Hoping someone can point out my failing with my config.
I have an issue where my upstream redirect does not work as it should (must be a config issue) , it redirects from https to http, which I do not have running at the moment. Obviously I require my https server to only serve secure traffic and not redirect to http.
This is what I receive in my browser bar :
http://nginx.dev1.whispir.net/tmpl/home.tmpl#!/web_com/View_Workspace?rd=1307
But I require it to go to upstream over https.
In the debug of the browser I see :
GET http://nginx.dev1.whispir.net/tmpl/home.tmpl net::ERR_CONNECTION_REFUSED
Cannot fathom out why it is hitting port 80.
I have turned off http on port 80, as I require the https working.
I hope someone can help here, driving me insane.
thanks for looking.
This is my current config for port 443
upstream HttpsMainWorker {
# Sticky session
ip_hash;
server 10.1.161.59:8080;
server 10.1.161.56:8080;
}
upstream HttpsReportWorker {
# Sticky session
ip_hash;
server 10.1.161.64:8080;
}
upstream HttpsApiWorker {
# Sticky session
ip_hash;
server 10.1.161.51:8080;
}
server {
listen 443 ssl;
server_name nginx.dev1.whispir.net;
keepalive_timeout 70;
ssl on;
ssl_certificate /etc/nginx/certs/2016/61d2d567aece769c.crt;
ssl_certificate_key /etc/nginx/certs/2016/wildcard.dev1.whispir.netclear.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/app17web/access.log main;
error_log /var/log/nginx/app17web/error.log debug;
root /data/htdocs/app17web.dev1.whispir.net;
index index.jsp;
rewrite_log on;
location ~* \.(?:ico|css|js|gif|jpe?g|png|pdf)$ {
expires 1d;
add_header Pragma public;
add_header Cache-Control "public";
}
error_page 401 /401.html;
error_page 403 /403.html;
error_page 500 502 /500.html;
error_page 503 /503.html;
error_page 400 404 /404.html;
location = /404.html {
internal;
}
error_page 500 502 503 /50x.html;
location = /50x.html {
root html;
}
location /{
try_files $uri #backend;
}
location #backend {
proxy_pass http://HttpsMainWorker;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~ \.jsp$ {
proxy_pass http://HttpsMainWorker;
proxy_next_upstream error timeout invalid_header http_500;
proxy_connect_timeout 5s;
}
location /ivr/ivrRequest.ivr {
proxy_pass http://HttpsMainWorker;
proxy_next_upstream error timeout invalid_header http_500;
proxy_connect_timeout 5s;
}
location /app/cfu/* {
proxy_pass http://HttpsMainWorker;
proxy_next_upstream error timeout invalid_header http_500;
proxy_connect_timeout 5s;
}
location /tmpl/* {
proxy_pass http://HttpsMainWorker;
proxy_next_upstream error timeout invalid_header http_500;
proxy_connect_timeout 5s;
}
Most likely the upstream application (running on port 8080) is issuing the redirect. Either it needs to be configured to use https in a redirect, or it needs to be informed that the frontend connection arrived over https.
Your configuration inserts a header X-Forwarded-Proto for that purpose, but only for one of the locations.
The proxy_set_header directive is inherited from the outer block, only if no other proxy_set_header directives are set in the location.
So, either add a proxy_set_header X-Forwarded-Proto $scheme; statement into each affected location block, or move all of your proxy_set_header directives into the server block scope.
For example:
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
location #backend {
proxy_pass http://HttpsMainWorker;
}
location ~ \.jsp$ {
proxy_pass http://HttpsMainWorker;
proxy_next_upstream error timeout invalid_header http_500;
proxy_connect_timeout 5s;
}
location /ivr/ivrRequest.ivr {
proxy_pass http://HttpsMainWorker;
proxy_next_upstream error timeout invalid_header http_500;
proxy_connect_timeout 5s;
}
location /app/cfu/* {
proxy_pass http://HttpsMainWorker;
proxy_next_upstream error timeout invalid_header http_500;
proxy_connect_timeout 5s;
}
location /tmpl/* {
proxy_pass http://HttpsMainWorker;
proxy_next_upstream error timeout invalid_header http_500;
proxy_connect_timeout 5s;
}
See this document for details.
Related
I got the next 2 errors in console:
Access to XMLHttpRequest at 'https://api.domain1.com/rest/v1/reviews' from origin 'https://domain1.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
GET https://api.domain1.com/rest/v1/reviews net::ERR_FAILED 200
Network tab of Chrome's inspector shows a list of requests, but just 2 requests are relevant to my issue:
Name: reviews; Method: Options; Status 200; Type: preflight.
Name: reviews; Method: GET + Preflight; Status: CORS error; Type: xhr
My Nginx config:
proxy_cache_path /tmp/backend_cache levels=1:2 keys_zone=backend_cache:250m max_size=250m inactive=2d use_temp_path=off;
proxy_cache_key "$scheme$request_method$http_domain$host$request_uri";
proxy_cache_background_update on;
proxy_cache_lock on;
proxy_cache_lock_age 30s;
proxy_cache_revalidate on;
proxy_cache_valid 200 302 30m;
proxy_cache_use_stale updating error timeout http_500 http_502 http_503 http_504;
upstream fastapi {
ip_hash;
server backend-fastapi:80;
}
server {
listen 80 default_server;
server_name api.domain1.com api.domain2.com;
charset utf-8;
keepalive_timeout 5;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 1m;
proxy_connect_timeout 1m;
proxy_pass http://fastapi;
proxy_cache backend_cache;
}
}
Preflight happens because I have custom header.
If I remove the line proxy_cache backend_cache; everything works without problem. Is there a way to use cache and avoid error?
I am using a public URL and adding it to my Nginx reverse proxy. I have come across a bad request error when I run my nginx.conf configurations file. I have an access token that also needs to be added
Below is my nginx.conf file.
Any recommendations ?
worker_processes 1;
events {
worker_connections 1024;
}
http {
server {
listen 80;
server_name localhost 127.0.0.1;
client_max_body_size 0;
set $allowOriginSite *;
proxy_pass_request_headers on;
proxy_pass_header Set-Cookie;
# External settings, do not remove
#ENV_ACCESS_LOG
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_header Set-Cookie;
proxy_set_header X-Forwarded-Proto $scheme;
location /test/ {
proxy_pass https://a***.***.com;
}
}
}
403 ERROR
The request could not be satisfied.
I have fixed the issue by using the Nginx rewrite modules. I have posted a link below.
http://nginx.org/en/docs/http/ngx_http_rewrite_module.html
location /test/ {
rewrite ^/test(.*) https://URL$1 break;
I'm trying to redirect my particular domain to Tomcat where multipe Application is running, but I'm getting "ERR_TOO_MANY_REDIRECTS" ERROR in the browser
My configuration has below
server {
listen 80;
server_name www.mydomain.com;
location / {
proxy_pass http://localhost:7070/AppName;
proxy_read_timeout 600s;
client_max_body_size 200m;
}
}
Recently I configured my Odoo app to forward all requests via Nginx.
You need to add something like this to your Nginx config:
upstream tomcat {
server 127.0.0.1:8080;
}
server {
listen 80;
server_name www.mydomain.com;
location / {
proxy_pass http://tomcat;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
proxy_read_timeout 600s;
client_max_body_size 200m;
}
}
If this doesn't work, for reference, you may want to check this article: https://www.rosehosting.com/blog/install-odoo-on-a-debian-8-vps-with-nginx-as-a-reverse-proxy/
I hope you'll find this useful.
It is common to set the proxy_redirect directive in the same way as the proxy_pass directive. see for example configure-nginx-with-proxy-pass.
location ~ ^/stash {
proxy_pass http://IP:7990;
proxy_redirect http://IP:7990/ /stash;
}
but I got the ERR_TOO_MANY_REDIRECTS error with this configuration... so i changed it for "proxy_redirect off;" as suggested here, and it solved my problem!
here is the configuration for my gitlab server:
server {
listen 80;
server_name reverseproxy.mydomain.org;
location /gitlab/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host-Real-IP $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://172.xx.xx.xxx:10080;
#proxy_redirect http://172.xx.xx.xxx:10080/ /gitlab/;
proxy_redirect off;
}
}
NB: i also needed to remove the directive "proxy_set_header Host $host;" for my gitlab server, powered by docker-gitlab.
I am using the following configuration
upstream site {
server 127.0.0.1:3000;
keepalive 64;
}
server {
listen 80;
error_page 400 404 500 502 503 504 /50x.html;
location /50x.html {
internal;
root /usr/share/nginx/www;
}
location /static {
root /opt/site/static;
access_log off;
expires max;
}
location / {
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_pass http://site;
proxy_intercept_errors on;
}
}
I have saved it to /etc/nginx/sites-available/site.conf and symlinked to it /etc/sites-enabled/site.conf , and when I restart nginx it gives me the following error:
Restarting nginx: [emerg]: unknown directive "keepalive" in /etc/nginx/sites-enabled/site.conf:3
There are no keepalive directive. Use keepalive_timeout instead. And you can't put it inside upsream, use inside http, server or location.
Option "keepalive" is provided by keepalive module. And since 1.1.4 keepalive functionality is included in the main code.
I have just installed nginx and have more than one domain name pointing to same IP. When calling each domain I have to redirect to different applications running on the same machine, each application is running on different port.
For ex, I have app1.domain.com, app2.domain.com & app3.domain.com
so, for app1.domain.com I have to redirect to localhost:<port1>
likewise, app2.domain.com I have to redirect to localhost:<port2>
and app3.domain.com I have to redirect to localhost:<port3>
How do I go about?
Thanks in advance
Well if your application are running on different ports then your nginx conf files should look like this.
upstream app1 {
server 127.0.0.1:port1; #App1
}
upstream app2 {
server 127.0.0.1:port2; #app2
}
server {
listen xxx.xxx.xxx.xxx:80;
server_name app1.domain.com;
access_log /var/log/nginx/log/app1.domain.com.access.log main;
error_log /var/log/nginx/log/app1.domain.com.error.log;
root /usr/share/nginx/html;
index index.html index.htm;
## send request back to apache1 ##
location / {
proxy_pass http://app1;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen xxx.xxx.xxx.xxx:80;
server_name app2.domain.com;
access_log /var/log/nginx/log/app2.domain.com.access.log main;
error_log /var/log/nginx/log/app2.domain.com.error.log;
root /usr/local/nginx/html;
index index.html;
location / {
proxy_pass http://app2;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host app2.domain.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Please let me know if you have any doubts.
Thanks