I was looking through my nginx error log and found strange records
2014/10/01 13:41:20 [error] 9825#0: *1628 "/home/mysite/public_html/phone/99476982139/index.html" is not found (2: No such file or directory), client: 37.187.107.37, server: mysite.com, request: "GET /phone/99476982139/ HTTP/1.1", host: "blabla.co.uk"
2014/10/01 13:41:22 [error] 9825#0: *1629 "/home/mysite/public_html/phone/99476982139/index.html" is not found (2: No such file or directory), client: 180.76.5.145, server: mysite.com, request: "GET /phone/99476982139/ HTTP/1.1", host: "blabla.com.ar"
But what happened next was astonishing - I visited those strange domains - blabla.co.uk and blabla.com.ar, and they have THE SAME CONTENT AS MY mysite.com!!! If I change my index.html file, content is changed on those domains which I see for the fist time in my life!
My nginx config for this site is quite simple
server{
listen 80;
server_name www.mysite.com mysite.com;
root /home/mysite/public_html;
}
How can that happen?
How can I protect my server from requests to random domains?
I guess the domains just point to the IP of your server.
In order to protect yourself from this kind of thing, simply add a default server block in your config. All requests not explicitly pointed at your domain are sent to the default server and will eventually drop.. Here's a quick example:
server {
listen 80;
server_name www.mysite.com mysite.com;
root /home/mysite/public_html;
}
server {
listen 80 default_server;
root /var/www/dead;
}
'dead' is some empty folder.. you might also wanna try adding a deny all; to the default server block.
Related
I can set up nginx as a reverse proxy with no major issues, but if I do a simple static page test like this, the server doesn't serve pages:
server {
server_name localhost;
listen 12345;
location / {
root /Volumes/E/static/;
index index.html index.htm;
}
}
error.log says:
2023/02/09 22:39:10 [crit] 53512#0: *18710 open() "/Volumes/E/static/index.html" failed (1: Operation not permitted), client: 127.0.0.1, server: localhost, request: "GET / HTTP/1.1", host: "localhost:12345"
...and I get a "500 Internal Server Error" in the browser when entering http://localhost:12345/.
I've tried chmod -R 755 /Volumes/E/static, no effect.
Why is that?
I have two domains, let's say ex.io and example.com. I own both and have access to both servers. Both run NGINX.
Goal: I'd like to have any request from ex.io forward to a specific path under example.com, e.g. http://ex.io passes to https://example.com/foo/bar. This has to be done without a redirect (more in Context)
Context: The goal is to host a shell script at https://example.com/foo/bar so that curl ex.io | sh will run the shell script. I'd like no redirects to happen so no additional flags are needed for curl.
My current .conf setup for both servers follows:
server {
listen 80;
listen [::]:80;
server_name example.com
return 308 https://$host$request_uri;
}
server {
listen 80;
listen [::]:80;
server_name ex.io;
return 308 https://example.com/foo/bar;
}
# ...
This works, but requires the extra flag -L to run properly under curl. How can I proxy ex.io to go directly to https://example.io/foo/bar?
EDIT: I'm forwarding http://ex.io/ to https://example.com/foo/bar which may be tricky going from http to https. Bananenkönig's response fails with a 502 Bad Gateway error and the following logs:
2020/10/26 23:28:45 [error] 223#223: *281 SSL_do_handshake() failed (SSL: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:SSL alert number 40) while SSL handshaking to upstream, client: XXX.XXX.XXX.XXX, server: ex.io, request: "GET / HTTP/1.1", upstream: "https://XXX.XXX.XXX.XXX:443/foo/bar/", host: "ex.io"
2020/10/26 23:28:45 [warn] 223#223: *281 upstream server temporarily disabled while SSL handshaking to upstream, client: XXX.XXX.XXX.XXX, server: ex.io, request: "GET / HTTP/1.1", upstream: "https://XXX.XXX.XXX.XXX:443/foo/bar/", host: "ex.io"
I would try it like this:
server {
listen 80;
listen [::]:80;
server_name ex.io;
location /some/location/on/ex.io/ {
proxy_pass https://example.com/some/location/on/example.com/;
}
}
when you want ex.io/ (on location /) to be forwarded to example.com/... write "location / { "
I've seen a couple other questions that talk about listing contents of a directory by using autoindex on. I'm trying to use this in conjunction with a network share and it is not working.
server {
listen 80;
server_name downloads.example.com;
root c:/webroot/downloads/;
location / {
index index.html;
}
location /drivers/ {
alias //10.1.0.20/drivers;
autoindex on;
}
}
I can access downloads.example.com and get the static index as expected, but when I try to access downloads.example.com/drivers/ I get a 500 Internal Server Error. My Nginx error log shows the following entry:
2019/09/20 07:57:10 [crit] 4760#2720: *4 GetFileAttributesEx()
"//10.1.0.20/drivers" failed (58: The specified server cannot perform
the requested operation), client: 10.1.0.1, server:
downloads.example.com, request: "GET /drivers/ HTTP/1.1", host:
"downloads.example.com", referrer: "http://downloads.example.com/"
I can access \\10.1.0.20\drivers from this machine via File Explorer without issues.
Why isn't this working?
I was able to get this to work by creating a symbolic link instead of using UNC directly from NGinx.
mklink -d c:\drivers \\10.1.0.21\drivers
Then use c:\drivers as the alias in the config.
what is happening:
Im using following nginx.conf file for load balancing. web application is up and running on nginx 8080 port and able to access the landing page. however, when moving from landing page to "signup" page, it is throwing error.
what is expected:
nginx load balancer should redirect the load to the page as mentioned in the Location directive. but that is not happening.
nginx file :
events {
}
http {
upstream 3.121.253.126 {
server 3.121.253.126:8080;
server 3.121.253.126:8080;
server 3.121.253.126:8080;
}
error_log /etc/nginx/error_log.log warn;
client_max_body_size 20m;
proxy_cache_path /etc/nginx/cache keys_zone=one:500m max_size=1000m;
server {
listen 8080;
server_name 3.121.253.126;
root /etc/nginx/html;
index index.html;
location /signup {
root /etc/nginx/html;
index add-user.html;
# proxy_pass http://localhost:8080/signup;
# proxy_set_header Host $host;
# rewrite ^/welcome(.*)$ $1 break;
}
}
}
here is the error log:
2019/02/21 09:07:42 [error] 6#6: *510 recv() failed (104: Connection
reset by peer) while reading response header from upstream, client:
127.0.0.1, server: 3.121.253.126, request: "GET /signup HTTP/1.0", upstream: "http://127.0.0.1:8080/signup", host: "localhost:8080",
referrer: "http://3.121.253.126:8080/" 2019/02/21 09:07:42 [warn] 6#6:
*510 upstream server temporarily disabled while reading response header from upstream, client: 127.0.0.1, server: 3.121.253.126,
request: "GET /signup HTTP/1.0", upstream:
"http://127.0.0.1:8080/signup", host: "localhost:8080", referrer:
"http://3.121.253.126:8080/" 2019/02/21 09:13:10 [error] 6#6: *1
open() "/etc/nginx/html/signup" failed (2: No such file or directory),
client: 157.33.175.127, server: 3.121.253.126, request: "GET /signup
HTTP/1.1", host: "3.121.253.126:8080", referrer:
"http://3.121.253.126:8080/" 2019/02/21 09:15:57 [error] 6#6: *3
open() "/etc/nginx/html/signup" failed (2: No such file or directory),
client: 157.33.175.127, server: 3.121.253.126, request: "GET /signup
HTTP/1.1", host: "3.121.253.126:8080", referrer:
"http://3.121.253.126:8080/"
as per log, it is expecting signup html file. however, i am instructing it to use the add-user.html file. not sure why this is not happening.
please suggest
You want to point the URI /signup to the file located at /etc/nginx/html/add-user.html
There are a number of ways to achieve that using Nginx, including the rewrite and try_files directives.
For example:
location /signup {
try_files /add-user.html =404;
}
The root directive does not need to be repeated within this location block, as it will inherit the same value from the surrounding block.
The =404 does nothing as add-user.html always exists, but try_files requires two parameters. See this document for details.
The above location will process any request that begins with /signup (e.g. /signup/ or /signups).
To restrict it to the single URI /signup use the = modifier. See this document for details.
For example:
location = /signup {
try_files /add-user.html =404;
}
So. I am using Nginx as a load balancer to load traffic between couple of instances.
Let's say my Nginx loadbalancer is at platform.staging.com (example).
I am trying to redirect traffic from
platform.staging.com/sync
To one of these:
sync1.staging.com:12345
sync2.staging.com:12345
Notice that what I am trying to achieve is to have /sync part stripped down and requests to sync instances should have path /.
This is what I tried but it doesn't work:
upstream sync-cluster {
ip_hash;
server sync1.staging.com:12345;
server sync2.staging.com:12345;
}
server {
listen 443 ssl spdy;
server_name platform.staging.com;
location /sync {
proxy_pass http://sync-cluster;
}
}
In the logs I can see:
2014/01/14 23:20:38 [error] 2385#0: *1 connect() failed (111: Connection refused) while connecting to upstream, client: XX.XXX.XX.XXX, server: platform.staging.com, request: "GET /sync HTTP/1.1", upstream: "http://X.X.X.XXX:12345/sync", host: "platform.staging.com"
Try adding a rewrite before doing the proxy pass, I'll assume you are going to preserve what's after /sync, hope this works for you
location ^~ /sync(.*) {
rewrite ^ $1;
proxy_pass ...;
}