I'm trying to route traffic across multiple upstream servers on nginx like so:
upstream app_a {
server unix:/tmp/app_a.sock fail_timeout=10;
# For a TCP configuration:
# server localhost:8000 fail_timeout=0;
}
server {
#listen 80; ## listen for ipv4; this line is default and implied
#listen [::]:80 default ipv6only=on; ## listen for ipv6
index index.html index.htm;
server_name localhost;
root /home/ubuntu/app_a/www/staging/static;
location ~ ^/app_a/(.*)$ {
try_files $1 #proxy_to_app_a;
}
location #proxy_to_app_a {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_a;
}
Unfortunately the apps have no knowledge of full uris and expect to be sitting on root - which means i need to re-write the uri when passing to the app, which is why i thought this might work:
location ~ ^/app_a/(.*)$ {
try_files $1 #proxy_to_app_a;
}
the app works fine if location is just / (because of the aforementioned root issue), but this regex based solution doesnt seem to work. What do i need to do so the app gets / instead of app_a in the url?
Thanks
location /app_a/ {
rewrite /app_a/(.*) /$1 break;
proxy_set_header Host $http_host;
proxy_pass http://app_a;
}
Related
Setup: Ubuntu 18.04 Nginx Apache Varnish PHP Server
Nginx handles the traffic in the first place.
I have two domains pointing to the same server.
The first Domain works correct, the second one only redirects to the first one.
What is wrong with my configs?
First config which works fine
(Here the nginx works as an reverse proxy for the varnish and Apache.)
upstream varnish {
server 127.0.0.1:6081;
}
upstream apache {
server 127.0.0.1:8080;
}
server {
if ($host = domain1.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80 default_server;
server_name domain1.com;
include inc/acme-challenge.conf;
location / {
return 301 https://domain1.com$request_uri;
}
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2;
#client_max_body_size 120M;
server_name domain1.com;
location /wp-content/uploads {
alias /var/www/website/wp-content/uploads;
include inc/gzip.conf;
include inc/browser-cache.conf;
}
error_page 502 /502.html;
location = /502.html {
alias /var/www/website/502.html;
}
location / {
proxy_pass http://varnish;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Host $host;
}
location ^~ /phpmyadmin {
allow 45.77.141.32; #qundg
allow 87.191.170.222; #qundg
deny all;
proxy_pass http://varnish;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Host $host;
}
ssl_certificate /etc/letsencrypt/live/domain1.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain1.com/privkey.pem; # managed by Certbot
}
And here ist the second config (this one does not work)
The Domain should only be managed by the nginx without the Apache or Varnish service.
server {
listen 80;
listen [::]:80;
server_name domain2.com *.domain2.com;
root /var/www/domain2.com;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name domain2.com *.domain2.com;
root /var/www/domain2.com;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
Here ist the default config
server {
server_name _;
listen *:80 default_server deferred;
error_log /var/log/nginx/default_server_error.log;
return 444;
}
You're using a wildcard in the second DNS name, that should be something that's not recognized in your certificate.
To get a wildcard you could follow instruction here https://medium.com/#saurabh6790/generate-wildcard-ssl-certificate-using-lets-encrypt-certbot-273e432794d7
I have few case in which I have more than 1 DNS pointing to the same website and for those I created different nginx configuration files, and applied for each che certbot authentication. I noticed that using 3rd level dns (something.mysyte.com) in the same config file brouth certbot to override certificates when I had more than 1.
In your specific case you have 2 dns name in the second configuration and one has a wildcard. If you try to remove the dns with the wildcard and reinstall certificates it should work. You can then setup a new block with each 3rd level domain and get certificate for each one, or follow the guide to get the wildcard certificate.
In my Nginx configuration, I would like to keep one service to be accessible with http, while all the others should be accessed through https, and forced to ssl when trying to connect with http. This is my config:
server{
server_name localhost;
listen 80;
proxy_http_version 1.1;
location /services/ {
proxy_pass http://localhost:47440/;
}
listen / {
rewrite ^ https://$server_name$request_uri? permanent;
}
server{
server_name localhost_ssl;
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/mycert.crt;
ssl_certificate_key /etc/nginx/ssl/mycert.key;
proxy_http_version 1.1;
location /db/ {
proxy_pass http://localhost_ssl:8084/;
}
}
My problem is that when trying to reload I get this error:
host not found in upstream "localhost_ssl" in /etc/nginx/nginx.conf:46
Any idea of why this happens?
It seems your DNS resolver is failing for some reason.
Try adding:
options single-request
to /etc/resolv.conf
This causes IPv6/v4 lookups to be done sequentially.
You got this error because nginx can't find the host "localhost_ssl". Indeed it doesn't exist unless you specify it with upstream directive (or in the hosts file I think).
You should set it to proxy_pass http://localhost:8084/; assuming your service is really listening on 127.0.0.1:8084.
Furthermore you may want to replace listen / { with location / {.
UPDATE : If you access your server with your IP (you don't have a domain name), then you can remove server_name directive :
server {
listen 80;
proxy_http_version 1.1;
location /services {
proxy_pass http://localhost:47440/;
proxy_set_header Host $host;
}
location / {
return 301 https://$host$request_uri?; # Replace $server_name by $host
}
server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/mycert.crt;
ssl_certificate_key /etc/nginx/ssl/mycert.key;
proxy_http_version 1.1;
location /db {
proxy_pass http://localhost:8084/;
proxy_set_header Host $host;
}
}
That config redirects requests received on port 80 to 443 if they don't match location /services. Requests received on port 443 are proxied if they match location /db.
But is this what you really want to achieve ? I mean a request on port 443 for /test would not match any location as there is only /db.
I am trying to serve static html files via nginx. In my nginx config, I have:
upstream app_server {
server 127.0.0.1:9000 fail_timeout=0;
}
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /home/django/django_project/static/html;
index index.html index.htm;
client_max_body_size 4G;
server_name _;
keepalive_timeout 5;
location /static/admin {
alias /usr/lib/python2.7/dist-packages/django/contrib/admin/static/admin;
}
location /static {
alias /home/django/django_project/static;
}
location /minion {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_server;
}
# this is what im talking about
location /html {
alias /home/django/django_project/static/html;
}
location / {
alias /home/django/django_project/static/html;
}
}
(note how the two last definitions are identical aside from the location path). Now, if I go to mywebsite.tld, I get a 403 error for some weird reason, while going to mywebsite.tld/html works exactly as it is supposed to be.
What is the explanation for this behaviour? What mistake did I make so it does this? Obviously, the file perms are ok, the index and files all exist (since /html works), it has to do with the location /, but I dont have a clue why it would... Please help me out here.
I have a Spring Boot + MVC app up and running on my server and it's bound to http://localhost:8000.
There is an nginx proxy (or is it a reverse proxy, not sure about the name) that listens to the outside world on ports 80 and 443. The root ( / ) will resolve correctly, but anything under it will not resolve and results in a 404 error ( /someControllerName/action, /images/, /css/ ).
I have this as my configuration:
upstream jetty {
server localhost:8000;
}
server {
listen 80;
server_name domain.com;
return 301 http://www.domain.com$request_uri;
}
server {
listen 443;
server_name domain.com;
ssl_certificate /etc/nginx/ssl/ssl.crt;
ssl_certificate_key /etc/nginx/ssl/ssl.key;
return 301 https://www.domain.com$request_uri;
}
server {
listen 80 default_server;
listen 443 ssl;
root /usr/share/nginx/html;
index index.html index.htm;
server_name www.domain.com localhost;
#ssl on;
ssl_certificate /etc/nginx/ssl/ssl-unified.crt;
ssl_certificate_key /etc/nginx/ssl/ssl.key;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
proxy_pass $scheme://jetty/$request_uri;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
try_files $uri $uri/ =404;
}
}
Any help is very much appreciated.
You can't combine proxy_pass with try_files in the way that you have attempted. As the comment in your configuration describes, the try_files directive causes nginx to look for a file that matches the URI and then look for a directory that matches the URI. If it doesn't find either, it responds with a 404. You can read more about try_files in the nginx documentation.
It's not clear from your question that you need to use try_files at all so the simplest way to fix your configuration is to remove the try_files line.
I am using monit on my ec2 instance and I am new to nginx. Below is my nginx config file:
server {
listen 80;
server_name 127.0.0.1;
location / {
proxy_pass 127.0.0.1:2812;
proxy_set_header Host $host;
}
}
So..if I go to domain.com I see monit. How do I modify above code where I can see monit on domain.com/monit?
Thanks
Please, try this:
server {
listen 80;
server_name 127.0.0.1;
location /monit/ {
proxy_pass http://127.0.0.1:2812;
proxy_set_header Host $host;
}
}
Please, read more here about how directive location works in nginx
There's an article in Monit's wiki how to configure it with Nginx.
Here's my /etc/nginx/conf.d/monit.conf:
server {
listen 80;
server_name my.server.name;
location /monit/ {
allow 127.0.0.1;
allow 192.0.0.0/8;
deny all;
proxy_pass http://127.0.0.1:2812;
proxy_set_header Host $host;
rewrite ^/monit/(.*) /$1 break;
proxy_ignore_client_abort on;
}
}
Sergei already correctly answered your direct question. I think it's also worth noting that this may be cleaner to just use a subdomain:
server {
listen 80;
server_name monit.domain.com;
location / {
proxy_pass 127.0.0.1:2812;
proxy_set_header Host $host;
}
}