I have succesfully configured nginx. with default site it works correctly.
Now i have 2 sites, one at /home/bugz and another one /home/git/github/public. and only one ip 10.10.10.10 (i dont have dns setup hence cant use domain names)
i want to have the sites served at locations
http://10.10.10.10/bugz and http://10.10.10.10/github respectively
below are the two config files
server {
listen *:80;
server_name 10.10.10.10;
server_tokens off;
root /home/bugz;
# individual nginx logs for this gitlab vhost
access_log /var/log/nginx/bugzilla_access.log;
error_log /var/log/nginx/bugzilla_error.log;
location /bugz {
index index.html index.htm index.pl;
}
location ~ \.pl|cgi$ {
try_files $uri =404;
gzip off;
fastcgi_pass 127.0.0.1:8999;
fastcgi_index index.pl;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
and
upstream gitlab {
server unix:/home/git/gitlab/tmp/sockets/gitlab.socket;
}
server {
# listen *:80 default_server; # e.g., listen 192.168.1.1:80; In most cases *:80 is a good idea
listen *:80; # e.g., listen 192.168.1.1:80; In most cases *:80 is a good idea
server_name 10.10.10.10; # e.g., server_name source.example.com;
server_tokens off; # don't show the version number, a security best practice
root /home/git/gitlab/public;
# individual nginx logs for this gitlab vhost
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
location /{
# serve static files from defined root folder;.
# #gitlab is a named location for the upstream fallback, see below
try_files $uri $uri/index.html $uri.html #gitlab;
}
# if a file, which is not found in the root folder is requested,
# then the proxy pass the request to the upsteam (gitlab unicorn)
location #gitlab {
proxy_read_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
proxy_connect_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://gitlab;
}
}
How do i achieve this ?
Your nginx.conf should contain something like this inside the http block :
include /etc/nginx/sites-enabled/*;
Then you will have 2 configuration files in the /etc/nginx/sites-available folder. (which has symlinks directed from the sites-enabled folder.
Each conf will need to either have them listening on a different ports; ie one on port 80 and on one port 81
server1.conf
server {
listen 80;
server_name localhost;
server2.conf
server {
listen 81;
server_name localhost;
-OR-
Have a different servername for each server in the conf files and play with the hosts file.
I don't understand why this huge configs, I'd configure only 1 site with 2 locations
server {
server_name 10.10.10.10;
location /bugz {
root /root/to/bugz;
access_log /var/log/nginx/bugzilla_access.log;
error_log /var/log/nginx/bugzilla_error.log;
index index.html index.htm index.pl;
# try_files statement
}
location /git {
root /home/git/gitlab/public;
#access and error log and rest of config
}
location ~ \.pl|cgi$ { }
location #gitlab { }
}
Related
I am using nginx to serve a go web app running on an Ubuntu 18.04 server. I want it to respond to the index directive first when I go to mydomain.com but in the nginx config I have below it is going straight to the web app and ignoring my index.html file. It does work if I get mydomain.com/index.html but won't get that file from index. /var/log/nginx/error.log has no errors.
The static files are chown'ed to root:www-data with chmod 640.
My static files are at /srv/static/ and my go web server is at /srv/web/
Here is my sites-available config file:
server {
listen 80;
server_name mydomain.com;
return 301 https://$server_name$request_uri;
}
server {
server_name mydomain.com;
listen 443 ssl;
ssl on;
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
root /srv/static;
index index.html;
location / {
try_files $uri #proxy;
}
location #proxy {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8000;
}
}
location / {
try_files $uri $uri/ #proxy; # add $uri/ here
}
I have config two node apps running behind nginx.
nginx is used as revers proxy, one domain redirects to wrong app on it default url,
app1 port 3000
domain http://www.site1.com and https://www.site1.com
app2 port 3001
domain http://www.site2.com
http://www.site1.com and https://www.site1.com works fine and serves app1
but when http://www.site2.com it redirect to https://www.site2.com and servers app1
but when http://www.site2.com/someurl is requested it servers app2
here is nginx config
site1
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name www.site1.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name www.site.com;
ssl on;
ssl_certificate /certificate.crt;
ssl_certificate_key /psa.rsa;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_cookie_path / "/; HTTPOnly; Secure";
}
}
site1 conf
server {
listen 80;
server_name www.site2.com;
location / {
proxy_pass http://localhost:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection ‘upgrade’;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
default conf
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
#listen 80 default_server;
#listen [::]:80 default_server;
# SSL configuration
#
#listen 443 ssl default_server;
#listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php7.0-fpm:
# fastcgi_pass unix:/run/php/php7.0-fpm.sock;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
you only have one https server conf and it proxies all request to app1(port 3000), it will not serve app2 on https for you.
proxy to app2 or app1 conditionally by checking the Host header requested, eg:
server {
listen 443 ssl;
...
location / {
if ($host = 'www.site1.com') {
proxy_pass http://localhost:3000;
}
if ($host = 'www.site2.com') {
proxy_pass http://localhost:3001;
}
}
}
I m very new in flask, try to run a web application with backend as flask. My project folder structure is
~myproject/
~myproject/app (flask api)
~myproject/web (index.html)
running using uwsgi and nginx
uwsgi.ini
[uwsgi]
vhost = true
socket = /tmp/flask.sock
venv = /flask_app/.env
chdir = /flask_app/app
module = app
callable = app
nginx.conf
upstream flask_server {
ip_hash;
server 0.0.0.0;
}
server {
listen 80;
server_tokens off;
server_name _;
root /flask_app/web;
index index.html index.htm index.nginx-debian.html;
charset utf-8;
client_max_body_size 75M;
location / {
#try_files $uri $uri/ =404;
include uwsgi_params;
uwsgi_pass unix:/tmp/flask.sock;
}
#location /static {
# alias /flask_app/static;
#}
location /flask/ {
proxy_redirect off;
proxy_pass http://flask_server;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
But index.html is not loading , it is only allowing api url (like: 127.0.0.1/login)?
This directive tells Nginx just to send everything matching that location block to the upstream server uwsgi_pass unix:/tmp/flask.sock
If you want to serve just index.html and pass everything else upstream then you could change it like this:
location / {
try_files $uri/index.html #upstream;
}
location #upstream {
include uwsgi_params;
uwsgi_pass unix:/tmp/flask.sock;
}
I have a Spring Boot + MVC app up and running on my server and it's bound to http://localhost:8000.
There is an nginx proxy (or is it a reverse proxy, not sure about the name) that listens to the outside world on ports 80 and 443. The root ( / ) will resolve correctly, but anything under it will not resolve and results in a 404 error ( /someControllerName/action, /images/, /css/ ).
I have this as my configuration:
upstream jetty {
server localhost:8000;
}
server {
listen 80;
server_name domain.com;
return 301 http://www.domain.com$request_uri;
}
server {
listen 443;
server_name domain.com;
ssl_certificate /etc/nginx/ssl/ssl.crt;
ssl_certificate_key /etc/nginx/ssl/ssl.key;
return 301 https://www.domain.com$request_uri;
}
server {
listen 80 default_server;
listen 443 ssl;
root /usr/share/nginx/html;
index index.html index.htm;
server_name www.domain.com localhost;
#ssl on;
ssl_certificate /etc/nginx/ssl/ssl-unified.crt;
ssl_certificate_key /etc/nginx/ssl/ssl.key;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
proxy_pass $scheme://jetty/$request_uri;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
try_files $uri $uri/ =404;
}
}
Any help is very much appreciated.
You can't combine proxy_pass with try_files in the way that you have attempted. As the comment in your configuration describes, the try_files directive causes nginx to look for a file that matches the URI and then look for a directory that matches the URI. If it doesn't find either, it responds with a 404. You can read more about try_files in the nginx documentation.
It's not clear from your question that you need to use try_files at all so the simplest way to fix your configuration is to remove the try_files line.
I'm currently using Nginx coupled with Apache, serving following static files with success.
Extract from my /sites-enabled/default:
location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|txt|xml)$ {
root /home/website/public_html/app/public;
}
But I also have some cache files located here:
/home/website/public_html/app/storage/cache
/home/website/public_html/app/storage/views
/home/website/public_html/app/storage/sessions
/cache and /sessions also have sub-directories. All sub-directories and files have random filename, and no extension.
I want Nginx to also serve these files.
I tried this (example for /views folder), but without success. I even have nothing in logs, but Nginx restart correctly, and website load with no errors.
location /views {
alias /home/website/public/app/app/storage/views;
access_log /var/log/nginx/web.views.access.log;
error_log /var/log/nginx/web.views.error.log;
}
Tried this also, but same effects as above:
location ~* ^.$ {
root /home/website/public/app/app/storage/views;
access_log /var/log/nginx/web.views.access.log;
error_log /var/log/nginx/web.views.error.log;
}
Also tried adding add_header Content-Type application/octet-stream; in these 2 tries, but no change.
Finally, here is the http part of my nginx.conf
http {
include /etc/nginx/mime.types;
access_log /var/log/nginx/access.log;
sendfile on;
keepalive_timeout 65;
tcp_nodelay on;
gzip on;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
(/var/log/nginx/access.log and /var/log/nginx/error.log don't show up anything related to my issue, too).
Thanks for any clue and help !
EDIT
Complete current /sites-enabled/default file (and yes, there's a double /app/, it's normal ;) )
# You may add here your
# server {
# ...
# }
# statements for each of your virtual hosts
server {
listen 80; ## listen for ipv4
listen [::]:80 default ipv6only=on; ## listen for ipv6
server_name www.website.com website.com;
#access_log /var/log/nginx/localhost.access.log;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080/;
access_log off;
#root /var/www;
#index index.html index.htm;
}
location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|txt|xml)$ {
root /home/website/public_html/app/public;
expires 30d;
}
location ~* ^.$ {
add_header Content-Type application/octet-stream;
root /home/website/public/app/app/storage/views;
access_log /var/log/nginx/bt.views.access.log;
error_log /var/log/nginx/bt.views.error.log;
}
}
The problem is, that you need something to identify the files without any extension. A sub-directory or something that’s always present within the request. Your regular expression only matched for requests that start end end with a dot (e.g. http://example.com/.). The following server configuration assumes that all URLs start with storage, as this would be the only possibility to identify those files.
Please note that I’m using the try_files directive to rewrite the internal path where nginx should look for the file. The root directive is not meant for what you want to achieve.
And last but not least, you should always nest location blocks with regular expressions. There is no limit in the nesting level. nginx will create some kind of tree data structure to search for the best matching location. So think of a tree while writing the blocks.
server {
listen 80 default;
listen [::]:80 default ipv6only=on;
server_name www.website.com website.com;
root /home/website/public_html/app;
location / {
# Matches any request for a URL ending on any of the extension
# listed in the regular expression.
location ~* \.(jpe?g|gif|css|png|js|ico|txt|xml)$ {
expires 30d
access_log off;
try_files /public$uri =404;
}
# Matches any request starting with storage.
location ~* ^/storage {
access_log /var/log/nginx/bt.views.access.log;
error_log /var/log/nginx/bt.views.error.log;
try_files /app$uri;
}
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080/;
access_log off;
}
}