Running a Spring Boot app behind nginx - nginx

I have a Spring Boot + MVC app up and running on my server and it's bound to http://localhost:8000.
There is an nginx proxy (or is it a reverse proxy, not sure about the name) that listens to the outside world on ports 80 and 443. The root ( / ) will resolve correctly, but anything under it will not resolve and results in a 404 error ( /someControllerName/action, /images/, /css/ ).
I have this as my configuration:
upstream jetty {
server localhost:8000;
}
server {
listen 80;
server_name domain.com;
return 301 http://www.domain.com$request_uri;
}
server {
listen 443;
server_name domain.com;
ssl_certificate /etc/nginx/ssl/ssl.crt;
ssl_certificate_key /etc/nginx/ssl/ssl.key;
return 301 https://www.domain.com$request_uri;
}
server {
listen 80 default_server;
listen 443 ssl;
root /usr/share/nginx/html;
index index.html index.htm;
server_name www.domain.com localhost;
#ssl on;
ssl_certificate /etc/nginx/ssl/ssl-unified.crt;
ssl_certificate_key /etc/nginx/ssl/ssl.key;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
proxy_pass $scheme://jetty/$request_uri;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
try_files $uri $uri/ =404;
}
}
Any help is very much appreciated.

You can't combine proxy_pass with try_files in the way that you have attempted. As the comment in your configuration describes, the try_files directive causes nginx to look for a file that matches the URI and then look for a directory that matches the URI. If it doesn't find either, it responds with a 404. You can read more about try_files in the nginx documentation.
It's not clear from your question that you need to use try_files at all so the simplest way to fix your configuration is to remove the try_files line.

Related

Nginx configuration for Janus

I want to deploy Janus behind a frontend via Nginx server, that would act as a reverse proxy for incoming requests.
I'm using Ubuntu 18.04 and installed Janus correctly by documentation. The folder my Janus is installed is /opt/janus/ ....
I configure my server the following way
Server {
root /home/vsst/janus-gateway/html;
index index.html index.htm index.nginx-debian.html;
server_name janus.simpletask.dev;
location /opt/ {
proxy_pass http://84.201.181.191:8088/;
}
location / {
try_files $uri $uri/ =404;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/janus.simpletask.dev/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/janus.simpletask.dev/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = janus.simpletask.dev) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name janus.simpletask.dev;
return 404; # managed by Certbot
}
84.201.181.191 Is the public ip of my machine
I've also changed my Janus.js file variable server to var server = "/opt/janus" according to https://groups.google.com/forum/#!topic/meetecho-janus/dIv-4s0HOdw
But after all manipulations I still have the message
API call failed: [object Object],while trying to start any of the demo on site. So I can't use any demos provided by Janus. Please help to figure out what I'm doing wrong.
Thanks a lot!
I have been attempting to get this working, and seemed to solve a part of it. First of all, I use /rtc as the path, cause when I use just janus, my configuration didn't understand the difference between janus/ and janus.js:
location /rtc {
resolver 127.0.0.11 valid=30s;
set $upstream http://janus:8088;
rewrite ^/rtc(.*) /janus$1 break;
proxy_pass $upstream;
include /etc/nginx/proxy.conf;
access_log /var/log/nginx/access.janus.log;
error_log /var/log/nginx/error.janus.log warn;
}
The $upstream part is just to make sure nginx will start, even when my Janus docker instance is down. For me the rewrite part did the trick.
For completeness, proxy.conf contains the following:
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
I got rid of the [object,object] message, but on echo test I don't get a working response yet.
my configuration understand the difference between janus/ and janus.js
location ~* \.(ico|css|js|gif|jpe?g|png)$ {
expires 30d;
add_header Vary Accept-Encoding;
access_log off; }
location / {
try_files $uri $uri/ =404; }
location /janus {
proxy_pass http://127.0.0.1:8088/janus/; }

NginX won't serve static file index.html before go web app

I am using nginx to serve a go web app running on an Ubuntu 18.04 server. I want it to respond to the index directive first when I go to mydomain.com but in the nginx config I have below it is going straight to the web app and ignoring my index.html file. It does work if I get mydomain.com/index.html but won't get that file from index. /var/log/nginx/error.log has no errors.
The static files are chown'ed to root:www-data with chmod 640.
My static files are at /srv/static/ and my go web server is at /srv/web/
Here is my sites-available config file:
server {
listen 80;
server_name mydomain.com;
return 301 https://$server_name$request_uri;
}
server {
server_name mydomain.com;
listen 443 ssl;
ssl on;
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
root /srv/static;
index index.html;
location / {
try_files $uri #proxy;
}
location #proxy {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8000;
}
}
location / {
try_files $uri $uri/ #proxy; # add $uri/ here
}

nginx config does not get second domain on same server correctly

Setup: Ubuntu 18.04 Nginx Apache Varnish PHP Server
Nginx handles the traffic in the first place.
I have two domains pointing to the same server.
The first Domain works correct, the second one only redirects to the first one.
What is wrong with my configs?
First config which works fine
(Here the nginx works as an reverse proxy for the varnish and Apache.)
upstream varnish {
server 127.0.0.1:6081;
}
upstream apache {
server 127.0.0.1:8080;
}
server {
if ($host = domain1.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80 default_server;
server_name domain1.com;
include inc/acme-challenge.conf;
location / {
return 301 https://domain1.com$request_uri;
}
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2;
#client_max_body_size 120M;
server_name domain1.com;
location /wp-content/uploads {
alias /var/www/website/wp-content/uploads;
include inc/gzip.conf;
include inc/browser-cache.conf;
}
error_page 502 /502.html;
location = /502.html {
alias /var/www/website/502.html;
}
location / {
proxy_pass http://varnish;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Host $host;
}
location ^~ /phpmyadmin {
allow 45.77.141.32; #qundg
allow 87.191.170.222; #qundg
deny all;
proxy_pass http://varnish;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Host $host;
}
ssl_certificate /etc/letsencrypt/live/domain1.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain1.com/privkey.pem; # managed by Certbot
}
And here ist the second config (this one does not work)
The Domain should only be managed by the nginx without the Apache or Varnish service.
server {
listen 80;
listen [::]:80;
server_name domain2.com *.domain2.com;
root /var/www/domain2.com;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name domain2.com *.domain2.com;
root /var/www/domain2.com;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
Here ist the default config
server {
server_name _;
listen *:80 default_server deferred;
error_log /var/log/nginx/default_server_error.log;
return 444;
}
You're using a wildcard in the second DNS name, that should be something that's not recognized in your certificate.
To get a wildcard you could follow instruction here https://medium.com/#saurabh6790/generate-wildcard-ssl-certificate-using-lets-encrypt-certbot-273e432794d7
I have few case in which I have more than 1 DNS pointing to the same website and for those I created different nginx configuration files, and applied for each che certbot authentication. I noticed that using 3rd level dns (something.mysyte.com) in the same config file brouth certbot to override certificates when I had more than 1.
In your specific case you have 2 dns name in the second configuration and one has a wildcard. If you try to remove the dns with the wildcard and reinstall certificates it should work. You can then setup a new block with each 3rd level domain and get certificate for each one, or follow the guide to get the wildcard certificate.

Can't get two single page applications to run together on one server using nginx

UPDATE: I have edited this post to provide a clearer understanding of the issue. The previous post has been overwritten by this update.
We have two single page applications that need to be accessible through the same domain and ports but at different locations.
Application1 is a public user facing application that should be loaded when visiting https://example.com.
Application2 is a public admin facing application that will require authentication and should be loaded instead of application1 if they visit https://example.com/admin.
Currently I have no problem loading the first application, however, I have tried all sorts of combinations with my nginx conf file to get the second application to load when visiting https://example.com/admin without success.
It is always loading the application1 app instead.
Application1 = /var/www/client/public
Application2 = /var/www/client/admin
/var/www/client
/public (application1)
index.html
/dist
/admin (application2)
index.html
/dist
This is the example.com.conf file. I have tried all sorts of combinations but this is me trying to keep it very simple.
server {
listen 80;
root /var/www/client;
index index.html index.htm;
server_name happyhourmenu.ca;
location / {
root /var/www/client/public;
try_files $uri $uri/ =404;
}
location /admin {
alias /var/www/client/admin;
try_files $uri $uri/ =404;
}
}
I have spent days on this, can't believe something that should be so simple has been holding me up this long.
The issue actually had nothing to do with the conf file. It was solved with the help of /u/bakugo on a reddit post in the vuejs subreddit. I don't know if I am allowed to link to that post but here was his reply.
Like I suspected, the problem has nothing to do with nginx, the second
index.html is loading /dist/build.js (which is the first app) instead
of /admin/dist/build.js
Change the script URL to ./dist/build.js
--/u/bakugo
Here is a working example of our conf file which is serving two separate single page applications, sharing one domain on the same server. The conf file is also setup to redirect requests over port 80 to port 443, and using SSL cert.
server {
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
root /var/www/client;
index index.html index.htm;
server_name example.com www.example.com;
if ($host = www.example.com) {
return 301 https://example.com$request_uri;
}
location / {
root /var/www/client/public/;
try_files $uri $uri/ /index.html =404;
rewrite ^/admin$ /admin/ redirect;
}
location /admin {
alias /var/www/client/admin/;
try_files $uri $uri/ /index.html =404;
}
location /api {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:3001;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
server {
listen 80;
listen [::]:80;
if ($host = example.com) {
return 301 https://$host$request_uri;
}
if ($host = www.example.com) {
return 301 https://example.com$request_uri;
}
return 404;
}
You need to add location within your server configuration.
Assuming that path you need to access is /admin, and files are in directory app2
location /admin {
alias /app2;
}
So the configuration would be something like this:
server {
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain.ca/fullchain.pem; # m$
ssl_certificate_key /etc/letsencrypt/live/domain.ca/privkey.pem; #$
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
server_name domain.ca;
root /var/www/client;
index index.html index.htm;
try_files $uri $uri/ =404;
location /admin {
alias /app2;
}
}
server {
server_name domain.ca;
listen 80;
listen [::]:80;
if ($host = domain.ca) {
return 301 https://$host$request_uri;
}
return 404;
}
Check further documentation: https://docs.nginx.com/nginx/admin-guide/web-server/serving-static-content/
Since you use vue, you can just set publichPath in vue.config.js to do that, check here for detailed information. https://cli.vuejs.org/config/#publicpath

Multiple apps on nginx

I'm trying to route traffic across multiple upstream servers on nginx like so:
upstream app_a {
server unix:/tmp/app_a.sock fail_timeout=10;
# For a TCP configuration:
# server localhost:8000 fail_timeout=0;
}
server {
#listen 80; ## listen for ipv4; this line is default and implied
#listen [::]:80 default ipv6only=on; ## listen for ipv6
index index.html index.htm;
server_name localhost;
root /home/ubuntu/app_a/www/staging/static;
location ~ ^/app_a/(.*)$ {
try_files $1 #proxy_to_app_a;
}
location #proxy_to_app_a {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_a;
}
Unfortunately the apps have no knowledge of full uris and expect to be sitting on root - which means i need to re-write the uri when passing to the app, which is why i thought this might work:
location ~ ^/app_a/(.*)$ {
try_files $1 #proxy_to_app_a;
}
the app works fine if location is just / (because of the aforementioned root issue), but this regex based solution doesnt seem to work. What do i need to do so the app gets / instead of app_a in the url?
Thanks
location /app_a/ {
rewrite /app_a/(.*) /$1 break;
proxy_set_header Host $http_host;
proxy_pass http://app_a;
}

Resources