I have ameteor ap which i am running as is the norm and it runs on my server like
http://my-ip:3000
I have nginx installed and i can access the meteor app using this sites-enabled configuration
My file looks like this
server {
listen *:80;
server_name _;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
I am following this tutorial to get letsencrypt to work https://gist.github.com/cecilemuller/a26737699a7e70a7093d4dc115915de8
How would i enable ssl in my configuration above
To run with ssl,make sure you have a letencrypt certificate and this is my configuration
server {
listen 80;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name domain.com;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/meteor.access.log;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass http://localhost:3000;
proxy_read_timeout 90;
proxy_redirect http://localhost:3000 https://domain.com;
}
}
The above runs the meteor app with ssl enabled.
Related
I want to proxy pass based on the path to another port (multiple) using NginX.
Example:
/ -> :3000
/test -> :3001
I already config my nginx.conf like this:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.xxx.domain.com;
gzip off;
proxy_max_temp_file_size 0;
ssl_certificate /etc/nginx/ssl/xxx.co.id.pem;
ssl_certificate_key /etc/nginx/ssl/xxx.co.id.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers XXX
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_redirect off;
location / {
proxy_pass http://10.184.0.4:3000;
}
location = /test {
proxy_pass http://10.184.0.4:3001;
}
}
It's success for the /, but for the /test route it's get redirected to port :3000 to the Not Found Page.
Any suggestion to success the proxy pass?
The nginx snippet below works for https access of our web application. However several end users of the app are instead using ip access in browser to the same app with no certificate protection.
Ways to block this access?
server {
listen 80;
server_name ourserver.com;
return 301 https://ourserver.com$request_uri;
}
server {
listen 443;
server_name ourserver.com;
### SSL details removed
ssl_certificate "//";
ssl_certificate_key "//";
ssl_session_cache
ssl_session_timeout
ssl_ciphers
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_read_timeout 1200;
proxy_send_timeout 1200;
proxy_connect_timeout 75;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
}
my server use meteor, ssl, nginx
when called this url => https://example.com
i want auto change this url => https://example.com/main <- /main is start page
How can I change it?
don't search find it...
this is my config
upstream backend {
ip_hash;
least_conn ;
server localhost:9000;
server localhost:9002;
}
server {
listen 443;
server_name example.com;
access_log /var/log/nginx/log main;
ssl on;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
server {
server_name example.com;
return 301 https://$host$request_uri;
}
thank you
You just need simple rewrite rule inside your location /
location / {
rewrite ^/$ /main redirect;
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
server{
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name app.webdomain.ltd;
ssl on;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_certificate /etc/letsencrypt/live/site.ltd/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site.ltd/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
location / {
proxy_pass http://127.0.0.1:3000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
}
How would I go about making the normal https://site.ltd access /var/www/html where app.site.ltd accesses 127.0.0.1:3000
It's a reverse proxy to the port, as a client runs off the port so I need https://app.site.ltd to show what would be on the port, where as https://site.ltd to show whats in /var/www/html
Try changing server_name app.webdomain.ltd; to server_name app.webdomain.ltd webdomain.ltd;
This shall start working as exactly your subdomain.
I have a successful Gitlab 5.3 install and everything works well. I want to run the server behind a nginx reverse proxy which I manage to do, but all the assets are missing:
I have Gitlab running on /git and here is my nginx config on my reverse proxy server:
server {
listen 80 default;
listen [::]:80 ipv6only=on default;
server_name reverseproxy;
## redirect http to https
rewrite ^ https://$server_name$request_uri? permanent;
}
server {
access_log /var/log/nginx/ssl_access.log;
error_log /var/log/nginx/ssl_error.log;
index index.html index.htm index.php;
## start ssl config
listen 443;
server_name reverseproxy;
## ssl server specifics
ssl on;
ssl_certificate /root/reverseproxy/reverseproxy.crt;
ssl_certificate_key /root/reverseproxy/reverseproxy.key;
ssl_session_cache shared:SSK:10m;
ssl_session_timeout 10m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
location /git {
proxy_pass http://gitlabserver/git;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
I have looked through nginx access and error logs but no clue. Any hints greatly appreciated.
Assuming that the git daemon and the nginx daemon are on the same box I believe that the location block should be like the following:
location ^~ /git/ {
proxy_pass http://127.0.0.1/git;
proxy_redirect http://127.0.0.1/git/ /git;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}