I setup'd a nginx reverse proxy (port 80) redirecting all /proposals requests to meteor/mrt server on 3000. However, the jquery.js file when accessed thru reverse proxy at( http://koinify.com/proposals/packages/jquery.js) is always cut-off around line 1400, so the meteor application doesn't load becuz of the corrupted js file. Yet, when access directly at port 3000 it seem to be just fine: http://koinify.com:3000/proposals/packages/jquery.js
Here's the nginx reverse proxy:
upstream app2 {
server 127.0.0.1:3000;
}
location ^~ /proposals {
proxy_pass http://app2;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
Related
I have a Docker app running on an Nginx webserver, that works fine connecting directly to the webserver. However, the webserver is behind a separate Nginx reverse proxy server (functioning as WAF, load balancer, and in some cases directs path specific requests to different servers - as in this specific case).
The internal server config, which works if I connect directly to this server, look like:
# redirect without the trailing slash because the author did not include the full path in the Docker app
location /apppath/editor {
return 302 /apppath/editor/;
}
location /apppath/editor/ {
proxy_redirect off;
proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass http://0.0.0.0:8501/editor/;
}
location /apppath {
alias /var/www/dockerapp;
try_files $uri $uri/ =404;
}
I could not find examples of multiple levels of reverse proxy for a websocket app, so I have tried countless variations, but the public (LB/WAF) config currently looks like:
location /apppath {
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_headers_hash_bucket_size 128;
#proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_set_header Host $host;
proxy_http_version 1.1;
#proxy_buffering off;
#proxy_set_header Forwarded "for=$proxy_add_x_forwarded_for;proto=$scheme";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
#proxy_set_header Referer $http_referer;
proxy_pass https://10.0.6.13:443;
}
From the public location, requests to /apppath/pages.html work fine, but when I attempt to hit /apppath/editor/ I see only "Please wait..." with the "Made with Streamlit" tag at the bottom.
My browser shows repeated requests for /apppath/editor/healthz and the console is full of:
WebsocketConnection WebSocket onerror
Uncaught Error: Unsupported state transition
State: PINGING_SERVER
Event: CONNECTION_TIMED_OUT
...
I am trying to route requests such that those requiring websockets will route to a long-lived nginx process, and all others will go to the general reverse-proxy which handles all other traffic. These nginx processes exist in our AWS cloud behind an ELB that has been configured to use Proxy Protocol. Note that all of this works correctly with our current setup which uses only one nginx process that is configured to use proxy_protocol.
The change to this setup is as follows:
The first nginx server handling all ingress uses proxy_protocol and forwards requests to either the websocket or non-websocket nginx servers locally:
server {
listen 8080 proxy_protocol;
real_ip_header proxy_protocol;
charset utf-8;
client_max_body_size 20M;
#send to websocket process
location /client {
proxy_pass http://localhost:8084;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Proxy-Scheme $scheme;
proxy_set_header X-Proxy-Port $proxy_port;
proxy_set_header X-ELB-Proxy-Scheme "https";
proxy_set_header X-ELB-Proxy-Port "443";
# Always support web socket connection upgrades
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
#send to non-websocket process
location / {
proxy_pass http://localhost:8082;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Proxy-Scheme $scheme;
proxy_set_header X-Proxy-Port $proxy_port;
proxy_set_header X-ELB-Proxy-Scheme "https";
proxy_set_header X-ELB-Proxy-Port "443";
# Always support web socket connection upgrades
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
When any non-websocket request is sent to localhost:8082, I get an empty reply. If I remove proxy_protocol from the first server, I get a response as expected. Obviously, I need proxy_protocol to support the ingress from our ELB, so removing it is not an option. However, I would like to know what pieces I am missing to route traffic correctly -- and I would also like to know why proxying a request locally from a proxy_protocol enabled server to another nginx process (regardless of this second process using proxy_protocol or not) fails.
For reference, the basic configuration of this secondary nginx process is below:
upstream console {
server localhost:3000 max_fails=3 fail_timeout=60 weight=1;
}
server {
listen 8082;
client_max_body_size 20M;
location /console {
proxy_pass http://console
}
.
.
.
}
Turns out the non-websocket proxy block should not set the various proxy and upgrade headers:
location / {
proxy_pass http://localhost:8082;
proxy_set_header Host $host;
}
I have my NGINX configuration file set like this
server {
listen /root/myIp;
location / {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://localhost:3000;
}
}
This will forward my requests to my nodejs app that is listening on port 3000.
My problem is that I need to get the IP from a file /root/myIp
The file only contain the IP thus cat /root/myIp will directly display the IP.
Is there a way to use a command or the cat output inside the nginx conf ?
I am using phabricator by Docker image (https://hub.docker.com/r/hachque/phabricator/).
Because my phabricator server is in the LAN of a company, I cannot access it from the outside. I'm trying to use Ngnix as reverse proxy. I can access the login page, but when I try to login, following message was displayed:
Unhandled Exception ("AphrontMalformedRequestException") You are
trying to save some data to Phabricator, but the request your browser
made included an incorrect token. Reload the page and try again. You
may need to clear your cookies. This was a Web request. This request
had an invalid CSRF token.
Here is part of my Nginx reverse proxy configuration:
# phabricator proxy.
#
server {
listen 8080;
server_name 0.0.0.0;
location / {
proxy_pass http://193.177.1.238/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
I'm not using the same image as you, but what i've installed PHP 7.1 with Nginx and the Phabricator sources on the Docker image, then the Nginx from docker listen to the 9000 port (in my case).
Then i run this image using the 8081:9000 port mapping, and the following VirtualHost config on the Nginx from the host machine:
upstream api_upstream {
server 0.0.0.0:8080;
}
server {
listen 80;
server_name phabricator.local.com;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
proxy_pass http://api_upstream;
}
}
the phabricator.local.com host only works if you add this entry to the /etc/hosts file:
127.0.0.1 phabricator.local.com
I'm running a node app and nginx 1.8.0. on the same server. Nginx routes requests using
server_name subdom.domain.com;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
Everything works perfectly fine. I now want to put my nginx on a different server changing the configuration to:
server_name subdom.domain.com;
location / {
proxy_pass http://<ipofthenewserver>:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
All I get is "504 Gateway Time-out".
I just re-read your topic, you have to configure nginx in new server
http://ipoftheoldserver:3000
Not:
http://ipofthenewserver:3000
and Make sure port application 3000(in old server) is open in over the world.
If connection had been refused by the back-end server, you would have got "502 Bad Gateway" error.
There are several methods to check it:
Look what happens on the new nginx server: tcpdump -i <name_of_iface> tcp and host <ip_of_be_server> and port 3000 -A
Make requests using curl from the new nginx server to back-end server
Look what happens on the back-end server using tcpdump
and so on