Wildlfy with Nginx not working properly - nginx

We had installed wildfly for a couple of time working correctly. We configured right now Nginx as reverse proxy for wildfly.
We're getting on OPTIONS method 405 Method Not Allowed. Here is the configuration of nginx.
/etc/nginx/conf.d/wildfly.conf
upstream wildfly {
server 127.0.0.1:8081;
}
server {
listen 8080;
server_name guest1;
location/ {
proxy_pass http://wildfly;
}
}
Error obtained after installing nginx:
This is the error got by nginx:
2017/06/23 08:16:54 [crit] 1386#0: *9 connect() to 127.0.0.1:8081 failed (13: Permission denied) while connecting to upstream, client: 172.28.128.1, server: guest1, request: "OPTIONS /commty/cmng/users HTTP/1.1", upstream: "http://127.0.0.1:8081/commty/cmng/users", host: "guest1:8080"
What I'm missing?

I've done the following to finally make it work on CentOS7 + Wildfly.
Vagrant up
Install NGINX
yum install epel-release
yum install nginx
Configure /etc/nginx/nginx.conf (default configuration)
Configure /etc/nginx/conf.d/wildfly.conf (using port 80 for nginx and 8080 for wildfly)
upstream wildfly {
server 127.0.0.1:8080;
}
server {
listen 80;
server_name guest1;
location / {
proxy_pass http://wildfly;
}
}
Also set SELinux permissive for let nginx work.
$ setenforce permissive
After that wildfly is working properly through nginx.

Related

Trouble setting up nginx to act as https server infront of backend servers

I have a backend server on http (on some IP), which is not intended to be accessed directly. I have setup another nginx server on a different machine, and used Let's Encrypt certbot to setup an ssl certificate on this machine
sudo apt-get install -y nginx
sudo certbot --nginx
Now, what I am hoping to achieve is - any request from client on https (port 443) should be redirected to my backend server on port 80.
Do I setup reverse_proxy in this case as explained here - https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/
Or, do I setup TLS termination on nginx as explained here - https://docs.nginx.com/nginx/admin-guide/security-controls/terminating-ssl-http/
If I need both, what should my configurations look like?
my current reverse-proxy.conf -
server {
listen 443;
location / {
proxy_pass http://<backend-ip-address>;
}
}
which doesn't work. My configtest on nginx always fail too -
service nginx configtest
* Testing nginx configuration [fail]
Any help is appreciated. Thanks.
PS: whithout reverse-proxy.conf or any redirection, default nginx server worked well on https. This shows that let's encrypt worked correctly.
Error messages in /var/log/nginx/error.log -
2022/01/23 20:00:04 [notice] 3005#3005: signal process started
2022/01/23 20:00:06 [notice] 3007#3007: signal process started
2022/01/23 20:01:31 [crit] 3008#3008: *23 SSL_do_handshake() failed (SSL: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol) while SSL handshaking, client: 5.8.10.202, server: 0.0.0.0:443
2022/01/23 20:05:22 [crit] 3008#3008: *54 SSL_do_handshake() failed (SSL: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol) while SSL handshaking, client: 107.178.231.247, server: 0.0.0.0:443
2022/01/23 20:09:02 [crit] 3008#3008: *69 SSL_do_handshake() failed (SSL: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol) while SSL handshaking, client: 107.178.232.189, server: 0.0.0.0:443
Edit: Fixed the issue
I just had to add a few entries in /etc/nginx/nginx.conf (Make sure you are not missing ending semi-colons)
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
server {
listen 443 ssl;
server_name <domain-name>;
ssl_certificate <path-to-fullchain.pem>;
ssl_certificate_key <path-to-privkey.pem>;
location / {
proxy_pass http://<downstream-ip>;
}
}
And make sure no reverse-proxy.conf is setup in /etc/nginx/sites-enabled
Then run
sudo nginx -t
sudo systemctl restart nginx
sudo systemctl status nginx
to verify if everything is working fine.

nginx proxy_pass could not be resolved (3: Host not found)

I have the following nginx configuration which returns 502
server {
listen 2052;
listen 2082;
server_name good.abc.com;
location / {
proxy_pass http://goodServer:$server_port;
}
}
Testing:
proxy_pass http://goodServer:2052; When the fixed port is 2052
curl good.abc.com:2052 It can be accessed normally.
Question:
The port I want to forward user requests to
For example.
curl good.abc.com:2052 ---> goodServer:2052
curl good.abc.com:2082 ---> goodServer:2082
So the port must be a variable, just like $server_port
Log:
2021/04/04 14:10:11 [error] 24#24: *19 good could not be resolved (3: Host not found), client: 162.158.91.119, server: good.abc.com, request: "GET / HTTP/1.1", host: "good.abc.com:2052"

Convert uWSGI HTTP server to work behind Nginx instead

I'm serving my app with uWSGI using uwsgi --http-socket 127.0.0.1:3031 -w app:app, which works when I go to 127.0.0.1:3031 in a browser. I want to use Nginx, so I told it to uwsgi_pass to that url, but now I get a 502 Bad Gateway error. How do I put uWSGI behind Nginx?
server {
listen 8080;
server_name 127.0.0.1;
location / {
uwsgi_pass 127.0.0.1:3031;
include uwsgi_params;
}
location /static {
alias /static/folder/location;
}
}
2016/05/16 19:50:09 [error] 6810#0: *4 upstream prematurely closed
connection while reading response header from upstream, client:
127.0.0.1, server: 127.0.0.1, request: "GET / HTTP/1.1", upstream:
"uwsgi://127.0.0.1:3031", host: "127.0.0.1:8080"
You can use http-socket between nginx and uWSGI.
For example, if you launch your python app with uWSGI:
uwsgi --http-socket 127.0.0.1:3031 --wsgi-file application.py --callable app --processes 4 --threads 2 --stats 127.0.0.1:9191
Configure Nginx with:
location / {
proxy_pass http://127.0.0.1:3031/;
}
Use socket, not http-socket.
uwsgi --socket 127.0.0.1:3031 -w app:app
http-socket makes uWSGI act like a web server that speaks HTTP, and is not correct if you're using Nginx, since it understands uWSGI directly.

uWSGI nginx error : connect() failed (111: Connection refused) while connecting to upstream

I'm experiencing 502 gateway errors when accessing my IP on nginx(http://52.xx.xx.xx/), the logs simply says this:
2015/09/18 13:03:37 [error] 32636#0: *1 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xx.xx.xx, server: xx.xx.xx.xx, request: "GET / HTTP/1.1", upstream: "uwsgi://127.0.0.1:8000", host: "xx.xx.xx.xx"
my nginx.conf file
# the upstream component nginx needs to connect to
upstream django {
# server unix:///path/to/your/mysite/mysite.sock; # for a file socket
server 127.0.0.1:8000; # for a web port socket (we'll use this first)
}
# configuration of the server
server {
# the port your site will be served on
listen 80;
# the domain name it will serve for
server_name xx.xx.xx.xx; # substitute your machine's IP address or FQDN
charset utf-8;
access_log /home/ubuntu/test_django/nginx_access.log;
error_log /home/ubuntu/test_django/nginx_error.log;
# max upload size
client_max_body_size 75M; # adjust to taste
# Django media
location /media {
alias /home/ubuntu/test_django/static/media/; # your Django project's media files - amend as required
}
location /static {
alias /home/ubuntu/test_django/static/; # your Django project's static files - amend as required
}
# Finally, send all non-media requests to the Django server.
location / {
uwsgi_pass django;
include /home/ubuntu/test_django/uwsgi_params; # the uwsgi_params file you installed
}
}
Is there anything wrong with nginx.conf file.....if i use default conf then it is working.
I resolved it by changing the socket configuration in uwsgi.ini
from socket = 127.0.0.1:3031, to socket = :3031. I was facing this issue when I ran nginx in one Docker container and uWSGI in another. If you are using command line to start uWSGI then do uwsgi --socket :3031.
Hope this helps someone stuck with the same issue, during deployment of a Django application using Docker.
change this address:
include /home/ubuntu/test_django/uwsgi_params;
to
include /etc/nginx/uwsgi_params;
I ran into this issue when setting up the env by nginx + gunicorn and solve it by
adding '*' to ALLOWED_HOSTS or your specific domain.
In my case with a debian server it worked moving:
include /etc/nginx/uwsgi_params;
In the location tag in my nginx server config file, like this:
location /sistema {
include /etc/nginx/uwsgi_params;
uwsgi_pass unix://path/sistema.sock;
}
Also, check you have the following packages installed:
uwsgi-plugin-python
pip3 install uWSGI did the trick for me :D

Nginx reverse proxy subdirectory to root

So. I am using Nginx as a load balancer to load traffic between couple of instances.
Let's say my Nginx loadbalancer is at platform.staging.com (example).
I am trying to redirect traffic from
platform.staging.com/sync
To one of these:
sync1.staging.com:12345
sync2.staging.com:12345
Notice that what I am trying to achieve is to have /sync part stripped down and requests to sync instances should have path /.
This is what I tried but it doesn't work:
upstream sync-cluster {
ip_hash;
server sync1.staging.com:12345;
server sync2.staging.com:12345;
}
server {
listen 443 ssl spdy;
server_name platform.staging.com;
location /sync {
proxy_pass http://sync-cluster;
}
}
In the logs I can see:
2014/01/14 23:20:38 [error] 2385#0: *1 connect() failed (111: Connection refused) while connecting to upstream, client: XX.XXX.XX.XXX, server: platform.staging.com, request: "GET /sync HTTP/1.1", upstream: "http://X.X.X.XXX:12345/sync", host: "platform.staging.com"
Try adding a rewrite before doing the proxy pass, I'll assume you are going to preserve what's after /sync, hope this works for you
location ^~ /sync(.*) {
rewrite ^ $1;
proxy_pass ...;
}

Resources