I have 2 servers(CentOS7) in LAN WildflyAPP and nGinX.
nGinX is having 2 eth cards. One connected with LAN(192.X.X.X network) and second up to the wild world (external static IP).
I'm trying to use nGinX as Proxy to Wildfly 8.2.1(as a service) using subdomains:
app.mydomain.com to be used as proxy to Wildfly application (8080 port)
wildfly.mydomain.com for management to wildfly (9000 port)
In both cases im receiving 502 error
I used default configuration for nGinx:
server {
listen 80;
server_name app.mydomain.com;
error_log /var/log/nginx/app-error.log;
access_log /var/log/nginx/app-access.log;
location / {
proxy_pass http://192.X.X.X:8080/;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
add_header Cache-Control "no-cache, no-store";
}
}
I also tried versions with:
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
Nothing i found anywhere in net helped (standalone file checked and looks ok, APP accessible from LAN at 8080 without any problems).
Please help me what i am doing wrong here.
Related
I need your help for a strange problem :)
I have Geoserver on my server :
it is a standalone daemon (not a WAR deployed in Tomcat)
it is listening on 127.0.0.1:8280
I have a PROXY_BASE_URL configured like this: https://geoserver.example.com/geoserver
the option "Use headers for Proxy URL" is checked at this moment but I tried by unchecking it
I have a Nginx in front of Geoserver to manage the SSL offloading.
The vhost is :
upstream backend-geoserver {
server 127.0.0.1:8280 weight=10 max_fails=3 fail_timeout=15s;
}
server {
server_name geoserver.example.com;
listen 443 ssl;
include snippets/ssl.conf;
access_log /var/log/nginx/access-geoserver.log;
error_log /var/log/nginx/error-geoserver.log;
location / {
rewrite ^ /geoserver;
}
location /geoserver {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://backend-geoserver/geoserver;
}
}
When I reach my server on https://geoserver.example.com it works: I see the home page of Geoserver
Important detail : the port 80 is closed and I can't open it myself: the Nginx server can only answer on 443
When I try to login, I have a connection timeout after X seconds and, at this moment, the URL in my browser (Firefox) is HTTP://geoserver.example.com/geoserver/ <--- please note the protocol is HTTP not HTTPS
If I replace http:// with https:// and press Enter: I reach the page
If I click on a link in Geoserver, same behavior: it switches on http:// and I have to force the URL manually.
Is anyone has an idea please ?!
Thank you very much :)
You really should have to get that port 80 open and configure nginx to redirect unsecure traffic over to https://
We are using NGINX on our cPanel server to reverse proxy ZKTeco ZKBioSecurity servers. Due to compatibility with some of their devices not supporting HTTPS, all our servers use HTTP, but, of course, all sessions to our NGINX server is secured with HTTPS and a Sectigo certificate provided by cPanel’s AutoSSL.
Here’s the problem: it seems that the ZKBioSecurity servers are detecting that the client is using HTTPS to connect to them through NGINX, and because of this, give the following prompt each time you want to log in, advising you to download and install the ISSOnline driver and certificate. The certificate, however, is issued to the ZKBioSecurity server for 127.0.0.1, so of course this is rather pointless as we are connecting to the NGINX server using a FQDN. This does not happen if we use HTTP:
So my question: is there something in the request (the HTTP header perhaps?) that NGINX forwards to the upstream server that contains the protocol (HTTPS) the client used to connect to the server? Because this somehow seems to be the case.
Here’s our NGINX config for ZKBioSecurity servers:
location /.well-known {
root /home/novacloud/public_html/subdomain/.well-known;
allow all;
try_files $uri = 404;
}
location / {
if ($scheme = http) {
return 301 https://$host$request_uri;
}
proxy_pass http://192.168.0.1:8080;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
The server_name directive is, of course, managed by cPanel. The above is an example of the include files we use in the main cPanel NGINX configuration file. I thought it was the proxy_set_header X-Forwarded-Proto $scheme, but even if I remove this, I still get the Driver Detection Exception prompt.
Here’s a Pastebin of a cURL of the ZKBioSecurity server from our cPanel/NGINX server
I have a docker container with nginx (v. 1.17, no plus version) set up as a reverse-proxy (http/https) to other docker containers and machines.
An example configuration I have is the following:
server {
resolver 127.0.0.11;
listen 443 ssl;
server_name gitlab.mydomain.com;
location / {
proxy_pass http://gitlab:30000;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
And this works perfectly.
What is missing is the configuration for accessing gitlab (and other machines I need) trough SSH.
I saw in some other questions that you can use streams and other new nginx features, but I didn't quite get how to embed this with my current configuration.
Can someone help me with this settings? How can we combine http/https reverse proxy with ssh reverse-proxy?
Can't connect to application through External IP.
I started gerrit code review application on GCP's vm instance(CentOS 7).
It works on http://localhost:8080 and I can't connect to it through external IP. Also I tried to create NGINX reverse proxy, but probably my configuration is wrong. By the way after installing NGINX, the starter page were shown on external ip.
# nginx configuration /etc/nginx/conf.d/default.conf
server {
listen 80;
server_name localhost;
auth_basic "Welcomme to Gerrit Code Review Site!";
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
}
}
gerrit.config
[httpd]
listenUrl = proxy-http://127.0.0.1:8080/
You use localhost as a server_name. I think that may cause conflict, because you connect to your server externally. You don't need server_name, cause you are going connect to your server by ip. And I recommend you enable logs in your nginx config. It will help you with bug fixing.
I recommend you try this config:
server {
listen 80;
access_log /var/log/nginx/gerrit_access.log;
error_log /var/log/nginx/gerrit_error.log;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
}
}
add a line in /etc/hosts
127.0.0.1 internal.domain
Update proxy config
proxy_pass http://internal.domain:8080;
It works with me
We are trying to run sonarqube behind a reverse proxy (nginx).
We have nginx running on once instance within our AWS VPC, and sonarqube on another instance. Below is our sonarqube location block. NGINX is set to listen on port 80…
Sonarqube is running in a docker container with port 9000 mapped to 9000 on the host.
Our default location (below) redirects anything other than a valid location to the jira location.
When we try to access sonarqube using the address of the machine running NGINX and /sonarqube, we just get redirected to Jira.
It is worth noting that all our other applications that have a location block in the nginx config work as expected.
location / {
return 301 /jira;
}
location /sonarqube {
proxy_pass http://<ip-address of machine running sonarqube>:9000/sonarqube;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
client_max_body_size 8m;
client_body_buffer_size 128k;
}
Is your sonar.properties correctly configured?
sonar.web.port: 9000
sonar.web.context: /sonarqube
After that you can change your nginx config as
location /sonarqube {
proxy_pass http://<sonarqube_ip>:9000;
...
}