I'm new in NGINX and WebSocket systems but as per my project requirements I need to check some complex things to finish.
I'm trying to create one example using NGINX, which handles my WebSocket (Port: 1234) and HTTP Requests (Port: 80) using same Url (load balancer url).
I'm using three NGINX server, one as Load Balancer (10.0.0.163) and other two as my application server where I have installed my real APIs, 10.0.0.152 and 10.0.0.154 respectively. Right now, I have configured WebSocket on my application servers.
As per above configuration, my all requests will pass over 10.0.0.163 (load balancer) and it's proxy setting will pass the request (HTTP/WebSocket) to my application server (10.0.0.152/154).
Note : Each application server contain separate Nginx, php, websocket
Here is default (location : /etc/nginx/sites-available/) file for 10.0.0.154 server, which handles WebSocket and HTTP requests on same domain.
server{
listen 80;
charset UTF-8;
root /var/www;
index index.html index.htm index.php
server_name localhost 10.0.0.154 ;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
}
location / {
try_files $uri $uri/ #proxy; autoindex on;
}
location #proxy{
proxy_pass http://wb1;
}
location =/ {
proxy_pass http://wb;
proxy_http_version 1.1;
proxy_buffers 8 16k;
proxy_buffer_size 32k;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Referer $http_referer;
proxy_redirect off;
}
}
Following is default file (location : /etc/nginx/sites-available/) for load balancer at 10.0.0.163.
upstream wb{
server 10.0.0.154;
server 10.0.0.152;
}
server{
listen 80;
charset UTF-8;
root /var/www;
index index.html index.htm index.php
server_name 10.0.0.163 ;
location / {
try_files $uri $uri/ #proxy; autoindex on;
}
location #proxy{
proxy_pass http://wb;
}
location =/ {
proxy_pass http://wb;
proxy_http_version 1.1;
proxy_buffers 8 16k;
proxy_buffer_size 32k;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Referer $http_referer;
proxy_redirect off;
}
}
I found that, load balancer is working properly for HTTP requests but it's unable to proceed my WebSocket requests to my application server.
I don't know what I'm missing here .. If you guys can help me out would be great appriciate
I seen your configuration looks proper. I think you should check your load balancer & your application server configuration or versions. It maybe problem of incompatibility.
Related
I'm in the unfortunate situation that I need to extend my react application with an iframe containing an external application.
My application is hosted by a nginx reverse proxy that handles /api and signalr communication.
Unfortunately it also handles the outbout iframe src url.
in this example my site is on the url https://example.com
The iframe src url is in this case "https://external-site.com/someapp/session?token=1234"
When i see the requests in the browser the url has changed to https://example.com/esternal-site.com/someapp/session?token=1234, which needless to say is not working out of the box.
I've been toying with the nginx configuration but has been unable to just pass the request through without modification.
The iframe/destination works as expected when running locally.
I've attempted with a few different configuations inspired by stackoverflow and medium etc. but they've all returned various error codes.
the server runs on port 80, but https is handled by ingress on azure.
This is what i have currently:
upstream bff_service {
server ${BFF_HOST}:${BFF_PORT};
keepalive 32;
keepalive_requests 1000;
keepalive_timeout 75s;
}
server {
listen 80;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
try_files $uri $uri/ /index.html;
add_header Set-Cookie "msal_client_id=${BFF_MSAL_CLIENT_ID};Path=/;Secure";
}
location /api {
proxy_read_timeout 300s;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host ${BFF_HOST};
proxy_set_header X-NginX-Proxy true;
proxy_pass ${BFF_PROTOCOL}://bff_service;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_redirect off;
}
location ^~ /external-site.com {
add_header Content-Security-Policy "frame-src 'self' https://external-site.com";
proxy_pass https://external-site.com/$request_uri;
}
}
I've also tried adding the lines below to the location:
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-NginX-Proxy true;
I'm looking for a configuration that allows me to embed an iframe with an external location. Perhaps even avoid nginx proxying it at all?
We have 4 servers with php aplication and nginx behind Google Cloud HTTP(S) Load balancer.
And I made servers to listen for both http and https connections.
The issue is - I cannot force to use ssl.
Here is nginx configuration:
server {
listen 80;
server_name domain.com;
root /var/www/dev/public_html;
index index.php index.html index.htm;
port_in_redirect off;
location / {
return 301 https://$server_name$request_uri;
}
}
server {
listen 443;
ssl on;
ssl_certificate /etc/nginx/ssl/ssl.crt;
ssl_certificate_key /etc/nginx/ssl/ssl.key;
ssl_prefer_server_ciphers on;
root /var/www/production/public_html;
index index.php index.html index.htm;
server_name domain.com;
location ~ /help {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_redirect off;
proxy_next_upstream error;
}
location / {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root/index.php;
include fastcgi_params;
proxy_buffering off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Referer "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
}
}
There are several more locations there, all with the similar configuration.
And this config works without LB, on a single server. And doesn't work with LB.
Please advise.
Thank you!
There may be many things to check. Maybe - to look at SSL certificates for the HTTPS Load balancer - the documentation states that it "Requires at least one signed SSL certificate for the load balancer" - see Setting Up HTTP(S) Load Balancing and SSL Certificates
Use this config at web server:
if ($http_x_forwarded_proto = "http") { return 301 https://$server_name$request_uri; }
I am trying to serve a Node JS app alongside some static sites that are already functioning and only serving static content (/insta-app is one of the apps, there is another nginx file with another server block for the other ones which sit on different subdomains). I am successfuly getting the server.js app when I navigate to the URL /nodejsapp. The problem is that all the static content the app requires does not get served and comes up as a 404 (images, js files and css). I wrote a location block for nodejsapp/dist where the static content exists but this did not fix the problem. The content is being requested by a handlebars template that gets successfully called and is sitting in a views folder in the root. I am running the whole thing on an ubuntu server, and the node app is running through pm2 which is working fine when I request curl localhost:3000. How can I get the static content into the server?
Nginx server block:
server {
listen 443 ssl default_server;
root /var/www;
index index.html index.htm server.js;
server_name uat.com www.uat.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/uat.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/uat.com/privkey.pem;
location / {
try_files $uri $uri/ =404;
}
location ~ /.well-known{
allow all;
}
location /insta-app{
alias /var/www/insta-app/html;
allow all;
}
location /nodeJsApp{
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $proxy_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
# attempt to serve the static content of the app
location /nodeJsApp/dist{
root /var/www/sydney-sevens/dist;
try_files $uri $uri/ =404;
}
}
I am trying to use nginx to reverse proxy through two proxies I have a server that handles all https traffic and a separate server runs Confluence and Jira. I have the first nginx proxy configured like
ssl on;
ssl_certificate /etc/letsencrypt/live/mydomain.com/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
access_log /var/log/nginx/nginx.mydomain.com.access.log;
error_log /var/log/nginx/nginx.mydomain.com.error.log;
server_name mydomain.com www.mydomain.com;
root /var/www/mydomain.com/html;
index index.html;
location / {
try_files $uri $uri/ =404;
}
location /jira {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://jira.home.mydomain.com;
}
The second nginx proxy is configured as
listen jira.home.mydomain.com:80;
server_name jira.home.mydomain.com;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8080/;
}
If I go to the second proxy directly JIRA works fine. But trying to go from external to Jira(through the first and second proxy) it doesn't load the css or images.
I am trying to use mydomain.com/JIRA to access JIRA at jira.home.mydomain.com
What am I doing wrong?
As per the official troubleshooting guide, try disabling gzip on nginx since the traffic is already encoded.
Worked for me on jira + ssl + nginx reverse proxy
Seeing other posts the following line may cause the issue:
try_files $uri $uri/ =404;
Preface: tried installing JXCore's Node Extension for Plesk, and I can't get it to work. Gives me some error, and their support is not answering emails......
[IP ADDRESS] = real IP, example.com = real domain
ANYWAY, I have my nodejs app up and running with an SSL Cert. Works fine if I go to https://example.com:3000, which is the port I'm using for Node. SSL cert loads up all green, and everything works great.
I'm using Plesk 12.5, and Nginx comes installed already. The .conf file is located at /var/www/vhosts/[domain]/conf/nginx.conf.
At the top it says:
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
And they aren't kidding. Making any changes to this file get's overwrote almost immediately.
Here is the entire file contents:
server {
listen [IP ADDRESS]:443 ssl;
server_name example.com;
server_name www.example.com;
server_name ipv4.example.com;
ssl_certificate /usr/local/psa/var/certificates/cert-HREdQ9;
ssl_certificate_key /usr/local/psa/var/certificates/cert-HREdQ9;
ssl_client_certificate /usr/local/psa/var/certificates/cert-wpX6q1;
client_max_body_size 128m;
root "/var/www/vhosts/msgable.com/httpdocs";
access_log "/var/www/vhosts/system/example.com/logs/proxy_access_ssl_log";
error_log "/var/www/vhosts/system/example.com/logs/proxy_error_log";
location / {
proxy_pass https://[IP ADDRESS]:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location #fallback {
proxy_pass https://[IP ADDRESS]:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location ~ ^/plesk-stat/ {
proxy_pass https://[IP ADDRESS]:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location ~ ^/(.*\.(ac3|avi|bmp|bz2|css|cue|dat|doc|docx|dts|eot|exe|flv|gif|gz|htm|html|ico|img|iso|jpeg|jpg|js|mkv|mp3|mp4|mpeg|mpg|ogg|pdf|png|ppt|pptx|qt|rar|rm|svg|swf|tar|tgz|ttf|txt|wav|woff|woff2|xls|xlsx|zip))$ {
try_files $uri #fallback;
}
location ~ ^/(plesk-stat|webstat|webstat-ssl|ftpstat|anon_ftpstat|awstats-icon) {
proxy_pass https://74.208.65.63:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location ~ ^/~(.+?)(/.*?\.php)(/.*)?$ {
alias /var/www/vhosts/example.com/web_users/$1/$2;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass "unix:///var/www/vhosts/system/example.com/php-fpm.sock";
include /etc/nginx/fastcgi.conf;
}
location ~ ^/~(.+?)(/.*)?$ {
proxy_pass https://[IP ADDRESS]:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location ~ \.php(/.*)?$ {
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass "unix:///var/www/vhosts/system/example.com/php-fpm.sock";
include /etc/nginx/fastcgi.conf;
}
location ~ /$ {
index index.html index.cgi index.pl index.php index.xhtml index.htm index.shtml;
}
include "/var/www/vhosts/system/example.com/conf/vhost_nginx.conf";
}
I won't include the HTTP (non-ssl) stuff, because it's the same info. Only difference being that the port is 80, and the proxy_pass is set to 7080.
You'll notice at the bottom, that it has:
include "/var/www/vhosts/system/example.com/conf/vhost_nginx.conf";
This is what I put into that file:
location / {
proxy_pass https://[IP ADDRESS]:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
Putting that in there gives me a:
nginx: [emerg] duplicate location "/"
I also tried using Plesk's "Additional nginx directives" in the settings, but I get the same error:
nginx: [emerg] duplicate location "/"
Any ideas? I'm about to dump Plesk and look into AWS or something....
I've come to the conclusion that, a) you can NOT overwrite Nginx confs created by Plesk, b) you can NOT change the conf file directly.
So basically proxy_pass with Plesk is impossible.
Edit:
Also tried doing it the Upstream way, but adding Upstream directives to the admin interface through Plesk, or through vhost_nginx.conf gives me an error saying "nginx: [emerg] directive Upstream is not allowed here".
Edit#2:
Read this post Nginx to address Nodejs app, adding what was explained in here does nothing. Starting to think this isn't possible using Plesk.
ARG! Such a simple task on a server without Plesk!
After two days of mucking about, this is what solved it for me.
In Plesk, you go to the "Additional nginx directives" inside the "Hosting Options" page.
This is what I added to make Nginx proxy_pass to my node app.
Didn't have to edit or change any .conf files at all.
## Set the location routing.
location ~ / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
##Use the domain.tld here.
proxy_pass https://example.com:3000;
}