I struggle with a problem to conf my nginx reverse proxy to work with gitlab.
Let's say that my gitlab server's IP is 192.168.0.2:8888 on my network. This server is not accessible throught internet. And my proxy is accessible by http://example.org
Due to somes reasons, I can't use subdomain, so I want to configure my proxy to access gitlab throught http://example.org/git.
My nginx proxy is working fine for my other needs and my gitlab server work great on local.
I try this config on my proxy :
...
location /git {
proxy_path http://192.168.0.2:8888;
proxy_set_header Host $host;
}
But when I go to http://example.org/git, I get redirect to http://example.org/users/sign-in. I lost the "git" folder in the url.
I try many thing in this config, adding a "/" at the end of the proxy_path, adding "rewrite ^/git(.*) /$1 break;", etc.
At best, I get the right redirect, http://example.org/git/users/sign-in, but all the resources lead to http://example.org/{resource}
I'm noob at nginx config so I don't know what to try now.
If someone can lead me to the right direction :)
Thx
Related
I have a Nextjs application running on https://localhost port 3000 on my server and it is accessable through https://rgb.irpsc.com:3000/citizen/hm-2000001. The hm-2000001 part is dynamic and can range from hm-2000000 to any value.
What I want to do is to make this application accessable without specifying a port. What I mean is that when a user types https://rgb.irpsc.com/citizen/hm-2000003 in the browser address bar, the related page shows up.
I have configured this in nginx, but it seems to be not working. I'd be so grateful for any help from you guys.
Here's my nginx configuration:
location /citizen {
proxy_pass https://localhost:3000/citizen;
}
You should change your config as below:
location /citizen {
proxy_pass http://localhost:3000;
}
I have a Jenkins environment setup, running off a EC2 instance and trying to get port 80 mapped to port 8080.
A suggestion made (and the way most of the configurations I've seen recommended) uses Nginx to do a reverse proxy.
I have installed Nginx on the server, and added to sites-available the following:
server {
listen 80;
server_name jenkins.acue.io;
location / {
include /etc/nginx/proxy_params;
proxy_pass http://localhost:8080;
proxy_read_timeout 60s;
# Fix the "It appears that your reverse proxy set up is broken" error.
# Make sure the domain name is correct
proxy_redirect http://localhost:8080 https://jenkins.acue.io;
}
}
I hit the IP address of the jenkins environment, it shows me the Ngnix welcome screen and Jenkins still loads against port 8080 not port 80.
Do I need to specific the current URL (I've not pointed the jenkins.acue.io sub-domain yet to the EC2 instance where I have specified localhost? I've tried it but no joy).
Few things to note.
You need to add jenkins.acue.io to your Host entries and point it to the instance where you are running NginX. Then use the FQDN to access Jenkins. Also there is a typo in your proxy_redirect where you have added https URL instead of http://jenkins.acue.io fix that as well. Other than that your NginX configurations look fine.
If you keep on getting the NginX welcome page even though you are accessing through the FQDN, that means your configurations are not being picked up by NginX. Try creating a new file like jenkins.conf and add it to /etc/nginx/conf.d. Then do a sudo systemctl restart nginx
I am new to nginx and am trying to configure a reverse proxy to a Shiny Server (Open) that I have successfully implemented on an AWS Lightsail Instance. I am desperate at this point and would appreciate any advice. Here are the pertinent configuration arrangements.
Note that I have a purchased a custom domain from GoDaddy. Assume this is named mydomain.com.au. However, I have changed the name servers to point to Netlify as I deployed my website through the blogdown R package in Netlify.
Lightsail Instance Details
This has a Shiny Server installed and a static IP address assigned. Assume 123.45.67.89 from this point onwards. The firewall details are provided below:
Lightsail instance firewall details
I can successfully access the Shiny Server via http://123.45.67.89:3838 and associated Shiny apps I've deployed. I have a DNS Zone record added in order to link mydomain.com.au to my Shiny Server on the Lightsail instance - see details below:
Record Type: A
Subdomain: shiny.mydomain.com.au
Resolves to: 123.45.67.89 (i.e. static IP address)
Netlify details
I have a DNS record added in Netlify for mydomain.com.au which points to the Lightsail instance static IP address. Below are the details (I'm not sure whether I need a DNS record in Netlify and Lightsail though). Note this this is SSL/TLS certificate enabled and cannot be disabled (it will automatically revert to "https://" even when "http://" is specified).
Name: shiny.mydomain.com.au
TTL: 3600 seconds
Type: A
Value: 123.45.67.89
nginx details
Below are the relevant details of the /etc/nginx/sites-enabled/default file which I modified based on the instructions from this post. The $http_upgrade and $connection_upgrade is stored in the /etc/nginx/nginx.conf file. There is no SSL/TLS certificate from certbot added and I'm not sure whether this is an issue.
server {
listen [::]:80 default_server;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name shiny.mydomain.com.au;
# Reverse proxy to port 3838
location / {
proxy_pass http://localhost:3838/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_read_timeout 20d;
proxy_buffering off;
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# try_files $uri $uri/ =404;
}
The nginx configuration test appears to be successful:
sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
The following firewall profiles (from sudo ufw status) are set up - Nginx HTTP, OpenSSH, 3838 and 80. nginx is active and running too with no issues according to sudo service nginx status.
What works?
http://123.45.67.89:3838/ successfully opens the Shiny Server index page.
https://shiny.mydomain.com.au:3838/ successfully opens the Shiny Server index page.
Other information?
Visiting https://shiny.mydomain.com.au:3838 will automatically attempt https://123.45.67.89:443 which ultimately fails and times out. The redirection to 123.45.67.89 appears to work but it does not forward to the 3838 port. Firefox Network monitoring indicates that the Server is nginx.
What might be happening?
At this point (and I am very new to web administration), I think this might be an issue with Netlify forcing HTTPS which cannot be redirect to the Shiny Server port (HTTP?). However, visiting https://shiny.mydomain.com.au:3838 successfully redirects to the Shiny Server index page. I just can't understand why nginx isn't successfully forwarding to the 3838 port without specifying it in the URL based on the default configuration file.
What is the problem?
Loading shiny.mydomain.com.au does not successfully load the Shiny Server index page. It will eventually time out and no page is loaded ("The connection has timed out"). Checking the network monitoring information in Firefox indicates that tries to access 123.45.67.89 but not 123.45.67.89:3838 (i.e. the Shiny Server). It doesn't appear that it is redirecting at all according to the /etc/nginx/sites-enabled/default file.
I have tried changing localhost to 127.0.0.1 to no avail. I have tried following Dean Attali's post and another recent post on setting up Shiny Server too but still no success.
Can someone please help me out on how to get nginx as a reverse proxy to work?
I'm really running out of ideas here. Thanks.
i have a central reverse proxy with nginx, and inside of my environment i have a unified development tool like this:
dev.mycompany.com.br
and some applications like jenkins, artifactory.. working very well
dev.mycompany.com.br/jenkins
dev.mycompany.com.br/artifactory
but now i tryed to add another application (zanata) working in my docker server listening in following address: http://192.168.4.240:8080/zanata
in dev.conf in my nginx server i added the follow configuration for reverse proxy:
location /zanata {
proxy_pass http://192.168.4.240:8080/zanata/;
but returns blank page and 404 http code in access log.
if i remove /zanata like this:
proxy_pass http://192.168.4.240:8080/;
working fine and go to the wildfly welcome page.
somebody have a idea for this work this configuration?
thanks!
I think yo use https on top of your proxy and when zanata redirect it replaces the protocol by http.
curl -vvv https://myserver.com/zanata to see that.
edit your proxy to redirect http to https and it should work.
something like this :
server {
listen 80;`
server_name myserver.com;
return 301 https://$server_name$request_uri;
}
Is there an equivalent of apache's ProxyRemote directive for NginX?
So the scenario is I am behind a corporate proxy and I want to do proxy passes for various services with NginX. I would do it in Apache with the following:
ProxyPass /localStackOverflow/ https://stackoverflow.com/
ProxyPassReverse /localStackOverflow/ https://stackoverflow.com/
ProxyRemote https://stackoverflow.com/ http://(my corporate proxy IP)
I know I need the proxy_pass directive in NginX but can't find what I would use for the ProxyRemote.
Thanks
Not sure how #tacos response can work - possibly something I'm missing but the only way I could sort of get this to work was by rewriting the url and passing on to the corporate proxy. This is shown below:
http {
server {
listen 80;
location / {
rewrite ^(.*)$ "http://www.externalsite.com$1" break;
proxy_pass http://corporate-proxy.mycorp.com:8080;
}
}
}
This works, but does rewrite the url, not sure if this is important to the original use-case..
The servers you proxy behind an Nginx front-end web server are referred to as upstream servers. You will want to refer to the documentation for the HttpUpstreamModule. It's very similair to what you are familiar with. If you don't need load-balancing, you just setup the one upstream server in the configuration and it will serve your purpose.