Is it possible, without editing the /etc/hosts file, tell my computer redirect to 127.0.0.1 every time I visit domain1.com or domain1.com through the web browser as well as when I request the content of the same pages through curl?
Run a DNS server/resolver on your machine, configure to forward every query that it can't resolve to the DNS resolvers upstream and set /etc/resolv.conf to direct all queries to the locally running resolver.
Then in the local resolver add entries for the domains you want to blackhole toward localhost.
There are several of options to chose from. The currently most popular caching resolver is unbound, but you can also use dnscache for it.
Related
Backend: "Bitnami WordPress with NGINX and SSL Stack for Google Cloud Platform" from marketplace.
I used this guide: https://www.am22tech.com/google-cloud-cdn-wordpress/
I ended up with a somewhat working system as follows:
My Domain ->(google managed cert)-> CDN + Load Balancer -> Instance Group ->(http)-> VM with bitnami stack.
All works well and seems very fast. The biggest gap in my understanding is how the VM can be told it needs to behave as if it's the original domain.
For example, in the nginx server config, any kind of reference to $host seems to return the VM's IP address or something like that.
Also, in wordpress, in a lot of places the domain is replaced by an IP address, even though the site URL and wordpress address show up correctly. This isn't a wordpress question though, as I'm quite sure there is a more general solution I'm missing to do perhaps with NGINX or the load balancer configuration. I think PHP detects the host and passed it along to wordpress but I'm not clear how.
I found a reference somewhere in the google documentation how to manually assign a domain to a VM but not sure that's what's needed here.
Further to this, I'm totally unclear how I would set up https between the vm and the load balancer, yet only have one domain/ip address for the global forward rule. Maybe a separate question.
Bitnami Engineer here. If you already have the domain, certificates and the Load Balancer in place, you will need to configure WordPress to use that domain name as default domain of the application. You will need to edit the wp-config.php file and configure these lines
define('WP_SITEURL', 'http://DOMAIN/');
define('WP_HOME', 'http://DOMAIN/');
More info: https://docs.bitnami.com/google/apps/wordpress-pro/administration/configure-domain/
In case you also want NGINX to redirect you your domain, no matter how you access your app's information, you can add this configuration line
return 301 https://DOMAIN$request_uri;
in the /opt/bitnami/nginx/conf/bitnami/bitnami.conf file
More info: https://docs.bitnami.com/google/apps/wordpress-pro/administration/force-https-nginx/
I had better luck having the load balancer talk to my VM with https. Once I got that working, I didn't have to make any changes to wp-config.php. In this case I didn't bother with varnish because I think it only supports http. I'm hoping google's CDN will be sufficient regarding caching, and I may try a helper plugin in wordpress.
To redirect http to https, I followed the bitnami instructions to set up to front ends to the load balancer pointing to the same static ip address, then in my nginx server blocks, I added a redirect line in the https block (not the http block), since the google load balancer communicates with my backend via https. Google sets the http_x_fowward_proto to http so I check that and redirect if necessary.
if ($http_x_forwarded_proto = "http") { return 301 https://$host$request_uri; }
The bitnami stack is amazing, everything seems extremely fast!
I have different versions of a backend service, and would like nginx to be like a "traffic cop", sending users ONLY to the currently online live backend service. Is there a simple way to do this without changing the nginx config each time I want to redirect users to a different backend service?
In this example, I want to shut down the live backend service and direct users to the test backend service. Then, vice-versa. I'm calling it a logical "traffic cop" which knows which backend service to direct users to.
I don't think adding all backend services to the proxy_pass using upstream load balancing will work. I think load balancing would not give me what I'm looking for.
I also do not want user root to update the /etc/hosts file on the machine, because of security and collision concerns with multiple programs editing /etc/hosts simultaneously.
I'm thinking of doing proxy_pass http://live-backend.localhost in nginx and using a local DNS server to manage the internal IP for live-backend-localhost which I can change (re-point to another backend IP) at any time. However, would nginx actually query the DNS server on every request, or does it resolve once then cache the IP forever?
Am I over-thinking this? Is there an easy way to do this within nginx?
You can use the backup parameter to the server directive so that the test server will only be used when the live one is down.
NGINX queries DNS on startup and caches it, so you'd still have to reload it to update.
I've struggled for couple of weeks on this configuration.What I want to achieve can be listed as follows.
1.I registered a domain not long ago.And I've set up some web service on my VPS,such as a blog,a forum and Owncloud. Now I want to configured the Nginx so that I can run all the service on one VPS and one IP address. In order to run owncloud,I have to modify the /etc/php5/fpm/pool.d/www.confto listen = 9000.In this case,I can only get one service (Owncloud)function,because if I want to run the forum I must uncomment the listen = /var/run/php5-fpm.sock.What's more,I've tried to uncomment both of them,Nginx showed 502 afterwards.
2.I'm using Hexo as my blog.When I start the server,I can access into my blog on IP:4000.So I wonder if I could run my blog server on background and edit the posts online via a subdomain which has been redirected to port 4000.If it's possible,should I modify the nginx.conf or add something in sites-available?
3.Can I deploy different web services on different subdomain?Which file is to modify?It's said that I can achieve this by using reverse proxy?
Sorry for the pathetic English and expression.Thanks in advance.
Going at it point by point:
The advantage of PHP-FPM, which you are using, is that you can have multiple separate interpreters running in your pool. To do so, simply copy the file at /etc/php5/fpm/pool.d/www.conf to somewhere else, say /etc/php5/fpm/pool.d/forum.conf, change the listen directive, and you've got a second php interpreter running, entirely separate from the first one. That way owncloud (www) and your forum (forum) have their own distinct php.
This is called reverse-proxying. nginx does that well. You simply add a new site definition in sites-available that does reverse-proxying to port 4000 on your server, then symlink (or copy) that site definition to sites-enabled and restart nginx. You will have to setup Hexo to start automatically for that to work.
You can deploy different web services on different subdomains. As long as the dns is configured to point that name to your server, you can configure the server to respond differently for every subdomain using site definitions. You need to modify the files in sites-enabled to determine which names nginx knows how to respond to.
On my Nginx I've got two hosts.
One with the values
server_name = www.mydomain.com;
root /var/www/production/myFirstWebSite;
and the other with
server_name=localhost;
root /var/www/development/mySecondWebSite;
To my domain registrar account I configured the DNS with two A record "
www IN A myIP
IN A myIP
This is cool, i can reach my first website with www.mydomain.com or mydomain.com.
Now the problem is how to reach my second website which is in development and I don't buy the domain name. And myIP/development/myScondWebSite is no more working ...
I think that the problem come from the DNS entries but I'm not sure.
Do you've got some ideas ?
Thanks in advance.
There's a couple of ways I could think of to access the localhost one.
Creating a subdomain instead of localhost
This is the best one I'd recommend, try doing something like server_name localhost.mydomain.com.
If you need to put further security, you could make it only allow a certain IP(s) or a range of IPs.
Play with your hosts file
In this specific case I would not recommend this, because you're messing with localhost it self, might break some other stuff on your machine, if it was any other name I could have said it's fine.
Use an ssh tunnel to the server
In this method you create a dynamic port on your ssh connection and set your browser to pass all traffic through tunnel which goes to the server then it's handled from there, so if you run localhost for example it would be like running localhost from over there, but since this involved a browser setting, you need to remember to disable it after you disconnect the ssh connection otherwise the browser would return an error saying that the proxy server is refusing the connection.
Using a local Nginx as a proxy
This one I just came up with right now, and I can't say If it would work or not, the 3 before I've worked with before and I know they work.
You'd set a certain domain name that your local nginx would capture and then proxy it to the remote server, but edit the host header setting it to localhost instead, that way it would match the localhost in the remote machine, if this one works it would not need any setting to be turned on and off every time.
Out of all these, I'd recommend the first one first (if it's an option), then try the last one if you don't want to keep turning things on and off before and after each setting.
We have a local instance of IIS 7 running with a website. Instead of the default "localhost" we have something like, mysite.compname.com. This is a separate entry into IIS 7 and the default website was removed to prevent confusion.
Then in our host file we an entry like this:
127.0.0.1 mysite.compname.com
Now when I try to hit this url, http://127.0.0.1/ApplicationName/Project/AddProject.aspx technically it should work, but instead I get a 404. I can vouch that this isn't a problem with the application, because if I navigate to http://mysite.compname.com/ApplicationName/Project/AddProject.aspx it works fine.
My end goal is to be able to give someone my computer name, so that they can visit a test page, so the url above I think would get turned into this http://computername/ApplicationName/Project/AddProject.aspx. Any help or at least links to understanding would help because I'm not sure where my issue is coming from.
It sounds like the IIS site / application is configured using a Host Header.
This means that the site will only respond if the host header sent by the browser matches the one configured for the site.
This is a standard method to allow one server to host sites for many host and domain names.
If you wish to allow others to view the site on your computer you will need to either have a local DNS server which you can edit, or, probably the easiest option, get them to edit their host files to include
<your IP> mysite.compname.com.
Remember to open the requisite ports (probably only 80, maybe 443 for https) in your firewall.
Or, you can try to edit the site config to remove or modify the Host Header requirement. See the first link for details, but be careful, it's easy to break things if you don't know the entire architecture of the site.