I have a mesos cluster working in environment test and I set up nginx + nixy for service discovery. It is working fine, but when nginx make a proxy_pass for docker container, I receive a 404 error.
ex: I have a Tomcat container listen in privateip:37130, if I configure proxy_pass for location /, it is working! If i configure for location /service, I get the 404 error code.
Someone have any idea?
My nginx.conf
worker_processes auto;
pid /run/nginx.pid;
events {
use epoll;
worker_connections 2048;
multi_accept on;
}
http {
add_header X-Proxy always;
access_log off;
error_log /var/log/nginx/error.log warn;
server_tokens off;
client_max_body_size 128m;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_redirect off;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# time out settings
proxy_send_timeout 120;
proxy_read_timeout 120;
send_timeout 120;
keepalive_timeout 10;
upstream tomcat {
server 172.30.119.214:31816;
}
server {
listen 80;
server_name app.org;
location / {
return 503;
}
location /tomcat/ {
proxy_set_header HOST $host;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_connect_timeout 30;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_pass http://tomcat;
}
}
}
Change below
proxy_pass http://tomcat;
to
proxy_pass http://tomcat/;
Adding the trailing / would make sure that the /tomcat/ from the location will not be sent to the tomcat service
Related
I have uploaded a big file (5Gb) using fileUpload. I have increased the file upload limit to 10Gb in the shiny server code. The file upload succeeds but returns the error after the upload is completed:
Error : html head title 502 bad gateway /title /head
Below are my config info:
options(shiny.maxRequestSize = 10000 * 1024 ^ 2)
The nginx config /etc/nginx/nginx.conf has the basic settings in http block as below:
http {
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
client_max_body_size 100G;
large_client_header_buffers 8 64k;
}
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
}
The /etc/nginx/sites-available/default configuration is as shown below:
server {
listen 80 default_server;
listen [::]:80 default_server
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location /shiny/ {
proxy_pass http://X.X.X.X:3838/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
rewrite ^(/shiny/[^/]+)$ $1/ permanent;
}
location /rstudio/ {
proxy_pass http://X.X.X:8787/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
rewrite ^(/rstudio/[^/]+)$ $1/ permanent;
client_max_body_size 100000M;
}
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
proxy_buffer_size 16k;
proxy_buffers 8 32k;
proxy_busy_buffers_size 224K;
keepalive 64
}
Any hints to try will be helpful.
Adding the following lines to the location/ to the config file in sites-available/myApp.com fixed the issue:
location / {
proxy_http_version 1.1; // you need to set this in order to use params below.
proxy_pass http://XXXXXX.XX.XX:3838;
proxy_redirect http://XXXXXX.XX.XX:3838/ https://$host/;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_temp_file_write_size 64k;
proxy_connect_timeout 10080s;
proxy_send_timeout 10080;
proxy_read_timeout 10080;
proxy_buffer_size 64k;
proxy_buffers 16 32k;
proxy_busy_buffers_size 64k;
proxy_redirect off;
proxy_request_buffering off;
proxy_buffering off;
}
Hoping someone can point out my failing with my config.
I have an issue where my upstream redirect does not work as it should (must be a config issue) , it redirects from https to http, which I do not have running at the moment. Obviously I require my https server to only serve secure traffic and not redirect to http.
This is what I receive in my browser bar :
http://nginx.dev1.whispir.net/tmpl/home.tmpl#!/web_com/View_Workspace?rd=1307
But I require it to go to upstream over https.
In the debug of the browser I see :
GET http://nginx.dev1.whispir.net/tmpl/home.tmpl net::ERR_CONNECTION_REFUSED
Cannot fathom out why it is hitting port 80.
I have turned off http on port 80, as I require the https working.
I hope someone can help here, driving me insane.
thanks for looking.
This is my current config for port 443
upstream HttpsMainWorker {
# Sticky session
ip_hash;
server 10.1.161.59:8080;
server 10.1.161.56:8080;
}
upstream HttpsReportWorker {
# Sticky session
ip_hash;
server 10.1.161.64:8080;
}
upstream HttpsApiWorker {
# Sticky session
ip_hash;
server 10.1.161.51:8080;
}
server {
listen 443 ssl;
server_name nginx.dev1.whispir.net;
keepalive_timeout 70;
ssl on;
ssl_certificate /etc/nginx/certs/2016/61d2d567aece769c.crt;
ssl_certificate_key /etc/nginx/certs/2016/wildcard.dev1.whispir.netclear.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/app17web/access.log main;
error_log /var/log/nginx/app17web/error.log debug;
root /data/htdocs/app17web.dev1.whispir.net;
index index.jsp;
rewrite_log on;
location ~* \.(?:ico|css|js|gif|jpe?g|png|pdf)$ {
expires 1d;
add_header Pragma public;
add_header Cache-Control "public";
}
error_page 401 /401.html;
error_page 403 /403.html;
error_page 500 502 /500.html;
error_page 503 /503.html;
error_page 400 404 /404.html;
location = /404.html {
internal;
}
error_page 500 502 503 /50x.html;
location = /50x.html {
root html;
}
location /{
try_files $uri #backend;
}
location #backend {
proxy_pass http://HttpsMainWorker;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~ \.jsp$ {
proxy_pass http://HttpsMainWorker;
proxy_next_upstream error timeout invalid_header http_500;
proxy_connect_timeout 5s;
}
location /ivr/ivrRequest.ivr {
proxy_pass http://HttpsMainWorker;
proxy_next_upstream error timeout invalid_header http_500;
proxy_connect_timeout 5s;
}
location /app/cfu/* {
proxy_pass http://HttpsMainWorker;
proxy_next_upstream error timeout invalid_header http_500;
proxy_connect_timeout 5s;
}
location /tmpl/* {
proxy_pass http://HttpsMainWorker;
proxy_next_upstream error timeout invalid_header http_500;
proxy_connect_timeout 5s;
}
Most likely the upstream application (running on port 8080) is issuing the redirect. Either it needs to be configured to use https in a redirect, or it needs to be informed that the frontend connection arrived over https.
Your configuration inserts a header X-Forwarded-Proto for that purpose, but only for one of the locations.
The proxy_set_header directive is inherited from the outer block, only if no other proxy_set_header directives are set in the location.
So, either add a proxy_set_header X-Forwarded-Proto $scheme; statement into each affected location block, or move all of your proxy_set_header directives into the server block scope.
For example:
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
location #backend {
proxy_pass http://HttpsMainWorker;
}
location ~ \.jsp$ {
proxy_pass http://HttpsMainWorker;
proxy_next_upstream error timeout invalid_header http_500;
proxy_connect_timeout 5s;
}
location /ivr/ivrRequest.ivr {
proxy_pass http://HttpsMainWorker;
proxy_next_upstream error timeout invalid_header http_500;
proxy_connect_timeout 5s;
}
location /app/cfu/* {
proxy_pass http://HttpsMainWorker;
proxy_next_upstream error timeout invalid_header http_500;
proxy_connect_timeout 5s;
}
location /tmpl/* {
proxy_pass http://HttpsMainWorker;
proxy_next_upstream error timeout invalid_header http_500;
proxy_connect_timeout 5s;
}
See this document for details.
Is it possible to use Nginx reverse proxy with SSL Pass-through so that it can pass request to a server who require certificate authentication for client.
It means server will need to have certificate of client server and will not need certificate of Nginx reverse proxy server.
Not sure how much it can work in your situation, but newer (1.9.3+) versions of Nginx can pass (encrypted) TLS packets directly to an upstream server, using the stream block :
stream {
server {
listen 443;
proxy_pass backend.example.com:443;
}
}
If you want to target multiple upstream servers, distinguished by their hostnames, this is possible by using the nginx modules ngx_stream_ssl_preread and ngx_stream_map. The concept behind this is TLS Server Name Indication.
Dave T. outlines a solution nicely. See his answer on this network.
From the moment that we want to do ssl pass-through, the ssl termination will take place to the backend nginx server. Also i haven't seen an answer that takes care of the http connections as well.
The optimal solution will be a Nginx that is acting as a Layer 7 + Layer4 proxy at the same time. Something else that is rarely a subject of discussion is the IP Address redirection. When we use a proxy, this must be configured on the proxy, and not to the backend server like usually.
Lastly, the client ip address must be preserved, hence we must use the proxy protocol to do this correctly.
Sounds confusing? It's not much.
I came up with a solution that i currently using in production is works flawlessly.
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
variables_hash_bucket_size 1024;
variables_hash_max_size 1024;
map_hash_max_size 1024;
map_hash_bucket_size 512;
types_hash_bucket_size 512;
server_names_hash_bucket_size 512;
sendfile on;
tcp_nodelay on;
tcp_nopush on;
autoindex off;
server_tokens off;
keepalive_timeout 15;
client_max_body_size 100m;
upstream production_server {
server backend1:3080;
}
upstream staging_server {
server backend2:3080;
}
upstream ip_address {
server backend1:3080; #or backend2:3080 depending on your preference.
}
server {
server_name server1.tld;
listen 80;
listen [::]:80;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header Connection "";
#add_header X-Upstream $upstream_addr;
proxy_redirect off;
proxy_connect_timeout 300;
proxy_http_version 1.1;
proxy_buffers 16 16k;
proxy_buffer_size 64k;
proxy_cache_background_update on;
proxy_pass http://production_server$request_uri;
}
}
server {
server_name server2.tld;
listen 80;
listen [::]:80;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header Connection "";
#add_header X-Upstream $upstream_addr;
proxy_redirect off;
proxy_connect_timeout 300;
proxy_http_version 1.1;
proxy_buffers 16 16k;
proxy_buffer_size 16k;
proxy_cache_background_update on;
proxy_pass http://staging_server$request_uri;
}
}
server {
server_name 192.168.1.1; #replace with your own main ip address
listen 80;
listen [::]:80;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header Connection "";
#add_header X-Upstream $upstream_addr;
proxy_redirect off;
proxy_connect_timeout 300;
proxy_http_version 1.1;
proxy_buffers 16 16k;
proxy_buffer_size 16k;
proxy_cache_background_update on;
proxy_pass http://ip_address$request_uri;
}
}
}
stream {
map $ssl_preread_server_name $domain {
server1.tld production_server_https;
server2.tld staging_server_https;
192.168.1.1 ip_address_https;
default staging_server_https;
}
upstream production_server_https {
server backend1:3443;
}
upstream staging_server_https {
server backend2:3443;
}
upstream ip_address_https {
server backend1:3443;
}
server {
ssl_preread on;
proxy_protocol on;
tcp_nodelay on;
listen 443;
listen [::]:443;
proxy_pass $domain;
}
log_format proxy '$protocol $status $bytes_sent $bytes_received $session_time';
access_log /var/log/nginx/access.log proxy;
error_log /var/log/nginx/error.log debug;
}
Now the only thing is yet to be done is to enable proxy protocol to the backend servers. The example below will get you going:
server {
real_ip_header proxy_protocol;
set_real_ip_from proxy;
server_name www.server1.tld;
listen 3080;
listen 3443 ssl http2;
listen [::]:3080;
listen [::]:3443 ssl http2;
include ssl_config;
# Non-www redirect
return 301 https://server1.tld$request_uri;
}
server {
real_ip_header proxy_protocol;
set_real_ip_from 1.2.3.4; # <--- proxy ip address, or proxy container hostname for docker
server_name server1.tld;
listen 3443 ssl http2 proxy_protocol; #<--- proxy protocol to the listen directive
listen [::]:3443 ssl http2 proxy_protocol; # <--- proxy protocol to the listen directive
root /var/www/html;
charset UTF-8;
include ssl_config;
#access_log logs/host.access.log main;
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/html;
default_type "text/plain";
}
location / {
index index.php;
try_files $uri $uri/ =404;
}
error_page 404 /404.php;
# place rest of the location stuff here
}
Now everything should work like a charm.
i am almost a fresher to StackOverflow, I thinks i made a clear & well understand title now :)
my original server can access at : localhost:8080. and now i made a nginx proxy which will be accessed from [IP_ADDr]:8088 from outside. But the result it will always redirect my url to [IP_ADDr]:80 that the 404 page present.
below is the config file:
upstream manage_addr {
server 127.0.0.1:8080;
keepalive 16;
}
server {
listen 8088;
location / {
include proxy-opt.conf;
proxy_pass http://manage_addr;
access_log /var/log/nginx/access_log_proxy_http.log;
#root /etc/nginx;
#index index.html index.htm;
}
}
below is proxy-opt.conf:
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 30;
proxy_send_timeout 30;
proxy_read_timeout 60;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_next_upstream error timeout invalid_header http_503 http_404;
proxy_max_temp_file_size 0;
I found the issue may related with proxy-opt.conf.
I have one site in openshift rhc ,So i want to make one reserve Proxy with nginx software in Openshift Rhc servers, which from this server have access to many other server with nginx so i configured my nginx server by this kind of configuration :
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
error_log {{OPENSHIFT_HOMEDIR}}/app-root/logs/nginx_error.log debug;
pid {{NGINX_DIR}}/logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
#access_log $OPENSHIFT_DIY_LOG_DIR/access.log main;
port_in_redirect off;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 165;
gzip on;
upstream frontends {
#server pr4ss.tk;
#server 222.66.115.233:80 weight=1;
server {{OPENSHIFT_INTERNAL_IP}}:8081 ;
}
upstream frontends2 {
server google.com;
#server 222.66.115.233:80 weight=1;
#server {{OPENSHIFT_INTERNAL_IP}}:8081 ;
}
upstream index {
server free-papers.elasa.ir weight=1;
server diy4tornado-tornado4ss.rhcloud.com weight=2;
}
upstream comment {
server vb2-fishsmarkets.rhcloud.com;
#server community.elasa.ir;
}
server {
listen {{OPENSHIFT_INTERNAL_IP}}:{{OPENSHIFT_INTERNAL_PORT}};
server_name {{OPENSHIFT_GEAR_DNS}} www.{{OPENSHIFT_GEAR_DNS}};
root {{OPENSHIFT_REPO_DIR}};
set_real_ip_from {{OPENSHIFT_INTERNAL_IP}};
real_ip_header X-Forwarded-For;
#charset koi8-r;
#access_log logs/host.access.log main;
location /main {
root {{OPENSHIFT_REPO_DIR}};
index index.html index.htm;
try_files $uri $uri/ =404;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
#proxy_set_header Authorization base64_encoding_of_"user:password";
#proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
}
location ~* ^/(.*) {
#proxy_set_header Host vb2-fishsmarkets.rhcloud.com;
#proxy_redirect http://vb2-fishsmarkets.rhcloud.com/ http://diy-elasa2.rhcloud.com/;
#proxy_pass http://comment/$1$is_args$args;
proxy_pass http://index/$1$is_args$args;
}
location ^~ /admincp {
if (!-f $request_filename) {
rewrite ^/admincp/(.*)$ /index.php?routestring=admincp/$1 last;
}
proxy_set_header Host vb2-fishsmarkets.rhcloud.com;
proxy_redirect http://vb2-fishsmarkets.rhcloud.com/ http://diy-elasa2.rhcloud.com/;
proxy_pass http://comment/$1$is_args$args;
}
location /www {
#root {{OPENSHIFT_REPO_DIR}};
index index.html index.htm;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
#proxy_set_header Authorization base64_encoding_of_"user:password";
#proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass http://frontends;
}
location /categories {
#root {{OPENSHIFT_REPO_DIR}};
index index.html index.htm;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
#proxy_set_header Authorization base64_encoding_of_"user:password";
#proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass http://frontends2;
}
location /index {
#root {{OPENSHIFT_REPO_DIR}};
index index.html index.htm;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
# an HTTP header important enough to have its own Wikipedia entry:
# http://en.wikipedia.org/wiki/X-Forwarded-For
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
# enable this if you forward HTTPS traffic to unicorn,
# this helps Rack set the proper URL scheme for doing redirects:
# proxy_set_header X-Forwarded-Proto $scheme;
# pass the Host: header from the client right along so redirects
# can be set properly within the Rack application
proxy_set_header Host $http_host;
# we don't want nginx trying to do something clever with
# redirects, we set the Host: header above already.
proxy_redirect off;
# set "proxy_buffering off" *only* for Rainbows! when doing
# Comet/long-poll/streaming. It's also safe to set if you're using
# only serving fast clients with Unicorn + nginx, but not slow
# clients. You normally want nginx to buffer responses to slow
# clients, even with Rails 3.1 streaming because otherwise a slow
# client can become a bottleneck of Unicorn.
#
# The Rack application may also set "X-Accel-Buffering (yes|no)"
# in the response headers do disable/enable buffering on a
# per-response basis.
# proxy_buffering off;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 10;
proxy_send_timeout 5;
proxy_read_timeout 3600;
proxy_buffer_size 4k;
proxy_buffers 4 132k;
proxy_busy_buffers_size 264k;
proxy_temp_file_write_size 164k;
proxy_pass http://index;
#proxy_set_header Authorization base64_encoding_of_"user:password";
#proxy_pass_header Server;
proxy_set_header Host $http_host;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
root html;
fastcgi_pass {{OPENSHIFT_INTERNAL_IP}}:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443;
# server_name localhost;
# ssl on;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_timeout 5m;
# ssl_protocols SSLv2 SSLv3 TLSv1;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
I used Upstream index:
upstream index {
server free-papers.elasa.ir weight=1;
server diy4tornado-tornado4ss.rhcloud.com weight=2;
}
but when i use this configuration ( with cloudflare or rhc server) i get this error from cloudflare:
Direct IP access not allowed cloudflare
So what is proper configuration for nginx or Apache server software for this kind of servers.
Thanks a lot for your attentions.
i found the answer:
gzip on;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain application/xml application/javascript text/javas$
gzip_disable "msie6";
gzip_http_version 1.1;
upstream comment {
#server vb-fishsmarkets.rhcloud.com;
#server vb.elasa.ir;
#server vb-elasa3.rhcloud.com ;
#server vb2-fishsmarkets.rhcloud.com;
#server forums.fishsmarket.tk;
#server community.elasa.ir;
#server free-papers.elasa.ir;
#server diy4tornado-tornado4ss.rhcloud.com weight=1;
server free-papers.elasa.ir weight=1;
}
limit_req_zone $binary_remote_addr zone=one:10m rate=30r/m;
limit_req_zone $binary_remote_addr zone=one2:10m rate=1r/m;
limit_req_zone $http_x_forwarded_for zone=one3:10m rate=1r/m;
proxy_cache_path /tmp levels=1:2 keys_zone=RUBYGEMS:10m
inactive=24h max_size=1g;
server {
listen 127.6.145.1:8080;
server_name diy-elasa2.rhcloud.com community.elasa.ir ;
#charset koi8-r;
and :
location ~* ^/(.*) {
#root html;
#index index.html index.htm;
#proxy_set_header Host vb2-fishsmarkets.rhcloud.com;
proxy_set_header Host free-papers.elasa.ir;
#proxy_redirect http://vb2-fishsmarkets.rhcloud.com/ h$
#proxy_redirect http://fm.elasa.ir/ http://community.e$
proxy_pass http://comment/$1$is_args$args;
proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Scheme $scheme;
sub_filter 'http://fm.elasa.ir/' 'http://community.el$
sub_filter_once on;
proxy_set_header X-outside-url $scheme://$host;
#proxy_set_header X-Real-IP $remote_addr;
proxy_cache RUBYGEMS;
proxy_cache_valid 200 1d;
proxy_cache_use_stale error timeout invalid_header upd$
http_500 http_502 http_503 http_504;
proxy_http_version 1.1;
proxy_cache RUBYGEMS;
proxy_cache_valid 200 1d;
proxy_cache_use_stale error timeout invalid_header upd$
http_500 http_502 http_503 http_504;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_cache_bypass $http_upgrade;
proxy_set_header X-NginX-Proxy true;
proxy_redirect off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded$
client_max_body_size 100M;
client_body_buffer_size 1m;
proxy_intercept_errors on;
proxy_buffering on;
proxy_buffer_size 128k;
proxy_buffers 256 16k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
#proxy_max_temp_file_size 0;
proxy_read_timeout 300;
}
Important things is proxy header Host:
proxy_set_header Host free-papers.elasa.ir;