How to hide direct access of your video/images file in Nginx? - nginx

I am using Nginx Server. I have some images and video in /video directory. I am using these video and images into my site, but I want to show an 403 error, if someone try to access them directly like this examples shows:
http://xysz.com/video/abc.png
I know it's possible in Apache by changing the .htaccess config, but not sure how to do the same in Nginx. How can I achieve this with Nginx?

You can use this,
server {
listen 80;
server_name xysz.com;
root /var/www/xysz.com/html ;
location /assets/ {
valid_referers xysz.com/ xysz.com/video/index.html;
if $invalid_referer {
deny all;
}
}

Related

Nginx reverse proxy return 502

I'm very new to nginx and server game and i'm trying to setup a reverse proxy. Basically what i need is when i enter my server ip it should open a particular website (Ex: https://example.com).
So for example if i enter my ip (Ex: 45.10.127.942) it should open the website example.com , but the url should remain as http://45.10.127.942.
I tried to set my server configuration as follows but it returns a 502 error.
server {
listen 80;
location / {
proxy_pass http://example.com;
}
}
It returns a 502 error. Can you please explain what i need to do?
You can have something like this in your configuration file:
server {
root /var/www/html;
server_name _;
location / {
try_files $uri $uri/ /index.html;
}
}
Place the index.html file in root folder specified.
Then just restart the NGINX and it should work.
What is the problem with your configuration file is you should not proxy_pass.
If you want to open the other website, you should have DNS record pointing to that IP. What actually happens is the thing you are trying to do is known as CLICKJACKING. For more details, search CLICKJACKING on google and you will find a lot of references.

Want to redirect the server url to server/somestring through nginx

want to redirect the server url to server url/somestring through nginx.conf.
Tried location /somestring{} inside server tag in nginx.conf, didn't work.
Please suggest how can i achieve that.
An example of nginx config that allows to redirect multiple domains.
You can use a similar approach to redirect paths as well.
map $http_host $redirect_destination {
hostnames;
default where-to-go-by-default;
my-domain where-to-redirect-my-domain;
}
server {
listen 80;
location / {
return 301 https://$redirect_destination/some-path;
}
}

Nginx Proxy for PlayFramework from port to path prefix

I have a Play application listening on a local port :9000. There are other applications running.
I would like to server this application at a path like:
http://myhost/this-play-app -> localhost:9000
So that other apps could be nested at other paths.
I've tried the basic proxy_pass but it doesn't seem to work.
server {
listen 80;
server_name myhost;
# MMC Tool
# ----------------------------------------------------
location /this-play-app {
proxy_pass http://localhost:9000;
}
}
The play app seems to forward to the root. Is there a way to trick the play app to work within the /this-play-app path ?
Like /this-play-app/some-controller instead of /some-controller ?
Thanks
Using apps in folders isn't comfortable idea - you would need to at least prepare some dedicated config and change it each time when changing the location.
Instead as other suggested you should use subdomains, in this case each app behaves exactly the same as in the root domain and even if you will need/want to change that domain all you'll need will be change in the nginx's config.
Typical nginx's config looks like
upstream your_app {
server 127.0.0.1:9000;
}
server {
listen 80;
server_name your-app.domain.com;
location / {
proxy_pass http://your_app;
}
}
Most probably on some VPS or shared hosts you'll need to add the subdomain by some kind of admin's panel - on localhost just need add the subdomain to the hosts file.
Edit if using subdomain is not possible anyway (pity) you can workaround it anyway by config, in nginx use (as you did in question:
...
location /this-play-app {
proxy_pass http://your_app;
}
...
and then add this line into your application.conf (Play 2.1+)
application.context = "/this-play-app"
Or this in case of Play 2.4+ (info)
play.http.context = "/this-play-app"

Nginx: Prevent direct access to static files

I've been searching for a while now but didn't manage to find anything that fits my needs. I don't need hotlinking protection, as much as I'd like to prevent people from directly accessing my files. Let's say:
My website.com requests website.com/assets/custom.js, that'd work,but I'd like visitors which directly visit this file to get a 403 status code or something. I really have no idea if it's possible, and I don't have any logical steps in mind..
Regards !
You can use nginx referer module: http://nginx.org/en/docs/http/ngx_http_referer_module.html.
Something like this:
server {
listen 80;
server_name website.com;
root /var/www/website.com/html ;
location /assets/ {
valid_referers website.com/ website.com/index.html website.com/some_other_good_page.html ;
if ($invalid_referer) {
deny all;
}
}
}
This config guard assets directory. But remember, that not guaranteed and worked only for browser - any body can emulate valid request with curl or telnet. For true safety you need use dynamic generated pages with dynamic generated links.
You do not need to create the variable $invalid_referer as this is set by the nginx module.
If you nginx powered development instances are showing up in Google search results, there is a quick and easy way to prevent search engines from crawling your site. Add the following line to the location block of your virtualhost configuration file for the block that you want to prevent crawling.
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
You can simply deny access to any folder or file just by putting these lines with your folders' name
location ~ /(no_access_folder|folder_2)
{
deny all;
return 403;
}

Nginx config file only working for ''/"

I am setting up nginx as a sort of static file server. For some reason it is only working when I go to 123.123.123.123/ or 123.123.123.123. However, when I go to 123.123.123.123/static/content/ or 123.123.123.123/static/content/another.mp3 it returns a 404 not found. Here is the config file that is located in /etc/nginx/sites-available and linked to /etc/nginx/sites-enabled. I am really stumped as to why it is not working.
Any pointers or tips would be appreciated.
server {
listen 123.123.123.123:80;
server_name "";
location / {
root /srv/homepage;
index index.html;
}
location /static/content/ {
root /srv/static/content;
index song.mp3;
}
}
Look into logs.
Seems like nginx tries to open paths like /srv/static/content/static/content/file.mp3
You need to rewrite url here, try this:
rewrite /static/content/(.*) /$1 break;

Resources