I just want to cache my website's url /. But when I request the url, get 403 error, (other urls is Ok).the error log:
2016/01/06 17:25:04 [error] 26263#0: *1 directory index of "/home/app/path/" is forbidden, client: 223.85.143.126, server: domain.com, request: "GET / HTTP/1.1", host: "www.domain.com", referrer: "http://www.domain.com/accounts/"
I've try chmod 777 -R /home/app/path/ or chmod 777 -R /home/app/path/nginx_cache or change user nginx; to user root; in nginx.conf, all doesnot work.
Here is infomation.
sites-enabled conf:
proxy_cache_path /home/app/path/nginx_cache levels=1:2 keys_zone=my_cache:1m max_size=50m inactive=60m use_temp_path=off;
server {
listen 80;
server_name domain.com www.domain.com;
index index.html index.htm;
root /home/app/path;
charset utf-8;
client_max_body_size 5M;
if ($host !~* ^(domain.com|www.domain.com)$){
return 444;
}
location /media {
alias /home/app/path/media;
}
location /static {
alias /home/app/path/static;
}
location / {
uwsgi_pass 127.0.0.1:3032;
include /home/app/path/uwsgi_params;
}
location = / {
proxy_cache my_cache;
proxy_cache_valid 15s;
}
}
nginx.conf:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 768;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 30;
types_hash_max_size 2048;
reset_timedout_connection on;
client_body_timeout 10;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log off;
#gzip on;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
Location do not inherits rules, so there is no UWSGI pass, nginx tries to display directory index and fails. Should be something like this:
location = / {
uwsgi_pass 127.0.0.1:3032;
include /home/app/path/uwsgi_params;
proxy_cache my_cache;
proxy_cache_valid 15s;
}
Related
I am using centos 7 with python 2.7.15 and uwsgi + nginx to host my app.
step by step i am getting closer to make it work.
I had to set the python 2.7.15 to work as python insted of 2.7.5
then I had some uwsgi probmels with emperor service.
but now... the app works when I run uwsgi trough
uwsgi --http :8000 --chdir /opt/web2py -w wsgihandler:application
but when I try to put it together with nginx I cannot access the page
My nginx config ATM is
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
map $request_uri $loggable {
~/engine/getTasks.* 0;
~/static/* 0;
default 1;
}
access_log /var/log/nginx/access.log main if=$loggable;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
client_max_body_size 10M;
listen 80 default_server;
listen [::]:80 default_server;
server_name localhost;
root /usr/share/nginx/html;
include /etc/nginx/default.d/*.conf;
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root /opt/web2py_cert/web2py.com;
}
location / {
uwsgi_pass unix:/run/uwsgi/web2py.sock;
include uwsgi_params;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
And my uwsgi.ini file
[uwsgi]
plugin = python2.7
logto = /opt/web2py/uwsgi.log
chdir = /opt/web2py
http = 0.0.0.0:80
module = wsgihandler:application
master = true
processes = 5
uid = woshi
socket = /run/uwsgi/web2py.sock
chown-socket = woshi:nginx
chmod-socket = 660
vacuum = true
any suggestions???
thank you
I want to resize a picuture using Module ngx_http_image_filter_module
I use also Module ngx_http_proxy_module
I have nginx.conf file:
# configuration file /etc/nginx/nginx.conf:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
load_module modules/ngx_http_image_filter_module.so;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
server {
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
#############################################
server {
server_name localhost;
listen 8888;
location ~ "^\/(?<width>\d+)\/(?<image>.+)$" {
# location ~ "^\/(?<image>.+)$" {
root /vms-media-private;
image_filter resize $width -;
image_filter_buffer 100M;
}
}
proxy_cache_path /vms-media-private/images-cache levels=1:2 keys_zone=vms-media-private:100M inactive=24h max_size=100M;
server {
server_name localhost;
location ~ "^\/(?<width>(1024))\/(?<image>.+)$" {
# root /vms-media-private;
proxy_pass http://localhost:8888/$width/$image;
proxy_cache vms-media-private;
proxy_cache_valid 200 24h;
}
location /vms-media-private {
# root /vms-media-private;
# You need to explicitly define DNS resolution when using
# variables in the proxy_pass directive. This trick resolves that.
proxy_pass http://localhost:8888/;
}
}
#########################################################
include /etc/nginx/conf.d/*.conf;
}
when i want to test it and resize the image with command:
curl -vvv localhost:8888/1024/5fb99304-df09-4b84-bdb6-a66c93be6027.jpg --output -
i get response at log:
127.0.0.1 - - [28/Jul/2022:10:21:54 +0000] "GET /1024/5fb99304-df09-4b84-bdb6-a66c93be6027.jpg HTTP/1.1" 200 83364 "-" "curl/7.69.1" "-"
but folders are empty:
/vms-media-private # ls -la images-cache/
total 8
drwx------ 2 nginx root 4096 Jul 27 19:07 .
drwxr-xr-x 7 nginx root 4096 Jul 27 19:07 ..
I follow this reference https://github.com/kvspb/nginx-auth-ldap/blob/master/README.md and try to integrate nginx and LDAP.
my nginx.conf setting:
user nginx;
worker_processes 4;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
ldap_server ldap_local {
url "ldap://localhost/cn=Manager,dc=xinhua?uid?sub?(objectClass=posixAccount)";
binddn "cn=Manager,dc=xinhua,dc=org";
binddn_passwd "xxxxxx";
require group "cn=config,ou=People,dc=xinhua,dc=org";
group_attribute "memberUid";
group_attribute_is_dn off;
require valid_user;
satisfy all;
}
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
conf.d/default.conf
server {
listen 8000;
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
auth_ldap "Forbidden";
auth_ldap_servers ldap_local;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
My question is how to authenticate the username and password which are in LDAP.
This is my first time to use LDAP.
Now, I don't know what is the username and password.
When I try the username and password in .htpasswd. It doesn't work.
Why not via https://github.com/nginxinc/nginx-ldap-auth ? It's daemon, use something like
location = /auth-proxy {
internal;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_pass http://127.0.0.1:8888;
proxy_set_header X-Ldap-URL "ldap://127.0.0.1:389";
proxy_set_header X-Ldap-Template "(uid=%(username)s)";
proxy_set_header X-Ldap-BaseDN "dc=example,dc=com";
}
location /private-storage {
auth_request /auth-proxy;
proxy_pass http://application-backend;
}
I am currently running nginx/1.0.15 on a Centos 6.6 OS.
The server has the following specs:
Intel(R) Atom(TM) CPU C2750 # 2.40GHz (8 cores)
32GB Ram
5 x 6000 GB 7200 RPM (Raid 10)
The Problem
The server has a 1Gbit/s connection, however it tops out and bottlenecks after 400-500 mbit/s. Service starts to decline at roughly 100 connections.. and the speed with the server drops dramatically (despite having 50% bandwidth still available)
The NGINX server is strictly for serving static .mp4 files. Each file is typically 400-1200MB (700mb being the avg.)
I have tried many many configurations and just about all of them give me the same results.
Is there anything blatantly wrong or misguided in my configuration?
The Configurations
/etc/nginx/nginx.conf
user nginx;
worker_processes 9;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 51200;
use epoll;
}
worker_rlimit_nofile 600000;
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log /var/log/nginx/access.log main;
access_log off;
aio on;
sendfile off;
tcp_nopush off;
tcp_nodelay on;
#keepalive_timeout 0;
keepalive_timeout 65;
output_buffers 1 3m;
#gzip on;
include /etc/nginx/conf.d/*.conf;
open_file_cache max=10000 inactive=5m;
open_file_cache_valid 2m;
open_file_cache_min_uses 1;
open_file_cache_errors on;
}
/etc/nginx/conf.d/default.conf
server {
listen 80 default_server sndbuf=32k;
server_name _;
#charset koi8-r;
#access_log logs/host.access.log main;
include /etc/nginx/default.d/*.conf;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
location /Videos/ {
root /home;
gzip off;
gzip_static off;
mp4;
mp4_max_buffer_size 300m;
}
location /stats {
stub_status on;
}
error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
I created a uwsgi file following this tutorial https://uwsgi.readthedocs.org/en/latest/Upstart.html on amazon linux. Though It doesn't seem to run as Nginx just says bad gateway. If I run the
/etc/init/uwsgi.conf
description "uwsgi tiny instance"
start on runlevel [2345]
stop on runlevel [06]
exec /home/ec2-user/venv/bin/uwsgi --ini /home/ec2-user/uwsgi-prod_demo.ini
if I do run the following in shell, then python application runs.
/home/ec2-user/venv/bin/uwsgi --ini /home/ec2-user/uwsgi-prod_demo.ini
uwsgi-prod_demo.ini
[uwsgi]
socket = :8080
chdir = /home/ec2-user/prod_demo
master = True
venv = /home/ec2-user/venv
callable = app
wsgi-file = /home/ec2-user/prod_demo/manage.py
enable-threads = True
https = =0,/home/ec2-user/xxx.com.au.pem,/home/ec2-user/newkey.pem,HIGH
nginx.conf
user ec2-user;
worker_processes 1;
error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
listen 443 ssl;
ssl_certificate /home/ec2-user/xxx.com.au.pem;
ssl_certificate_key /home/ec2-user/newkey.pem;
server_name import.xxx.com.au *.import.xxx.com.au;
access_log /var/log/prod_demo/access_log;
root /home/ec2-user/prod_demo;
location / {
uwsgi_pass 127.0.0.1:8080;
include uwsgi_params;
}
location /static {
alias /home/ec2-user/prod_demo/app/static;
}
location = /favicon.ico {
alias /home/ec2-user/prod_demo/app/static/images/favicon.ico;
}
}
}
To fix this I did a few things.
- Moved all scripts from the home directory to an /var/www/
- created an www group and www user and chown /var/www to www:www
Full Instructions
Create a user and group www and www
sudo groupadd www
sudo adduser www -g www
create a dir where your flask application will be ie /var/www/
sudo chown -R www:www /var/www
/etc/nginx/nginx.conf
# /etc/nginx/nginx.conf
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user www;
worker_processes 1;
error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
client_max_body_size 20M;
#keepalive_timeout 0;
keepalive_timeout 0;
uwsgi_read_timeout 86400;
uwsgi_send_timeout 86400;
#gzip on;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
listen 443 ssl;
ssl_certificate /var/www/test.com.au.pem;
ssl_certificate_key /var/www/newkey.pem;
server_name demo.test.com.au;
access_log /var/log/prod_demo/access_log;
root /var/www/prod_demo;
location / {
uwsgi_pass 127.0.0.1:28080;
include uwsgi_params;
}
location /static {
alias /var/www/prod_demo/app/static;
}
location = /favicon.ico {
alias /var/www/prod_demo/app/static/images/favicon.ico;
}
}
server {
listen 80;
listen 443 ssl;
ssl_certificate /var/www/test.com.au.pem;
ssl_certificate_key /var/www/newkey.pem;
server_name ajtravel.test.com.au;
access_log /var/log/prod_demo_two/access_log;
root /var/www/prod_demo_two;
location / {
uwsgi_pass 127.0.0.1:28082;
include uwsgi_params;
}
location /static {
alias /var/www/prod_demo_two/app/static;
}
location = /favicon.ico {
alias /var/www/prod_demo_two/app/static/images/favicon.ico;
}
}
#test config
server {
listen 80;
listen 443 ssl;
ssl_certificate /var/www/test.com.au.pem;
ssl_certificate_key /var/www/newkey.pem;
server_name demo.test.test.com.au;
access_log /var/log/prod_demo/access_log;
root /var/www/prod_demo;
location / {
uwsgi_pass 127.0.0.1:28080;
include uwsgi_params;
}
location /static {
alias /var/www/prod_demo/app/static;
}
location = /favicon.ico {
alias /var/www/prod_demo/app/static/images/favicon.ico;
}
}
server {
listen 80;
listen 443 ssl;
ssl_certificate /var/www/test.com.au.pem;
ssl_certificate_key /var/www/newkey.pem;
server_name ajtravel.test.test.com.au;
access_log /var/log/prod_demo_two/access_log;
root /var/www/prod_demo_two;
location / {
uwsgi_pass 127.0.0.1:28082;
include uwsgi_params;
}
location /static {
alias /var/www/prod_demo_two/app/static;
}
location = /favicon.ico {
alias /var/www/prod_demo_two/app/static/images/favicon.ico;
}
}
}
/etc/init/uwsgi-prod-demo.conf
# https://uwsgi.readthedocs.org/en/latest/Upstart.html
# /etc/init/uwsgi.conf
# simple uWSGI script
description "uwsgi tiny instance"
#start on runlevel [2345]
#stop on runlevel [06]
start on started elastic-network-interfaces
exec /var/www/venv/bin/uwsgi --ini /var/www/uwsgi-prod_demo.ini
/var/www/uwsgi-prod_demo.ini
[uwsgi]
uid = www
gid = www
socket = :28080
chdir = /var/www/prod_demo
master = True
venv = /var/www/venv
callable = app
wsgi-file = /var/www/prod_demo/manage.py
enable-threads = True