I have two AP server, and I want to setup NGINX as a proxy server and load balancer.
here is my nginx.conf file:
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
large_client_header_buffers 8 1024k;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 650;
send_timeout 2000;
proxy_connect_timeout 2000;
proxy_send_timeout 2000;
proxy_read_timeout 2000;
gzip on;
#
# Load config files from the /etc/nginx/conf.d directory
# The default server is in conf.d/default.conf
map $http_upgrade $connection_upgrade {
default Upgrade;
'' close;
}
upstream backend {
server apserver1:8443;
server apserver2:8443;
}
server {
listen 8445 default ssl;
server_name localhost;
client_max_body_size 500M;
client_body_buffer_size 128k;
underscores_in_headers on;
ssl on;
ssl_certificate ./crt/server.crt;
ssl_certificate_key ./crt/server.key;
location / {
proxy_pass https://backend;
break;
}
}
}
apserver1 and apserver2 are my AP server and in fact they are IP address.
when I visit the nginx via https://my.nginx.server:8445, I can get the AP container's default page. In my case, it is the JETTY server default page. that means the NGINX works.
if anything going correctly, user accessing to https://my.nginx.server:8445/myapp will get the log in page. if user has logged in, my app will redirect the user to https://my.nginx.server:8445/myapp/defaultResource.
when I visit via https://my.nginx.server:8445/myapp as a NOT-logged-in user, I can get the log in page correctly.
when I visit via https://my.nginx.server:8445/myapp/defaultResource directly as a logged-in user, I can get the correct page.
but when I visit the url https://my.nginx.server:8445/myapp as a logged-in user, (if correctly, the URL should be redirect to https://my.nginx.server:8445/myapp/defaultResource), but the nginx translate the URL to https://backend/myapp/defaultResource, and Chrome give me the following error:
The server at backend can't be found, because the DNS lookup failed....(omited)
nginx, seems not resolve the upstream backend. what's wrong with my configuration?
AND if I use http instead of https, everything goes well.
any help is appreciated.
Try to add the "resolver" directive to your configuration:
http://nginx.org/r/resolver
Related
I am trying to configure NGINX to serve my nest app(which is running on docker).
My app is listening on port 3000
The server is amazon linux 2(ec2-user)
The conf file looks like this:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
#include /etc/nginx/conf.d/nginx.conf;
server {
listen 80;
listen [::]:80;
server_name <ip.adress>;
#web
location / {
add_header X-yahav $uri; # this gets mounted
}
#api
location = /api { # this one is never approached
add_header X-yahav "Api-pass";
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header Host $http_host;
#proxy_pass http://127.0.0.1:3000/;
}
}
}
I want to redirect /api to my nest app but it just wont have it i'm getting a simple 404 without the header i'm attaching(as you can see in the conf file)
Another thing is when I go to the root (location /) I do get my header mounted as expected
Any have any idea what is wrong?
Don't forget to add "/api" to your requests, like http://your-server:80/api/
We have one "OpenLDAP" server with port 389 currently active,using nginx we want to proxypass this TCP port 389 to TCP based ingress. can any one please share the nginx.conf detail for this.
So far, left with incomplete as per below,
upstream rtmp_servers {
server acme.example.com:389;
}
server {
listen 389;
server_name localhost:389;
proxy_pass rtmp_servers;
proxy_protocol on;
}
Getting an error, any recommendation is appreciated
2021/03/02 09:45:39 [emerg] 1#1: "proxy_pass" directive is not allowed
here in /etc/nginx/conf.d/nginx-auth-tunnel.conf:9 nginx: [emerg]
"proxy_pass" directive is not allowed here in
/etc/nginx/conf.d/nginx-auth-tunnel.conf:9
Your configuration should be in a stream block
You don't need server_name localhost:389;
You are including the configuration from /etc/nginx/conf.d folder which is included inside http block in main nginx.conf file. The stream block should be at the same level as http block. Check the /etc/nginx/nginx.conf for the include and maybe you have to add one for the stream section
This is a sample nginx.conf,
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf; #This include is your problem
}
stream {
upstream rtmp_servers {
server acme.example.com:389;
}
server {
listen 389;
proxy_pass rtmp_servers;
proxy_protocol on;
}
}
I am trying to configure cgit with nginx through uwsgi. I managed to get the main page working on example.com/ and added my repos but when I try to access a repo in example.com/somerepo I get a 502 error.
I know cgit is working fine because I can run cgit.cgi with and without the QUERY_STRING="url=somerepo"environmental variable and it generates the correct html for the main page and the somerepo page respectively.
I have been trying to debug the issue using the nginx error logs with debug level, strace and gdb on both nginx and cgit.cgi and the output from uwsgi, this is what I've found so far:
When I click on a somerepo link on cgit's main page uwsgi makes a GET request to /somerepo and nginx tries to open a directory in /htdocs/somerepo which it can't find because it doesn't exist. (I suppose cgit.cgi should generate this on the fly). I know this from strace stat("/usr/share/webapps/cgit/1.2.1/htdocs/olisrepo/", 0x7ffdf4c817c0) = -1 ENOENT (No such file or directory)
When I click on a somerepo link I get read(8, 0x561749c8afa0, 65536) = -1 EAGAIN (Resource temporarily unavailable) from cgit.cgi's strace.
When I try to visit a invalid url like somerepotypo it correctly generates a 404 page saying 'no repositories found'.
These are my configuration files:
/etc/nginx/nginx.conf
user nginx nginx;
worker_processes 1;
error_log /var/log/nginx/error_log debug;
events {
worker_connections 1024;
use epoll;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main
'$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$gzip_ratio"';
client_header_timeout 10m;
client_body_timeout 10m;
send_timeout 10m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 4 2k;
request_pool_size 4k;
gzip off;
output_buffers 1 32k;
postpone_output 1460;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 75 20;
ignore_invalid_headers on;
# Cgit
server {
listen 80;
server_name example.com;
root /usr/share/webapps/cgit/1.2.1/htdocs;
access_log /var/log/nginx/access_log main;
error_log /var/log/nginx/error_log debug;
location ~* ^.+(cgit.(css|png)|favicon.ico|robots.txt) {
root /usr/share/webapps/cgit/1.2.1/htdocs;
expires 30d;
}
location / {
try_files $uri #cgit;
}
location #cgit {
include uwsgi_params;
uwsgi_modifier1 9;
uwsgi_pass unix:/run/uwsgi/cgit.sock;
}
}
}
cgit.ini (I load this using uwsgi --ini /etc/uwsgi.d/cgit.ini)
[uwsgi]
master = true
plugins = cgi
chmod-socket = 666
socket = /run/uwsgi/%n.sock
uid = nginx
gid = nginx
processes = 1
threads = 1
cgi = /usr/share/webapps/cgit/1.2.1/hostroot/cgi-bin/cgit.cgi
/etc/cgitrc
css=/cgit.css
logo=/cgit.png
mimetype-file=/etc/mime.types
virtual-root=/
remove-suffix=1
enable-git-config=1
scan-path=/usr/local/cgitrepos
Can you help me fix this? Thanks in advance
I'm new to NGINX and I'm trying to setup minimal working thing. So I trying to run https with nginx and supervisor (by this example). But I can't configure Nginx right and getting the following error:
Error Code: nginx: [emerg] "location" directive is not allowed here in /etc/nginx/nginx.conf:16 nginx: configuration file /etc/nginx/nginx.conf test failed .
GNU nano 2.0.9 File: /etc/nginx/nginx.conf
#user nginx;
worker_processes 1;
#error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;
#pid /var/run/nginx.pid;
include /etc/nginx/modules.conf.d/*.conf;
events {
worker_connections 1024;
}
location ~^/wp-json/ {
rewrite ^/wp-json/(.*?)$ /?rest_route=/$1 last;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#tcp_nodelay on;
#gzip on;
#gzip_disable "MSIE [1-6]\.(?!.*SV1)";
server_tokens off;
include /etc/nginx/conf.d/*.conf;
}
# override global parameters e.g. worker_rlimit_nofile
include /etc/nginx/*global_params;
It looks correct. server directive is in http as it should be. And http is parent directive. What I'm doing wrong?
Not quite sure what you mean by "server directive is in http" - I'll assume you're referring to what's in the files included from /etc/nginx/conf.d/*.conf.
Anyway, if you're trying to enhance the server directive in one of the included files, you'll have to do that there. If you'd like to define a new server, you'll need a block within http. And within that block, you'll add your location block.
http {
#...
server {
#...
location ~^/wp-json/ {
#...
rewrite ^/wp-json/(.*?)$ /?rest_route=/$1 last;
#...
}
#...
}
#...
}
If you're just getting started, maybe this is a good resource: http://nginx.org/en/docs/beginners_guide.html?
My design is:
Media Server -> edge servers (Multiple Nginx Cache server -> Nginx Load Balancer)
it is my private CDN system (for Live content delivery)
I have content source and multiple edges; in each edge, there is multiple cache server and a Load Balancer
I started step by step, so for this job I face a problem with Nginx Load Balancer.
In this configuration, I am balancing between two servers s1 and s2.
but when I check traffic by(nload), I see big traffic on the primary server(load balancer) for example from nload see s1=1GBPS s2=1GBPS loadbalancer=2GBPS
note: my content is HLS (.m3u8)
user www-data;
worker_processes 5; ## Default: 1
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
worker_rlimit_nofile 8192;
events {
worker_connections 4096; ## Default: 1024
}
http {
include mime.types;
include /etc/nginx/proxy.conf;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] $status '
'"$request" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
# upstream
upstream origins {
server s1.ip;
server s2.ip;
}
# default route
server {
listen 80;
server_name example.com;
access_log /var/log/nginx/example.com main;
location / {
proxy_set_header Host $host;
proxy_pass http://origins;
}
}
}