nginx listen directive confusion - nginx

I am trying to configure nginx i m trying to find how listen directive in server block works.
suppose i have this config:
server {
listen 192.168.11.12:80;
}
Does it mean nginx will listen for requests on port 80 which is coming from ip: 192.168.11.22 . or does it mean it will listen on ip 192.168.11.12 and on port 80. I searched for docs but they simply mention how server block works.

The second one, it will listen on that ip and port.

Related

Basic proxy_pass from nginx from one local ip to another local ip

I am a new user of nginx and I am following a video guide from Linode on youtube (How to Set Up an NGINX Reverse Proxy).
I have a working nginx and apache server both on port 80. I know that because when I type the ip address of both in firefox, it directs me to nginx/apache welcome page.
The youtube video configuration template is as follow (where the server_name is the linode ip) :
server {
listen 80;
listen [..]:80;
server_name 172.105.104.226;
location / {
proxy_pass http://localhost:3000/;
}
On my Proxmox machine, the nginx server is on a VM at 192.168.1.241 and the apache server on another VM at 192.168.1.243.
Looking at nginx documentation we find that this :
location /some/path/ {
proxy_pass http://www.example.com/link/;
}
should proxy all the traffic received on the nginx listening port and redirect it to the address specified by proxy pass.
With all these information, my configuration file is like this :
server {
listen 80;
listen [::]:80;
server_name 192.168.1.241;
location / {
proxy_pass http://192.168.1.243;
}
}
My understanding is that this configuration file should listen at the address 192.168.1.241 on port 80 (nginx server) and redirect it to the specified address 192.168.1.243 (apache server)/
If i understand correctly, Location / should take the request as is received on the nginx server and redirect it to the apache server.
However, when I enter 192.168.1.241 in my browser, it doesn't show the apache welcome message but shows the nginx welcome message. That means that the proxy isn't working.
My nginx understanding is extremely limited as I am just starting to learn, but to me it seems like this should work but doesn't.
Thank you for your help
It turns out that the configuration is correct.
The problem was that the webpage was cached. By forcing a full refresh, 192.168.1.241 redirected to 192.168.1.243 successfully.

Using proxy_pass to forward http requests based on headers

I'm using a combination of ip6tables and nginx to process http requests from clients. The nginx server listens on port 8081 and must forward a request after examining the header.
Clients can send two types of requests:
GET/POST with no headers. These should be re-directed to https://jaguar.mydomain.com
GET/POST with specific header elb-jaguar.mydomain.com. These should be redirected to https://elb-jaguar.mydomain.com
When run as nginx -c /home/build/v6-only.conf, nginx fails because one server{} directive already has listen on port 8081
nginx: [emerg] duplicate listen options for [::]:8081 in /etc/nginx/v6/v6-only.conf:13
My config is as below:
server {
listen [::]:8081 ssl ipv6only=on;
server_name elb-jaguar.mydomain.com;
ssl_certificate /etc/ssl/elb.crt;
ssl_certificate_key /etc/ssl/elb.key;
location / {
proxy_pass https://elb-jaguar.mydomain.com:443;
}
}
server {
listen [::]:8081 ssl ipv6only=on;
ssl_certificate /etc/ssl/regular.crt;
ssl_certificate_key /etc/ssl/regular.key;
server_name jaguar.mydomain.com;
location / {
proxy_pass https://jaguar.mydomain.com:443;
}
}
How can I fix the above config to get the desired forwarding with proxy_pass?
Difficult to see because that setup should work.
But looking closer at the NGINX docs and your need for IPv6 only, it says (my emphasis):
ipv6only=on|off
this parameter (0.7.42) determines (via the IPV6_V6ONLY socket option) whether an IPv6 socket listening on a wildcard address [::] will accept only IPv6 connections or both IPv6 and IPv4 connections. This parameter is turned on by default. It can only be set once on start.
Because the error message complains of 'duplicate listen options', not 'already listening on that port' or similar, it suggests it is complaining about trying to set ipv6only a second time (even to the same value).
Also, it does say This parameter is turned on by default, so you could easily just remove it altogether, if only to try it.

How can I redirect traffic from Port 80 to Port 443 using UFW?

I use Ubuntu Server 18.04 and wish to forward/redirect traffic from port 80 to port 443 (https).
I want to do this as I have SSL on NGINX(port 80) and a Flask app running on Gunicorn on port 443. I can't make NGINX proxy requests as the app isn't in a virtualenv.
I wish to use UFW. How can I do this?
Redirecting http to https traffic is not the purpose of a firewall like ufw.
You should redirect the requests within NGINX as follows:
server {
listen 80;
server_name example.org;
return 301 https://example.org$request_uri;
}
... where 80 is the http port, example.org is your domain, and 301 indicates the browser that the resource is accessible at the other place.

nginx port binding issues

Of course the port is already in use! hence my desire to redirect it! - I don't understand how I'm suppose to be able to redirect an app on 8787 to the https version if I can't start nginx due to this bind error?
nginx: configuration file /etc/nginx/nginx.conf test is successful
nginx: [emerg] bind() to 0.0.0.0:8787 failed (98: Address already in use)
server block:
server {
listen 8787;
listen [::]:8787 ipv6only=on;
server_name www.example.* example.* 45.224.123.199;
# SSL
ssl_certificate /etc/nginx/ssl/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/sample.key;
port_in_redirect off;
return 302 https://example.com$request_uri;
}
Each application , in this case the upstream application and nginx, need their own unique ip and port binding pair. Generally, ONE application per IP can anybind.
You need to either:
choose a unique port for the proxy and upstream pairing (change nginx port, or change application port)
OR
chose a unique IP binding for your application.
Very often, a good practice is to application bind to the LAN ip instead of the public IP, to better isolate your application from the public internet.

How to make nginx to listen to server_name:port

In my nginx conf file, I have :
listen 80;
server_name $hostname;
however if I do netstat I see that it is listening on 0.0.0.0:80
what I want to happen, is the nginx to listen to $hostname:80 , is there a way to configure it to do that?
I tried different settings with no success so far. Appreciate your help.
The server_namedocs directive is used to identify virtual hosts, they're not used to set the binding.
netstat tells you that nginx listens on 0.0.0.0:80 which means that it will accept connections from any IP.
If you want to change the IP nginx binds on, you have to change the listendocs rule.
So, if you want to set nginx to bind to localhost, you'd change that to:
listen 127.0.0.1:80;
In this way, requests that are not coming from localhost are discarded (they don't even hit nginx).

Resources