Drupal with nginx : 500 Internal Server Error - drupal

I have installed nginx on centos. When I try to open a website I get this error:
500 Internal Server Error
Error log:
2012/11/01 14:10:38 [error] 4552#0: *32 open() "/var/www/mywebsite.com/web/error/404.html" failed (2: No such file or directory), client: xx.xxx.xx.xxx, server: mywebsite.com, request: "GET /favicon.ico HTTP/1.1", host: "mywebsite.com"
2012/11/01 14:10:38 [error] 4552#0: *32 open() "/var/www/mywebsite.com/web/error/404.html" failed (2: No such file or directory), client: xx.xxx.xx.xxx, server: mywebsite.com, request: "GET /favicon.ico HTTP/1.1", host: "mywebsite.com"
2012/11/01 14:10:38 [error] 4552#0: *32 open() "/var/www/mywebsite.com/web/error/404.html" failed (2: No such file or directory), client: xx.xxx.xx.xxx, server: mywebsite.com, request: "GET /favicon.ico HTTP/1.1", host: "mywebsite.com"
2012/11/01 14:10:38 [error] 4552#0: *32 open() "/var/www/mywebsite.com/web/error/404.html" failed (2: No such file or directory), client: xx.xxx.xx.xxx, server: mywebsite.com, request: "GET /favicon.ico HTTP/1.1", host: "mywebsite.com"
2012/11/01 14:10:38 [error] 4552#0: *32 open() "/var/www/mywebsite.com/web/error/404.html" failed (2: No such file or directory), client: xx.xxx.xx.xxx, server: mywebsite.com, request: "GET /favicon.ico HTTP/1.1", host: "mywebsite.com"
2012/11/01 14:10:38 [error] 4552#0: *32 open() "/var/www/mywebsite.com/web/error/404.html" failed (2: No such file or directory), client: xx.xxx.xx.xxx, server: mywebsite.com, request: "GET /favicon.ico HTTP/1.1", host: "mywebsite.com"
2012/11/01 14:10:38 [error] 4552#0: *32 open() "/var/www/mywebsite.com/web/error/404.html" failed (2: No such file or directory), client: xx.xxx.xx.xxx, server: mywebsite.com, request: "GET /favicon.ico HTTP/1.1", host: "mywebsite.com"
2012/11/01 14:10:38 [error] 4552#0: *32 open() "/var/www/mywebsite.com/web/error/404.html" failed (2: No such file or directory), client: xx.xxx.xx.xxx, server: mywebsite.com, request: "GET /favicon.ico HTTP/1.1", host: "mywebsite.com"
2012/11/01 14:10:38 [error] 4552#0: *32 open() "/var/www/mywebsite.com/web/error/404.html" failed (2: No such file or directory), client: xx.xxx.xx.xxx, server: mywebsite.com, request: "GET /favicon.ico HTTP/1.1", host: "mywebsite.com"
2012/11/01 14:10:38 [error] 4552#0: *32 open() "/var/www/mywebsite.com/web/error/404.html" failed (2: No such file or directory), client: xx.xxx.xx.xxx, server: mywebsite.com, request: "GET /favicon.ico HTTP/1.1", host: "mywebsite.com"
2012/11/01 14:10:38 [error] 4552#0: *32 rewrite or internal redirection cycle while internally redirecting to "/error/404.html", client: xx.xxx.xx.xxx, server: mywebsite.com, request: "GET /favicon.ico HTTP/1.1", host: "mywebsite.com"
nginx.conf (/etc/nginx/nginx.conf)
#######################################################################
#
# This is the main Nginx configuration file.
#
# More information about the configuration options is available on
# * the English wiki - http://wiki.nginx.org/Main
# * the Russian documentation - http://sysoev.ru/nginx/
#
#######################################################################
#----------------------------------------------------------------------
# Main Module - directives that cover basic functionality
#
# http://wiki.nginx.org/NginxHttpMainModule
#
#----------------------------------------------------------------------
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;
pid /var/run/nginx.pid;
#----------------------------------------------------------------------
# Events Module
#
# http://wiki.nginx.org/NginxHttpEventsModule
#
#----------------------------------------------------------------------
events {
worker_connections 1024;
}
#----------------------------------------------------------------------
# HTTP Core Module
#
# http://wiki.nginx.org/NginxHttpCoreModule
#
#----------------------------------------------------------------------
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
# Load config files from the /etc/nginx/conf.d directory
# The default server is in conf.d/default.conf
include /etc/nginx/conf.d/*.conf;
## Detect when HTTPS is used
map $scheme $fastcgi_https {
default off;
https on;
}
}
/etc/nginx/sites-enabled/100-mysite.vhost
server {
listen *:80;
server_name mywebsite.com www.mywebsite.com www.mywebsite2.com mywebsite2.com;
root /var/www/mywebsite.com/web;
index index.html index.htm index.php index.cgi index.pl index.xhtml;
error_page 400 /error/400.html;
error_page 401 /error/401.html;
error_page 403 /error/403.html;
error_page 404 /error/404.html;
error_page 405 /error/405.html;
error_page 500 /error/500.html;
error_page 502 /error/502.html;
error_page 503 /error/503.html;
recursive_error_pages on;
location = /error/400.html {
internal;
}
location = /error/401.html {
internal;
}
location = /error/403.html {
internal;
}
location = /error/404.html {
internal;
}
location = /error/405.html {
internal;
}
location = /error/500.html {
internal;
}
location = /error/502.html {
internal;
}
location = /error/503.html {
internal;
}
error_log /var/log/ispconfig/httpd/mywebsite.com/error.log;
access_log /var/log/ispconfig/httpd/mywebsite.com/access.log combined;
## Disable .htaccess and other hidden files
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location /stats {
index index.html index.php;
auth_basic "Members Only";
auth_basic_user_file /var/www/clients/client2/web3/.htpasswd_stats;
}
location ^~ /awstats-icon {
alias /usr/share/awstats/icon;
}
location ~ \.php$ {
##try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9012;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_intercept_errors on;
}
}
I tested php with replacing content of index.php with <?php phpinfo(); and there is no problem.
Any suggestion?

You have specified a 404 error page that does not exist. Try creating one in /var/www/mywebsite.com/web/error/404.html and see if it starts working.

Related

How to resolve the error in NGINX log - PUT with range is unsupported

I set up my NGINX server with WebDAV for file upload. Some files are uploading without an issue, but some fail with a 501 error. Here is the NGINX config
server {
listen 443 ssl;
server_name real_server_name_here;
root /var/www/webserver/public;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
ssl_certificate /etc/nginx/ssl/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/private/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!ADH:!MD5:!aNULL;
#ssl_dhparam
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
index index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location /app/provision/logs {
limit_except PUT GET {
deny all;
}
dav_methods PUT;
dav_access group:rw all:r;
client_max_body_size 10M;
}
}
This is what I see in the access log when the upload fails:
23.242.x.x - - [08/Oct/2022:10:11:21 -0700] "PUT /app/provision/logs/4825670xxxx-app.log HTTP/1.1" 501 165 "-" "FileTransport PolycomVVX-VVX_250-UA/6.3.1.11465 (SN:4825670xxxx) Type/Application"
23.242.x.x - - [08/Oct/2022:10:11:21 -0700] "PUT /app/provision/logs/4825670xxxx-app.log HTTP/1.1" 501 165 "-" "FileTransport PolycomVVX-VVX_250-UA/6.3.1.11465 (SN:4825670xxxx) Type/Application"
47.153.x.x - - [08/Oct/2022:10:11:23 -0700] "PUT /app/provision/logs/64167f5xxxx-app.log HTTP/1.1" 501 165 "-" "FileTransport PolycomVVX-VVX_411-UA/6.3.1.11465 (SN:64167f5xxxx) Type/Application"
47.153.x.x - - [08/Oct/2022:10:11:23 -0700] "PUT /app/provision/logs/64167f5xxxx-app.log HTTP/1.1" 501 165 "-" "FileTransport PolycomVVX-VVX_411-UA/6.3.1.11465 (SN:64167f5xxxx) Type/Application"
And here is the error log showing the error. I tried to research it and didn't find any solutions.
2022/10/08 10:11:41 [error] 1553835#1553835: *11114 PUT with range is unsupported, client: 23.242.x.x, server: real_server_name_here, request: "PUT /app/provision/logs/4825670xxxx-app.log HTTP/1.1", host: "real_hostname_here"
2022/10/08 10:11:41 [error] 1553835#1553835: *11114 PUT with range is unsupported, client: 23.242.x.x, server: real_server_name_here, request: "PUT /app/provision/logs/4825670xxxx-app.log HTTP/1.1", host: "real_hostname_here"
2022/10/08 10:11:43 [error] 1553835#1553835: *11115 PUT with range is unsupported, client: 47.153.x.x, server: real_server_name_here, request: "PUT /app/provision/logs/64167f5xxxx-app.log HTTP/1.1", host: "real_hostname_here"
2022/10/08 10:11:43 [error] 1553835#1553835: *11115 PUT with range is unsupported, client: 47.153.x.x, server: real_server_name_here, request: "PUT /app/provision/logs/64167f5xxxx-app.log HTTP/1.1", host: "real_hostname_here"
Worth mentioning that if the file doesn't exist it uploads just fine. But when the file needs to be overwritten, it fails. I have other folders on the server that accept files and don't fail. They are set up identically. I checked all permissions on the server, and the web server has all the required rights to upload files.
Any help pointing in the direction of solving this issue is greatly appreciated.

How to forward request from one NGINX to another but keeping the domain of the first NGINX

I have a sub-domain (foo.domain.com) that is maintained by my organization and in which I don't have control.
The organization configured that domain to point to a Route 53 service and from there I created a policy that sends the request to an ALB which then finally sends it to an EC2 running NGINX.
NGINX will be responsible for URL rewrites to many other services I have running in different EC2 instances.
What I want is, for example:
request is sent to foo.domain.com/service1
goes to Route53 then to an ALB and then to the EC2 running NGINX
in NGIX, I have the following config
...
location = /service1/
{
proxy_redirect off;
proxy_read_timeout 1m;
proxy_connect_timeout 1m;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_pass https://public_ip_of_service1_ec2_instance$request_uri;
}
This request goes to the EC2 instance running service1, which is another NGINX proxy running a node.js application (npm build kinda thing)
The NGINX service1 conf file is:
server {
listen 443 ssl;
listen [::]:443 ssl;
include snippets/self-signed.conf;
server_name public_ip_of_service1_ec2_instance;
root /app; #this is where the static files are hosted
location ~* \.html?$ {
expires -1;
add_header Pragma "no-cache";
add_header Cache-Control "no-store, must-revalidate";
}
location / {
add_header Content-Security-Policy "default-src 'self' 'unsafe-inline';";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-Frame-Options "SAMEORIGIN";
index index.html;
try_files $uri $uri/ /index.html;
# kill cache
# expires -1;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
If I hit the NGINX URL of service1, it works just fine, but the problem is when I call the NGINX proxy from step 3.
When I hit the URL foo.domain.com/service1 on the browser, I see this:
Basically, it says that foo.domain.com/js/chunk....js can't be found. This is correct since this file is being served in the EC2 that is running that node.js application (that is, it can be found at http://public_ip_of_service1_ec2_instance/js/chunk....js)
What is the configuration that I am missing in order to be able to keep the domain foo.domain.com/service1 for my users at all times and never to see the public_ip_of_service1_ec2_instance
Thank you
EDIT 1
The issue reported here seems to be exactly like mine: https://serverfault.com/questions/805836/reverse-proxy-application-and-its-static-files-with-nginx
I followed the suggestion there and as well as #anemyte suggestion but it is not working.
It seems like Proxy1 is trying to serve the static files that are hosted in Proxy2 as you can see here:
proxy | 2021/01/04 10:16:22 [error] 29#29: *4 open() "/etc/nginx/html/js/app.53272292.js" failed (2: No such file or directory), client: 172.19.0.1, server: apacbsa.com, request: "GET /js/app.53272292.js HTTP/1.1", host: "localhost", referrer: "http://localhost/auspost/"
proxy | ( - - ) 172.19.0.1 - - [04/Jan/2021:10:16:22 +0000] "GET /css/app.0988b263.css HTTP/1.1" 404 153 "http://localhost/auspost/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:80.0) Gecko/20100101 Firefox/80.0" "-"
proxy | ( - - ) 172.19.0.1 - - [04/Jan/2021:10:16:22 +0000] "GET /css/chunk-vendors.e78a06e5.css HTTP/1.1" 404 153 "http://localhost/auspost/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:80.0) Gecko/20100101 Firefox/80.0" "-"
proxy | 2021/01/04 10:16:22 [error] 29#29: *4 open() "/etc/nginx/html/css/app.0988b263.css" failed (2: No such file or directory), client: 172.19.0.1, server: apacbsa.com, request: "GET /css/app.0988b263.css HTTP/1.1", host: "localhost", referrer: "http://localhost/auspost/"
proxy | 2021/01/04 10:16:22 [error] 29#29: *6 open() "/etc/nginx/html/css/chunk-vendors.e78a06e5.css" failed (2: No such file or directory), client: 172.19.0.1, server: apacbsa.com, request: "GET /css/chunk-vendors.e78a06e5.css HTTP/1.1", host: "localhost", referrer: "http://localhost/auspost/"
proxy | 2021/01/04 10:16:23 [error] 29#29: *6 open() "/etc/nginx/html/js/chunk-vendors.7b27d7ff.js" failed (2: No such file or directory), client: 172.19.0.1, server: apacbsa.com, request: "GET /js/chunk-vendors.7b27d7ff.js HTTP/1.1", host: "localhost", referrer: "http://localhost/auspost/"
proxy | ( - - ) 172.19.0.1 - - [04/Jan/2021:10:16:23 +0000] "GET /js/chunk-vendors.7b27d7ff.js HTTP/1.1" 404 153 "http://localhost/auspost/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:80.0) Gecko/20100101 Firefox/80.0" "-"
proxy | 2021/01/04 10:16:23 [error] 29#29: *6 open() "/etc/nginx/html/js/app.53272292.js" failed (2: No such file or directory), client: 172.19.0.1, server: apacbsa.com, request: "GET /js/app.53272292.js HTTP/1.1", host: "localhost", referrer: "http://localhost/auspost/"
proxy | ( - - ) 172.19.0.1 - - [04/Jan/2021:10:16:23 +0000] "GET /js/app.53272292.js HTTP/1.1" 404 153 "http://localhost/auspost/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:80.0) Gecko/20100101 Firefox/80.0" "-"
My proxy 1 conf file looks like this now:
worker_processes 1;
events { worker_connections 1024; }
http {
log_format main '( $proxy_host $upstream_addr ) $remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
rewrite_log on;
access_log /var/log/nginx/access.log main;
server {
listen 80;
server_name apacbsa.com;
location /auspost/ {
# proxy_redirect off;
# proxy_read_timeout 1m;
# proxy_connect_timeout 1m;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# proxy_buffering off;
#proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-Host $server_name;
proxy_pass https://192.168.1.113/;
}
}
}
EDIT2
Still no luck. This is what I am seeing in NGINX1 logs:
proxy | ( 192.168.1.113 192.168.1.113:443 ) 172.19.0.1 - - [05/Jan/2021:00:00:37 +0000] "GET /auspost/ HTTP/1.1" 200 2111 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:80.0) Gecko/20100101 Firefox/80.0" "-"
proxy | ( - - ) 172.19.0.1 - - [05/Jan/2021:00:00:37 +0000] "GET /css/chunk-vendors.e78a06e5.css HTTP/1.1" 404 153 "http://localhost/auspost/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:80.0) Gecko/20100101 Firefox/80.0" "-"
proxy | 2021/01/05 00:00:37 [error] 21#21: *9 open() "/etc/nginx/html/css/chunk-vendors.e78a06e5.css" failed (2: No such file or directory), client: 172.19.0.1, server: apacbsa.com, request: "GET /css/chunk-vendors.e78a06e5.css HTTP/1.1", host: "localhost", referrer: "http://localhost/auspost/"
proxy | ( - - ) 172.19.0.1 - - [05/Jan/2021:00:00:37 +0000] "GET /js/app.54337cb4.js HTTP/1.1" 404 153 "http://localhost/auspost/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:80.0) Gecko/20100101 Firefox/80.0" "-"
proxy | ( - - ) 172.19.0.1 - - [05/Jan/2021:00:00:37 +0000] "GET /css/app.0988b263.css HTTP/1.1" 404 153 "http://localhost/auspost/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:80.0) Gecko/20100101 Firefox/80.0" "-"
proxy | 2021/01/05 00:00:37 [error] 21#21: *12 open() "/etc/nginx/html/js/app.54337cb4.js" failed (2: No such file or directory), client: 172.19.0.1, server: apacbsa.com, request: "GET /js/app.54337cb4.js HTTP/1.1", host: "localhost", referrer: "http://localhost/auspost/"
proxy | 2021/01/05 00:00:37 [error] 21#21: *11 open() "/etc/nginx/html/css/app.0988b263.css" failed (2: No such file or directory), client: 172.19.0.1, server: apacbsa.com, request: "GET /css/app.0988b263.css HTTP/1.1", host: "localhost", referrer: "http://localhost/auspost/"
proxy | 2021/01/05 00:00:37 [error] 21#21: *13 open() "/etc/nginx/html/js/chunk-vendors.7b27d7ff.js" failed (2: No such file or directory), client: 172.19.0.1, server: apacbsa.com, request: "GET /js/chunk-vendors.7b27d7ff.js HTTP/1.1", host: "localhost", referrer: "http://localhost/auspost/"
proxy | ( - - ) 172.19.0.1 - - [05/Jan/2021:00:00:37 +0000] "GET /js/chunk-vendors.7b27d7ff.js HTTP/1.1" 404 153 "http://localhost/auspost/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:80.0) Gecko/20100101 Firefox/80.0" "-"
proxy | ( - - ) 172.19.0.1 - - [05/Jan/2021:00:00:38 +0000] "GET /css/app.0988b263.css HTTP/1.1" 404 153 "http://localhost/auspost/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:80.0) Gecko/20100101 Firefox/80.0" "-"
proxy | ( - - ) 172.19.0.1 - - [05/Jan/2021:00:00:38 +0000] "GET /css/chunk-vendors.e78a06e5.css HTTP/1.1" 404 153 "http://localhost/auspost/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:80.0) Gecko/20100101 Firefox/80.0" "-"
proxy | 2021/01/05 00:00:38 [error] 21#21: *12 open() "/etc/nginx/html/css/app.0988b263.css" failed (2: No such file or directory), client: 172.19.0.1, server: apacbsa.com, request: "GET /css/app.0988b263.css HTTP/1.1", host: "localhost", referrer: "http://localhost/auspost/"
proxy | 2021/01/05 00:00:38 [error] 21#21: *11 open() "/etc/nginx/html/css/chunk-vendors.e78a06e5.css" failed (2: No such file or directory), client: 172.19.0.1, server: apacbsa.com, request: "GET /css/chunk-vendors.e78a06e5.css HTTP/1.1", host: "localhost", referrer: "http://localhost/auspost/"
proxy | ( - - ) 172.19.0.1 - - [05/Jan/2021:00:00:39 +0000] "GET /js/chunk-vendors.7b27d7ff.js HTTP/1.1" 404 153 "http://localhost/auspost/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:80.0) Gecko/20100101 Firefox/80.0" "-"
proxy | 2021/01/05 00:00:39 [error] 21#21: *13 open() "/etc/nginx/html/js/chunk-vendors.7b27d7ff.js" failed (2: No such file or directory), client: 172.19.0.1, server: apacbsa.com, request: "GET /js/chunk-vendors.7b27d7ff.js HTTP/1.1", host: "localhost", referrer: "http://localhost/auspost/"
proxy | 2021/01/05 00:00:39 [error] 21#21: *11 open() "/etc/nginx/html/js/app.54337cb4.js" failed (2: No such file or directory), client: 172.19.0.1, server: apacbsa.com, request: "GET /js/app.54337cb4.js HTTP/1.1", host: "localhost", referrer: "http://localhost/auspost/"
proxy | ( - - ) 172.19.0.1 - - [05/Jan/2021:00:00:39 +0000] "GET /js/app.54337cb4.js HTTP/1.1" 404 153 "http://localhost/auspost/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:80.0) Gecko/20100101 Firefox/80.0" "-"
And this is what I see in the NGINX2 (serving static files) logs (just 1 line):
frontend | 172.21.0.1 - - [05/Jan/2021:11:04:17 +1100] "GET / HTTP/1.0" 200 2111 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:80.0) Gecko/20100101 Firefox/80.0" "172.19.0.1"
This is the full nginx conf file for NGINX2:
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 10m;
proxy_connect_timeout 600s;
proxy_send_timeout 600s;
proxy_read_timeout 600s;
fastcgi_send_timeout 600s;
fastcgi_read_timeout 600s;
resolver_timeout 600s;
# for DDOS protection - 3 requests per second
limit_req_zone $binary_remote_addr zone=one:10m rate=3r/s;
# limiting the number of connections one client can make
limit_conn_zone $binary_remote_addr zone=addr:10m;
server {
listen 80;
listen [::]:80;
server_name apacbsa.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
include snippets/self-signed.conf;
server_name apacbsa.com;
root /app;
location ~* \.html?$ {
expires -1;
add_header Pragma "no-cache";
add_header Cache-Control "no-store, must-revalidate";
}
location /auspost/ {
add_header Content-Security-Policy "default-src 'self' 'unsafe-inline';";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-Frame-Options "SAMEORIGIN";
index index.html;
try_files $uri $uri/ /index.html;
# kill cache
# expires -1;
}
location /api {
# limiting the number of api calls
limit_req zone=one burst=2 nodelay;
# only one connection per client to the api
limit_conn addr 1;
proxy_pass https://backend:5001/api;
proxy_redirect off;
proxy_connect_timeout 1m;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache_bypass $http_upgrade;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
}
Everything is running in docker containers, but that shouldn't be the problem I don't think.
So I issue the request from my browser in my Mac laptop and in that laptop I am running the NGINX1 proxy. That then forwards to my Windows machine running NGINX2 static files.
When you declare a location like that:
location = /service1/
It means that you want exact URL match. So it will only work for foo.domain.com/service1/ while foo.domain.com/service1/something won't match this location. Looking at the URL of your request (/js/chunk) this isn't what you want, so remove = from the location:
location /service1/
Next is the server_name. Your first proxy passes Host header which NGINX uses to determine which vhost configuration to use. The Host header value should be foo.domain.com but your server_name on the second NGINX is public_ip_of_service1_ec2_instance. It doesn't matter if the vhost is a default one but I don't see that in your configuration.
You can add foo.domain.com after public_ip_of_service1_ec2_instance or just replace one with the other. What's best in this case you should decide yourself and if you wish to learn more about server names I recommend you reading these great articles: How nginx processes a request and Server names
UPD: About missing static files.
You need to change base URL or base path of your service1 application from / to /service1/. This is not related to NGINX, unless your application is made of just static files.
Why did that happen? Well you've told first NGINX that you want all requests with URL starting with /service1/ to be forwarded to service1. When a client hits service1, the page refers some static, /js/chunk-vendors.7b27d7ff.js for example. Client's browser makes an additional request to the first NGINX asking to provide /js/chunk-vendors.7b27d7ff.js. Since the URL does not begin with /service1/ NGINX does not forward the request to /service1/ and it uses another piece of config for this request (/ most likely).
If you change all absolute URLs at service1 to begin with /service1/ the problem should go. A dangerous alternative to that would be removing first slash from absolute links. This way URLs will be relative to current location and not website root. Think twice before going second option.
I have done some testing lately and here's what I found out:
In your nginx proxy config, remove the line:
proxy_set_header Host $http_host;
Which will result in your final configuration nginx file to be:
location = /
{
proxy_redirect off;
proxy_read_timeout 1m;
proxy_connect_timeout 1m;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_pass https://public_ip_of_service1_ec2_instance;
}
You could configure something like this in the first nginx server
server {
listen 80;
listen [::]:80;
listen 443 http2 ssl;
listen [::]:443 http2 ssl;
server_name domain1;
if ($request_method ~* OPTIONS|GET|HEAD) {
return 301 https://domain2$request_uri;
}
location ~* api {
proxy_pass https://domain2$request_uri;
}
}

nginx 403 Forbidden error with root user

Nginx 403 error,so how can i fix this problem?
When i access the main.css from chrome browser,it response me 403 error.
➜ ~ tail -fn4 /var/log/nginx/error.log
2016/04/23 08:16:51 [error] 10488#0: *1 open() "/data/apache-tomcat-8.0.33/webapps/ROOT/static/css/main.css" failed (13: Permission denied), client: x.x.x.x, server: www.xx.com, request: "GET /static/css/main.css HTTP/1.1", host: "xx.com"
2016/04/23 08:16:53 [error] 10488#0: *1 open() "/data/apache-tomcat-8.0.33/webapps/ROOT/static/css/main.css" failed (13: Permission denied), client: x.x.x.x, server: www.xx.com, request: "GET /static/css/main.css HTTP/1.1", host: "xx.com"
2016/04/23 08:21:48 [error] 10488#0: *4 open() "/data/apache-tomcat-8.0.33/webapps/ROOT/static/css/main.css" failed (13: Permission denied), client: x.x.x.x, server: www.xx.com, request: "GET /static/css/main.css HTTP/1.1", host: "xx.com"
2016/04/23 08:24:49 [error] 10488#0: *5 open() "/data/apache-tomcat-8.0.33/webapps/ROOT/static/css/main.css" failed (13: Permission denied), client: x.x.x.x, server: www.xx.com, request: "GET /static/css/main.css HTTP/1.1", host: "xx.com"
namei tool,all parent directory have 755,and the main.css have 644.
➜ ~ namei -l /data/apache-tomcat-8.0.33/webapps/ROOT/static/css/main.css
f: /data/apache-tomcat-8.0.33/webapps/ROOT/static/css/main.css
drwxr-xr-x root root /
drwxr-xr-x root root data
drwxr-xr-x root root apache-tomcat-8.0.33
drwxr-xr-x root root webapps
drwxr-xr-x root root ROOT
drwxr-xr-x root root static
drwxr-xr-x root root css
-rw-r--r-- root root main.css
start nginx's user is root:
➜ ~ ps aux | grep "nginx: worker process" | awk '{print $1}'
root
nginx conf:
upstream tomcat {
server 127.0.0.1:8887;
}
server {
listen 80;
server_name www.xx.com xx.com;
charset utf-8;
access_log /var/log/nginx/tomcat.access.log main;
location / {
proxy_pass http://tomcat;
proxy_redirect off;
client_max_body_size 500M;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
}
location ~ .*\.(gif|jpg|jpeg|bmp|png|ico|txt|js|css)$
{
root /data/apache-tomcat-8.0.33/webapps/ROOT;
expires 7d;
}
location ~ ^/(WEB-INF)/ {
deny all;
}
}
It's quite possible that you are hosting on a machine that has selinux enforced.
what does sestatus give you?

Assets not showing with Rails 4 puma & nginx (AWS EC2)

I have a Rails 4.2.0, Ruby 2.2.1p85 (ubuntu 14.04), with Puma 2.11.1 and nginx 1.8 as a reverse proxy.
If I execute:
$ rvmsudo rails server -b 172.31.555.555 -p 80 -e production
with
$ sudo service nginx stop
Everything is alright.
... but if I try with nginx in the middle:
$ rvmsudo bundle exec puma -e production -b unix:///var/run/myapp.sock
with
$ sudo service nginx start
The pages showed up, but not the assets (CSS, JS, JPG, PNG).
This is my configuration:
$ cat /etc/nginx/sites-enabled/myapp.work:
upstream myapp.work {
server unix:///var/run/myapp.sock;
}
server {
listen 80;
server_name myapp.work;
root /var/www/myapp/public;
location / {
proxy_pass http://myapp.work; # match the name of upstream directive which is defined above
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~* ^/assets/ {
expires 1y;
add_header Cache-Control public;
add_header Last-Modified "";
#add_header ETag "";
break;
}
}
$ cat /etc/nginx/nginx.conf:
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
$ cat config/environments/production.rb
Rails.application.configure do
config.cache_classes = true
config.eager_load = true
config.consider_all_requests_local = false
config.action_controller.perform_caching = true
config.serve_static_files = false
config.assets.js_compressor = :uglifier
config.assets.css_compressor = :sass
config.assets.compile = true
config.assets.digest = true
config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX
config.log_level = :debug
config.action_mailer.raise_delivery_errors = true
config.action_mailer.default_url_options = { host: 'http://52.88.555.555', port: 80 }
config.action_mailer.delivery_method = :smtp
config.action_mailer.smtp_settings = {
:address => "mail.mymail.com",
:port => 587,
:domain => "mydomain.com",
:user_name => ENV["txa_mail"],
:password => ENV["txa_pass"],
:authentication => :login,
:enable_starttls_auto => true,
:openssl_verify_mode => 'none'
}
config.i18n.fallbacks = true
config.active_support.deprecation = :notify
config.log_formatter = ::Logger::Formatter.new
config.active_record.dump_schema_after_migration = false
end
$ cat /var/log/nginx/error.log
2015/09/19 19:16:44 [error] 20716#0: *1 open() "/var/www/myapp/public/assets/application-6c87dce3bc16e6e98066ff6c6acd127148ff8009271165207404a1fcdd25989f.css" failed (2: No such file or directory), client: 190.48.126.22, server: myapp.work, request: "GET /assets/application-6c87dce3bc16e6e98066ff6c6acd127148ff8009271165207404a1fcdd25989f.css HTTP/1.1", host: "myapp.work", referrer: "http://myapp.work/"
2015/09/19 19:16:44 [error] 20716#0: *1 open() "/var/www/myapp/public/assets/application-609d6f1d02655c07f8c3b280c986f2ff351f6105e327145be40faff36df2bb8c.js" failed (2: No such file or directory), client: 190.48.126.22, server: myapp.work, request: "GET /assets/application-609d6f1d02655c07f8c3b280c986f2ff351f6105e327145be40faff36df2bb8c.js HTTP/1.1", host: "myapp.work", referrer: "http://myapp.work/"
2015/09/19 19:16:44 [error] 20716#0: *3 open() "/var/www/myapp/public/assets/logo-google-feed7f037310a2e6fd952385e026f6176f23b5a02fab50f2823020ae52b8cc3b.png" failed (2: No such file or directory), client: 190.48.126.22, server: myapp.work, request: "GET /assets/logo-google-feed7f037310a2e6fd952385e026f6176f23b5a02fab50f2823020ae52b8cc3b.png HTTP/1.1", host: "myapp.work", referrer: "http://myapp.work/"
2015/09/19 19:16:45 [error] 20716#0: *1 open() "/var/www/myapp/public/assets/home01h-2416d3a81632df5d1854647d2eab530f81c6349dd4d15eda6c010592aafec815.jpg" failed (2: No such file or directory), client: 190.48.126.22, server: myapp.work, request: "GET /assets/home01h-2416d3a81632df5d1854647d2eab530f81c6349dd4d15eda6c010592aafec815.jpg HTTP/1.1", host: "myapp.work", referrer: "http://myapp.work/"
2015/09/19 19:16:45 [error] 20716#0: *4 open() "/var/www/myapp/public/assets/home01v-db52d62784e9f4c85aaa42a67e77789cc414a13e7b9cb53807a46e81444c336a.jpg" failed (2: No such file or directory), client: 190.48.126.22, server: myapp.work, request: "GET /assets/home01v-db52d62784e9f4c85aaa42a67e77789cc414a13e7b9cb53807a46e81444c336a.jpg HTTP/1.1", host: "myapp.work", referrer: "http://myapp.work/"
2015/09/19 19:16:45 [error] 20716#0: *3 open() "/var/www/myapp/public/assets/icon-f2-3b43c9fd8a0c8013f9044a1e87697e4297ca45bd6f197ce3cca5ec4c2ee2183a.png" failed (2: No such file or directory), client: 190.48.126.22, server: myapp.work, request: "GET /assets/icon-f2-3b43c9fd8a0c8013f9044a1e87697e4297ca45bd6f197ce3cca5ec4c2ee2183a.png HTTP/1.1", host: "myapp.work", referrer: "http://myapp.work/"
2015/09/19 19:16:45 [error] 20716#0: *1 open() "/var/www/myapp/public/assets/icon-t2-0dcd845909680a6ab701bc0e9df0b5dc4b6dae79dabbff689471dc63e7088547.png" failed (2: No such file or directory), client: 190.48.126.22, server: myapp.work, request: "GET /assets/icon-t2-0dcd845909680a6ab701bc0e9df0b5dc4b6dae79dabbff689471dc63e7088547.png HTTP/1.1", host: "myapp.work", referrer: "http://myapp.work/"
Please help me!! I've tried lots of things during two days and nothing worked.
Thanks in advance!
Run the following command, RAILS_ENV=production bin/rake assets:precompile

Flask app : error while reading response header from upstream

The site runs with nginx and an uwsgi (flask app) and shellinabox terminal.
After every 20 or 30 minutes, the shellinabox terminal is not getting loaded and the nginx log shows this -
2012/05/26 14:20:27 [error] 4547#0: *117 readv() failed (104: Connection reset by peer) while reading upstream, client: 192.168.122.128, server: _, request: "POST /login/ HTTP/1.1", upstream: "uwsgi://127.0.0.1:1973", host: "www.MYwebapp.org", referrer: "http://www.MYwebapp.org/login/"
2012/05/26 14:20:31 [crit] 4547#0: *105 mkdir() "/var/lib/nginx/tmp/proxy/3/00" failed (13: Permission denied) while reading upstream, client: 192.168.122.128, server: _, request: "GET /terminal/proxy/ShellInABox.js HTTP/1.1", upstream: "http://127.0.0.1:4200/ShellInABox.js", host: "www.MYwebapp.org", referrer: "http://www.MYwebapp.org/terminal/proxy/index/"
2012/05/26 14:21:06 [error] 4547#0: *103 upstream timed out (110: Connection timed out) while reading response header from upstream
, client: 192.168.122.128, server: _, request: "POST /terminal/proxy/? HTTP/1.1", upstream: "http://127.0.0.1:4200/", host: "www.MYwebapp.org", referrer: "http://www.MYwebapp.org/terminal/proxy/index/"
2012/05/26 14:21:06 [error] 4547#0: *103 open() "/var/www/MYwebapp/templates/50x.html" failed (13: Permission denied), client: 192.168.122.128, server: _, request: "POST /terminal/proxy/? HTTP/1.1", upstream: "http://127.0.0.1:4200/", host: "www.MYwebapp.org", referrer: "http://www.MYwebapp.org/terminal/proxy/index/"
2012/05/26 14:22:31 [error] 4547#0: *136 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 192.168.122.128, server: _, request: "GET /terminal/proxy/index/ HTTP/1.1", upstream: "http://127.0.0.1:4200/index/", host: "www.MYwebapp.org", referrer: "http://www.MYwebapp.org/terminal/"
2012/05/26 14:22:31 [error] 4547#0: *136 open() "/var/www/MYwebapp/templates/50x.html" failed (13: Permission denied), client: 192.168.122.128, server: _, request: "GET /terminal/proxy/index/ HTTP/1.1", upstream: "http://127.0.0.1:4200/index/", host: "www.MYwebapp.org", referrer: "http://www.MYwebapp.org/terminal/"
I tried to put sometime-out values ... nothing helped so far.
As I'm pretty much new to nginx/uwsgi/shellinabox, I'm currently stuck with this.
Here is my nginx.conf file -
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/MYwebapp_access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
#
# The default server
#
server {
listen 80;
server_name _;
#charset koi8-r;
#access_log logs/host.access.log main;
location /terminal/proxy {
rewrite ^/terminal/proxy/(.*)$ /$1 break;
proxy_pass http://localhost:4200/index;
proxy_set_header X-Real-IP $remote_addr;
#proxy_read_timeout 3000;
uwsgi_connect_timeout 6000;
uwsgi_read_timeout 6000;
uwsgi_send_timeout 6000;
}
location / { try_files $uri #MYwebapp; }
location #MYwebapp {
include uwsgi_params;
uwsgi_pass localhost:1973;
uwsgi_connect_timeout 6000;
uwsgi_read_timeout 6000;
uwsgi_send_timeout 6000;
}
error_page 404 /404.html;
location = /404.html {
root /var/www/MYwebapp/templates;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/MYwebapp/templates;
}
}
# Load config files from the /etc/nginx/conf.d directory
include /etc/nginx/conf.d/*.conf;
2012/05/26 14:21:06 [error] 4547#0: *103 upstream timed out (110: Connection timed out) while reading response header from upstream
, client: 192.168.122.128, server: _, request: "POST /terminal/proxy/? HTTP/1.1", upstream: "http://127.0.0.1:4200/", host: "www.MYwebapp.org", referrer: "http://www.MYwebapp.org/terminal/proxy/index/"
2012/05/26 14:21:06 [error] 4547#0: *103 open() "/var/www/MYwebapp/templates/50x.html" failed (13: Permission denied), client: 192.168.122.128, server: _, request: "POST /terminal/proxy/? HTTP/1.1", upstream: "http://127.0.0.1:4200/", host: "www.MYwebapp.org", referrer: "http://www.MYwebapp.org/terminal/proxy/index/"
2012/05/26 14:22:31 [error] 4547#0: *136 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 192.168.122.128, server: _, request: "GET /terminal/proxy/index/ HTTP/1.1", upstream: "http://127.0.0.1:4200/index/", host: "www.MYwebapp.org", referrer: "http://www.MYwebapp.org/terminal/"
2012/05/26 14:22:31 [error] 4547#0: *136 open() "/var/www/MYwebapp/templates/50x.html" failed (13: Permission denied), client: 192.168.122.128, server: _, request: "GET /terminal/proxy/index/ HTTP/1.1", upstream: "http://127.0.0.1:4200/index/", host: "www.MYwebapp.org", referrer: "http://www.MYwebapp.org/terminal/"

Resources