewrite (.*) /index.php;
}
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
project2.conf
server {
listen *:80;
server_name www.mysite.com;
server_tokens off;
root /var/www/html/project2/public;
client_max_body_size 100m;
access_log /var/log/nginx/project2_access.log;
error_log /var/log/nginx/project2_error.log;
location / {
index index.php index.html;
if (!-f $request_filename){
rewrite (.*) /index.php;
}
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
The only decent way to do it is by folder and virtual host rather than port.
Sure - an example config will look like this:
1 Define your app servers
server {
listen 8080;
root /var/www/html/project1/public;
......
}
server {
listen 8081;
root /var/www/html/project2/public;
......
}
2 Define your proxy server
server {
listen 80;
server_name mysite.com www.mysite.com;
.....
location /project1 {
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
.....
}
location /project2 {
proxy_pass http://localhost:8081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
....
}
}

Resources