Nginx auth before return - nginx

Im using nginx with auth.
All auths works properly in the locations is set, but I have a location /marathon that return same url with other port. I have added auth to this location, but it does not work. I think is regarding to the return directive but I dont know why and how to handle it or solve it. I've been searching but I can't find nothing about this
Any ideas why or how to handle it?
user root;
worker_processes 4; # 2 per core
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
use epoll;
}
http {
upstream mypelotweb {
least_conn;
server myweb.marathon.mesos:8001;
server myweb.marathon.mesos:8002;
server myweb.marathon.mesos:8003;
server myweb.marathon.mesos:8004;
}
upstream mypelotwebsockets {
least_conn;
server myweb.marathon.mesos:8001;
server myweb.marathon.mesos:8002;
server myweb.marathon.mesos:8003;
server myweb.marathon.mesos:8004;
}
upstream wingmantracker {
least_conn;
server mywing-tracker.marathon.mesos:8011;
server mywing-tracker.marathon.mesos:8012;
}
upstream club {
server club.marathon.mesos:5000;
}
upstream soccerint {
server soccerint.marathon.mesos:5005;
}
upstream enet {
server enet-web.marathon.mesos:5003;
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format uri $request_uri;
access_log /var/log/nginx/access.log;
keepalive_timeout 65;
proxy_read_timeout 200;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
gzip on;
gzip_min_length 1000;
gzip_proxied any;
gzip_types text/plain text/html text/css text/xml
application/x-javascript application/xml
application/atom+xml text/javascript;
proxy_next_upstream error;
server {
server_name mytree.com;
listen 80;
error_log /var/log/nginx/errorhttp.log;
access_log /var/log/nginx/accesshttp.log;
return 301 https://$host$request_uri;
}
server {
server_name mytree.com;
listen 443;
error_log /var/log/nginx/errorhttps.log;
access_log /var/log/nginx/accesshttps.log uri;
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
location / {
root /www/mytree;
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/.htpasswd;
}
location /mypelot {
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass http://mypelotweb;
proxy_set_header 'Access-Control-Allow-Origin' '*';
proxy_set_header 'Access-Control-Allow-Credentials' 'true';
proxy_set_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
}
location ~* ^/mypelot$ {
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass http://mypelotweb;
proxy_set_header 'Access-Control-Allow-Origin' '*';
proxy_set_header 'Access-Control-Allow-Credentials' 'true';
proxy_set_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
}
location /mypelot/ws {
proxy_pass http://mypelotwebsockets;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
location /wingmantracker {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://wingmantracker;
proxy_set_header 'Access-Control-Allow-Origin' '*';
proxy_set_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
}
location /club {
proxy_pass http://club;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Authorization';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
}
location /soccerint {
proxy_pass http://soccerint;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Authorization';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
}
location /enet {
proxy_pass http://enet;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Authorization';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
}
location /mypelot-messenger {
return 301 http://mypelot-messenger.marathon.mesos:15672;
}
location /mesos {
return 301 http://mytree.com:5050;
}
location /marathon {
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/.htpasswd;
return http://mytree.com:8080;
}
location /jenkins {
return 301 http://myserver.ovh.net:8082;
}
location /jira {
return 301 https://mymymy.atlassian.net;
}
location /bitbucket {
return 301 https://bitbucket.org/statistics/;
}
location /confluence {
return 301 https://stats.atlassian.net/wiki/;
}
}
}

Related

Adding caching for specific static files in a reverse proxy in Nginx?

I want to cache the js and css files of a single page app with nginx on the clients browser. When i tried the currently commented out block, the specified files had a 404 response. Tried putting the block inside the location / { block and the same error happened. Anyone know how to fix this? Help appreciated.
events {}
http {
gzip on;
gzip_vary on;
gzip_min_length 10240;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
gzip_disable "MSIE [1-6]\.";
# security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
server {
server_name SERVER_NAME www.SERVER_NAME;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# adding this block returns 404 response for the specified formats
# location ~* \.(?:css|js)$ {
# expires 1d;
# add_header Vary Accept-Encoding;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# add_header Cache-Control private;
# }
location / {
proxy_pass http://localhost:3000;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
location /api {
proxy_pass http://localhost:5000/api;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
}}
You get 404 because you are not serving anything add proxy_pass to the front app
location ~* \.(?:css|js)$ {
expires 1d;
add_header Vary Accept-Encoding;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header Cache-Control private;
proxy_pass http://localhost:3000;
}

How to setup nginx for ipfs gateway?

I need to make ipfs http gateway through nginx with certbot installed together with redirecting websockets to port 9999, but I am unable to make it work as intended.
The code for running websocket service is on "location /" .
Code for ipfs gateway is at "location /ipfs" .
server {
location /ipfs {
proxy_pass http://0.0.0.0:9001;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
allow all;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_redirect http://0.0.0.0:9999/ /;
proxy_redirect ws://0.0.0.0:9999/ /;
proxy_pass http://0.0.0.0:9999/;
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
allow all; # Any IP can perform any other requests
proxy_set_header Connection "Upgrade";
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Cache-Control,Content-Type,Authorization';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'application/json charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
if ($request_method = 'POST') {
# add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type,Authorization';
}
if ($request_method = 'GET') {
# add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
}
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/recall.network/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/recall.network/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = recall.network) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name recall.network;
return 404; # managed by Certbot
}
My custom code:
location /ipfs {
proxy_pass http://0.0.0.0:9001;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
allow all;
}
do not work as intended
I would like to have an ipfs gateway accessible at https:recall.network/ipfs/HASH*
Resolution is to put correct prefix ^~ in location.
location ^~ /ipfs {
proxy_pass http://0.0.0.0:9001;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
allow all;
}

nginx proxy is not working using subdomain

i have two domains
alpha.mydomain.com and api-alpha.mydomain.com
I am trying to use nginx as a proxy
i am getting the error
Access to XMLHttpRequest at 'https://api-alpha.mydomain.com/dup-check'
from origin 'https://alpha.mydomain.com' has been blocked by CORS
policy: Response to preflight request doesn't pass access control
check: No 'Access-Control-Allow-Origin' header is present on the
requested resource.
i would think based on my setup , the request should not be using api-alpha.mydomain.com but 127.0.0.1 (and not getting the CORS error)
NOTE:: i am using cloudflare https so the console errors are https by cloudflare is the SSL and talking to port 80 to my nginx server
this is part of my nginx config
server {
listen 80;
server_name alpha.mydomain.com ;
access_log /var/log/nginx.access_log main;
root /home/mydomain/react-front/dist;
location / {
try_files $uri $uri/ /index.html;
}
}
server {
listen 80;
server_name api-alpha.mydomain.com ;
access_log /var/log/nginx-api-alpha-access.log main;
location /{
proxy_pass http://127.0.0.1:4001/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_redirect off;
}
}
This is the entry from the nginx-api-alpha-access.log
"OPTIONS /dup-check HTTP/1.1" 502 750 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36" "-"
This is the entry from /var/log/nginx/error.log
[error] 1280#1280: *12 connect() failed (111: Connection refused) while connecting to upstream, client: 172.xx.xxx.xxx, server: api-mydomain.trigfig.com, request: "OPTIONS /dup-check HTTP/1.1", upstream: "http://127.0.0.1:4001/dup-check", host: "api-alpha.mydomain.com"
Thanks, not sure what i am missing in my config
try change to
server {
listen 80;
server_name alpha.mydomain.com ;
access_log /var/log/nginx.access_log main;
root /home/mydomain/react-front/dist;
location / {
try_files $uri $uri/ /index.html;
}
}
server {
listen 80;
server_name api-alpha.mydomain.com ;
access_log /var/log/nginx-api-alpha-access.log main;
location /{
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range,Authorization';
proxy_pass http://127.0.0.1:4001/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_redirect off;
}
}

Configure NGINX for client side routing

I have a side made with React running on Digital Ocean and I'm trying to use client side routing but can't get it to work. This is my Nginx default file
upstream site {
server 123.456.78.90:8080;
keepalive 64;
}
server {
server_name site.xyz www.site.xyz;
try_files $uri /index.html;
location / {
index index.html;
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
#
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
#
# Tell client that this pre-flight info is valid for 20 days
#
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
if ($request_method = 'POST') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
try_files $uri index.html;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
proxy_max_temp_file_size 0;
proxy_pass http://site/;
proxy_redirect off;
proxy_read_timeout 240s;
}
error_page 404 /index.html;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/site.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/site.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.site.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = site.xyz) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name site.xyz www.site.xyz;
return 404; # managed by Certbot
}
I added the try_files line and the error_page 404 /index.html so that it would default to index.html where the route could be loaded from my code there but it doesn't work at all. I need the ssl certificate and I need the cors code for another function. I'm not sure why it doesn't direct how I want.
Here's what worked for me:
...
location / {
...
proxy_intercept_errors on;
error_page 404 = /index.html;
...
}

Nginx: (111: Connection refused) while connecting to upstream

I'm trying to use to Nginx for reverse proxy. I have 1 Node.js app on port 3333 and Golang app on port 3334. When calling to Golang API, I see this message in /var/log/nginx/error.log:
2016/07/15 10:18:36 [error] 4835#0: *131 connect() failed (111: Connection refused) while connecting to upstream,
client: 27.69.66.52,
server: video1.techmaster.vn,
request: "GET /stream/dash/5klRyUnPVyDWouxscIT42uWs5JL4x9nHFol9ecg5g0GLf7aTaI/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJwcmljZSI6MCwiZnVsbCI6dHJ1ZSwidmlkZW8iOnsiaWQiOjEwODcsIm5hbWUiOiJtcDNaaW5nU2hvd0RhdGEtMjY0Lm1wNCIsInBhdGgiOiIvbWVkaWEvODIxNyJ9LCJhdHRhY2htZW50IjpbXSwiZXhwIjoxNDY4NTU2NTE2fQ.qc9d_XPhCepHf5iJyf9ORBPOo3pTvF8Th_VMadNSM2o/43f_vid_19.m4s HTTP/1.1",
upstream: "http://127.0.0.1:3334/stream/dash/5klRyUnPVyDWouxscIT42uWs5JL4x9nHFol9ecg5g0GLf7aTaI/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJwcmljZSI6MCwiZnVsbCI6dHJ1ZSwidmlkZW8iOnsiaWQiOjEwODcsIm5hbWUiOiJtcDNaaW5nU2hvd0RhdGEtMjY0Lm1wNCIsInBhdGgiOiIvbWVkaWEvODIxNyJ9LCJhdHRhY2htZW50IjpbXSwiZXhwIjoxNDY4NTU2NTE2fQ.qc9d_XPhCepHf5iJyf9ORBPOo3pTvF8Th_VMadNSM2o/43f_vid_19.m4s",
host: "video1.techmaster.vn",
referrer: "https://techmaster.vn/khoa-hoc-online/8217/lap-trinh-ios-swift/96/Location-Notification"
I don't know what's the problem from. Maybe I have done some mistake in Nginx config. Here is my Nginx configuration:
server {
listen 80;
server_name video1.techmaster.vn www.video1.techmaster.vn;
return 301 https://$server_name$request_uri;
}
server {
listen 443 spdy ssl;
server_name video1.techmaster.vn www.video1.techmaster.vn;
keepalive_timeout 30;
# Allow upload video up to 100M
client_max_body_size 100M;
# Config SSL
ssl on;
ssl_certificate /etc/ssl/cert_chain.crt;
ssl_certificate_key /etc/ssl/private/sv.video1.techmaster.vn.key;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "xxxxxxxxxx";
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
ssl_stapling on;
location ~* /.*\.(xml)$ {
root /var/www/videos.techmaster.vn/public;
expires 7d;
}
location /stream/ {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3334;
set $cors '';
if ($http_origin ~* (localhost|www\.techmaster\.vn|techmaster\.vn)) {
set $cors 'true';
}
if ($cors = 'true') {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Range';
}
}
location / {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3333;
set $cors '';
if ($http_origin ~* (localhost|www\.techmaster\.vn|techmaster\.vn)) {
set $cors 'true';
}
if ($cors = 'true') {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Range';
}
}
}
I have edited Nginx config and it works
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
listen 443 ssl;
server_name 192.168.1.10;
keepalive_timeout 30;
# Config SSL
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
ssl_stapling on;
# Allow upload video up to 100M
client_max_body_size 100M;
location ~* /.*\.(xml)$ {
root /var/www/videos.techmaster.vn/public;
expires 7d;
}
location /stream/* {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3334;
set $cors '';
if ($http_origin ~* (localhost|tech\.dev)) {
set $cors 'true';
}
if ($cors = 'true') {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Range';
}
}
location / {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3333;
set $cors '';
if ($http_origin ~* (localhost|tech\.dev)) {
set $cors 'true';
}
if ($cors = 'true') {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Range';
}
}
}
I had got same issue while configuring AWS with node platform.
I used 3000 port to start the application.
When I changed my port to 8081 it worked.

Resources