Rewrite rule for Nginx - nginx

I got Nginx server with HTTP (80 port) and HTTPS (443). But it is behind router and port forwarding is like 17014 for HTTP and 17004 for HTTPS. Redirection from HTTP to HTTPS works well but I have problems with request for HTTPS. For example I should see my application when I'm going to address "https://domain:17004" but I can see it only when I'm going to "https://domain:port/panel_admin/login". How to write correct rewrite rule or something? Here is my actually configuration:
server {
listen 80;
listen [::]:80;
rewrite ^ https://strona:port_1$request_uri? permanent;
}
server {
listen 443 ssl;
ssl_certificate /var/projekt/release_candidate/tags/0.4.1/trunk/zlight/webapp/cert/ssl.cert;
ssl_certificate_key /var/projekt/release_candidate/tags/0.4.1/trunk/zlight/webapp/cert/ssl.key;
location / {
proxy_pass http://localhost:4000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
location /static {
alias /var/projekt/release_candidate/tags/0.4.1/trunk/zlight/webapp/static/;
}
}

I solved the problem. Correct configuration looks like
server {
listen 80;
listen [::]:80;
rewrite ^ https://strona:port_https$request_uri? permanent;
}
server {
listen 443 ssl;
ssl_certificate /var/projekt/release_candidate/tags/0.4.1/trunk/zlight/webapp/cert/ssl.cert;
ssl_certificate_key /var/projekt/release_candidate/tags/0.4.1/trunk/zlight/webapp/cert/ssl.key;
location / {
proxy_pass http://localhost:4000;
proxy_set_header Host $host:port_http;
proxy_set_header X-Real-IP $remote_addr;
}
location /static {
alias /var/projekt/release_candidate/tags/0.4.1/trunk/zlight/webapp/static/;
}
}
So no rewrite. :)

Related

nginx redirect with keeping non-standard port in url

I have an endpoint like https://app1.company.com:5555 and will like to be able to browse the website with the port number in the url for all pages and also be able to browse without the port number at let say the other server_name of https://dev-app1.company.com
so for example https://app1.company.com:5555/tag/general , https://dev-app1.company.com/categories/ulmighty should all work
how do I get nginx to redirect and keep port in name whenever the port is there?
currently have this
server {
listen 80;
server_name dev-app1.company.com app1.company.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name dev-app1.company.com app1.company.com;
location ^~ / {
rewrite ^/(.*)$ /$1 break;
proxy_pass http://localhost:9090;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
}
}
but the issue is it does not redirect with the port number, i want it to be able to redirect with the port number in url as long as the service is running on that port and it is running on the 5555 port
UPDATE:
App is listening on port 5555 already and i can access here at https://app1.company.com:5555
when i have this
server {
listen 80;
server_name app1.company.com;
return 301 https://app1.company.com:5555$request_uri;
}
but now i want to add more server names so i can also access the other server names with no port at all
Was able to fix this with having an extra server block for the standard and non-standard port
so here is final setup
server {
listen 80;
server_name dev-app1.company.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name dev-app1.company.com;
location ^~ / {
rewrite ^/(.*)$ /$1 break;
proxy_pass http://localhost:9090;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
}
}
server {
listen 80;
server_name app1.company.com;
return 301 https://app1.company.com:5555$request_uri;
}
server {
listen 443 ssl;
server_name app1.company.com;
location ^~ / {
rewrite ^/(.*)$ /$1 break;
proxy_pass http://localhost:9090;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
}
}

nginx: [emerg] host not found in upstream with local IPs

I've read similar questions with same error, but nothing matches my problem, because my upstream servers have local IPs.
The server is a proxmox machine with some different vms.
One is for nginx reverse gateway/proxy, the other are vms with several docker containers.
I want to setup a fallback (backup) for one container.
The config of the nginx reverse gateway/proxy containing these machines is:
server {
listen 80;
server_name my-web.page;
return 301 http://www.my-web.page$request_uri;
}
server {
listen 80;
listen [::]:80;
server_name www.my-web.page;
location / {
return 301 https://www.my-web.page$request_uri;
}
}
server {
listen 443 ssl;
server_name my-web.page;
return 301 https://www.my-web.page$request_uri;
ssl_certificate /etc/ssl/my/my-web.page.chained.crt;
ssl_certificate_key /etc/ssl/my/my-web.page.key.pem;
}
upstream backend {
server 192.168.200.210:8030 max_fails=1 fail_timeout=600s;
server 192.168.200.211:8031 backup;
}
server {
listen 443 ssl;
ssl_certificate /etc/ssl/my/my-web.page.chained.crt;
ssl_certificate_key /etc/ssl/my/my-web.page.key.pem;
server_name www.my-web.page;
location ~ ^/$ {
# rewrite only the root page, other urls see next rule
return 301 https://www.my-web-page-microsite.de/;
}
location / {
resolver 127.0.0.1 valid=30s;
# pass to backend-client, failover to second container for the next 5 minutes
proxy_pass http://backend;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Server-Address $server_addr;
proxy_ssl_verify off;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
}
If something is wrong with my backend-client-servers, nginx won't start.
Isn't there a possibilty to override the check on starting/restarting nginx?

nginx redirect http to https domain

My application is running on AWS EC2 instance. I have a domain name using HTTPS from cloudflare. I have added "A record" at cloudflare to EC2 IP address
The following in the Nginx configuration i used
step 1)
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name inzack.com www.inzack.com;
rewrite ^\/[^\/]+\/(.*) /$1 redirect;
location / {
return 301 https://$server_name$request_uri;
}
}
server {
listen 443;
server_name inzack.com www.inzack.com;
ssl on;
ssl_certificate /home/ubuntu/certificates/inzack.crt;
ssl_certificate_key /home/ubuntu/certificates/inzack.key;
real_ip_header X-Forwarded-For;
set_real_ip_from 127.0.0.1;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://127.0.0.1:5000;
}
}
step 2) sudo nano /etc/nginx/sites-available/inzack.com
The following is the entry in the file:
upstream inzack.com {
server 127.0.0.1:5000;
}
server {
listen 80;
listen [::]:80;
server_name inzack.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarder-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass https://inzack.com;
proxy_redirect on;
}
}
I tried all these links:
http to https redirection on nginx
Node.js + Nginx - What now?
Any help on this would be really great...
Thanks
k
No need to change in etc/Nginx/Sites-available/ folder
Step 1) # cloudflare changed page rules to Https
Step 2)
server{
listen 80;
server_name inzack.com www.inzack.com;
location /
{
proxy_pass http://127.0.0.1:4000;
}
}
server {
listen 443;
server_name inzack.com www.inzack.com;
ssl on;
# copy these files from cloudflare save it as .crt and .key
# cop
ssl_certificate /home/ubuntu/certificates/inzack.crt;
ssl_certificate_key /home/ubuntu/certificates/inzack.key;
real_ip_header X-Forwarded-For;
set_real_ip_from 127.0.0.1;
location / {
proxy_pass http://127.0.0.1:4000;
}
}
Restart the Nginx server

nginx config does not get second domain on same server correctly

Setup: Ubuntu 18.04 Nginx Apache Varnish PHP Server
Nginx handles the traffic in the first place.
I have two domains pointing to the same server.
The first Domain works correct, the second one only redirects to the first one.
What is wrong with my configs?
First config which works fine
(Here the nginx works as an reverse proxy for the varnish and Apache.)
upstream varnish {
server 127.0.0.1:6081;
}
upstream apache {
server 127.0.0.1:8080;
}
server {
if ($host = domain1.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80 default_server;
server_name domain1.com;
include inc/acme-challenge.conf;
location / {
return 301 https://domain1.com$request_uri;
}
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2;
#client_max_body_size 120M;
server_name domain1.com;
location /wp-content/uploads {
alias /var/www/website/wp-content/uploads;
include inc/gzip.conf;
include inc/browser-cache.conf;
}
error_page 502 /502.html;
location = /502.html {
alias /var/www/website/502.html;
}
location / {
proxy_pass http://varnish;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Host $host;
}
location ^~ /phpmyadmin {
allow 45.77.141.32; #qundg
allow 87.191.170.222; #qundg
deny all;
proxy_pass http://varnish;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Host $host;
}
ssl_certificate /etc/letsencrypt/live/domain1.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain1.com/privkey.pem; # managed by Certbot
}
And here ist the second config (this one does not work)
The Domain should only be managed by the nginx without the Apache or Varnish service.
server {
listen 80;
listen [::]:80;
server_name domain2.com *.domain2.com;
root /var/www/domain2.com;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name domain2.com *.domain2.com;
root /var/www/domain2.com;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
Here ist the default config
server {
server_name _;
listen *:80 default_server deferred;
error_log /var/log/nginx/default_server_error.log;
return 444;
}
You're using a wildcard in the second DNS name, that should be something that's not recognized in your certificate.
To get a wildcard you could follow instruction here https://medium.com/#saurabh6790/generate-wildcard-ssl-certificate-using-lets-encrypt-certbot-273e432794d7
I have few case in which I have more than 1 DNS pointing to the same website and for those I created different nginx configuration files, and applied for each che certbot authentication. I noticed that using 3rd level dns (something.mysyte.com) in the same config file brouth certbot to override certificates when I had more than 1.
In your specific case you have 2 dns name in the second configuration and one has a wildcard. If you try to remove the dns with the wildcard and reinstall certificates it should work. You can then setup a new block with each 3rd level domain and get certificate for each one, or follow the guide to get the wildcard certificate.

nginx proxy transfer to another server

Nginx server is at 192.168.5.13.
I have Nginx as reverse proxy for SSL Letsencrypt which works fine.
I would like to add ollowing:
www.nonprofitcloud.be is working fine and returns https://www.nonprofitcloud.be located at 192.168.5.26.
However I would like to add webmail.nonprofitcloud.be to point to 192.168.5.1/mewebmail where my Mailenable Server is residing (Windows Server, IIS 7).
So: webmail.nonprofitcloud.be should point to 192.168.5.1/mewebmail
Any idea?
My conf:
server {
listen 443 ssl;
server_name www.nonprofitcloud.be nonprofitcloud.be;
ssl_certificate /etc/letsencrypt/live/www.nonprofitcloud.be/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.nonprofitcloud.be/privkey.pem;
location / {
proxy_pass http://192.168.5.26;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 80;
server_name www.nonprofitcloud.be nonprofitcloud.be;
location /.well-known/acme-challenge {
root /var/www/letsencrypt;
}
location / {
return 301 https://$host$request_uri;
}
}
You need to add another server block:
server {
listen 80;
server_name webmail.nonprofitcloud.be;
location / {
proxy_pass http://192.168.5.1/mewebmail;
}
}

Resources