Ngnix Jsession changed redirection issue - nginx
There is a setup like one application is running on www.xyz.com and there is one report that make rest hits to an application hosted on www.abc.com.
Due to odd issue of CORS on IE8, we are making the rest hit on www.xyz.com but actually services are hosted on www.abc.com so at ngnix level we are redirecting the rest request from www.xyz.com to www.abc.com.
But after using the report on www.xzy.com app when we go to another page then session gets expired. jsessionid is changed after using the report on www.xyz.com.
Thanks in advance.
server {
listen 80;
server_name www.xyz.com;
charset utf-8;
rewrite ^(.*) https://$server_name$1 permanent;
}
server {
listen 443;
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /etc/nginx/ssl.crt/server.crt;
ssl_certificate_key /etc/nginx/ssl.key/server.key;
server_name www.xyz.com;
error_log /var/log/nginx/error.log;
charset utf-8;
location / {
proxy_pass http://localhost:97;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
client_max_body_size 10M;
}
location /api/rest/b2b/v1/report/filters/program-summary {
proxy_pass http://localhost:90/api/rest/b2b/v1/report/filters/program-summary;
proxy_redirect off;
proxy_pass_request_headers on;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
client_max_body_size 10M;
proxy_set_header X-Forwarded-Proto https;
'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,origin,authorization,accept,client-security-token';
}
location /api/rest/b2b/v1/report/headers/grid/program-summary/DATAGRID {
proxy_pass http://localhost:90/api/rest/b2b/v1/report/headers/grid/program-summary/DATAGRID;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_request_headers on;
proxy_set_header Host $http_host;
client_max_body_size 10M;
proxy_set_header X-Forwarded-Proto https;
'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,origin,authorization,accept,client-security-token';
}
location /api/rest/b2b/v1/report/headers/grid/program-summary/SALES_REP {
proxy_pass http://localhost:90/api/rest/b2b/v1/report/headers/grid/program-summary/SALES_REP;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_request_headers on;
proxy_set_header Host $http_host;
client_max_body_size 10M;
proxy_set_header X-Forwarded-Proto https;
'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,origin,authorization,accept,client-security-token';
}
location /api/rest/b2b/v1/report/filters/variable/program-summary {
proxy_pass http://localhost:90/api/rest/b2b/v1/report/filters/variable/program-summary;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_request_headers on;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,origin,authorization,accept,client-security-token';
}
location /api/rest/b2b/v1/query/program-summary/barchart {
proxy_pass http://localhost:90/api/rest/b2b/v1/query/program-summary/barchart;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_request_headers on;
proxy_set_header Host $http_host;
client_max_body_size 10M;
proxy_set_header X-Forwarded-Proto https;
'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,origin,authorization,accept,client-security-token';
}
location /api/rest/b2b/v1/query/program-summary/datagrid {
proxy_pass http://localhost:90/api/rest/b2b/v1/query/program-summary/datagrid;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_request_headers on;
proxy_set_header Host $http_host;
client_max_body_size 10M;
proxy_set_header X-Forwarded-Proto https;
'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,origin,authorization,accept,client-security-token';
}
location /api/rest/b2b/v1/query/program-summary/status_pie {
proxy_pass http://localhost:90/api/rest/b2b/v1/query/program-summary/status_pie;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_request_headers on;
proxy_set_header Host $http_host;
client_max_body_size 10M;
proxy_set_header X-Forwarded-Proto https;
'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,origin,authorization,accept,client-security-token';
}
location /api/rest/b2b/v1/query/program-summary/summary {
proxy_pass http://localhost:90/api/rest/b2b/v1/query/program-summary/summary;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_request_headers on;
proxy_set_header Host $http_host;
client_max_body_size 10M; 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,origin,authorization,accept,client-security-token';
}
location /api/rest/b2b/v1/query/program-summary/sales_datagrid {
proxy_pass http://localhost:90/api/rest/b2b/v1/query/program-summary/sales_datagrid;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_request_headers on;
proxy_set_header Host $http_host;
client_max_body_size 10M;
'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,origin,authorization,accept,client-security-token';
}
location /api/rest/b2b/v2/constants/CDN_URL {
proxy_pass http://localhost:90/api/rest/b2b/v2/constants/CDN_URL;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_request_headers on;
proxy_set_header Host $http_host;
client_max_body_size 10M;
}
location ~ ^/templates/(.*)$ {
alias /webroot/reporting-dashboard/templates/$1;
}
location ~ ^/data/(.*)$ {
alias /webroot/reporting-dashboard/data/$1;
}
location ~ ^/styles/(.*)$ {
alias /webroot/reporting-dashboard/styles/$1;
}
location ~ ^/bower_components/(.*)$ {
alias /webroot/reporting-dashboard/bower_components/$1;
}
location /scripts/62219e5b.vendor.js {
alias /webroot/reporting-dashboard/scripts/62219e5b.vendor.js;
}
location /scripts/9ec589bc.plugins.js {
alias /webroot/reporting-dashboard/scripts/9ec589bc.plugins.js;
}
location /scripts/e13d4652.main.js {
alias /webroot/reporting-dashboard/scripts/e13d4652.main.js;
}
error_page 502 503 504 /vzb_50x.html;
location = /vzb_50x.html {
root /tomcats/webapps/ROOT/static/errorFiles;
}
}
Adding the proxy_hide_header Set-Cookie; in conf file has solved the problem. This basically removed the cookies from the response.
https://serverfault.com/questions/641417/nginx-not-processing-proxy-hide-header-and-proxy-ignore-headers
Related
Configure multiple servers in a same domain in nginx
Need to configure nginx to have multiple services in same domain.
my nginx.conf file as below
server {
listen 80;
listen [::]:80;
server_name www.example.com example.com;
access_log /var/log/nginx/host.access.log main;
location ^~ /.well-known/acme-challenge/ {
alias /var/www/acme-challenge/;
}
return 301 https://$host$request_uri;
}
server {
listen 443;
listen [::]:443;
server_name www.example.com example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl on;
access_log /var/log/nginx/host.access.log main;
#
# # Enable server-side protection against BEAST attacks
# ssl_protocols TLSv1.2;
#
ssl_trusted_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
location ^~ /.well-known/acme-challenge/ {
alias /var/www/acme-challenge/;
}
location /cms/ {
proxy_pass http://cms-container:1337;
rewrite ^/sdcms/?(.*)$ /$1 break;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_redirect off;
}
location /chat {
proxy_pass http://chat-container:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_redirect off;
}
location /auth {
proxy_pass http://auth-container:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_redirect off;
}
location /service {
proxy_pass http://service-container:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_redirect off;
}
location / {
proxy_pass http://web:8060/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_redirect off;
}
}
Here, the baseurl (/) works fine. We are able to see other services pages(/auth, /cms, /chat, /services) on the initial load only. When we try to access the pages, it throws an error "page not found" from baseurl application.
Duplicate listen error with Asp Net Core Nginx Multiple Domain
I am trying to host multiple ASP NET Core sites with different domains on Linux, Unbunt 18.04 and using nginx as reverse proxy.
I got error as "duplicate listen options for 80". What is reason for this error and How can I solve this error?
The default nginx conf is:
server {
listen 80;
server_name domain1.com www.domain1.com;
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 80;
server_name domain2.com domain2.com;
location / {
proxy_pass http://localhost:5005;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
you can create a sigle file for each app...
for domain1.com you can create an archive domain1.com like this:
upstream app1{
server 192.168.1.250:5000;
}
server {
server_name domain1.com www.domain1.com;
listen 80;
#Redirects traffic
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 32 4k;
proxy_pass http://app1;
}
}
for domain2.com you can create an archive domain2.com like this:
upstream app2{
server 192.168.1.250:5005;
}
server {
server_name domain2.com www.domain2.com;
listen 80;
#Redirects traffic
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 32 4k;
proxy_pass http://app2;
}
}
alertmanager unsee behind nginx proxy
I'm trying to serve alertmanager and unsee from the same container.
In my testing:
I background alertmanager
I background unsee
I run /sbin/nginx
when I visit / I can see alertmanager
when I visit /unsee I get ERR_INVALID_RESPONSE
I can curl http://127.0.0.1:8080 and see that unsee is serving files
I have the below config in /etc/nginx/sites-enable
server {
listen 9093;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:9094;
proxy_redirect off;
# Socket.IO Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /unsee/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:8080;
proxy_redirect off;
# Socket.IO Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
so the configuration should be like this ...
server {
listen 9093;
server_name alertmanager.*;
location / {
resolver 127.0.0.11 ipv6=off;
set $target http://container_hostname:9094;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass $target;
}
}
server {
listen 9093;
server_name unsee.*;
location / {
resolver 127.0.0.11 ipv6=off;
set $target http://container_hostname:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass $target;
}
}
nginx not finding some JS files
server {
listen 80;
access_log /var/log/nginx/dashboards.access.log;
error_log /var/log/nginx/dashboards-reg.error.log;
root /usr/share/nginx/htmlresource;
location /performance-platform/landlord-reg {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://landlord-reg/dashboard/landlord-reg/pages/;
proxy_redirect http://landlord-reg/dashboard/landlord-reg/pages/ $scheme://;
}
location ~* \.(jpg|ttf|jpeg|svg|png|gif|ico|css|js|eot|woff|woff2)$ {
root /usr/share/nginx/html/dashboards/landlord-reg/pages;
proxy_pass http://landlord-reg;
}
location /performance-platform/discharges {
root /usr/share/nginx/html/dashboards/discharges/pages;
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://discharges/dashboard/discharges/pages/;
proxy_redirect http://discharges/dashboard/discharges/pages/ $scheme://;
}
location ~* \.(jpg|jpeg|svg|png|gif|ico|css|js|eot|woff|woff2)$ {
root /usr/share/nginx/html/dashboards/discharges/pages;
try_files /usr/share/nginx/html/dashboard/discharges/pages $uri;
proxy_pass http://discharges;
}
}
The above is the more or less the full nginx config that is in sites-available. the upstream servers are docker containers though that shouldn't really make any difference.
This finds all but 2 of my js files.
<script src="../resource/feedconf.js"></script>
This is NOT found ^^^
where as this is
<script src="../../../assets/js/widgets/errorWidget.js"></script>
I've tried 2 different approaches to achive the same thing one for landlord and one for discharges but neither work. Ran out of ideas hence the question on here.
On a initial look of the code I understand perhaps you meant to do the following. It would be better if you shared your folder hierarchy.
server {
listen 80;
access_log /var/log/nginx/dashboards.access.log;
error_log /var/log/nginx/dashboards-reg.error.log;
root /usr/share/nginx/htmlresource;
location /performance-platform/landlord-reg {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://landlord-reg/dashboard/landlord-reg/pages/;
proxy_redirect http://landlord-reg/dashboard/landlord-reg/pages/ $scheme://;
} <-- delete this from here
location ~* \.(jpg|ttf|jpeg|svg|png|gif|ico|css|js|eot|woff|woff2)$ {
root /usr/share/nginx/html/dashboards/landlord-reg/pages;
proxy_pass http://landlord-reg;
}
} <- add this here
location /performance-platform/discharges {
root /usr/share/nginx/html/dashboards/discharges/pages;
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://discharges/dashboard/discharges/pages/;
proxy_redirect http://discharges/dashboard/discharges/pages/ $scheme://;
} <-- delete this from here
location ~* \.(jpg|jpeg|svg|png|gif|ico|css|js|eot|woff|woff2)$ {
root /usr/share/nginx/html/dashboards/discharges/pages;
try_files /usr/share/nginx/html/dashboard/discharges/pages $uri;
proxy_pass http://discharges;
} <- add this here
}
Rewrite plex media server url on nginx?
I have very limited knowledge with rewriting url in nginx. I have a plex media server running behind on nginx, i can access the dashboard with http://domain.com/web/index.html with these config i found on github:
upstream plex-upstream {
server plex-server.example.com:32400;
}
server {
listen 80;
server_name domain.com
location / {
if ($http_x_plex_device_name = '') {
rewrite ^/$ http://$http_host/web/index.html;
}
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_pass http://plex-upstream;
}
}
What i want is to remove /web/index.html so when i go to http://domain.com, the PMS dashboard will load. I tried some one liner rewrite rules already but all failed. Thanks.
I am not nginx specialist, but I had similar problem.
The diference is that I was not trying to alias domain.name/ to domain.name/web/,
My goal was to alias domain.name/plex/ to domain.name/web/.
I was getting redirects to web/index.html with all solutions I could find except this one Configure Plex Media Server Reverse Proxy nginx Linux.
The only one problem with this one was that if you go to web/ you will stay there.
So here is my creepy yet working solution:
upstream plex {
server localhost:32400;
}
server {
listen 80;
server_name domain.name;
server_name_in_redirect off;
location / {
proxy_pass http://localhost:8888;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
# Enables WS support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
}
location /web/index.html {
if ($http_x_should_not_redirect = ""){
return 301 https://domain.name/plex/index.html;
}
proxy_pass https://plex;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header x_should_not_redirect $host;
}
location /web {
proxy_pass https://plex;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header x_should_not_redirect $host;
}
location /plex {
proxy_pass https://127.0.0.1/web;
proxy_set_header X-should-not-redirect $host;
}
location /transmission/rpc {
proxy_pass http://localhost:9091;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
# Enables WS support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
}
location /transmission/web {
proxy_pass http://localhost:9091;
proxy_pass_header X-Transmission-Session-Id;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Enables WS support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/dovgastreetnas.viewdns.net/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/dovgastreetnas.viewdns.net/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
}
Hope this will help somebody.