I'm trying to deploy a websocket server to Elastic Beanstalk.
I have a Docker container that contains both nginx and a jar server, with nginx just doing forwarding. The nginx.conf is like this:
listen 80;
location /ws/ { # <-- this part only works locally
proxy_pass http://127.0.0.1:8090/; # jar handles websockets on port 8090
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location / { # <-- this part works locally and on ElasticBeanstalk
proxy_pass http://127.0.0.1:8080/; # jar handles http requests on port 8080
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
I can run this docker locally and everything works fine - http requests are served, and I can connect websockets using ws://localhost:80/ws/ However, when I deploy to Elastic Beanstalk, http requests are still ok, but trying to connect websockets on ws://myjunk.elasticbeanstalk.com:80/ws/ gives a 404 error. Do I need something else to allow websockets on Elastic Beanstalk?
Ok, got it working. I needed the ElasticBeanstalk load balancer to use TCP instead of HTTP.
To do this from the AWS console (as it's laid out on 5/16/2015), go to your ElasticBeanstalk environment, choose "Configuration" on the left menu, under "Network Tier" there's a "Load Balancing" pane. Click its cog wheel, then you can change the load balancer protocol from http to tcp.
Related
Due to a mess of work networks i need to setup an NGINX reverse proxy to an external website that goes via the company MPLS proxy.
This is so other apps can point to an internal DNS address via HTTPS and then that address can either point to an internal STUB App which does not go through a proxy, or it's pointed to and ALB Listening on HTTPS that is pointed to the Reverse Proxy EC2 running listening on HTTP which sends it out to the External Host as a NGINX Transparent Reverse Proxy via HTTPS.
On the EC2 Instance if i do curl -x http://111.222.333.444:1234 https://external.host.name:5678 i get back an expected result from hitting the external host but i cannot get the same responce back from my nginx x host the upstream proxy seems to be denied access "Access Denied (policy_denied)"
Since i am not on my work computer i have to manually type out my current configuration so sorry if i make a mistake (Ip Addresses and Hosts obscured for obvious security reasons)
Also to rule out SELINUX issues i've set setenforce 0 for the moment untill i can get a working connection.
There are HTTP_PROXY and HTTPS_PROXY variables on the box set to another broxy, but i don't believe NGINX is using them, though i could be wrong.
My current configs after several hours of playing around:
under /etc/nginx/conf.d/proxy.conf
upstream proxy {
server 111.222.333.444:1234
}
under /etc/nginx/default.d/reverse-proxy.conf
location / {
proxy_buffering off;
proxy_pass http://proxy;
proxy_redirect http://proxy https://external.host.name:5678;
proxy_set_header Host external.host.name;
proxy_set_header Referer $http_referer;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-For $scheme;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
}
I believe that's the whole config at current, Sorry if i've forgotten anything. Does anyone have a working config for this type of setup or show me where i'm going wrong please?
Edit:
Further Info, if i do curl http://111.222.333.444:1234/https://external.host.name:5678 I get the same error as the NGINX result
The only difference i can see is the Host Header
on the failed one the Header is "Host: 111.222.333.444:1234"
on the success the Header is "Host: external.host.name:5678" and there's an additional header "X-Forwarded-For: 555.666.777.888"
I have not been able to figure out what the ip in the X-Forwarded-For is as it's not the box i am on
I have tried the following but all i get back from the proxy is Network Error (dns_server_failure)
location / {
proxy_buffering off;
proxy_pass http://111.222.333.444:1234/https://external.host.name:5678;
proxy_set_header Host external.host.name:5678;
proxy_set_header X-Forwarded-For 555.666.777.888;
}
I have a blazor-server application, which works correctly in all cases other than running behind reverse proxy (I've only tested with NGINX).
Browser is able to connect to /_blazor?id=xyz endpoint and successfully send/receive heartbeat messages. But events with button click etc. does not work at all. There are no error or warnings in console and application's logs.
Nginx config is written according to this .NET docs
Here is my setup:
map $http_connection $connection_upgrade {
"~*Upgrade" $http_connection;
default keep-alive;
}
server {
listen 80;
server_name service.example.com;
location / {
# App server url
proxy_pass http://localhost:9000;
# Configuration for WebSockets
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_cache off;
# WebSockets were implemented after http/1.0
proxy_http_version 1.1;
# Configuration for ServerSentEvents
# proxy_buffering off; # Removed according to docs
# Configuration for LongPolling or if your KeepAliveInterval is longer than 60 seconds
proxy_read_timeout 100s;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
I think the problem is because of nginx, as app works fine on my local machine.
If you need any more data, please comment below, I will provide.
Thanks in advance.
Apparently, cloudflare was also configured to proxy my request, and this somehow affected it.
Disabling cloudflare proxy and configuring https with let's encrypt solved the issue
Well, here we go.
I have an instance in Azure with ubuntu and I'm trying to access an web application out of this machine (Not LocalHost).
First I've installed all dotnet things to make a test application and runned
dotnet new mvc
I check inside Azure machine localhost:5000 and this app test work well.
Then I installed nginx to access my application remotelly. When I access the public IP I can see a page of nginx.
nginx Page
I've try to config thousand times to when I access the public IP the nginx redirect to my web app running in Azure Localhost.
One configuration I've try was
/etc/nginx/sites-enabled
server {
listen 80;
location / {
proxy_pass http://localhost:5000;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
Any Idea to make this works?
Sry for bad english
You have missed server_name parameter.
And if that's the only one config in config dir, then also add default_server option to listen directive, like this:
server {
listen 80 default_server;
server_name my.domain.com;
location / {
proxy_pass http://localhost:5000;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
Change my.domain.com to appropriate FQDN of your Azure instance, so that you can make requests not only by entering IP address in browser, but also with a host name.
And make sure that you have included that config in nginx.conf file, like:
include /etc/nginx/sites-enabled/*;
Hope it will help you to figure out.
How do I use nginx as proxy for a websocket ?
If I need to connect to socketSite.com:port from clientSite.com( javascript)
And I won't to show user's link "socketSite.com:port "
Can I use nginx proxy for redirecting requests from/to websocket server ?
Absolutely, you can! Use the following configuration:
location /myHandler{
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header HOST $host;
proxy_set_header X_Forwarded_For $remote_addr;
proxy_pass http://localhost:8880;
proxy_redirect default;
client_max_body_size 1000m;
}
I use spring websocket. /myHandler is my URL to create the websocket connection, http://localhost:8880; is my Tomcat server address. Nginx server and Tomcat are running on the same machine.
I currently trying to deploy my App on a EC2 Instance using Dokku and my first impression is that it's really amazing. Still I have some problems relating the configuration of my App that it's reachable via port 80 and not to the docker container port.
So for instance when i try to reach my app it's reachable under:
http://recipeapp.xxx.de:49169/
but not under
http://recipeapp.xxx.de/
My VHOST config looks like this:
xxx.de
The nginx.conf of the app is generated as the following:
upstream recipeapp { server 127.0.0.1:49169; }
server {
listen [::]:80;
listen 80;
server_name recipeapp.xxx.de;
location / {
proxy_pass http://recipeapp;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Request-Start $msec;
}
}
I add my remote with:
git remote add appstore dokku#xxx:recipeapp
And push it with:
git push appstore master
So what am I doing wrong? I now trying it for days to make it running correct but I don't see any possibilities any more.
Doublecheck the contents of /home/dokku/VHOST as root. The file should contain a single line, namely "xxx.de".
If the file is absent, touch /home/dokku/VHOST and enter the line.
Also keep in mind that you need to configure the DNS settings for xxx.de; A record for xxx.de pointing to EC2 instance and A record for *.xxx.de also pointing to EC2 instance.
Hope this helps.