UPDATE:
I solved the problem with the mixed content with a plugin
The main problem now is that when I go to the admin login page I get redirected to the login page inside <> instead my domain
I have a Rails application on Amazon Elastic Beanstalk, behind an Amazon Elastic Load Balancer.
On the same servers as the Rails application I have a nginx server with reverse proxy to a Wordpress blog on a different server. (So it can be accessed as example.com/blog)
Our domain is on GoDaddy, there I have a forwarding rule, from example.com to https://www.example.com. The domain itself is forwarded to the CNAME of the ELB
On the Load Balancer there is a listener for port 443 and it's forwarded to port 80
Inside the server I have a rule that is forcing a redirection from http to https
When I used a single server without the Load Balancer the reverse proxy worked flawlessly, but since I started using it, the blog's assets are not loaded properly and I get the mixed content error.
nginx config that works without the elb:
server {
listen 80;
server_name <<rails-app-domain>>;
if ($time_iso8601 ~ "^(d{4})-(d{2})-(d{2})T(d{2})") {
set $year $1;
set $month $2;
set $day $3;
set $hour $4;
}
access_log /var/log/nginx/access.log main;
access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;
location /health_check {
access_log off;
return 200;
}
location / {
if ($http_x_forwarded_proto != 'https') {
return 301 https://$server_name$request_uri;
}
proxy_pass http://my_app;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ^~ /blog {
proxy_pass http://<<wordpress-server-ip>>/blog;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http://<<wordpress-server-ip>>/ https://$host/;
proxy_cookie_domain <<wordpress-server-ip>> $host;
}
location /assets {
alias /var/app/current/public/assets;
gzip_static on;
gzip on;
expires max;
add_header Cache-Control public;
}
location /public {
alias /var/app/current/public;
gzip_static on;
gzip on;
expires max;
add_header Cache-Control public;
}
location /cable {
proxy_pass http://my_app;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
wordpress wp-config.php:
define('WP_SITEURL', 'https://<<rails-app-domain>>/blog');
define('WP_HOME', 'https://<<rails-app-domain>>/blog');
define('FORCE_SSL_ADMIN', true);
What I tried:
Setting a sub filter for http -> https rewrite rule for all the
locations inside /blog
A redirect rule for all the locations inside /blog from http to https
Adding a listener for port 443 in nginx and redirecting port
443 of the load balancer to port 443 of the server (instead of 80
like before)
Removing the domain forwarding on GoDaddy
Related
I have the setup "NGINX as reverse proxy" + flask + gunicorn. When I run the gunicorn on command line everything works fine and I can login.
# gunicorn --bind xx.xx.xx.xx:5000 run:app
But when I start gunicorn as a service, the login page gets redirected to the same login page again after login. So I am unable to login.
Here is my nginx configuration:
server {
server_name example.com www.example.com;
access_log /var/log/nginx/example.com.access.log ;
error_log /var/log/nginx/example.com.error.log;
add_header X-Proxy-Cache $upstream_cache_status;
location / {
proxy_pass http://xx.xx.xx.xx:5000;
proxy_redirect off;
include proxy_params;
}
# Security settings for better privacy
# Deny hidden files
location ~ /\.(?!well-known\/) {
deny all;
}
# letsencrypt validation
location /.well-known/acme-challenge/ {
alias /var/www/html/.well-known/acme-challenge/;
allow all;
auth_basic off;
}
include /var/www/example.com/conf/nginx/*.conf;
}
The nginx error logs show no issues. Also I have tried adding below configurations, without any success:
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
The command line gunicorn works absolutely fine.
I have an existing app written in nextjs because I need SSR. Since I don't need SSR on the admin side I would like to use react-admin. I don't intent to integrate the two but instead have them run as separate processes/services on separate ports and have nginx do the proxy routing. I am having difficulty in configuring react-admin.
nextjs running on 127.0.0.1:3000
react-admin running on 127.0.0.1:3001
Configuration for nginx reverse proxy location:
server {
server_name www.mydomainname.com;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
location /admin {
proxy_pass http://127.0.0.1:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
# 301 Redirect URLs with trailing /'s
#as per https://webmasters.googleblog.com/2010/04/to-slash-or-not-to-slash.html
rewrite ^/(.*)/$ /$1 permanent;
# 301 redirect from custom redirect file
if ( $redirect_uri ) {
return 301 $redirect_uri;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mydomiainname.com/fullchain.pem # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mydomainname.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
I believe the nginx config to be correct. When navigating to /admin react-admin is responding with a blank "React App" page instead of the default page seen from it's root, '/', path.
I have tried setting the 'homepage': "/admin" in the react-app package.json file with no joy.
How do i configure react-app to serve pages by default to /admin instead of /?
The problem is likely that the path proxied to react-admin is /admin instead of just /. To avoid this, you want to add a trailing slash / to the end of your proxy_pass URL:
location /admin {
proxy_pass http://127.0.0.1:3001/;
...
}
This is explained in the proxy_pass section of the Nginx docs, though admittedly the language is a bit esoteric:
If the proxy_pass directive is specified with a URI, then when a request is passed to the server, the part of a normalized request URI matching the location is replaced by a URI specified in the directive:
location /name/ {
proxy_pass http://127.0.0.1/remote/;
}
If proxy_pass is specified without a URI, the request URI is passed to the server in the same form as sent by a client when the original request is processed, or the full normalized request URI is passed when processing the changed URI:
location /some/path/ {
proxy_pass http://127.0.0.1;
}
I have a nginx reverse proxy setup for apache wordpress which works fine. However based on location need to redirect to an external url which fails. Please check the below config. Is this a valid setup ?
https://platform.com/ - this works - also any subsequent wp pages also works
https://platform.com/pen - this needs to redirect to https://abcdef.com - this doesn't work - 404 page load error Any help ?
server {
listen 443 ssl default_server;
listen [::]:443 default_server;
server_name platform.com;
server_tokens off;
root /var/www/html/def/public/;
index index.php;
ssl on;
ssl_certificate /tmp/fgh.crt;
ssl_certificate_key /tmp/fgh.pem;
access_log /var/log/nginx/access2.log;
error_log /var/log/nginx/error2.log;
location / {
proxy_set_header X-Forwarded-Proto $scheme;
try_files $uri #apache;
}
location #apache {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080;
}
location ~[^?]*/$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080;
}
location /pen {
proxy_pass https://abcdef.com;
}
}
After changing the server name (wordpress site) from http prefix to www prefix, proxy pass re directions worked. Had to redirect all http https server blocks to www server block in nginx config
What you are doing is a proxy_pass to https://abcdef.com , not a redirect. if you meant a redirect the code is :
location /pen {
return 301 https://abcdef.com;
}
If it's not a definitive redirect, use 302 instead of 301, so is not cached (for tests is much better).
The reason the 404 is given is because you are accessing the https://abcdef.com with a request with the host/url https://platform.com/pen
If the destiny server is not prepared to recive this whole url, it returns 404, as /pen is not found.
Note, this question is moved to stackoverflow from superuser
I got the following nginx conf:
server {
listen 80;
listen 443 ssl;
...
# specific rule to serve versioned js resources
location ~ ^/js/([0-9\.]+)/(.*)$ {
alias /opt/x/public/deploy/js/$1/$2;
}
location / {
add_header P3P 'CP="CAO PSA OUR"';
proxy_pass http://127.0.0.1:8088;
set $ssl off;
if ($scheme = https) {
set $ssl on;
}
proxy_set_header X-Forwarded-Ssl $ssl;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
}
}
It works as expected. However if a certain versioned js resource does not exists in the deployed dir, say /opt/x/public/deployed/js/1.1/, it will return 404. What I want is in that case nginx shall pass the request to the backend service running at 8088 port instead of returning 404. Is this even doable?
Thanks!
Green
http://wiki.nginx.org/HttpCoreModule#try_files
try_files is your friend, here you can do the order you want to try files and finaly have the proxypass upstream.
this is my config:
server {
listen 80;
server_name ~^(?<sb>.+)\.a\.b\.c\.com$;
access_log /data/logs/nginx/tas.access.log main;
location / {
proxy_intercept_errors on;
proxy_pass http://b.c/a/$sb/;
proxy_set_header Host $host;
proxy_redirect off;
}
}
and browser report to many redirects.
If, as you say, you want to proxy to localhost:8082, you need to say so in the proxy_pass line:
server {
listen 80;
server_name ~^(?<sb>.+)\.a\.b\.c\.com$;
access_log /data/logs/nginx/tas.access.log main;
location / {
proxy_intercept_errors on;
proxy_pass http://localhost:8082/a/$sb/;
proxy_set_header Host $host;
proxy_redirect off;
}
}
Without all of the information, it's hard to guess what's going on. Based on the comments, my guess is that you are using virtual hosting so that the upstream site is also served by the same nginx. So this line is the problem:
proxy_set_header Host $host;
The nginx variable $host is pointing to the current Host header (which matches the server_name). So if you set the same host header for the upstream again, then nginx will find the same location block above because nginx relies on the Host header to find the proper server. Thus the redirect loop.
Set
proxy_set_header Host your_upstream_server_name
will fix it then.