I have a Jenkins environment setup, running off a EC2 instance and trying to get port 80 mapped to port 8080.
A suggestion made (and the way most of the configurations I've seen recommended) uses Nginx to do a reverse proxy.
I have installed Nginx on the server, and added to sites-available the following:
server {
listen 80;
server_name jenkins.acue.io;
location / {
include /etc/nginx/proxy_params;
proxy_pass http://localhost:8080;
proxy_read_timeout 60s;
# Fix the "It appears that your reverse proxy set up is broken" error.
# Make sure the domain name is correct
proxy_redirect http://localhost:8080 https://jenkins.acue.io;
}
}
I hit the IP address of the jenkins environment, it shows me the Ngnix welcome screen and Jenkins still loads against port 8080 not port 80.
Do I need to specific the current URL (I've not pointed the jenkins.acue.io sub-domain yet to the EC2 instance where I have specified localhost? I've tried it but no joy).
Few things to note.
You need to add jenkins.acue.io to your Host entries and point it to the instance where you are running NginX. Then use the FQDN to access Jenkins. Also there is a typo in your proxy_redirect where you have added https URL instead of http://jenkins.acue.io fix that as well. Other than that your NginX configurations look fine.
If you keep on getting the NginX welcome page even though you are accessing through the FQDN, that means your configurations are not being picked up by NginX. Try creating a new file like jenkins.conf and add it to /etc/nginx/conf.d. Then do a sudo systemctl restart nginx
I am new to nginx and am trying to configure a reverse proxy to a Shiny Server (Open) that I have successfully implemented on an AWS Lightsail Instance. I am desperate at this point and would appreciate any advice. Here are the pertinent configuration arrangements.
Note that I have a purchased a custom domain from GoDaddy. Assume this is named mydomain.com.au. However, I have changed the name servers to point to Netlify as I deployed my website through the blogdown R package in Netlify.
Lightsail Instance Details
This has a Shiny Server installed and a static IP address assigned. Assume 123.45.67.89 from this point onwards. The firewall details are provided below:
Lightsail instance firewall details
I can successfully access the Shiny Server via http://123.45.67.89:3838 and associated Shiny apps I've deployed. I have a DNS Zone record added in order to link mydomain.com.au to my Shiny Server on the Lightsail instance - see details below:
Record Type: A
Subdomain: shiny.mydomain.com.au
Resolves to: 123.45.67.89 (i.e. static IP address)
Netlify details
I have a DNS record added in Netlify for mydomain.com.au which points to the Lightsail instance static IP address. Below are the details (I'm not sure whether I need a DNS record in Netlify and Lightsail though). Note this this is SSL/TLS certificate enabled and cannot be disabled (it will automatically revert to "https://" even when "http://" is specified).
Name: shiny.mydomain.com.au
TTL: 3600 seconds
Type: A
Value: 123.45.67.89
nginx details
Below are the relevant details of the /etc/nginx/sites-enabled/default file which I modified based on the instructions from this post. The $http_upgrade and $connection_upgrade is stored in the /etc/nginx/nginx.conf file. There is no SSL/TLS certificate from certbot added and I'm not sure whether this is an issue.
server {
listen [::]:80 default_server;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name shiny.mydomain.com.au;
# Reverse proxy to port 3838
location / {
proxy_pass http://localhost:3838/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_read_timeout 20d;
proxy_buffering off;
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# try_files $uri $uri/ =404;
}
The nginx configuration test appears to be successful:
sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
The following firewall profiles (from sudo ufw status) are set up - Nginx HTTP, OpenSSH, 3838 and 80. nginx is active and running too with no issues according to sudo service nginx status.
What works?
http://123.45.67.89:3838/ successfully opens the Shiny Server index page.
https://shiny.mydomain.com.au:3838/ successfully opens the Shiny Server index page.
Other information?
Visiting https://shiny.mydomain.com.au:3838 will automatically attempt https://123.45.67.89:443 which ultimately fails and times out. The redirection to 123.45.67.89 appears to work but it does not forward to the 3838 port. Firefox Network monitoring indicates that the Server is nginx.
What might be happening?
At this point (and I am very new to web administration), I think this might be an issue with Netlify forcing HTTPS which cannot be redirect to the Shiny Server port (HTTP?). However, visiting https://shiny.mydomain.com.au:3838 successfully redirects to the Shiny Server index page. I just can't understand why nginx isn't successfully forwarding to the 3838 port without specifying it in the URL based on the default configuration file.
What is the problem?
Loading shiny.mydomain.com.au does not successfully load the Shiny Server index page. It will eventually time out and no page is loaded ("The connection has timed out"). Checking the network monitoring information in Firefox indicates that tries to access 123.45.67.89 but not 123.45.67.89:3838 (i.e. the Shiny Server). It doesn't appear that it is redirecting at all according to the /etc/nginx/sites-enabled/default file.
I have tried changing localhost to 127.0.0.1 to no avail. I have tried following Dean Attali's post and another recent post on setting up Shiny Server too but still no success.
Can someone please help me out on how to get nginx as a reverse proxy to work?
I'm really running out of ideas here. Thanks.
I struggle with a problem to conf my nginx reverse proxy to work with gitlab.
Let's say that my gitlab server's IP is 192.168.0.2:8888 on my network. This server is not accessible throught internet. And my proxy is accessible by http://example.org
Due to somes reasons, I can't use subdomain, so I want to configure my proxy to access gitlab throught http://example.org/git.
My nginx proxy is working fine for my other needs and my gitlab server work great on local.
I try this config on my proxy :
...
location /git {
proxy_path http://192.168.0.2:8888;
proxy_set_header Host $host;
}
But when I go to http://example.org/git, I get redirect to http://example.org/users/sign-in. I lost the "git" folder in the url.
I try many thing in this config, adding a "/" at the end of the proxy_path, adding "rewrite ^/git(.*) /$1 break;", etc.
At best, I get the right redirect, http://example.org/git/users/sign-in, but all the resources lead to http://example.org/{resource}
I'm noob at nginx config so I don't know what to try now.
If someone can lead me to the right direction :)
Thx
I installed phpMyAdmin docker image and run it with
# docker run --name phpmyadmin -d --link mariadb:db -p 8081:80 -e PMA_ABSOLUTE_URI=http://servm3/pma --restart unless-stopped phpmyadmin/phpmyadmin
Accessing http://servm3:8081 works fine. The variable PMA_ABSOLUTE_URI is for reverse proxies as seen on the docker page.
Then I set up nginx (locally installed, not inside docker) to act as a reverse proxy (working for several other apps like guacamole).
Inside my nginx.conf I have:
location /pma/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
}
Accessing http://servm3/pma shows the favicon on the browser tab but instead of the login page only a blank page is shown. Removing the preceding "/" and restarting nginx only gives a 404.
# docker logs phpmyadmin
shows nothing except from the php and nginx service start info, nothing related to phpmyadmin.
Local nginx access log shows several 304 and 404 codes and some 200, error log is not present. Detailled log can be found here on pastebin.
I hope somebody will be able to tell me how to make nginx work as a reverse proxy for the phpMyAdmin docker container.
If some important information is missing please let me know.
Be sure to include the rewrite:
location ~ \/pma {
rewrite ^/pma(/.*)$ $1 break;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://localhost:8081;
}
You'll also want to set the PMA_ABSOLUTE_URI environment variable in your docker-compose.yml:
PMA_ABSOLUTE_URI: https://yourdomain.com/pma/
Provided you're running 4.6.5 or later of the docker phpmyadmin you should be set. To update you can docker pull to pull down the latest. i.e.
docker pull phpmyadmin/phpmyadmin
Just remove the ending backslash of /pma/:
location /pma {
proxy_pass http://localhost:8081/;
proxy_buffering off;
}
With it the browser treats it as a directory and request for assets accordingly, which is unexpected for PMA.
Don't need rewrite.
nginx.conf:
location ^~ /pma/ {
proxy_pass http://pma-container/;
absolute_redirect off;
}
docker-compose.yml:
PMA_ABSOLUTE_URI: https://yourdomain.com/pma/
Notice: keep trailing slash on location, proxy_pass, PMA_ABSOLUTE_URI
There's not a lot that can be done. Problem is that phpmyadmin is serving its pages from localhost, and even if nginx translates accesses from http://servm3/pma to http://localhost, all links in HTML content ignore the lattest and, even if they're relative, they don't take into account the /pma part. So, all those 404 errors you're seeing are from resources that, inside HTML, are referenced as relative links like styles.css, that when referenced/clicked become http://servm3/styles.css, that doesn't exist in the server.
Unfortunately reverse proxies work at the header level so, even if they are able to change headers like Location on the fly, they leave HTML content untouched, and hence the problems. There're workarounds involving changing HTML code on the fly, but they're not easy, are unreliable at most and they hinder performance considerably, so the only practical solution is that websites explicitly support some kind of base path setting. In this case, the solution would be that phpmyadmin Docker image allowed setting the base path using an environment variable in docker-compose.yaml, instead of defaulting to root.
Another workaround in the mean time would be not using a relative path, but a subdomain. If you're in control of DNS settings for servm3, you could use something like phpmyadmin.servm3, and proxy_pass without problems.
If you have a docker setup that will have many different domains but one database(like a multistore magento shop, or a multi domain wordpress) it might be undesireable to forward all the traffic to one single domain. Or even having to hardcode it in the ENV variable.
It's easier to portforward based on subdomain.
In your nginx config define a map, listing your port numbers
map $subdomain $port_number {
default "013";
phpmyadmin "014";
mailhog "017";
}
This will make it so that when the variable $subdomain matches any entry in the map below, the variable $port_number will be set to the corresponding value. In my example is default "013" if nothing is matched.
Then add the following directive to your server directive.
server_name server_name ~^(?:(?<subdomain>[^.]+)\.|)(?<base_domain>.+\.localhost)$;
These regexes set 2 variables $subdomain and base_domain
If the request is example.com.localhost
$subdomain will have example
$base_domain will have com.localhost
$port_number will have 013
If the request is example.com.localhost
$subdomain will have phpmyadmin
$base_domain will have example.com.localhost
$port_number will have 014
[Optional] If you need the actual domain in a variable you could use an if statement like this:
set $lookup_domain $host;
if ($port_number != "013") {
set $lookup_domain $base_domain;
}
and $lookup_domain will contain the actual domain you're interested in.
You can then use a proxy pass like this:
location / {
proxy_pass http://docker-host:${backend}${port_number};
proxy_pass_header Content-Type;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; # allow websockets
proxy_pass_header Connection;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
}
Where the $backend variable contains in my case the base port range for my webapp set.
So the proxy url becomes someting like http://docker-host:20013 depending on the app. Feel free to skip that and set the ports to actual ports or whatever, or to modify it to follow any other logic.
don't know if you're still looking for an answer.
just follow this answer from Joshua Ostrom.
The problem is I dont know why it doesn't behave like it should but, you need to add index.php at the end like https://yourdomain.com/pma/index.php.
I had the same issue
I am not sure if this is possible but there is a way to host a Ghost blog at a subfolder instead of a subdomain https://www.allaboutghost.com/how-to-install-ghost-in-a-subdirectory/
I have set up everything on that end the way it says and now the only thing that is needed is to exclude /blog from the FlowRouter.notFound function. is there a way to do that or set up the route to listen to nginx?
// EDIT
Here's the nginx config
server {
listen 80;
server_name localhost;
location ^~ /blog {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:2368;
proxy_redirect off;
}
}
here's ghost config
config = {
// ### Production
// When running Ghost in the wild, use the production environment.
// Configure your URL and mail settings here
production: {
url: 'https://www.raiseyourflag.com/blog',
//everything else
}
}
There are two separate issues here.
Setting up Ghost to be served a subdirectory through Nginx. The tutorial you linked to covers exactly that.
Integrating the blog with a second site based on Meteor.
It's not clear if you've completed the first step or not, so let's make sure that's taken care of first:
# Make sure your config.js for Ghost includes /blog in the url key in the development section: 'http://127.0.0.1:2368/blog'
# Start Ghost in in the development enviroment: NODE_ENV=development node index.js
# Check that something is actually running on port 2368: sudo netstat -plnt | grep ':2368'
# Go here in your browser, you should see your Ghost blog and be able to browse it: http://127.0.0.1:2368/blog
If you have gotten that far, your Ghost blog is working and you are ready to access it through Nginx on port 80. To simplify the problem for this step, move any Meteor code out of the way temporarily so this can be verified.
Your Nginx configuration looks good. Just reload Nginx once more for
good measure, and then check this URL in your browser now:
http://127.0.0.1/blog
Now you should see your Ghost blog again, but now accessed through Nginx and proxied to the other port.
Once you've confirmed that step is working, add put the Meteor frontend code back in place. From the perspective of any frontend code, /blog is just like any URL handled by the web server.
If you go to /blog and see a NotFound page served by Meteor, that means that the client-side Meteor framework must have loaded from /somewhere/, presumably /index.html. In this case, there's a problem with the Nginx configuration. Perhaps there is more to it whant you have posted?