I have a vhost who has problem serving static files :
http://graphite.domain.fr/static/img/carbon-fiber.png 404
graphite.conf
server {
listen 80;
server_name graphite.domain.fr;
client_max_body_size 64M;
keepalive_timeout 5;
# path for static files
root /opt/graphite/webapp/content;
location /media/ {
root /opt/graphite/lib/python2.7/site-packages/django/contrib/admin;
}
auth_basic "Area 51, password please!";
auth_basic_user_file /home/ansible/grafana/.htpasswd;
location / {
if ($http_origin ~* (http://graphite.domain.fr)) {
set $cors "true";
}
if ($cors = 'true') {
add_header Access-Control-Allow-Origin $http_origin;
add_header "Access-Control-Allow-Credentials" "true";
add_header "Access-Control-Allow-Methods" "GET, OPTIONS";
add_header "Access-Control-Allow-Headers" "Authorization, origin, accept";
}
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 10;
proxy_read_timeout 10;
proxy_pass http://localhost:8080/;
}
}
The images are in the right folder, with correct chmod (644) readable by www-data :
What might be the cause ? All resources under /static/ url gives me 404 error
Related
I used this Nginx configuration and everything went well.
server {
listen 80;
server_name 127.0.0.1;
ssl_client_certificate /etc/ssl/certs/server.crt;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options "nosniff";
location ^~ /api/ {
rewrite /(.*) /proxy/$1;
}
location ^~ /js/ {
rewrite /(.*) /proxy/$1;
}
location ^~ /services/ {
rewrite /(.*) /proxy/$1;
}
location ^~ /payeewebv2/ {
rewrite /(.*) /proxy/$1;
}
location /proxy/ {
proxy_set_header X-SSL-CERT $ssl_client_escaped_cert;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://proxieddomain.com/;
proxy_ssl_server_name on;
proxy_set_header host $proxy_host;
}
}
Now I need to proxy to be determined by a COOKIE. I have updated the configuration and it looks like this:
server {
listen 80;
server_name 127.0.0.1;
ssl_client_certificate /etc/ssl/certs/server.crt;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options "nosniff";
location ^~ /api/ {
rewrite /(.*) /proxy/$1;
}
location ^~ /js/ {
rewrite /(.*) /proxy/$1;
}
location ^~ /services/ {
rewrite /(.*) /proxy/$1;
}
location ^~ /payeewebv2/ {
rewrite /(.*) /proxy/$1;
}
location /proxy/ {
resolver 127.0.0.11;
set $proxy "to_be_replaced";
proxy_set_header X-SSL-CERT $ssl_client_escaped_cert;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
set_by_lua_block $proxy {
return "https://proxieddomain.com/"
}
proxy_pass $proxy$request_uri;
proxy_ssl_server_name on;
proxy_set_header proxy $proxy$request_uri;
proxy_set_header host $proxy_host;
}
}
}
This is the changed part:
set_by_lua_block $proxy {
return "https://proxieddomain.com/"
}
proxy_pass $proxy$request_uri;
I can visit http://localhost/varicent/ and it proxies to https://proxieddomain.com/
But when its javascript requests /api/something etc. it returns content from $proxy (https://proxieddomain.com/) and not from $proxy/api/something (https://proxieddomain.com/api/something).
Do you know why the first non-dynamic solution works without problems?
What should i change to make it work it like before?
Thx
The problem has been in really the domain.
I looked it up through nslookup and changed configuration to use canonical name which is different from the https://proxieddommain.com.
Thank you #IvanShatsky for your tip.
I am configuring camunda webapp with nginx reverse proxy. Applications is loading perfectly fine using location / (Root Path). But I need to access it using a readable location path e.g. /process/. I tried a lot with several rewrites and redirections but to no success.
At root path all the static content loads but with other location path it fails. I'm a newbie in Nginx So it would make complete sense if i'm missing something very trivial.
Here is my config with location as Root Path:
server {
listen 8080;
server_name abc.xyz.net;
rewrite_log on;
error_log /var/log/nginx/localhost.error_log notice;
location / {
# Simple requests
if ($request_method ~* "(GET|POST)") {
add_header "Access-Control-Allow-Origin" *;
}
# Preflighted requests
if ($request_method = OPTIONS ) {
add_header "Access-Control-Allow-Origin" *;
add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD";
add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept";
return 200;
}
proxy_pass http://camunda-webapp.xyz.net;
proxy_set_header X-Forwarded-Host $host/;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass_request_headers on;
proxy_read_timeout 180s;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
On another context, If I try to give full URL in proxy_pass(Refer below config) then it works but the browser URL gets completely changed to proxy_pass URL.(I had even tried with proxy_redirect to retain the original URL but it doesn't work)
server {
listen 8080;
server_name abc.xyz.net;
rewrite_log on;
error_log /var/log/nginx/localhost.error_log notice;
location /process/ {
rewrite ^\/(?>[process]+)(\/.*) $1 break;
# Simple requests
if ($request_method ~* "(GET|POST)") {
add_header "Access-Control-Allow-Origin" *;
}
# Preflighted requests
if ($request_method = OPTIONS ) {
add_header "Access-Control-Allow-Origin" *;
add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD";
add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept";
return 200;
}
proxy_pass http://camunda-webapp.xyz.net/app/welcome/default;
proxy_redirect http://camunda-webapp.xyz.net/app/welcome/default https://abc.xyz.net/process
proxy_set_header X-Forwarded-Host $host/process;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass_request_headers on;
proxy_read_timeout 180s;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
Any kind of info or help will be appreciated. Thanks in Advance.
Bella Ciao!
I think the trick is to specify the same location context of the nginx as the context path of the your application.
Also, please remove url rewrite as its not needed here.
I'm using Nginx in front of Glassfish (java application server) to serve my static content. I'm using following setting to set the expire headers
location /javax.faces.resource/images/ {
proxy_pass http://xx.xxx.xx:8080/javax.faces.resource/images/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
expires 365d;
add_header Pragma public;
add_header Cache-Control "public";
}
I have also CSS and JS files inside /javax.faces.resource/ and want to set another expire header. How can I achieve this without breaking the setting for images?
Another question: I noticed that sometimes there is many Cache-Control entries in Response header. Is there a possibility to reset the properties instead of using add_header? Thanks
EDITED
server {
listen xx.x.yy.xxx:80;
server_name mydomain.com www.mydomain.com ;
rewrite ^/(.*) https://www.$server_name/$1 permanent;
}
server {
listen xx.x.yy.xxx:443; ## listen for ipv4
server_name www.mydomain.com;
ssl on;
ssl_certificate /etc/ssl/www.mydomain.com.2018.pem;
# Path to an SSL certificate;
ssl_certificate_key /etc/ssl/www.mydomain.com.2018.key;
# Path to the key for the SSL certificate;
client_max_body_size 20M;
access_log /var/log/nginx/mydomain.com.access.log upstreamlog;
error_log /var/log/nginx/mydomain.com.error.log;
rewrite_log on;
location / {
proxy_pass http://xx.x.yy.xxx:8080;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header HTTPS "on";
}
location /nginx_status {
stub_status on;
access_log off;
# allow 1.1.1.1;
# deny all;
}
location /images/ {
proxy_pass http://xx.x.yy.xxx:8080/images/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
expires 365d;
add_header Pragma public;
add_header Cache-Control "public";
#add_header X-Cache-Status $upstream_cache_status;
#add_header Strict-Transport-Security max-age=15768000;
}
location /resources/desktop/images/ {
proxy_pass http://xx.x.yy.xxx:8080/resources/desktop/images/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
expires 365d;
add_header Pragma public;
add_header Cache-Control "public";
#add_header X-Cache-Status $upstream_cache_status;
#add_header Strict-Transport-Security max-age=15768000;
}
location /javax.faces.resource/images/ {
proxy_pass http://xx.x.yy.xxx:8080/javax.faces.resource/images/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
expires 365d;
add_header Pragma public;
add_header Cache-Control "public";
}
}
I've got an Elasticsearch cluster plus Logstash and Kibana, and I only want to expose a read-only window into the indexes, with the exception of the index kibana-int so that dashboards can be saved.
I've found a suitable ES proxy config, and I've modified it to use limit_except to disallow write/modify to other indexes, but much of the config is needlessly duplicated. Is there a cleaner way to define this?
upstream elasticsearch {
server es-01.iad.company.com:9200;
server es-02.iad.company.com:9200;
}
server {
listen 9200;
server_name elasticsearch.proxy;
client_max_body_size 50m;
location / {
limit_except GET POST HEAD OPTIONS {
deny all;
}
proxy_pass http://elasticsearch;
proxy_redirect off;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass_header Access-Control-Allow-Origin;
proxy_pass_header Access-Control-Allow-Methods;
proxy_hide_header Access-Control-Allow-Headers;
add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type';
add_header Access-Control-Allow-Credentials true;
}
location /kibana-int/ {
proxy_pass http://elasticsearch;
proxy_redirect off;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass_header Access-Control-Allow-Origin;
proxy_pass_header Access-Control-Allow-Methods;
proxy_hide_header Access-Control-Allow-Headers;
add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type';
add_header Access-Control-Allow-Credentials true;
}
}
There are several ways:
Solution 1
You could put repeating config into file and include it.
Your config:
upstream elasticsearch {
server es-01.iad.company.com:9200;
server es-02.iad.company.com:9200;
}
server {
listen 9200;
server_name elasticsearch.proxy;
client_max_body_size 50m;
location / {
limit_except GET POST HEAD OPTIONS {
deny all;
}
include proxy.inc;
}
location /kibana-int/ {
include proxy.inc;
}
}
proxy.inc:
proxy_pass http://elasticsearch;
proxy_redirect off;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_hide_header Access-Control-Allow-Headers;
add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type';
add_header Access-Control-Allow-Credentials true;
Solution 2
Other way is use nginx's directive inheritance.
upstream elasticsearch {
server es-01.iad.company.com:9200;
server es-02.iad.company.com:9200;
}
server {
listen 9200;
server_name elasticsearch.proxy;
client_max_body_size 50m;
proxy_redirect off;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_hide_header Access-Control-Allow-Headers;
add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type';
add_header Access-Control-Allow-Credentials true;
location / {
limit_except GET POST HEAD OPTIONS {
deny all;
}
proxy_pass http://elasticsearch;
}
location /kibana-int/ {
proxy_pass http://elasticsearch;
}
}
BTW, your proxy_pass_header directives are needless. Nginx proxies almost all headers by default.
I'm trying to set up nginx to work with my backbonejs application and api server.
The API server is external and being routed through https://website.com/api/...
Essentially, I want any non-matched urls to be routed to /index.html for the backbone app to handle.
I've tried using try_files, but that just overrides my API. I've tried setting up another location where I check if the request is a GET and also if it doesn't match register or login or api, but that also doesn't work. Here's my server so far:
server {
listen 80; ssl off;
listen 443 ssl;
server_name app.io;
ssl_certificate /etc/nginx/conf/ssl.crt;
ssl_certificate_key /etc/nginx/conf/app.key;
root /home/ubuntu/app/public;
access_log /var/log/nginx/app.access.log;
error_log /var/log/nginx/app.error.log;
index index.html;
location / {
if ($scheme = "http") {
rewrite ^ https://$http_host$request_uri? permanent;
}
}
location ~ ^/(api)|(auth).*$ {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://app.aws.af.cm;
}
location ~ ^(/(register)|(login)).*$ {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# GETs only
limit_except POST {
proxy_pass https://app.aws.af.cm;
}
}
location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
expires max;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
}
Currently, try_files overrides the API and just redirects to index.html. Any idea how I can get everything to play nicely with one another?
Here's what I want:
if / - /index.html
else if /api/*|/auth/* - external proxy
else if /login|/register - POST - external proxy
else /* - /#$1
Figured it out:
Add try_files #uri #rewrites; to Location / and also add the #rewrites function below.
server {
listen 80; ssl off;
listen 443 ssl;
server_name app.io;
ssl_certificate /opt/nginx/conf/ssl.crt;
ssl_certificate_key /opt/nginx/conf/app.key;
root /home/ubuntu/app/public;
access_log /var/log/nginx/app.access.log;
error_log /var/log/nginx/app.error.log;
index index.html;
location / {
if ($scheme = "http") {
rewrite ^ https://$http_host$request_uri? permanent;
}
try_files $uri #rewrites;
}
location ~ ^/(api)|(auth)|(logout)|(register)|(login).*$ {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://app.cm;
}
location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
expires max;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
location #rewrites {
rewrite ^/.+ /#$uri redirect;
}
}