Nginx converting main site to subdomain - nginx

server{
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name app.webdomain.ltd;
ssl on;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_certificate /etc/letsencrypt/live/site.ltd/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site.ltd/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
location / {
proxy_pass http://127.0.0.1:3000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
}
How would I go about making the normal https://site.ltd access /var/www/html where app.site.ltd accesses 127.0.0.1:3000
It's a reverse proxy to the port, as a client runs off the port so I need https://app.site.ltd to show what would be on the port, where as https://site.ltd to show whats in /var/www/html

Try changing server_name app.webdomain.ltd; to server_name app.webdomain.ltd webdomain.ltd;
This shall start working as exactly your subdomain.

Related

How to proxy pass to another port (multiple)

I want to proxy pass based on the path to another port (multiple) using NginX.
Example:
/ -> :3000
/test -> :3001
I already config my nginx.conf like this:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.xxx.domain.com;
gzip off;
proxy_max_temp_file_size 0;
ssl_certificate /etc/nginx/ssl/xxx.co.id.pem;
ssl_certificate_key /etc/nginx/ssl/xxx.co.id.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers XXX
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_redirect off;
location / {
proxy_pass http://10.184.0.4:3000;
}
location = /test {
proxy_pass http://10.184.0.4:3001;
}
}
It's success for the /, but for the /test route it's get redirected to port :3000 to the Not Found Page.
Any suggestion to success the proxy pass?

Nginx responds to subdomains when told not to

Nginx responds to
subdomain.example.com
as it would to
example.com
when I specified only to listen to example.com and www.example.com
Here is my config:
server {
listen 443 ssl;
server_name example.com;
server_name www.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://internal_server:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
where example.com is replaced with the actual domain and internal_server is replaced with the internal server

Why does nginx still redirect urls when not configured for these urls - reverse proxy setup

I have the following conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 8443 ssl;
server_name unifi.bob.net;
ssl on;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
ssl_certificate /var/lib/docker/volumes/letsencrypt/_data/live/unifi.bob.net/fullchain.pem;
ssl_certificate_key /var/lib/docker/volumes/letsencrypt/_data/live/unifi.bob.net/privkey.pem;
location /wss/ {
proxy_pass https://192.168.1.3:8443;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_read_timeout 86400;
}
location / {
proxy_pass https://192.168.1.3:8443/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
}
}
server {
listen 8443 ssl;
server_name nas.bob.net;
ssl on;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
ssl_certificate /var/lib/docker/volumes/letsencrypt/_data/live/nas.bob.net/fullchain.pem;
ssl_certificate_key /var/lib/docker/volumes/letsencrypt/_data/live/nas.bob.net/privkey.pem;
location / {
proxy_pass http://192.168.1.254:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
}
}
server {
listen 880;
server_name unifi.bob.net;
return 301 https://unifi.bob.net$request_uri;
}
server {
listen 880;
server_name nas.bob.net;
return 301 https://nas.bob.net$request_uri;
}
}
this all works fine if i hit http://nas.bob.net i get redirected to https://nas.bob.net and to the internal resource fine this also works the same for unifi.bob.net
however if i try my external ip or a record i get redirected to the unifi recource?
should it not just do nothing or am i missing something from the config?
Thanks
Found to answer, i had no default_server set in any config. now added this and all working as expected
Thanks

I want to change nginx start page(path)

my server use meteor, ssl, nginx
when called this url => https://example.com
i want auto change this url => https://example.com/main <- /main is start page
How can I change it?
don't search find it...
this is my config
upstream backend {
ip_hash;
least_conn ;
server localhost:9000;
server localhost:9002;
}
server {
listen 443;
server_name example.com;
access_log /var/log/nginx/log main;
ssl on;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
server {
server_name example.com;
return 301 https://$host$request_uri;
}
thank you
You just need simple rewrite rule inside your location /
location / {
rewrite ^/$ /main redirect;
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}

Deploying a node js app with proxypass with ssl enabled

I have ameteor ap which i am running as is the norm and it runs on my server like
http://my-ip:3000
I have nginx installed and i can access the meteor app using this sites-enabled configuration
My file looks like this
server {
listen *:80;
server_name _;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
I am following this tutorial to get letsencrypt to work https://gist.github.com/cecilemuller/a26737699a7e70a7093d4dc115915de8
How would i enable ssl in my configuration above
To run with ssl,make sure you have a letencrypt certificate and this is my configuration
server {
listen 80;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name domain.com;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/meteor.access.log;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass http://localhost:3000;
proxy_read_timeout 90;
proxy_redirect http://localhost:3000 https://domain.com;
}
}
The above runs the meteor app with ssl enabled.

Resources