The OS is Centos 7.3 , firewall is closed.
The server config on nginx is like.
server {
listen 2001;
listen [::]:2001;
server_name _;
root /usr/share/nginx/html;
index index.html;
}
I don't have a domain now, so the ip:port is what i want.
but when I typed xxx.xxx.xxx.xxx:2001 on the browser, can't access the page.
But the 80 port works fine.
I'm a new guy to both linux and nginx, any clue will help.
Related
Sorry for the limited understanding of Nginx and SSL. I have a React and Django app deployed on a server running on Nginx.
The React app is accessible using "example.org"(name is faked for demo purpose) and for the Django app, I have configured it to be accessible with port 3000 ie "example.org:3000".
The domain has SSL certificates installed and certificates are seen in "example.org" but while accessing "example.org:3000", the certificates are not available to this port.
I have been trying to allow ssl certificates to the port as well but couldnt succeed. I changed nginx conf file with listen 3000 ssl without success.
Please help, is there a way or should we need to modify the ssl certificates?
Nginx config at the moment is:
server {
listen 80 default_server;
server_name example.org;
return 301 https://example.org;
}
server {
listen 443 ssl;
server_name example.org;
ssl_certificate /etc/nginx/ssl/ssl_bundle.crt;
ssl_certificate_key /etc/nginx/ssl/example.key;
location / {
root /home/ubuntu/example/build;
index index.html index.htm;
}
}
The Port has nothing to do with the certs OR TLS Termination in general. IN case my assumptions are correct and your Django app is exposing its port 3000 by itself you need a proxy configuration that terminates the TLS for you.
server {
listen 8080 ssl;
server_name example.org;
ssl_certificate /etc/nginx/ssl/ssl_bundle.crt;
ssl_certificate_key /etc/nginx/ssl/example.key;
location / {
proxy_pass http://127.0.0.1:3000/;
proxy_set_header Host $host;
.....
}
}
This will terminate the TLS Session for you on Port 8080 and forwards the traffic to your Django app. There are other, more advanced options, proxying traffic to your appserver but this one will do it.
Note: In case you want to proxy the traffic through NGINX make sure Port 3000 is not exposed to the public anymore.
I am trying to get a min.io server up and running with virtual-host style and am failing to configure nginx to do so correctly.
Expected result
bucket.s3.domain.com works to access bucket
Actual result
bucket.s3.domain.com is redirected to s3.domain.com/bucket – this does not generate virtual host style URLs.
My config (I omitted default port 80 to 443 redirect and other not relevant docker containers):
http {
upstream minio-s3 {
server 127.0.0.1:9000;
}
server {
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/s3.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/s3.domain.com/privkey.pem;
server_name s3.domain.com;
location / {
proxy_pass http://minio-s3;
}
}
server {
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/s3.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/s3.domain.com/privkey.pem;
server_name "~^(?<subdomain>[^.]+).s3.domain.com";
location / {
proxy_pass http://127.0.0.1/$subdomain$request_uri;
proxy_set_header Host s3.domain.com;
}
}
Notes
Nginx running on Ubuntu Server LTS 20.04 (no Docker)
Min.io running on Docker port 9000
MINIO_DOMAIN is correctly set to s3.domain.com
bucket subdomain is correctly set
wildcard certificate for *.s3.domain.com is configured
Questions
How can I configure Min.io (besides passing env MINIO_DOMAIN) to use virtual host style URLs together with nginx?
How can I set up nginx to support this case?
So the answer to my original question is pretty simple:
Only one server block is needed, the subdomain regex is added to the server name and min.io resolves this correctly
server {
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/s3.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/s3.domain.com/privkey.pem;
server_name "~^(?<subdomain>[^.]+).s3.domain.com" s3.domain.com;
location / {
proxy_pass http://minio-s3;
I hope this helps someone struggling with the same.
Virtual host in in short with Min.io:
Register domain, subdomain (per bucket)
Point domains all to your server (CNAME etc.)
Generate certificates with certbot (domain, wildcard for subdomains)
Launch min.io passing MINIO_DOMAIN as environment variable
Point all domains to Min.io application (domain and subdomains)
I want to deploy a test server using a digital ocean droplet. I've got it up but don't know how to setup the nginx sites-available to work correctly. I've got two apps running on the server:
/var/www/html/new_app (Should use port 8080)
/var/www/html/old_app (Should use port 8081)
I don't know what I'm doing here, and have tried looking at examples but they all use domain names and not the localhost or standard IP address.
What I have currently:
/etc/nginx/sites-available/default
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html/new_app;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
try_files $uri $uri/ =404;
}
}
/etc/nginx/sites-available/old
server {
listen 80;
listen [::]:80;
root /var/www/html/pottstown_old;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
proxy_pass http://localhost:8081/;
}
}
I tried adding another file for the old site, but it gave me an error:
nginx: [warn] conflicting server name "" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "" on [::]:80, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
However when I call up the IP address, I get Failed to open page. How do I set this up to send requests for 64.225.60.54 to the 8080 port which serves the new app, and requests for port 8081 to the old_app?
Do I just need one server with two location blocks? I just don't get it.
Not sure what kind of application you want to host but in general.
In case you need two different ports for your applications you should create two server blocks.
App NEW - listen 8080
server {
listen 8080;
listen [::]:8080;
root /var/www/html/new_app;
index index.html index.htm;
}
App OLD - listen 8081
server {
listen 8081;
listen [::]:8081;
root /var/www/html/old_app;
index index.html index.htm;
}
I have NGINX on my VPS working on port 80 (few domains on it), and I want add GlassFish on port 8080.
Next I want add domain for GlassFish, but on domain it should work on port 80.
How I can do that?
Him add server rule, for example:
server {
listen 80;
server_name demo.glass.fish;
location / {
proxy_pass http://localhost:8080;
}
}
I have a nodejs app (on port:8989) running on nginx and being routed to port 80.
server {
listen 80;
server_name example.com www.example.com;
access_log /var/log/nginx/example.access.log;
location / {
proxy_pass http://127.0.0.1:8989/;
}
}
www. addressess will load the website fine.
My current dns records are the following:
A Record # 108.xxx.xxx.xxx
A Record www 108.xxx.xxx.xxx
This server is running a very old version of nginx. (v0.7)