I have nginx serving a page on port 80.
server {
listen 80;
server_name .example.com;
root /var/www/docs;
index index.html;
}
I also have a service running a server on port 9000. How do I set up a virtual directory in nginx (such as /service) to serve whatever is on port 9000? I am unable to open other ports, so I would like to serve this through some kind of virtual directory on port 80.
Start with that (but you definetly will need more directives to make your server normally answering on this subdirectory):
location /something {
proxy_pass http://localhost:9000/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
}
Related
I have multiple servers running on the same host. I am trying to configure nginx to route traffic based on the server_name, but all traffic is sent to the first defined server.
I have two urls:
example.domain.net
domain.net
which I have configured nginx to proxy with configuration:
server {
listen 3978;
listen [::]:3978;
server_name example.domain.net:3978 example.domain.net:3978;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://127.0.0.1:8443;
}
}
server {
listen 3978;
listen [::]:3978;
server_name domain.net:3978 www.domain.net:3978;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://127.0.0.1:8020;
}
}
But all traffic to both example.domain.net:3978 and domain.net:3978 is being sent to whichever server is defined first in the file (in this case example.domain.net)
I've seen other examples where this worked like This post. Is this possible with one having a subdomain and another not?
I am using nginx version 1.18.0 with the default nginx.conf on Ubuntu 18.04
server_name should not have ports. Try removing :3978 from the server_name.
Because you have the ports, the hostname does not match any of the server_name. So, the entire traffic is sent to the first server which is considered as a default for no matches.
I have configured nginx on an EC2 instance.
I am running rabbitmq-management which is running on port 15672 and is accessible using the IP address of the instance.
http://ip-address:15672
I do not want to allow access using the IP address and want to use my domain but using the same port as
http://utils.example.com:15672
For that, I tried to configure the nginx server with configuration
upstream rabbitmq_server {
server localhost:15672;
}
server {
listen 15672 ssl;
server_name utils.example.com;
location / {
proxy_pass http://rabbitmq_server/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Protocol $scheme;
}
}
But, this is giving error on starting the nginx server as
[emerg] 7476#7476: bind() to 0.0.0.0:15672 failed (98: Address already in use)
When I change the port to listen 15673, it works and is accessible using the domain also but is accessible using the IP address also.
How can I use the same internal IP on which application is running to be accessible from http://utils.example.com?
How can I disable direct access from the IP address and restrict access to domain/sub-domain only?
You could use an IF and check the $host variable inside the location, you can find the IF guide for nginx here
https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
Result would be similar to this one
upstream rabbitmq_server {
server localhost:15672;
}
server {
listen 15672 ssl;
server_name utils.example.com;
location / {
if ($host = utils.example.com) {
proxy_pass http://rabbitmq_server/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Protocol $scheme;
}
}
}
1)How can I use the same internal IP on which application is running to be accessible from http://utils.example.com?
You can't have those 2 applicacions (nginx and rabbit) listening to the same port.
sending a petition to ip: http://utils.example.com:15672 and http://ip:15672 is the same (not exactly, but for the example it will work).
My recomendation:
Change rabbitmq port to another one, lets say 15673. and set the nginx config like this:
upstream rabbitmq_server {
server localhost:15673;
}
server {
listen 15672 ssl;
server_name utils.example.com your_ip_numbers;
location / {
proxy_pass http://rabbitmq_server/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Protocol $scheme;
}
}
Like this, both your_ip:15672 and utils.example.com:15672 will go through nginx to be proxied to rabbitmq.
2) How can I disable direct access from the IP address and restrict access to domain/sub-domain only?
Take out "your_ip_numbers" from the server_name directive if you are going to use the recomendation and block any access to port 15673 in the firewall. Localhost proxies are not considered as a normal connection by most firewalls.
And if you only have proxy to rabbitmq to the server bracket of server_name utils.example.com; that's already a way to filter only this subdomain connections to rabbitmq.
If I have not expressed myself correctly, ask me in the comments what I'm refering to, I'd be glad to answer
Edit:
For the ip not to be proxy_passed, creating another default_server bracket in the same port (it's nginx so they don't collide) will send the ip there.
server {
listen 15672 ssl default_server;
server_name _;
return 418; #(or really any code you like)
}
Hope I helped.
Can't connect to application through External IP.
I started gerrit code review application on GCP's vm instance(CentOS 7).
It works on http://localhost:8080 and I can't connect to it through external IP. Also I tried to create NGINX reverse proxy, but probably my configuration is wrong. By the way after installing NGINX, the starter page were shown on external ip.
# nginx configuration /etc/nginx/conf.d/default.conf
server {
listen 80;
server_name localhost;
auth_basic "Welcomme to Gerrit Code Review Site!";
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
}
}
gerrit.config
[httpd]
listenUrl = proxy-http://127.0.0.1:8080/
You use localhost as a server_name. I think that may cause conflict, because you connect to your server externally. You don't need server_name, cause you are going connect to your server by ip. And I recommend you enable logs in your nginx config. It will help you with bug fixing.
I recommend you try this config:
server {
listen 80;
access_log /var/log/nginx/gerrit_access.log;
error_log /var/log/nginx/gerrit_error.log;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
}
}
add a line in /etc/hosts
127.0.0.1 internal.domain
Update proxy config
proxy_pass http://internal.domain:8080;
It works with me
I configured nginx as a load balancer and as long as the IP of the nginx server is called everything runs perfect. But the proxypass is not working.
Here is the crucial config part:
upstream discover {
hash $remote_addr consistent;
server <ipOfAppInstance01>:80;
server <ipOfAppInstance02>:80;
}
server {
listen 80;
server_name localhost;
location /discover/ {
proxy_pass http://discover; <---upstream group name
}
In some cases the configured proxypass path ("discover/discover/...") is called instead of the nginx server IP ("10.55.22.13/discover/...) and thats when I get the DNS resolve error. Did I get the config wrong? Or is that a DNS server issue, instead of nginx?
Regards
A
I'll need to test some more, but I think I solved this in the nginx configuration by doing something like this:
server {
listen 80;
server_name example.com;
location / {
proxy_pass http://main;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
I've been trying to wrap my head around load balancing over the past few days and have hit somewhat of a snag. I thought that I'd set up everything correctly, but it would appear that I'm getting almost all of my traffic through my primary server still, while the weights I've set should be sending 1:10 to primary.
My current load balancer config:
upstream backend {
least_conn;
server 192.168.x.xx weight=10 max_fails=3 fail_timeout=5s;
server 192.168.x.xy weight=1 max_fails=3 fail_timeout=10s;
}
server {
listen 80;
server_name somesite.somesub.org www.somesite.somesub.org;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host somesite.somesub.org;
proxy_pass http://backend$request_uri;
}
}
server {
listen 443;
server_name somesite.somesub.org www.somesite.somesub.org;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host somesite.somesub.org;
proxy_pass http://backend$request_uri;
}
}
And my current site config is as follows:
server {
listen 192.168.x.xx:80;
server_name somesite.somesub.org;
index index.php index.html;
root /var/www/somesite.somesub.org/html;
access_log /var/www/somesite.somesub.org/logs/access.log;
error_log /var/www/somesite.somesub.org/logs/error.log;
include snippets/php.conf;
include snippets/security.conf;
location / {
#return 301 https://$server_name$request_uri;
}
}
server {
listen 192.168.x.xx:443 ssl http2;
server_name somesite.somesub.org;
index index.php index.html;
root /var/www/somesite.somesub.org/html;
access_log /var/www/somesite.somesub.org/logs/access.log;
error_log /var/www/somesite.somesub.org/logs/error.log;
include snippets/php.conf;
include snippets/security.conf;
include snippets/self-signed-somesite.somesub.org.conf;
}
~
And the other configuration is exactly the same, aside from a different IP address.
A small detail that may or may not matter: One of the nodes is hosted on the same machine of the load balancer - not sure if that matters.
Both machines have correct firewall config, and can be accessed separately.
No error logs are showing anything of use.
The only possible thing I could think of is that the nginx site config is being served before the load balancer; and I'm not sure how to fix that.
With another look at the configuration and realized I could have just as easily had the site config that's on the load balancer listen on 127.0.0.1 and relist that among my available servers in the load balancer.
nGinx config for site on load balancer listening on localhost:80/443 solved this issue.