Nginx as internal forward proxy - nginx

I have two servers, a proxy server running nginx, and a backend application server
From the outside, everything works as expected.
From the backend, I can access any outside server.
When trying to access the very website from the backend (e.g. wget https://www.my-server-name.com) server, it leads to a timeout.
This is my configuration:
server {
listen 172.25.9.64:80;
server_name www.my-server-name.com;
root /dev/null;
return 301 https://www.my-server-name.com$request_uri;
}
limit_conn_zone $server_name zone=data:10m;
server {
listen 172.25.9.64:443 ssl;
server_name www.my-server-name.com;
root /var/www;
ssl_certificate_key /etc/ssl/server.key;
ssl_certificate /etc/ssl/server.ca-bundle;
location / {
proxy_pass http://172.25.166.68:60936/;
proxy_redirect default;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
include /etc/nginx/proxy.conf;
}
}
Do you have any idea?
Thank you in advance :)

I simply had to add the corresponding IPs to /etc/hosts.

Related

Appwrite with Nginx

I installed Appwrite on an debian-server.
The https-port for Appwrite is 444 (443 was already used). Nginx redirects my subdomain to this port.
I have a custom SSL-certificate which is working for this domain and subdomains. I can open the appwrite via the subdomain but when I click "Sign Up" to create a root account for appwrite, I get the following Error:
Invalid Origin. Register your new client (appwrite.domain.de) as a
new Web platform on your project console dashboard
First I thought I have to set proxy_set_header Host $host; in the server-config, but then I am not able to open Appwrite... instead I get the Error
{"message":"Error: Server Error","code":500,"version":"1.0.1"}
Does someone has another idea or already fixed the same problem?
This is my Server-configuration in Nginx:
server {
server_name appwrite.domain.de;
location / {
proxy_pass https://localhost:444;
}
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/domain.de_ssl_certificate.cer;
ssl_certificate_key /etc/nginx/ssl/domain.de_private_key.key;
}
server {
listen 80;
server_name domain.de
www.domain.de
;
return 301 https://$host$request_uri;
}
server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/domain.de_ssl_certificate.cer;
ssl_certificate_key /etc/nginx/ssl/domain.de_private_key.key;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name domain.de
www.domain.de
;
location / {
try_files $uri $uri/ =404;
}
Thanks for the help ;)
You're right, you need to include the proxy_set_header Host $host; directive. You might also want to include the following under server:
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
and the following under location:
add_header X-Served-By $host;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $port;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass $forward_scheme://$server:$port$request_uri;
If you're seeing a 500 error, it would be best to check the docker logs for the appwrite container to see what the problem is.
On a side note, if you're looking for an easier way to manage Nginx, I highly recommend Nginx Proxy Manager (NPM). I use NPM in front of my Appwrite.

Nginx directs request to www.example.com but not to internal web application

I've installed several web applications on different ports on the same server. From that server when I send an http request using wget or curl the request goes through and I get the response. I've set up nginx server to not have to specify the port each time. Here's the related nginx config:
server {
listen 10.0.223.34:80;
server_name app1.domain.com;
access_log /var/log/nginx/app1.domain.com.access.log;
error_log /var/log/nginx/app1.domain.com.error.log;
location / {
proxy_pass http://10.0.223.34:8080;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
If I try app1.domain.com from outside I get 502 Bad gateway error. But if I change the proxy_pass to http:\\www.example.com, then nginx takes me to the example.com website.
Inside the nginx.conf file I've specified user nginx;. I've tried changing it to root but it didn't help either. Do you have any idea what else I need to check?
Try this:
upstream app1 {
server localhost:8080;
}
server {
listen 10.0.223.34:
server_name app1.domain.com;
access_log /var/log/nginx/app1.domain.com.access.log;
error_log /var/log/nginx/app1.domain.com.error.log;
location / {
proxy_pass http://app1;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

Nginx wildcard reverse proxy to same name

I want nginx to take any requests from *.example.com and send them to the same name (*.example.com), just using nginx for SSL, and so that I can externally use my local DNS.
server {
listen *:80;
listen 443 ssl;
server_name *.whitefamilyserver.com;
location / {
proxy_pass http://$host; # (host will normally be subdomain.example.com)
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
So if someone went to test.example.com, it would forward it to test.example.com (but since this is running from inside my home network, it will use the local DNS to resolve the client).

NGINX defaulting to welcome page on Second domain name pointing to node server

I have a Single Page Application running on a node server serving angular at www.xxx.com. This is currently working.
I am trying to server a second Node application named www.yyy.com however when I set up the NGINX server blocks it is defaulting to the NGINX welcome page.
www.xxx.com NGINX server block (Which is working fine):
server {
listen 80;
listen [::]:80;
server_name xxx.com.au www.xxx.com.au;
return 301 https://xxx.com.au$request_uri;
}
server {
listen 443;
server_name xxx.com.au www.xxx.com.au;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:3000/;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
}
ssl on;
ssl_certificate /etc/letsencrypt/live/xxx.com.au/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xxx.com.au/privkey.pem;
}
www.yyy.com Server block: (Currently only serving welcome page)
server {
listen 80;
server_name yyy.com www.yyy.com;
location /site {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:3002/;
proxy_redirect off;
}
}
I have all the DNS set up and the host names set up on my droplet as well. I am using Vultr running Ubuntu if that helps.
I have added both via symbolic link to Sites-available and the line is present in the conf file.
EDIT: As Henry pointed out I was server /site
location /site {
You're serving the app at /site and not /.
You can map different different config blocks to different URLs, so you could e.g. route /example to a different node server if you wanted.
Replacing location /site { with location / { as for your working block will serve your node application at the root. With no configuration for the root node nginx routes it to its default page.

Nginx server blocks

I'm trying to set my nginx to have 2 server blocks, one that lead to the default one atm and one that leads to my loadbalancer.
So I have set up my loadbalancer like this.
upstream backend {
server 192.168.24.28;
server 192.168.24.47;
}
server {
listen 80;
server_name MYURL
location / {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://backend;
proxy_redirect off;
}
}
and the default i have changed the listen to be
listen 192.168.24.30:80 default_server;
And the servers ip is 192.168.24.99
So if I understand it correctly, my settings should put the loadbalancer at 192.168.24.99 and the default at 192.168.24.30
So loadbalancer is placed correctly, but the 192.168.24.30 just gives me
ERR_CONNECTION_TIMED_OUT
Any idea what I might be doing wrong?

Resources