I have a DigitalOcean droplet where I'm trying to host multiple servers. To be precise, I have the following setup:
1. My personal site (React frontend hosted using serve) at localhost:5000
2. My Jekyll blog hosted using Bundler (Command: bundle exec jeykll serve) at localhost:4000/blog/
3. A nodejs project hosted using pm2 at localhost:3031
When I'm test each of them from the server using the above localhost URLs with curl, I'm getting the correct response.
I have a domain registered with namecheap, say abcd.me, with cloudflare to manage my DNS settings. As given in their instructions, I updated my settings on namecheap to use Cloudflare's nameservers.
What is currently working for me:
- I'm able to access my personal site at https://abcd.me
- I'm able to access my nodejs project at http://{droplet-ip}:3031
What I'm unable to achieve:
- Access my blog at https://blog.abcd.me
Currently, accessing https://blog.abcd.me returns my personal site again, just with the URL prefixed with "blog.". My nginx configuration looks like this:
server {
listen 3030 default_server;
listen [::]:3030 default_server;
server_name {server-ip};
index index.html index.htm index.nginx-debian.html;
location / {
proxy_pass http://localhost:3031;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
server {
listen 80;
listen [::]:80;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name blog.abcd.me www.blog.abcd.me;
location / {
proxy_pass http://localhost:4000/blog/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
server {
listen 80;
listen [::]:80;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name abcd.me www.abcd.me;
# location / {
# # First attempt to serve request as file, then
# # as directory, then fall back to displaying a 404.
# try_files $uri $uri/ =404;
#}
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php7.0-fpm:
# fastcgi_pass unix:/run/php/php7.0-fpm.sock;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/abcd.me/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/abcd.me/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
}
I'm unable to figure out where I'm going wrong. Can somebody help me?
Related
OK, this 502 error is from something different than the other related articles here.
first i managed to setup a v2ray system using ubuntu 22.
I have a domain and a cloudflare account to set DNS for my domain and a 'sub' subdomain connected to my server ip, all set as it should be.
equipped with SSL cert & key using certbot on linux and works ok, website comes up with https just fine.
dns proxy and websocket check are both enable in CF(CloudFlare).
also im using reverse DNS like the famous tutorials saying, so i've edited the /etc/nginx/sites-available/sub.domain.com to become like this:
server {
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name sub.domain.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location /subf1 {
if ($http_upgrade != "websocket") {
return 404;
}
location ~ /subf1/\d\d\d\d\d$ {
if ($request_uri ~* "([^/]*$)" ) {
set $port $1;
}
proxy_redirect off;
proxy_pass http://127.0.0.1:$port/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
return 404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/sub.domain.com/fullchain.pem; # mana>
ssl_certificate_key /etc/letsencrypt/live/sub.domain.com/privkey.pem; # ma>
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = sub.domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name sub.domain.com;
return 404; # managed by Certbot
}
also, have the x-ui v2ray panel installed and everything is setup just right here is a sample vless connection which i used to create normally and worked fine till yesterday:
the 9988 port is defined from x-ui v2ray management panel on the server.
everything was fine until i removed the x-ui panel and installed another version.
since then i cannot make the connections work, no matter what the v2ray client gives this series of errors:
app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: failed to find an available destination > common/retry: [transport/internet/websocket: failed to dial WebSocket > transport/internet/websocket: failed to dial to (wss://<ip>/subf1/40234): 502 Bad Gateway > websocket: bad handshake] > common/retry: all retry attempts failed
proxy/http: failed to read response from 149.xx.xx.xx:80 > io: read/write on closed pipe
some things i did to resolve this are:
restarting nginx
rebooting the server
re-installing the x-ui panel (various versions)
rebuilding the server
changing the subdomain
changing the sub domain + changing the server and gettin a different ip
and SSL is being set just fine with CF SSL selected at Full.
any kind of help and suggestion is so appreciated.
I installed NGINX as a reverse proxy on ubunty. However after installation it turned out that NGINX does not serve css and js files while still serving html files.
I have the following configuration in /etc/nginx/sites-available/default
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name example.com www.example.com;
location / {
proxy_pass http://localhost:5000/;
include /etc/nginx/mime.types;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
try_files $uri $uri/ =404;
}
I'm currently using NodeJs over Nginx for hosting a website, since I've already realized the port conflict of Nginx, I already change the configure file and I can access localhost now.
But the problem is the website is no longer the same as the one hosted on port 3000(which I set the NodeJs source to listen)
It is really struggling and I really do wish someone can get me a solution.
The configure code is list below
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
i have a php script which only have some function like get some content or post a file to the server.
now i am trying to open a websocket with JS. But i got everytime that the handshake wouldnt work.
new WebSocket('myDomain.com')
WebSocket connection to 'ws://mydomain.com/ws' failed: Error during WebSocket handshake: Unexpected response code: 200
I am not sure, what is going wrong.
server {
listen 80;
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
# listen 80 default_server;
# listen [::]:80 default_server;
# root /var/www/html;
server_name mydomain.com;
# index index.php index.html index.htm index.nginx-debian.html;
listen 443 ssl; # managed by Certbot
# RSA certificate
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
}
location / {
try_files $uri $uri/ =404;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection $connection_upgrade;
}
}
Seems like a websocket server is missing in the setup.
It should be binding to a port somewhere independent of nginx.
The relevant nginx setting should look similar to this:
location /ws {
proxy_pass http://localhost:8123/websocket;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
Your php script likely needs to be expanded into a php websocket server.
You can read up on it here:
How to create websockets server in PHP
I have a Shiny app hosted in Digitalocean with Web-server as Nginx. The Web-address looks like
http://www.exacmple.com/ShinyApp
However I wish if I could change the http to https. i.e. all request to this App would be routed to https://www.exacmple.com/ShinyApp
I already have SSL certificate installed from letsencrypt, and certificate file is placed at below addresses:
/etc/letsencrypt/live/example.com/fullchain.pem;
/etc/letsencrypt/live/example.com/privkey.pem;
Currently, my Nginx Proxy file is set like below:
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name example.com www.example.com;
if ($http_host = example.com) {
rewrite (.*) https://www.example.com$1;
}
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location /ShinyApp/ {
rewrite ^/ShinyApp/(.*)$ /$1 break;
proxy_pass http://localhost:4242;
proxy_redirect http://localhost:4242/ $scheme://$host/ShinyApp/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_read_timeout 20d;
proxy_buffering off;
}
}
To implement for https, I have appended this file as below (the location section)
location /ShinyApp/ {
rewrite ^/ShinyApp/(.*)$ /$1 break;
SSLEngine on
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ProxyPreserveHost On
proxy_pass http://localhost:4242;
roxyPassReverse http://localhost:4242;
proxy_redirect http://localhost:4242/ $scheme://$host/ShinyApp/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_read_timeout 20d;
proxy_buffering off;
}
However above change fails to implement https request.
I have gone through various suggestions available over Web (e.g. HTTPS for Shiny apps?) however failed to find any workable solution.
Any pointer towards the right direction would be very helpful.
Thanks,
Common practice for this is to use two server blocks:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name example.com www.example.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
server_name example.com www.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
... # root, index and other top-level directives here
location /ShinyApp/ {
# your backend configuration here
}
}
Don't use ssl_certificate and ssl_certificate_key directives inside a location blocks, pay attention on a context in which nginx directives may or may not be used. SSLEngine, ProxyPreserveHost and ProxyPassReverse are apache directives, remove them! Test your configuration with nginx -t before reloading nginx with a new configuration.