nginx proxy_pass static assets - nginx

I have the following nginx configuration
rewrite_log on;
server {
server_name greymarmita.no-ip.org;
listen 80;
rewrite ^(.*) https://$host$1 permanent;
}
server {
server_name greymarmita.no-ip.org;
listen 443 ssl;
error_log /var/log/nginx/main.error;
access_log /var/log/nginx/main.access;
ssl on;
ssl_certificate /etc/ssl/localcerts/autosigned.crt;
ssl_certificate_key /etc/ssl/localcerts/autosigned.key;
root /srv/www;
index index.html /index.html;
location /rasp/ {
proxy_pass http://192.168.2.6:81/;
}
location /cam/ {
proxy_pass http://192.168.2.4:8081;
}
location ^~ /router/ {
proxy_pass http://192.168.2.1/;
}
location /nas/ {
proxy_pass http://192.168.2.13/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
However when I try to access http://192.168.2.6/nas although the html files are served correctly, files under /web/ are not
GET https://greymarmita.no-ip.org/web/images/login.png 404 (Not Found)
The correct path for these assets should be https://greymarmita.no-ip.org/nas/web/images/login.png

You don't have a location to match that file, try adding this
location / {
try_files $uri $uri/;
}

Related

is it possible to config nginx certificate in public file

Now this is my nginx server config:
server{
listen 443;
ssl_certificate /etc/nginx/conf.d/cert/example.com/fullchain1.pem;
ssl_certificate_key /etc/nginx/conf.d/cert/example.com/privkey1.pem;
server_name super.example.com;
#rewrite ^(.*)$ https://${server_name}$1 permanent;
root /usr/share/nginx/html/pc-super-frontend-fat;
location / {
try_files $uri /index.html;
index index.html index.htm;
}
location ^~ /service/ {
proxy_pass http://k8s-edge-node/;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
in every server config file, it contains certificate config:
ssl_certificate /etc/nginx/conf.d/cert/example.com/fullchain1.pem;
ssl_certificate_key /etc/nginx/conf.d/cert/example.com/privkey1.pem;
because I have more than 50 sub domains, if change the certificate, it should change more than 100 files config(80 + 443). is it possible to make the certificate config to a seperate file and just reference it in server config file?

Nginx - location block misconfigured?

I have a location block inside of my sites-enabled example.conf that should be routing /testing to a 503 error html page but instead for some reason its hitting my app instead of nginx
[2020-06-30T20:36:13.821768 #6059] FATAL -- : [fc9cb972-f314-4a87-89d9-8334521767b3] ActionController::RoutingError (No route matches [GET] "/testing"):
that is a log line from my actual rails app - why is it even getting this far vs nginx routing to where I thought I told it to???
my nginx .conf
server { listen 443 ssl;
server_name status.* www.status.*;
# SSL
ssl_certificate_key /etc/nginx/ssl/server_example.com.key;
# logging
access_log /var/log/nginx/status.access.log;
error_log /var/log/nginx/status.error.log;
# security
include security.conf;
# reverse proxy
location / {
if (-f /opt/staytus/staytus/maint.on) {
return 503;
}
port_in_redirect off;
proxy_pass http://example.com:8787/;
}
error_page 503 #maintenance;
location #maintenance {
root /usr/share/nginx/html
rewrite ^(.*)$ /Performing-Maintenace.html;
}
location = /testing/ {
return 500;
}
}
server {
listen 80;
server_name www.status.* status.* 11.22.123.456;
root /opt/staytus/staytus/public;
client_max_body_size 50M;
# SSL
ssl_certificate_key /etc/nginx/ssl/example.com.key;
port_in_redirect off;
return 301 https://example.com$request_uri;
location #puma {
proxy_intercept_errors on;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://example.com:8787;
}
}

nginx: how to divide /etc/nginx/conf.d/default.conf ?

looking for a way to divide /etc/nginx/conf.d/default.conf, something like per site. Any idea?
current file looks like this:
upstream Master_MAT {
server 172.18.0.3:8080;
}
upstream Master_PAT {
server 172.18.0.4:8080;
}
server {
listen 80;
server_name localhost;
#charset koi8-r;
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log warn;
root /etc/nginx/html;
index index.html index.php;
#charset koi8-r;
location / {
root /etc/nginx/html;
try_files $uri /$uri $uri/ =404;
}
location /Master_MAT {
proxy_set_header Host $proxy_host;
proxy_pass http://Master_MAT/Master_MAT;
# proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /Master_PAT {
proxy_set_header Host $proxy_host;
proxy_pass http://Master_PAT/Master_PAT;
# proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Is there a way to put the Master_MAT in different file? Tried to use 'include' yet failed.
THX
Most people recommend using the sites-enabled and sites-available approach:
http {
…
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
Now you can leave 'disabled' sites in sites-available and move them into the sites-enabled folder when you want it to be in use.
This is a wildcard so you can just create new .conf files for each site and it will load them automatically.
Here's an example of what would go inside /etc/nginx/sites-available/example.com
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
try_files $uri $uri/ =404;
}
}

Nginx configuratie redirect http to https for only one domain

In the beginning of my Nginx .conf file I have added the following redirect:
server {
listen 80;
listen [::]:80;
server_name *.a-domain.nl;
return 301 https://$host$request_uri;
}
server {
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
listen 443;
listen [::]:443 ipv6only=on;
server_name *.a-domain.nl;
ssl on;
ssl_certificate /etc/ssl/b-domain.crt;
ssl_certificate_key /etc/ssl/b-domain.key;
location ~* \.(ogg|ogv|svgz|mp4|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|html|txt|htm)$ {
root /var/www/html/mtcore/web;
try_files $uri $uri/ $uri.html =404;
}
location / {
proxy_pass http://127.0.0.1;
proxy_http_version 1.1;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
}
}
server {
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
listen 80;
listen [::]:80 ipv6only=on;
server_name _;
location ~* \.(ogg|ogv|svgz|mp4|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|html|txt|htm)$ {
root /var/www/html/mtcore/web;
try_files $uri $uri/ $uri.html =404;
}
location / {
proxy_pass http://127.0.0.1;
proxy_http_version 1.1;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
}
}
Only when I open in an browser the following domain www.b-domain.nl that is served on the same server, the Nginx also redirects it to https. I would expect that Nginx only redirects www.a-domain.nl?
The first server block is the implicit default server for port 80, so it gets to process all http requests irrespective of server name. The third server block would only match the server name _, which is either illegal or unlikely.
To make another server block the default, use default_server option on the listen directive.
See this document for more.

nginx proxy and backbone pushstate

I'm trying to set up nginx to work with my backbonejs application and api server.
The API server is external and being routed through https://website.com/api/...
Essentially, I want any non-matched urls to be routed to /index.html for the backbone app to handle.
I've tried using try_files, but that just overrides my API. I've tried setting up another location where I check if the request is a GET and also if it doesn't match register or login or api, but that also doesn't work. Here's my server so far:
server {
listen 80; ssl off;
listen 443 ssl;
server_name app.io;
ssl_certificate /etc/nginx/conf/ssl.crt;
ssl_certificate_key /etc/nginx/conf/app.key;
root /home/ubuntu/app/public;
access_log /var/log/nginx/app.access.log;
error_log /var/log/nginx/app.error.log;
index index.html;
location / {
if ($scheme = "http") {
rewrite ^ https://$http_host$request_uri? permanent;
}
}
location ~ ^/(api)|(auth).*$ {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://app.aws.af.cm;
}
location ~ ^(/(register)|(login)).*$ {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# GETs only
limit_except POST {
proxy_pass https://app.aws.af.cm;
}
}
location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
expires max;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
}
Currently, try_files overrides the API and just redirects to index.html. Any idea how I can get everything to play nicely with one another?
Here's what I want:
if / - /index.html
else if /api/*|/auth/* - external proxy
else if /login|/register - POST - external proxy
else /* - /#$1
Figured it out:
Add try_files #uri #rewrites; to Location / and also add the #rewrites function below.
server {
listen 80; ssl off;
listen 443 ssl;
server_name app.io;
ssl_certificate /opt/nginx/conf/ssl.crt;
ssl_certificate_key /opt/nginx/conf/app.key;
root /home/ubuntu/app/public;
access_log /var/log/nginx/app.access.log;
error_log /var/log/nginx/app.error.log;
index index.html;
location / {
if ($scheme = "http") {
rewrite ^ https://$http_host$request_uri? permanent;
}
try_files $uri #rewrites;
}
location ~ ^/(api)|(auth)|(logout)|(register)|(login).*$ {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://app.cm;
}
location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
expires max;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
location #rewrites {
rewrite ^/.+ /#$uri redirect;
}
}

Resources