I've installed nginx and set it up as a forward proxy (see attached nginx.conf)
The server became overloaded and it seems like someone else was using it.
is there a way to limit the nginx proxy to receive request only from specific ips?
Please explain how I should change the nginx.conf to do it for ip 123.456.123.345
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
gzip on;
server {
listen 8080;
location / {
resolver 8.8.8.8;
proxy_pass http://$http_host$uri$is_args$args;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
Do it like this:
location / {
allow 123.456.123.345;
deny all;
resolver 8.8.8.8;
proxy_pass http://$http_host$uri$is_args$args;
}
From the docs:
The rules are checked in sequence until the first match is found.
So if IP equals 123.456.123.345, access will be allowed, otherwise - denied.
If you want to allow multiple IPs, you can specify them before deny all;:
allow 123.456.123.345;
allow 345.123.456.123;
deny all;
"location" directive should be inside a 'server' directive
Related
On my server two types of services are running. some services are normal and need ssl certificate but one service should use pass through. I read the document and what I understood is that I need to create a stream on a new port. if I am using 443 for ssl then I can't use it for passthrough.so created a pass through stream on a new port 8443. Every thing works fine but for passthrough service I need to enter the port along with url e.g https://production-server:8443. I want it like
https://production-server:8443 -> https://production-server
so my question is can we reroute a request in nginx ? here is my configuration
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream unsecure{
server prod-exec:8040 ;
keepalive 64;
}
upstream secure {
server prod-exec:9001
keepalive 64;
}
server {
listen 80;
server_name ServerA;
access_log C:/nginx-1.20.1/logs/access.log upstreamlog;
#error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location / {
proxy_pass http://unsecure/services;
}
location /services/countingservice {
proxy_pass http://unsecure;
}
}
location /services/balancingservice {
proxy_pass http://unsecure;
}
}
server {
listen 443 ssl;
server_name server-A:443;
access_log C:/software/nginx-1.20.1/logs/access.log upstreamlog;
ssl_certificate C:\\nginx-1.20.1\\ssl\\certificate.crt;
ssl_certificate_key C:\\nginx-1.20.1\\ssl\\certificate_key.key;
error_page 401 /test_401.html;
location = /test_401.html {
root /C:/nginx-1.20.1/html;
internal;
}
location / {
proxy_pass https://secure/services;
}
location /services/countingservice {
proxy_pass http://secure;
}
}
location /services/balancingservice {
proxy_pass http://secure;
}
}
stream {
access_log C:/nginx-1.20.1/logs/access.log main;
upstream passthrough_test {
server prod-exec:9001 max_fails=2 fail_timeout=180s ;
# Definition of Nginx server (URL + Port) for Application 1
server {
listen server A: 84443;
listen 84443;
proxy_pass passthrough_test;
proxy_next_upstream on;
}
}
I don't want to add port with URL for pass through. so if I config the passthrough on 443 can nginx filter the request by recognizing it's pattern?
or is there any other way?
Any help would be appreciated. Thanks in Advance.
I've just downloaded NGINX for Windows and I'm struggeling a bit.
It's up and running with my index file showing at 127.0.0.1:8080, but I'm having problems with connection my web server to my domain.
From what I understand from the documentation I've read online, I had to change the DNS properties at my registrar like this (target-IP is my public IP):
Here is my nginx.conf file:
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 8080;
server_name erikbugge.no www.erikbugge.no;
location / {
root www;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root www;
}
}
}
I have also port-forwarded port 8080 to my local IP address in my router.
The problem now is that whenever I'm trying to access my webpage www.erikbugge.no it simply redirects me to my public IP address.
I'm pretty sure I'm doing something wrong, but I have no idea what it is.
Please be gentle, I'm new to this web server stuff.
I have a supervisord server running on localhost:9001.
I am trying to serve it at localhost/supervisord.
The nginx config is like this:
worker_processes 1;
error_log /var/log/nginx/error.log;
pid /tmp/nginx.pid;
#daemon off;
events {
worker_connections 1024;
}
http {
# MIME / Charset
default_type application/octet-stream;
charset utf-8;
# Logging
access_log /var/log/nginx/access.log;
# Other params
server_tokens off;
tcp_nopush on;
tcp_nodelay off;
sendfile on;
upstream supervisord {
server localhost:9001;
}
server {
listen 80;
client_max_body_size 4G;
keepalive_timeout 5;
location ^~ /stylesheets {
alias /Users/ocervell/.virtualenvs/ndc-v3.3/lib/python2.7/site-packages/supervisor/ui/stylesheets;
access_log off;
}
location ^~ /images {
alias /Users/ocervell/.virtualenvs/ndc-v3.3/lib/python2.7/site-packages/supervisor/ui/images;
access_log off;
}
location /supervisord {
# Set client IP / Proxy IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
# Set host header
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://supervisord/;
}
}
}
Before adding ^~ /images and ^~ /stylesheets locations the page was returning a 502 Bad Gateway.
With the above config I am able to access localhost/supervisord but the CSS is missing on the page.
I see the css / images are loaded correctly in the browser:
But I see an error message in the browser console and it seems to be the culprit:
The mimetype in the browser for localhost/stylesheets/supervisor.css it shows as octet-stream instead of text/css.
The mimetype in the browser for localhost:9001/stylesheets/supervisor.css it shows as the correct text/css.
How can I fix this error ?
I thought about dynamically rewriting the mimetype for static files, but I am not an expert in nginx and have no idea how to do that from nginx config.
It's really interesting such an obvious function like putting web interfaces behind transparent reverse proxy is not that straightforward to configure as it should be.
Anyway this is what I do to get reverse proxy working with applications where root can't be modified, like supervisor:
location /supervisor {
proxy_pass http://127.0.0.1:9001/;
}
location / {
if ($http_referer ~ "^.*/supervisor"){
return 301 /supervisor/$request_uri;
}
}
Application-side requests will hit the main end-point but then NginX will re-direct them to the /supervisor EP
This works in most cases but not always.The following supervisor's web functions will fail:
getting action confirmation - you can start / stop services but the result page will fail to load; just go to the /supervisor EP to check the result
live tail does not work; however there is a log display with manual refresh which works under the link with the program name.
Anyway this partial support is good engough for me and you may find it also useful.
I was able to get it working simply with this:
upstream supervisor {
server 127.0.0.1:9001;
}
server {
# ...
location /supervisor/ {
proxy_pass http://supervisor/;
}
}
Even worked in the browser with and without ending slash in url (ie both http://example.com/supervisor and http://example.com/supervisor/ worked).
This was a must for me!
My apologies if the title isn't descriptive, I wasn't sure how to word this. I need to connect to a VPN, and need a specific IP address to do it. I was wanting to use Nginx configured as proxy server to do this. Here is my Nginx config file:
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
gzip on;
server {
listen 8080;
server_name name;
location / {
resolver 8.8.8.8;
proxy_pass http://$http_host$uri$is_args$args;
proxy_bind 10.0.0.13;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
I had thought I could achieve what I wanted with proxy_bind, but whenever I try to connect to a website I am given an Nginx error page. I checked the error log, and I get an error saying it couldn't assign the address. I don't even know if that's actually what I want to do. Any suggestions? Thanks in advance.
I'm trying to set up a simple nginx server to act as a proxy between my front end ui and my back end api. The setup is fairly simple. The UI makes all api requests to /api/endpoint and the proxy server passes the request to the api. The proxy also needs to rewrite the request so that instead of going to http://api.location.net/api/endpoint, it goes to http://api.location.net/endpoint. The UI resides on http://api.location.net. This part isn't working (i get a 500 error) and I'm pretty sure it has to do with how I'm writing my rewrite rule. Here's my nginx config.
daemon off;
error_log off;
worker_processes 2;
worker_rlimit_nofile 100000;
events {
worker_connections 50000;
accept_mutex off;
}
http {
include /etc/nginx/mime.types;
access_log off;
sendfile on;
server {
listen 80 default_server;
server_name localhost _;
location / {
alias /srv/site/;
}
location /api/ {
rewrite ^/api ""; # I think this is the problem
proxy_pass http://api.location.net;
proxy_pass_request_headers on;
proxy_pass_header X-ResponseData;
proxy_redirect off;
}
}
}
Any help would be greatly appreciated, nginx is still fairly new for me and the documentation on nginx rewrite doesn't seem to have what I need.
If I understood you right, this should help
location /api/ {
proxy_pass http://api.location.net/;
proxy_pass_request_headers on;
proxy_pass_header X-ResponseData;
proxy_redirect off;
}
Note the URI part at proxy_pass directive
If the proxy_pass directive is specified with a URI, then when a
request is passed to the server, the part of a normalized request URI
matching the location is replaced by a URI specified in the directive:
http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass