Accept only subdomain in nginx - nginx

I have a reverse proxy set up in nginx for a node.js server.
server {
listen 80;
server_name sub.domain.tld;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
It works all fine and dandy, however, I only want sub.domain.tld to work. Opening up domain.tld in a browser still routes to the node.js server.

try to add this
server {
listen 80;
server_name domain.tld;
return 404;
}

Related

How to add https to a custom domain for local development

I am using MacOS
I have edited the hosts file:
127.0.0.1 customdomain.com
And this is my nginx config:
server {
listen 80;
listen [::]:80;
server_name customdomain.com www.customdomain.com;
location / {
proxy_pass http://127.0.0.1:5173;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection ‘upgrade’;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
But i just can't get ssl working.

Regex for nginx server_name

I would like to use a regex on my nginx server_name that functions almost like a wildcard.
*-dev.mydomain.com -> dev server (localhost port 3001)
*-staging.mydomain.com -> staging server (localhost port 3002)
everything else -> prod server (localhost port 3000)
However I cannot for the life of me get this to work.
I seemingly get it working on https://regexr.com/51teh - but I'm not able to apply it correctly to my nginx config.
Here is my staging config now (not working, not catching requests to *-staging.mydomain.com):
server {
listen 443 ssl;
server_name "~.*-staging\.mydomain\.com";
location / {
proxy_pass http://localhost:3002;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header x-forwarded-for $remote_addr;
}
}
Try adding another virtual server block with default_server to the listen directive. Something like the following:
server {
listen 443 ssl default_server;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
}
server {
listen 443 ssl;
server_name "~.*-staging\.mydomain\.com";
location / {
proxy_pass http://localhost:3002;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header x-forwarded-for $remote_addr;
}
}
This should work.

www in domain return timeout, after I add redirect using regex in nginx

I have nginx and I want to redirect non-www to www:
So I did it using regex, but the redirect seems to works I get the redirect, but www return timeout.
How can I solve this?
upstream wwwapp {
least_conn;
server www-app:3000 weight=10 max_fails=3 fail_timeout=30s;
}
server {
server_name ~^(?!www\.)(?<domain>.+)$;
return 301 $scheme://www.$domain$request_uri;
}
server {
listen 80;
location / {
proxy_pass http://wwwapp;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
Easy.
server {
listen 80;
if ($host ~ ^(?!www\.)(?<domain>.+)$) {
return 301 $scheme://www.$domain$request_uri;
}
location / {
proxy_pass http://wwwapp;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
Your second server block does not have a server_name so it is unlikely to get selected to process any requests.
The first server block is the default and will get selected even if the regex does not match.
You should change the second server block, and either add a server_name statement or make it the default_server.
See this document for details.

Nginx configuration - https works but not http

I have an issue with a freshly configured Nginx setup on Debian 9.
My site loads fine using https, but I get a 404 Not Found when I access it using http.
I tried removing the ssl certificate, it works however i need the location /webex/receive in https and /ping and /mailgun in http.
See my edited down server block:
server {
listen 80;
listen 443 ssl;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
location /ping {
proxy_pass http://xx.xx.xx.xxx:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /mailgun {
proxy_pass http://xx.xx.xx.xxx:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /webex/receive {
proxy_pass http://xx.xx.xx.xxx:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
All location (/ping, /mailgun and /webex/receive) work in https but I only want /webex/receive in https and the others locations /mailgun and /ping in http.
I found the solution
server {
listen 80;
listen [::]:80;
root /var/www/xx.xx.xx.xxx/html;
index index.html index.htm index.nginx-debian.html;
server_name xx.xx.xx.xxx www.xx.xx.xx.xxx;
location / {
try_files $uri $uri/ =404;
}
location /ping {
proxy_pass http://xx.xx.xx.xxx:3000;
}
location /mailgun {
proxy_pass http://xx.xx.xx.xxx:3000;
}
}
server {
listen 443 ssl;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
location /webex/receive {
proxy_pass http://xx.xx.xx.xxx:8080;
}
}

Nginx config for subdomain and forum

I'm trying to configure nginx to do the following:
redirect example.com and www.example.com to my old website
www.example.com/forum or example.com/forum to forum webserver (ip)
any other subdomain to .example.com, reverse proxied to node.js
I know the following does not work, how should I configure?
server {
listen 80;
server_name www.example.com example.com;
location /forum {
proxy_pass http://<forum ip>/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
return 301 $scheme://www.old-website.com;
}
server {
listen 80;
server_name ~^(.*)\.example\.com $;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
The naked return 301 will prevent the location /forum block from being considered. Try wrapping it inside a default location block:
location /forum {
...
}
location / {
return 301 $scheme://www.old-website.com;
}

Resources