Quantcast
Channel: Nginx Forum - How to...
Viewing all 4759 articles
Browse latest View live

http streaming

March 23, 2017, 2:11 pm
$
0
0
Hello,

First thanks in advance for any help.

I am new to Nginx and I am having troubles on how to configure the http block of the configuration file to stream a live working rtmp (debian jessie).

I configured Nginx to accept a live stream through ffmpeg, I can connect VLC to Nginx server using rtmp://server:port/live/stream.

Now I want to be able to open this stream from a browser, so I started to look for options creating a html page and pass the rtmp stream to a js video player.

I use this Guide (https://docs.peer5.com/guides/setting-up-hls-live-streaming-server-using-nginx/) to configure the rtmp section and the http section.. I successfully completed steps 1 to 4, I have a working rtmp, and I can "pass" a live video feed to the server and stream it using rtmp.

When creating an HTML page to "read" the rtmp output to the video player I am lost trying to setup the source.

This is from the link I sent, I think my issue is defining the source "source src="

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Live Streaming</title>
<link href="//vjs.zencdn.net/5.8/video-js.min.css" rel="stylesheet">
<script src="//vjs.zencdn.net/5.8/video.min.js"></script>
</head>
<body>
<video id="player" class="video-js vjs-default-skin" height="360" width="640" controls preload="none">
<source src="http://localhost:8080/hls/stream.m3u8" type="application/x-mpegURL" />
</video>
<script>
var player = videojs('#player');
</script>
</body>
</html>


Thanks
Search

nginx as a URL router AND a load balancer at same time?

March 26, 2017, 11:28 am
$
0
0
Is it possible to use nginx as a URL router and a load balancer?

e.g.

URL : /A/B/C
HOSTS: x, y, z

URL: /D/E/H
HOSTS: e,f,g


In the above scenario, it would pick one of x,y,z (using regular load balancing schemes) if the URL of HTTP request is /A/B/C

ssl_verify_client ends up in 403

March 27, 2017, 5:51 am
$
0
0
Hello Forum,

Anyone ahs an idea how to allow (force) ssl_verify_client? I have done everything that was requested by the manuals, but if I set ssl_verify_client on, then the page recieves a 403, like I couldn't verify the client. This is mainly needed to make braintree payment method available, if anyone have encountered them before.

Can you please help me out with this?

My releated lines in my config file are:

ssl_certificate /etc/nginx/ssl/mycompany.hu.combined.crt;
ssl_certificate_key /etc/nginx/ssl/mycompany.hu.key;

ssl_client_certificate /etc/nginx/ssl/RapidSSL-CA.crt;
ssl_verify_client optional;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_prefer_server_ciphers on;

ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;

add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";

ssl_dhparam /etc/nginx/ssl/dhparams.pem;

And inside my first location, I have:
if ($ssl_client_verify != SUCCESS) {
return 403;
}


And before you say: I know IF IS EVIL :) But this one worked like a charm, so I wish to keep it if I can. OFC if I have to remove, but it makes the website working, then so be it.

Regards:
Bert

No address associated with hostname

March 27, 2017, 9:13 am
$
0
0
Hi everyone!
Since recently, after several hours of normal server functioning, file_get_contents () returns "php_network_getaddresses: getaddrinfo failed: No address associated with hostname". Nothing has been changed on the server, Google DNS are registered in the connection settings, gethostbyname () runs, everything pings from the console. At the current moment only reboot can help, but for the few hours.

OS - Ubuntu 14.04.4, hardware from https://gthost.com , web server - Nginx

NGINX does not re-start when configured with SSL certificate that depends on external SSL server that went down

March 27, 2017, 2:29 pm
$
0
0
I have an NGINX configuration with both HTTP and HTTPS traffic server blocks. Below is the HTTPS server block configuration snippet that is causing the problem.

server {
listen 10.1.1.5:443 default ssl;
listen 10.1.1.6:8080;

server_name myservice.traffic.dns.tmp;

ssl_certificate /etc/config/ssl/myservice.traffic.cert.pem;
ssl_certificate_key engine:name:myservice.traffic;
}

The external SSL server named "engine:name" is used to get the SSL certificate key. Initially, NGINX starts successfully. When the external SSL server goes down, if I try to restart NGINX, the restart fails because NGINX cannot connect with the external SSL server.

nginx: [emerg] ENGINE_load_private_key("385.1") failed
ENGINE_load_private_key:failed loading private key

This creates a "Hard" dependency on an external service.
How could I continue to serve my HTTP traffic even when the SSL external server is down? I would like to make nginx restart to succeed even when the external SSL server is down.

Thanks

how to get the error line in the configuration file when nginx -t failure

March 27, 2017, 3:37 pm
$
0
0
Is there a way to get the line number and the file name when the nginx configuration test fails.
nginx -t

I am getting the following error, but it doesn't say anything about which config file and line number this error comes from:

nginx: [emerg] ENGINE_load_private_key("385.1") failed (engine routines:ENGINE_load_private_key:failed loading private key)

I have a file for each server block.
It would good to know from which server block this error is originated.

Thanks

conflicting server name

March 27, 2017, 10:14 pm
$
0
0
These are different vhosts and only included config files to nginx.conf

mar 27 18:50:02 rastel nginx[6041]: nginx: [warn] conflicting server name "" on 0.0.0.0:80, ignored
mar 27 18:50:02 rastel nginx[6044]: nginx: [warn] conflicting server name "" on 0.0.0.0:80, ignored

server {
listen 80;
root /srv/www/wataha.net;
index index.php
server_name wataha.net;
}


server {
listen 80;
root /srv/www/low-level.pl;
index index.php
server_name low-level.pl;
}

root@rastel:/etc/nginx# nginx -t
nginx: [warn] conflicting server name "" on 0.0.0.0:80, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

What is wrong in here?

Re: conflicting server name

March 27, 2017, 10:26 pm
$
0
0
Fixed, server restart...
stop/start nginx not working.
Search

Re: Nginx as Reverse Proxy for Home Server

March 29, 2017, 6:51 am
$
0
0
Hi,

i just had a similar issue forwarding requests to my NAS from QNAP. Therefore i decided to define a second server-section like the following:

server {
listen 443;
server_name nas.DOMAIN.COM;

ssl_certificate SSLCERT;
ssl_certificate_key PRIVKEY;
ssl_dhparam /dhparams.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!L$

ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
add_header X-Frame-Options DENY;
add_header Cache-control: no-store;
add_header X-XSS-Protection "1; mode=block";


client_max_body_size 2m;


location / {
proxy_set_header HOST $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_pass https://INTERNAL_IP:PORT;
proxy_redirect off;
proxy_buffering off;
}


For me this solution is working perfectly.
I hope this help's.

Best Regards,
Daniel

Handling 504 Gateway Time-out

March 30, 2017, 2:02 am
$
0
0
Hi

We are using nginx as a proxy infront of one of our rest based services. We were using an older version of nginx that, as I've read, retried failed post/put/delete requests. I read that it was changed in newer releases, so I've upgraded nginx, but I am still suffering from post retries, which causes duplicate entries in our rest api. The requests get through just fine, it just seems like there's a timeout on the response.

As I've understood, the default behavious for nginx should be to not retry post requests or am I mistaken?

Reverse Proxy to Multiple Servers

April 2, 2017, 9:15 pm
$
0
0
Hi, I'm new to Nginx and I've run into some issue, hope you can help me. Is there any way that I can do reverse proxy by for example:

location /webapp1 {
proxy_pass http://webapp1server:8080/;
}
and by not passing the "/webapp1" uri to my http://webappserver1:8080/?

I need this because I need to do reverse proxy to multiple servers.

How to log auth information with simple auth

April 3, 2017, 1:00 pm
$
0
0
Hello,

Is it possible to log all username/passwords from a basic auth, e.g, whatever is provided in http://user:password@url.com/ and if so, how ? I suppose I can use the $remote_user variable for the user, not sure how to catch whatever is provided for the password. I can obviously do that with tshark, or other packet analyzers, but was wondering if it's possible with nginx alone.

Reverse Proxy Frontend-Server WOL Backend-Server

April 5, 2017, 3:20 am
$
0
0
Hi all!

I am pretty new in NGINX. Is there a possibility to automatically wake up a Backend-Server from Standby through the reverse proxy Frontend-Server always when somebody try to hit the webpage?

Any help would be appreciated. Thank you in advance!

Reverse mail proxy conceptual question

April 5, 2017, 7:05 am
$
0
0
Hello everyone,

I have a system running freebsd in a DMZ (A), accessing a system in the internal network (B) as a reverse proxy via HTTPS. Now I wanted to use it as a proxy for mail on B aswell.
I wrote an auth script in Python which just does this:

print "Content-type: text/html\n"
print "Auth-Status: OK"
print "Auth-Server: 10.0.0.23"
print "Auth-Port: 993"

I tried to test access 993 via telnet but it does not work at all, when I try to authenticate it just throws an error and exits, no authentication failure or anything.
I dont want nginx to do authentication, this can happen on the server that it proxies to, doesnt it?!

So far this has been quite some pain, because the documentation does not explain that you even need this auth script and what for.
Can someone explain the sense behind the conceptual decision to not just ask for IP and port in mail proxy config and instead force users to write some weird auth script? Does not make any sense to me at this point.

Hope someone can shed light upon this

Re: Reverse proxy for a TP-LINK router returns 403

April 5, 2017, 2:16 pm
$
0
0
I had the same issue with an Archer C2, however I was able to get it work by setting the Referer Header.

proxy_pass http://192.168.0.1;
proxy_set_header Referer http://192.168.0.1/;
Search

nginx reverse proxy with ssl terminator and upstream

April 8, 2017, 4:58 am
$
0
0
I use nginx as a SSL termination reverse proxy with upstream. The upstream points to my couchbase server installation that can be accessed without any problem directly (without using nginx ssl reverse proxy). But once I do it through nginx then only I see a lot of errors in my console because none of the assets (js/css and other files) get loaded and I see a lot of errors in my chrome console. I have researched and tried a lot of things these last 2 days but nothing seems to work. As for the SSL cert itself, it is correctly installed and I even get an A+ on qualys. I have attached both the nginx conf and the error log. Any pointers will greatly help. Thanks

nginx.conf (removed the irrevelant stuff from the conf)

user nginx;
worker_processes 2;

worker_rlimit_nofile 100000;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
use epoll;
worker_connections 1024;
multi_accept on;
}

http {
upstream couchbaseserver {
server 127.0.0.1:8091 max_fails=0;
}

server {
access_log /var/log/nginx/access.log main buffer=32k;
error_log /var/log/nginx/error.log error;
expires max;

# Listen on both 443 for the main connections and 80 for streaming container data
listen 80;
listen 443 ssl;

server_name sub.example.com;

add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;

ssl on;

ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;

# Force initial HTTP requests to switch to HTTPS:
if ($ssl_protocol = "") {
rewrite ^ https://$host:443$request_uri? permanent;
}

location / {
proxy_pass http://couchbaseserver;
proxy_redirect off;
proxy_set_header Host $host ;
proxy_set_header X-Real-IP $remote_addr ;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
proxy_set_header X-Forwarded-Proto https;

proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_cache_bypass $http_upgrade;

proxy_connect_timeout 10;
proxy_send_timeout 10;
proxy_read_timeout 10;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_temp_path /var/cache/nginx_proxy_temp;
}

}
}

error.log (in /var/log/nginx/error.log)

2017/04/08 11:25:35 [error] 3862#0: *363 open() "/usr/share/nginx/html/_p/ui/fts/static/lib/prism.js" failed (2: No such file or directory), client: 192.168.255.40, server: sub.example.com, request: "GET /_p/ui/fts/static/lib/prism.js HTTP/1.1", host: "sub.example.com", referrer: "https://sub.example.com/ui/index.html"
2017/04/08 11:25:36 [error] 3862#0: *363 open() "/usr/share/nginx/html/_p/ui/fts/static/js/expvar.js" failed (2: No such file or directory), client: 192.168.255.40, server: sub.example.com, request: "GET /_p/ui/fts/static/js/expvar.js HTTP/1.1", host: "sub.example.com", referrer: "https://sub.example.com/ui/index.html"
2017/04/08 11:25:36 [error] 3862#0: *363 open() "/usr/share/nginx/html/_p/ui/fts/static/js/index.js" failed (2: No such file or directory), client: 192.168.255.40, server: sub.example.com, request: "GET /_p/ui/fts/static/js/index.js HTTP/1.1", host: "sub.example.com", referrer: "https://sub.example.com/ui/index.html"
2017/04/08 11:25:36 [error] 3862#0: *363 open() "/usr/share/nginx/html/_p/ui/fts/static/js/query.js" failed (2: No such file or directory), client: 192.168.255.40, server: sub.example.com, request: "GET /_p/ui/fts/static/js/query.js HTTP/1.1", host: "sub.example.com", referrer: "https://sub.example.com/ui/index.html"
2017/04/08 11:25:37 [error] 3862#0: *363 open() "/usr/share/nginx/html/_p/ui/fts/static/js/b64.js" failed (2: No such file or directory), client: 192.168.255.40, server: sub.example.com, request: "GET /_p/ui/fts/static/js/b64.js HTTP/1.1", host: "sub.example.com", referrer: "https://sub.example.com/ui/index.html"
2017/04/08 11:25:37 [error] 3862#0: *363 open() "/usr/share/nginx/html/_p/ui/fts/static/js/filters.js" failed (2: No such file or directory), client: 192.168.255.40, server: sub.example.com, request: "GET /_p/ui/fts/static/js/filters.js HTTP/1.1", host: "sub.example.com", referrer: "https://sub.example.com/ui/index.html"
2017/04/08 11:25:37 [error] 3862#0: *363 open() "/usr/share/nginx/html/_p/ui/fts/static/js/directives.js" failed (2: No such file or directory), client: 192.168.255.40, server: sub.example.com, request: "GET /_p/ui/fts/static/js/directives.js HTTP/1.1", host: "sub.example.com", referrer: "https://sub.example.com/ui/index.html"
2017/04/08 11:25:37 [error] 3862#0: *363 open() "/usr/share/nginx/html/_p/ui/fts/static-bleve-mapping/js/mapping/index-mapping.js" failed (2: No such file or directory), client: 192.168.255.40, server: sub.example.com, request: "GET /_p/ui/fts/static-bleve-mapping/js/mapping/index-mapping.js HTTP/1.1", host: "sub.example.com", referrer: "https://sub.example.com/ui/index.html"
2017/04/08 11:25:38 [error] 3862#0: *363 open() "/usr/share/nginx/html/_p/ui/fts/static-bleve-mapping/js/mapping/type-mapping.js" failed (2: No such file or directory), client: 192.168.255.40, server: sub.example.com, request: "GET /_p/ui/fts/static-bleve-mapping/js/mapping/type-mapping.js HTTP/1.1", host: "sub.example.com", referrer: "https://sub.example.com/ui/index.html"
2017/04/08 11:25:38 [error] 3862#0: *363 open() "/usr/share/nginx/html/_p/ui/fts/static-bleve-mapping/js/mapping/analysis.js" failed (2: No such file or directory), client: 192.168.255.40, server: sub.example.com, request: "GET /_p/ui/fts/static-bleve-mapping/js/mapping/analysis.js HTTP/1.1", host: "sub.example.com", referrer: "https://sub.example.com/ui/index.html"
2017/04/08 11:25:38 [error] 3862#0: *363 open() "/usr/share/nginx/html/_p/ui/fts/static-bleve-mapping/js/mapping/analysis-analyzer.js" failed (2: No such file or directory), client: 192.168.255.40, server: sub.example.com, request: "GET /_p/ui/fts/static-bleve-mapping/js/mapping/analysis-analyzer.js HTTP/1.1", host: "sub.example.com", referrer: "https://sub.example.com/ui/index.html"
2017/04/08 11:25:39 [error] 3862#0: *363 open() "/usr/share/nginx/html/_p/ui/fts/static-bleve-mapping/js/mapping/analysis-wordlist.js" failed (2: No such file or directory), client: 192.168.255.40, server: sub.example.com, request: "GET /_p/ui/fts/static-bleve-mapping/js/mapping/analysis-wordlist.js HTTP/1.1", host: "sub.example.com", referrer: "https://sub.example.com/ui/index.html"
2017/04/08 11:25:39 [error] 3862#0: *363 open() "/usr/share/nginx/html/_p/ui/fts/static-bleve-mapping/js/mapping/analysis-charfilter.js" failed (2: No such file or directory), client: 192.168.255.40, server: sub.example.com, request: "GET /_p/ui/fts/static-bleve-mapping/js/mapping/analysis-charfilter.js HTTP/1.1", host: "sub.example.com", referrer: "https://sub.example.com/ui/index.html"
2017/04/08 11:25:39 [error] 3862#0: *363 open() "/usr/share/nginx/html/_p/ui/fts/static-bleve-mapping/js/mapping/analysis-tokenizer.js" failed (2: No such file or directory), client: 192.168.255.40, server: sub.example.com, request: "GET /_p/ui/fts/static-bleve-mapping/js/mapping/analysis-tokenizer.js HTTP/1.1", host: "sub.example.com", referrer: "https://sub.example.com/ui/index.html"
2017/04/08 11:25:40 [error] 3862#0: *363 open() "/usr/share/nginx/html/_p/ui/fts/static-bleve-mapping/js/mapping/analysis-tokenfilter.js" failed (2: No such file or directory), client: 192.168.255.40, server: sub.example.com, request: "GET /_p/ui/fts/static-bleve-mapping/js/mapping/analysis-tokenfilter.js HTTP/1.1", host: "sub.example.com", referrer: "https://sub.example.com/ui/index.html"
2017/04/08 11:25:40 [error] 3862#0: *363 open() "/usr/share/nginx/html/_p/ui/fts/js/debug.js" failed (2: No such file or directory), client: 192.168.255.40, server: sub.example.com, request: "GET /_p/ui/fts/js/debug.js HTTP/1.1", host: "sub.example.com", referrer: "https://sub.example.com/ui/index.html"
2017/04/08 11:25:40 [error] 3862#0: *363 open() "/usr/share/nginx/html/_p/ui/fts/fts.js" failed (2: No such file or directory), client: 192.168.255.40, server: sub.example.com, request: "GET /_p/ui/fts/fts.js HTTP/1.1", host: "sub.example.com", referrer: "https://sub.example.com/ui/index.html"

Thanks once again

Preserving Source IP using SSL Preread + OpenVPN

April 11, 2017, 2:16 am
$
0
0
Please if anyone could help. I am trying to setup an OpenVPN server running on 443 tcp behind an Nginx 1.11.13 proxy while preserving the source IP.

I have searched long and far and my nginx.conf is currently as follows:

stream {

map $ssl_preread_server_name $name {
mydomain.com backend;
default default-backend;
}

upstream backend {
server 10.100.0.102:443; <-- Backend nginx server
}

upstream default-backend {
server 192.168.1.154:443; <-- OpenVPN server
}

proxy_protocol on;

server {
listen 443;
proxy_pass $name;
ssl_preread on;
}

Leaving proxy_protocol off (or commented out) I am able to connect to my OpenVPN server on 443 without any issues. Only problem is all forwarded requests show the IP address of this nginx server 10.100.0.102. I am unable to filter or deny requests based on IP since its all from myself.

Upon turning proxy_protocol on I can now see all requests from source IP using real_ip_header proxy_protocol. Only problem is now OpenVPN is unable to connect due to TRANSPORT_ERROR "NETWORK_EOF_ERROR".


Does anybody know a way to allow connections to an OpenVPN server behind an Nginx proxy while preserving source IP?
Please help.

Re: Preserving Source IP using SSL Preread + OpenVPN

April 11, 2017, 2:42 am
$
0
0
Define an extra server {} block, enable proxy protocol there, move proxy_pass to server block, call server block from map.

Re: Preserving Source IP using SSL Preread + OpenVPN

April 12, 2017, 12:56 am
$
0
0
Thanks for the reply. I have created a new $ssl_preread_server called $test and a new server block with proxy_pass $test and proxy_protocol set to on but I am unable to set it to listen on 443 it says port in use. So I attempted to listen on 4443 but then it never gets any requests that come from https on the mydomain.com specification.

So I figured I set mydomain.com and then its upstream back to the same server on 4443 and then from there have my $test ssl preread forward to the backend (10.100.0.102) server using proxy_protocol on but I am left with the original issue of not seeing a source IP because of the initial non proxy_protocoled forward :|

So what can I do here? How exactly do I get both my server blocks with the two different proxy_pass' to listen on 443 so that it can forward source ip requests to backend NGINX + use OpenVPN on 443?

Thank you

Re: Preserving Source IP using SSL Preread + OpenVPN

April 12, 2017, 2:07 am
$
0
0
https always has a name, vpn/ssh does not so make the map(ping) work this way.
internal passing on (443->map->1443->proxy_pass with proxy protocol...)
Viewing all 4759 articles
Browse latest View live
Search