Getting error due to Access-Control-Allow-Origin. (NGINX) - http

I am using NGINX and I am receiving that error in the browser's console.
According to the instructions of my boss, I need to set up cors which what I did and still I am getting the same error.
This is the entire error
OPTIONS https://backend.just4bettors.mobi/auth/login
XMLHttpRequest cannot load https://backend.just4bettors.mobi/auth/login. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://www.just4bettors.mobi' is therefore not allowed access. The response had HTTP status code 400.
Here is the config
map $http_origin $cors_header {
default "";
"~^https?://[^/]+\.just4bettors\.mobi(:[0-9]+)?$" "$http_origin";
}
server {
large_client_header_buffers 1 1K;
listen 80;
listen 443 ssl;
server_name www.just4bettors.mobi just4bettors.mobi;
root /home/c0pt/capilleira/capilleiraclickandgamblemobile/www;
ssl_certificate /etc/ssl/certs/just4bettors.mobi.chained.crt;
ssl_certificate_key /etc/ssl/private/just4bettors.mobi.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
add_header Access-Control-Allow-Origin $cors_header;
...
}
}
server {
listen 80;
listen 443 ssl;
server_name backend.just4bettors.mobi www.backend.just4bettors.mobi;
ssl_certificate /etc/ssl/certs/just4bettors.mobi.chained.crt;
ssl_certificate_key /etc/ssl/private/just4bettors.mobi.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
add_header Access-Control-Allow-Origin $cors_header;
}
}
I have the domain and the subdomain, it is like something named cross-domain.
Where do I have the error here ? I mean, I have everything set up and still asking me for the Access-Control-Allow-Origin, why ?
ps: I want to cry.

You need to set the header on the backend side, not under your main section location /
The error message basically states that you are not allowed to access the backend from your www frontend.
Your backend must allow backend.just4bettors.mobi and www.backend.just4bettors.mobi as valid Origins ...

Related

Redirection with nginx in VirtualBox

I'm currently trying to redirect all access from http to https on a nginx serv in VirtualBox.
When using a test machine in VirtualBox, everything is working perfectly.
My issue is with port redirection on VirtualBox.
I want to be redirect directly from my host machine.
For the moment when I access https it's fine, but when I try to access the http, I'm redirected to the nginx serv address in Virtualbox.
My ssl conf is :
server {
listen 443 http2 ssl;
server_name _;
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
root /var/www/html;
location {
proxy_pass http://loadbalancing;
try_files $uri $uri/ =404
}
server {
listen 80;
server_name _;
return 301 https://srv.dmz.lan
}
upstream loadbalancing {
server srv1;
server srv2;
}
}
Dmz is a NAT network under VirtualBox with those redirections:

How to redirect from http://www.* to https://* in Nginx?

So I am trying to achieve 4 things:
support both ip-v4 and ip-v6
support letsencrypt ssl certificates (the acme-challenge location in http)
redirect www to non www
redirect http to https
I have come up with a config, but it seems not to work. I get a "page does not exist" when trying to access http://www.MY_DOMAIN.COM.
Due to the hsts setting, this does work after having visited the https non-www version once.
Note that I have ssl certificates for both the with and without www domain.
How can I achieve this / what am I doing wrong in my config:
# HTTP server
#
server {
listen [::]:80;
server_name MY_DOMAIN.COM www.MY_DOMAIN.COM;
location /.well-known/acme-challenge {
root /var/www/letsencrypt;
try_files $uri $uri/ =404;
}
location / {
return 301 https://MY_DOMAIN.COM$request_uri;
}
}
# HTTPS server
#
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name www.MY_DOMAIN.COM;
ssl on;
ssl_certificate /etc/letsencrypt/live/www.MY_DOMAIN.COM/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.MY_DOMAIN.COM/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/www.MY_DOMAIN.COM/fullchain.pem;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security "max-age=86400; includeSubDomains";
return 301 https://MY_DOMAIN.COM$request_uri;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server ipv6only=on;
server_name MY_DOMAIN.COM;
ssl on;
ssl_certificate /etc/letsencrypt/live/MY_DOMAIN.COM/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/MY_DOMAIN.COM/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/MY_DOMAIN.COM/fullchain.pem;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security "max-age=86400; includeSubDomains";
root /var/www/MY_DOMAIN.COM;
index index.html;
}
Also, I do not find the copy-paste nature of the two server blocks very nice.
As #RichardSmith notes; I was not listening to the ipv4 version of the http://www variant. Hence, the redict was not triggered at all.
After fixing this, the setup is working.

NGINX Configure Https

I am trying to run my application on http and https. The application renders static htmls along with their css' and js'. I use nginx to serve the pages. I have configured my nginx configuration, but the pages do not get rendered on https.
When I hit http://subdomain.example.com, it works well!
However, when I hit https://subdomain.example.com, I get a CONNECTION_RESET or a CONNECTION_CLOSED error in Chrome.
Below is my configuration:
server {
listen 80;
server_name subdomain.example.com;
#charset koi8-r;
#access_log /var/log/nginx/log/host.access.log main;
location / {
root /var/www/html/htmls/;
index entergmat.html;
}
}
server{
listen 443 ssl;
ssl on;
server_name subdomain.example.com;
ssl_certificate /path/to/certificate.crt;
ssl_certificate_key /path/to/certificate.key;
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ssl_ciphers HIGH:!aNULL:!MD5;
keepalive_timeout 70;
location / {
root /var/www/html/htmls/;
index entergmat.html;
}
}
Request your help on this.
Thanks!
I would suggest to remove ssl on; from your configuration:
It is recommended to use the ssl parameter of the listen directive
instead of this directive.
From nginx doc http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl

Wrong nginx or dns configuration?

I deployed a website on digitalocean with nginx as a proxypass. The Site works but sometimes I have to refresh to reach the site. I am afraid that my nginx or my dns configuration is wrong, since I'm doing this the first time.
Here is my nginx config: (the server should run only on https)
server {
listen 80;
server_name <site_name>.com;
return 301 https://www.<site_name>.com$request_uri;
}
server {
listen 80;
server_name www.<site_name>.com;
return 301 https://www.<site_name>.com$request_uri;
}
server {
listen 443 ssl;
server_name <site_name>.com;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/certs/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/certs/private.key;
return 301 $scheme://www.<site_name>.com$request_uri;
}
server {
listen 443;
server_name www.<site_name>f.com;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
ssl on;
ssl_certificate /etc/nginx/ssl/certs/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/certs/private.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
location / {
proxy_pass http://localhost:8000;
}
}
Here are my dns settings:
A Record host:# value: TTL: automatic
A Record host:www value: TTL: 1 min
Any idea what is going wrong?
Thx!
When the site fails to load what is the error message, if any? I doubt this is a DNS issue, since it works sometimes.

How to handle multiple ssl server with nginx

I have 2 SSL webservers that I have to handle with nginx.
I also have a http server (the redirection works fine).
The redirections works well when i handle just http and https (only one ssl webserver).
The problem is, when i want to handle 2 ssl webserver:
na.test.lan for https
nnm.toast.lan for https
The request for https is handled by the first server block file that redirect me on the wrong ssl webserver (maybe the first server block that listen on port 443).
Here is my ssl.conf :
server {
listen 443;
server_name na.test.lan ;
ssl on;
ssl_certificate /etc/pki/nginx/server.crt;
ssl_certificate_key /etc/pki/nginx/server.key;
ssl_session_timeout 1m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://172.17.100.200/; }
}
server {
listen 443;
server_name nnm.toast.lan ;
ssl on;
ssl_certificate /etc/pki/nginx/server.crt;
ssl_certificate_key /etc/pki/nginx/server.key;
ssl_session_timeout 1m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://179.60.192.3/; }
}
Here is my solution, it finaly works :
ssl_certificate /etc/pki/nginx/server.crt;
ssl_certificate_key /etc/pki/nginx/server.key;
HTTPS server configuration
server {
listen 443;
server_name na.test.lan ;
ssl on;
ssl_session_timeout 1m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://172.17.100.200/;
}
}
server {
listen 443;
server_name na.toast.lan ;
ssl on;
ssl_session_timeout 1m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://172.17.201.2/;
}
}
server {
listen 443;
server_name na.tist.lan ;
ssl on;
ssl_session_timeout 1m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://172.17.202.2/;
}
}
You should use different IP addresses for each SSL server. That's in the nature of SSL protocol, SSL handshake must be completed in the process of establishing connection, so server has to pick SSL cert to send to client. But at this moment it doesn't know anything about Host: header, so it simply picks the first one.
UPDATE: or use SNI
http://nginx.org/en/docs/http/configuring_https_servers.html#sni

Resources