I am wondering how to connect to a different IP in Nginx that is different from localhost.
00.000.00.00
root
123456
note (the IP address and password indicated above are not realand will be replaced will actual)
Right now, this is what I have in Nginx config
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
By default nginx listens on all interfaces, that would be that listen 80; is equivalent to listen 0.0.0.0:80;. If you want nginx to listen only on localhost you should write listen 127.0.0.1:80; or listen localhost:80;, and if you want it to listen on some other interface you could do something like listen 152.168.0.30:80;.
On the other hand using the line server_name localhost; you are only accepting request directed to localhost in this block, and no the ones directed to your other IP's. To accept this request you can add server_name localhost 152.168.0.30 www.myweb.com; like a list or you could exclude this config so that the host IP isn't a restriction to accept or not a request.
For more information look in here.
Hope it helps!
Related
I have two sites-enabled for nginx.
I have the default server:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
try_files $uri $uri/ =404;
}
}
and I have a FQDN with a redirect for https:
server {
listen SERVER-IP:80 ;
listen [::]:80;
server_name FQDN;
location / {
return 301 https://$host$request_uri;
}
}
My issue is that if I try to access my server using a different domain name or using the IP address, using http on port 80, I will always be redirected to https on port 443. I cannot seem to get the default server to respond at all.
I even created another server block that begins:
server {
listen 80;
listen [::]:80;
server_name OTHER-FQDN;
And even when I try to load http://OTHER-FQDN I get redirected to https port 443 with a certificate of FQDN.
Why?
Or better: how can I gain insight into which server block is being used for which request? Clearly only the block with FQDN is ever accessed even though I have another OTHER-FQDN that matches or a default_server that should match.
I am frustrated because the inner working of nginx in this case seem so opaque to me and counter to exectation.
So i've came across a cool project and i wanted to recreate it. It is my first time using nginx and also my first time learning things about a reverse proxy. I've currently have a reverse proxy running and it works (I guess). But the Proxy currently only works with other ports. I have 3 servers that are running nginx. I use one of them as my reverse proxy. I can access the other servers with different ports. See here (reverse-proxy.conf):
server {
listen 80;
root /var/www/html;
server_name localhost;
location / {
proxy_pass http://192.168.2.20;
}
}
server {
listen 8080;
root /var/www/html;
server_name localhost;
location / {
proxy_pass http://192.168.2.30;
}
}
Are there a way to use the reverse proxy without using different ports? Or is my solution ok? At the end i just need a reverse proxy that is able to communicate with 2 other servers.
So one thing here people use reverse proxy in a different ways
But most generic usecase is redirect using location.
Please find the below example.
server {
listen 80;
root /var/www/html;
server_name localhost;
location /a {
proxy_pass http://192.168.2.20;
}
location /b {
proxy_pass http://192.168.3.20;
}
}
Another is giving weight to each proxy.
Please find the below example
stream {
upstream stream_backend {
server http://192.168.2.20 weight=75;
server http://192.168.3.20 weight=25;
}
server {
listen 80;
root /var/www/html;
server_name localhost;
location / {
proxy_pass stream_backend;
}
}
In above 192.168.2.20 will receive 75% of the load and 192.168.3.20 will receive 25% of the load. In case if you want to distribute the equal load to both(or round-robin method) Please remove the weight.
I think you may not understand how Nginx work about proxy.
Nginx can reverse Proxy L7 http or L4 stream
and you set the proxy listen on any port or URL you want and proxy to any server or port or URL you want.
server {
listen 80;
root /var/www/html;
server_name localhost;
location / {
proxy_pass http://192.168.2.20:2323/URL;
}
}
server {
listen 8080;
root /var/www/html;
server_name localhost;
location / {
proxy_pass unix:/tmp/backend.socket;
}
}
Here is a reference for you about the proxy_pass directive.
proxy_pass
I am trying to implement HTTPS on a site ased on nginx server, Now even with the below config it only opens HTTP site
My server config for nginx server is like this
server {
listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/mydomain.in/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.in/privkey.pem;
server_name mydomain.in www.mydomain.in;
rewrite ^(.*) http://$server_name$1 permanent;
}
server {
server_name mydomain.in www.mydomain.in;
access_log /var/log/nginx/mydomain.in.access.log rt_cache_redis;
error_log /var/log/nginx/mydomain.in.error.log;
root /var/www/mydomain.in/htdocs;
index index.php index.html index.htm;
include common/redis-php7.conf;
include common/wpcommon-php7.conf;
include common/locations-php7.conf;
include /var/www/mydomain.in/conf/nginx/*.conf;
}
The server does not serve HTTPS Requests i.e even if i specifically put https in browser it still takes me back to http site. I am not able to diagnose if its nginx or wordpress which is at fault ?
Note : the traffic is routed through cloudflare dns and certificate is
switch off in cloudflare so that it doesn't interfere. I am Relatively new to nginx
Well below is the basic idea.
server {
server_name mydomain.in www.mydomain.in;
listen 80;
location / {
return 301 https://mydomain.in$request_uri;
}
}
server {
listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/mydomain.in/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.in/privkey.pem;
server_name mydomain.in www.mydomain.in;
access_log /var/log/nginx/mydomain.in.access.log rt_cache_redis;
error_log /var/log/nginx/mydomain.in.error.log;
root /var/www/mydomain.in/htdocs;
index index.php index.html index.htm;
include common/redis-php7.conf;
include common/wpcommon-php7.conf;
include common/locations-php7.conf;
include /var/www/mydomain.in/conf/nginx/*.conf;
}
The top server block listens on port 80 (http). It has one location block which does a return 301. return is preferred over rewrites in most cases. I also put it into a location block because you have a letsencrypt ssl cert which might require another location ^~ /.well-known { block to help handle that.
The second server block listens on port 443 (https). It has the SSL certs and includes the information exposed previously for as the http server block.
This setup will handle redirecting from http on either mydomain.in or www.mydomain.in to https mydomain.in. On https both mydomain.in and www.mydomain.in will receive SSL requests.
If you want it to redirect to a primary https domain you can add another server block for the secondary(ies) like so.
server {
server_name www.mydomain.in;
listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/mydomain.in/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.in/privkey.pem;
location / {
return 301 https://mydomain.in$request_uri;
}
}
Of course, this means you would have to change the second server block to remove the secondary(ies) domain names.
Also while testing you might want to change the 301s to 302s so that if you misconfigure the first time that it not be stuck in the browser cache. After you get everything to a good state then change back to 301s.
The Problem
When you type example.com into the address bar of a browser WITHOUT entering the scheme, i.e. http:// or https://, Nginx redirects the user to https://api.example.com instead of https://example.com as intended. I'm pretty sure there's something wrong with my Nginx config, but I'm not sure what.
Details
I'm hosting two websites on the same server, with the same IP. The relevant bits from the DNS zone file looks something like (domain and IP anonymized here):
example.com. 1800 IN A xxx.xxx.xxx.xxx
www.example.com. 1800 IN CNAME example.com.
api.example.com. 1800 IN CNAME example.com.
I have two SSL certs installed (provided by letsencrypt), one for each site, and both sites are configured to redirect to HTTPS. I have two vhost config files, one for each site, as follows:
/etc/nginx/sites-available/api
/etc/nginx/sites-available/default
Both are symlinked into /etc/nginx/sites-enabled/. The relevant bits from the two config files are as follows:
# /etc/nginx/sites-available/api
server {
listen 80;
listen [::]:80 ipv6only=on;
server_name api.example.com;
return 301 https://api.example.com$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
include snippets/api-ssl-params.conf; # ssl config info
server_name api.example.com;
# ... the rest of the site config ...
}
and:
# /etc/nginx/sites-available/default
server {
listen 80;
listen [::]:80;
server_name www.example.com;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 default_server ipv6only=on;
include snippets/ssl-params.conf; # ssl config info
server_name example.com;
# ... the rest of the site config ...
}
I don't understand why just entering example.com into the address bar would redirect to https://api.example.com because:
just plain example.com doesn't appear in the api config file anywhere
example.com shouldn't match the server_name directive api.example.com
the server blocks in default are marked as default_server so shouldn't that take precedence when an ambiguous domain name was typed in?
Thanks!!!
Duh. Figured it out in the process of writing the question. The problem is that just plain example.com doesn't appear in the server_name directive for either of the sites listening on port 80. Since that causes ambiguity, nginx picks the first site in alphabetic order.
I updated the config file for the default site as follows:
# /etc/nginx/sites-available/default
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com; # <-- CHANGED THIS LINE
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 default_server ipv6only=on;
include snippets/ssl-params.conf; # ssl config info
server_name example.com;
# ... the rest of the site config ...
}
And all was right with the universe.
I have the following server block
server{
listen 80;
server_name foo.domain.com;
root /some/rails/app;
passenger_enabled on;
}
However any subdomain under domain.com is matched using this block and is served by my rails app, so a.domain.com, nothing.domain.com, all are being sent to the rails app, how can I prevent this wildcard behavior which I didn't ask for ?
You can drop all traffics that wasn't to a domain explicitly defined in another server configurations
server {
listen 80 default_server;
server_name _;
deny all;
}