I'm running the AWS Managed ElasticSearch to collect some logs and have created some Kibana dashboards to visualise the data, all that works fine.
Unfortunately the Kibana plugin included on with the AWS cluster is pretty much open to the world, so I have setup an NGINX reverse proxy to provide authenticated access. This is also working fine if I simply hit the domain URL and specify the full URI to the Kibana plugin. For example:
http://nginx.domain.com/_plugin/kibana/app/kibana works just fine, here in the nginx configuration I am using to achieve that:
worker_processes 1;
events {
worker_connections 1024;
}
http {
server {
listen 80;
server_name localhost;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_set_header User-Agent $http_user_agent;
auth_basic_user_file /etc/nginx/.htpasswd;
auth_basic "Auth Required";
proxy_pass https://search-mystuff.ap-southeast-2.es.amazonaws.com/;
proxy_redirect https://search-mystuff.ap-southeast-2.es.amazonaws.com/ /;
proxy_set_header Authorization "";
proxy_hide_header Authorization;
}
}
}
Rather than providing the full URL, I would like to simply hit the base domain name of the NGINX server, which would then redirect me to the full Kibana URI. So what I would LIKE to do is this:
http://nginx.domain.com
After entering the above URL, I would like to be redirected to the full Kibana URI, so I would end up with a URL like this
http://nginx.domain.com/_plugin/kibana/app/kibana
Here is the nginx configuration I have tried (in various different permutations) that does not work:
worker_processes 1;
events {
worker_connections 1024;
}
http {
server {
listen 80;
server_name localhost;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_set_header User-Agent $http_user_agent;
auth_basic_user_file /etc/nginx/.htpasswd;
auth_basic "Auth Required";
proxy_pass https://search-mystuff.ap-southeast-2.es.amazonaws.com/_plugin/kibana/app/kibana;
proxy_redirect https://search-mystuff.ap-southeast-2.es.amazonaws.com/_plugin/kibana/app/kibana /;
proxy_set_header Authorization "";
proxy_hide_header Authorization;
}
}
}
With the configuration above, when I browse to http://nginx.mydomain.com the URL is redirected to:
http://nginx.myaws.com.au/_plugin/kibana/app/kibana
This looks like it SHOULD work, however I receive an error in the browser window:
{"statusCode":404,"error":"Not Found"}
I have about 4 hours experience with nginx, so hopefully I'm missing something simple. Any help would be very much appreciated.
Thank you!
Got it, finally!
worker_processes auto;
events {
worker_connections 1024;
}
http {
server {
listen 80 default_server;
server_name localhost;
location / {
proxy_set_header Host https://<endpoint address>.es.amazonaws.com;
proxy_set_header X-Real-IP <nginx ip address>;
proxy_http_version 1.1;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Proxy-Connection "Keep-Alive";
proxy_set_header Authorization "";
proxy_pass https://<endpoint address>.es.amazonaws.com/_plugin/kibana/;
proxy_redirect https://<endpoint address>.es.amazonaws.com/_plugin/kibana/ http://<nginx url>/kibana/;
}
location ~ (/app/kibana|/app/timelion|/bundles|/es_admin|/plugins|/api|/ui|/elasticsearch) {
auth_basic_user_file /etc/nginx/.htpasswd;
auth_basic "Auth Required";
proxy_pass https://<endpoint address>.es.amazonaws.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header Authorization "";
proxy_hide_header Authorization;
}
}
}
Related
Link to Shinobi:
https://shinobi.video/
I have a Shinobi which is at 127.0.0.1.
And also the domain example.com on / is the backend, I want example.com/shinobi to host Shinobi.
I tried to do this via nginx, here is my configuration:
server {
server_name example.com;
listen 443 ssl;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
}
location /shinobi/ {
proxy_pass http://127.0.0.1:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_redirect off;
}
location /socket.io/ {
proxy_pass http://127.0.0.1:8080/socket.io;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade;
proxy_set_header Host $host;
}
}
This doesn't work for me, I found the answer on reddit:
https://www.reddit.com/r/ShinobiCCTV/comments/fgmce0/problem_with_shinobi_behind_nginx_reverse_proxy/
I changed baseURL in /home/Shinobi/conf.json to https://example.com/shinobi/ and restarted Shinobi pm2 restart all. I get this response:
[PM2] Applying action restartProcessId on app [all](ids: [ 0 ])
[PM2] [camera](0) ✓
When I go to https://example.com/shinobi/{TOKEN}/embed/{GROUP}/{CAMERA}/fullscreen%7Cjquery I get:
Cannot GET /shinobi/{TOKEN}/embed/{GROUP}/{CAMERA}/fullscreen%7Cjquery
That didn't work for me. Can you please tell me how I can fix this and what could be the problem?
I am new to Nginx. I want to create an auth server using Flask. My idea is to redirect users to my Flask port :5000 when they land on my homepage. After authentication, they will be redirected to the internal site (Another port)
I did the following
conf.d/default.conf
server {
listen 80;
location / {
root ..
index ..
proxy_pass http://localhost:5000;
}
}
and also tried the following
server {
listen 80;
location / {
root ..
index ..
proxy_pass http://localhost/auth;
}
location /auth {
internal;
proxy_pass http://localhost:<another port>;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Hi how to do reverse proxy in nginx for website like www.xnxx.com and served all data inside web page like videos and image through reversed proxy. my config so far but through me to error 502 Bad Gateway
server {
listen 80;
error_log /var/log/nginx/error.log debug;
server_name *.xnxx.works xnxx.works;
location / {
proxy_pass https://www.xnxx.com/;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Accept-Encoding "";
proxy_set_header Accept-Language $http_accept_language;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
sub_filter 'https://xnxx.com' '';
sub_filter_once off;
}
}
I got stack wiht keystonejs behind nginx .
the nginx .conf :
server {
listen 8080;
server_name localhost;
location /wanghuan/ {
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:3000/;
}
location ~ .*\.(img|gif|jpg|jpeg|png|bmp|swf|js|css)$ {
root /Users/macmini/Desktop/test/wanghuan/public;
}
but keystone admin Ui still block ,the static file can't be find ,
how can i set the admin ui static file?
You should just setup a proxy pass to pass all of your arguments to keystone like so:
upstream keystone {
server localhost:3000
}
server {
listen 8080;
server_name localhost;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://keystone;
proxy_redirect off;
}
location ~ .*\.(img|gif|jpg|jpeg|png|bmp|swf|js|css)$ {
root /Users/macmini/Desktop/test/wanghuan/public;
}
Not sure you are trying to put all of this under {domain}/wanghuan or just {domain} but this nginx config should work if you want the first option just change the location to be /wanghuan
You need to turn keystone.js init block with this additional option
'trust proxy' : true
and your nginx proxy code block just as simple as:
server {
listen 8080;
server_name localhost;
location / {
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:3000/;
}
}
I'm deploying Ghost (0.7.6) in a VPS using Nginx (1.8.1). To make the dashboard and sign-in page secure, I force any request to use HTTPS when accessing such pages (such as /ghost page). But, for any request to any other page (such as accessing the Ghost blog itself) I want to force it to use HTTP. Ghost is up listening on 127.0.0.1:2368.
Strangely, the result is not as what I expected: Every time I access my blog (let's say the url is a.b), it says that my site has ERR_TOO_MANY_REDIRECTS and it redirects between http://a.b and https://a.b (or between http://a.b/signin and https://a.b/signin). BUT, when I access the admin dashboard (https://a.b/ghost or http://a.b/ghost), it acts as expected (no error, correctly redirects to use HTTPS).
Any help?
My Nginx configuration:
# Configuration for http://a.b
server {
listen 80;
server_name a.b;
location ^~ /ghost { # /ghost should be accessed securely
return 301 https://$host$request_uri;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HOST $host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:2368;
}
}
# Configuration for http://a.b
server {
listen 443 ssl;
server_name a.b;
ssl_certificate ...;
ssl_certificate_key ...;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers '...';
location ^~ /ghost { # /ghost should be accessed securely
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HOST $host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:2368;
}
location / { # Force to use HTTP
return 301 http://$host$request_uri;
}
}
Any kind of help would be appreciated :')
https://github.com/TryGhost/Ghost/issues/2796
location ^~ /ghost { # /ghost should be accessed securely
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HOST $host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:2368;
}