Nginx config to access same IP but different port? - nginx

I have one virtual IP (keepalived IP z.z.z.z) .I am creating 2 different webpages and want to access it using this virtual ip via nginx . I read that I can achieve it with different ports but I do not want to show the port . So what I want is when I hit x.x.x.x it should ask for username and password and when I enter it should take me to the respective webpage .
my current config file for 1st web page
upstream kibana {
server x.x.x.x:30001;
server y.y.y.y:30001;
}
server {
listen 80;
listen 443 ssl;
server_name z.z.z.z;
location / {
auth_basic "protect kibana";
auth_basic_user_file /etc/nginx/htpasswd.user;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://kibana;
}
}
My Edited Conf file
upstream kibana {
server x.x.x.x:30001;
server y.y.y.y:30001;
}
upstream kibana2 {
server x.x.x.x:30002;
server y.y.y.y:30002;
}
server {
listen 80;
listen 443 ssl;
server_name z.z.z.z;
location / {
auth_basic "protect kibana";
auth_basic_user_file /etc/nginx/htpasswd.user;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://kibana;
}
}
As I am using another upstream that is kibana 2 , so how I need to add another server stenza ?
Regards
VG

Related

Nginx Fails to connect when Upstream resolves to IPv6

I have configurations in nginx that perform proxy_pass to google-analytics.com. But as you know google-analytics same times resolves to ipv4 and at times to ipv6 when it does resolve to ipv6 nginx fails with this error.
connect() to [2a00:xxx:xxx:809::xxx]:443 failed (101: Network is unreachable) while connecting to upstream. ( I just obfuscated the real ip of the upstream)
upstream server temporarily disabled while connecting to upstream
Why does nginx faile with upstream in proxy_pass resolves to ipv6?
server {
server_name upstream.nmmapper.com;
location /.well-known/acme-challenge/ {
allow all;
root /var/www/letsencrypt;
try_files $uri =404;
break;
}
}
location = /analytics.js {
proxy_set_header Accept-Encoding "";
proxy_pass https://www.google-analytics.com/analytics.js;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
Try adding ipv6 listen [::]:80 directive:
server {
listen 80;
listen [::]:80;
server_name upstream.nmmapper.com;
...
}
For ssl:
listen 443 ssl;
listen [::]:443 ssl;
To always connect over IPv4 you need to add a resolver with ipv6=off.
However, Nginx is doing DNS resolution at startup by default.
Include (an empty) variable in the hostname to force Nginx to do resolution at runtime with the specified resolver directive.
location / {
resolver 1.1.1.1 ipv6=off valid=30s;
set $empty "";
proxy_pass https://example.com$empty;
}
Source: https://serverfault.com/a/1006465/242991.
In your case this should work:
location = /analytics.js {
resolver 1.1.1.1 ipv6=off valid=30s;
set $empty "";
proxy_set_header Accept-Encoding "";
proxy_pass https://www.google-analytics.com/analytics.js$empty;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}

Nginx reverse proxy goes to one server and not multiple

I have two websites, ineedbabypics.com and ineedtoclose.com
I have updated both domain names A record to point to my public IP address.
The problem is I followed various online settings for proxy and can't get the simple redirect to work. When I type in both domain names in my browser, it both goes to ineedbabypics.com.
I want ineedbabypics.com to go to 192.168.1.96 and ineedtoclose.com to go to 192.168.1.83. Here are my server block settings:
#nginx.conf
server {
listen 80;
listen [::]:80;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
#ineedbabypics.conf
server {
server_name http://ineedbabypics.com www.ineedbabypics.com;
set $upstream 192.168.1.96;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://$upstream;
}
}
#ineedtoclose.conf
server {
server_name http://ineedtoclose.com www.ineedtoclose.com;
set $upstream 192.168.1.83;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://$upstream;
}
}

Hide port and address with nginx

I've installed a sonarqube and a Jenkins server in one machine, with ports 9000 and 8080 respectively. I'd like to make urls like test_hub.mysite.com/sonar and /jenkins and redirect to machine and port correctly, but maintaining original address test_hub.mysite.com/sonar.
My configuration with nginx is pretty simple:
server {
listen 80;
server_name sonar.mysite.com;
location /sonar/ {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://52.29.xx.xx:9000;
}
}
server {
listen 80;
server_name test_hub.mysite.com;
location / {
# you can use regular exp also
if ($request_uri = /sonar) {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://52.29.xx.xx:9000;
}
if ($request_uri = /jenkins) {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://52.29.xx.xx:8000;
}
}
}
NOTE: Check this link before trying

Setting up SSL on a load balancer

I currently have a load balancer with the NGINX setup:
upstream myapp1 {
least_conn;
server 192.168.0.20;
server 192.168.0.30;
}
server {
listen 80;
location / {
proxy_pass http://myapp1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
...
}
and on the clusters (192.168.0.20,192.168.0.30) the NGINX setup:
server {
listen 80;
root /var/www/website.co/public_html;
index index.php index.html index.htm;
server_name website.co www.website.co;
include /etc/nginx/commonStuff.conf; #php settings etc..
}
This works perfectly for http connections.
I am now wanting to set the server to work with a https connection for one domain (website.co). So I thought of adding this to the load balancers NGINX settings:
server {
listen 80;
listen 443 ssl;
server_name website.co www.website.co;
ssl on;
ssl_certificate /NAS/ssl/cert_chain_website.crt;
ssl_certificate_key /NAS/ssl/website.key;
location / {
proxy_pass https://myapp1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
and change the listening port on the clusters NGINX settings to 443 and keep everything else the same.
Now if I connect to http://website.co or infact anyother virtual domain on my server it returns
400 Bad Request
the plain HTTP request was sent to HTTPS port
So this means an issue with the redirect.
If I connect to https://website.co it returns:
404 Not Found
What am I doing wrong?

Nginx wildcard proxy, pass subdomain to the server (upstream proxy)

I would like to be able to pass subdomain.domain.com to .domain.com apache server, with subdomain info too.
I would like to make a nginx cache for domain, acting like wildcard, but passing subdomain to the destination (there is apache witch wildcard too). Up to now, I pass the info via proxy_set_header Host $host; but I would like to have request with subdomain at the apache server.
upstream domain.com {
server 172.1.1.1:80 weight=50 fail_timeout=30s;
}
server {
server_name *.domain.com;
location / {
proxy_pass http://domain.com;
#proxy_pass $request;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
location ~* ^.+. (jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|swf)$ {
proxy_pass http://topmanagergame.com;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache my-cache;
proxy_cache_valid 200 302 30m;
proxy_cache_valid 404 1m;
}
access_log /var/log/nginx/domain.com.log main;
error_log off;
}
Do you think I can use proxy_pass with upstream ?
Nginx (*wildcard_domain.com) --(cache)--> Apache (*wildcard_domain.com)
Nginx (anything.domain.com) --(cache)--> Apache (anything.domain.com)
upstream somestring {
server domain2.com:80 weight=50 fail_timeout=30s;
}
server {
listen 80;
server_name *.domain.com;
server_name ~^(?<subdomain>.+)\.domain\.com$;
location / {
proxy_pass http://somestring;
proxy_set_header Host $subdomain.domain2.com;
}
}
So I was trying to find the answer to this problem and kept finding this post. But I think dmytrivv answer is out of date. In our scenario, we have both wildcard domains (e.g. *.mydomain.com) and custom domains (e.g. fullycustomdomain.com). But you can solve both by using proxy_set_header Host $host; and having default at the end of your listen.
upstream qaweb {
# Servers in the web farm
server ip-notreal-name.ec2.internal:80;
}
server {
listen 443 ssl default;
ssl_certificate certs/mydomain.com.crt;
ssl_certificate_key certs/mydomain.com.key;
# Support for wildcard domains
server_name admin.mydomain.com *.mydomain.com "";
location / {
# Turn off access logging so we don't fill the hardrive
access_log off;
proxy_pass http://qaweb;
proxy_set_header Host $host;
# So that the correct IP shows up in the log once libapache2-mod-rpaf is installed
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Note, we are also using it as a TLS termination proxy.
You can also find more examples on how to use proxy_pass here https://www.liaohuqiu.net/posts/nginx-proxy-pass/

Resources