Quantcast
Channel: Nginx Forum - How to...
Viewing all 4759 articles
Browse latest View live

Nginx: proxy_pass not forwarding the proxy headers

August 9, 2017, 4:42 pm
$
0
0
Guys, I have a weird issue.

I have two server blocks over SSL.

The block is attached below:

server {


listen 443 default_server ssl;
server_name _ ;

ssl_certificate "/etc/nginx/ssl-certs/server-certs/xx.cert";
ssl_certificate_key "/etc/nginx/ssl-certs/server-certs/xx-private.key";


ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_session_tickets off;
ssl_ciphers HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP;
ssl_prefer_server_ciphers on;
server_tokens off;


location / {
deny all;

}
location /uxxxs/ {

proxy_pass http://localhost:23051/uxxs/;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $host;

}
location /mynginxstats {
stub_status on;
access_log off;
}


}


server {

listen 443 ssl;
server_name *.ma.test.abcxyz.net;
ssl_certificate "/etc/nginx/ssl-certs/server-certs/xx.cert";
ssl_certificate_key "/etc/nginx/ssl-certs/server-certs/xx-private.key";
ssl_client_certificate /etc/nginx/ssl-certs/client-cert/root-certs-ecc-rsa.crt;


ssl_verify_client on;
ssl_verify_depth 2;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_session_tickets off;
ssl_ciphers HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP;
ssl_prefer_server_ciphers on;
server_tokens off;


location / {
deny all;

}
location /uxxs/ {

proxy_pass http://localhost:23051/uxxs/;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header X-SSL-Client-FINGERPRINT $ssl_client_fingerprint;

proxy_set_header X-Client-Cert $ssl_client_fingerprint;
proxy_set_header X-SSL-Session-Id $ssl_session_id;
proxy_set_header Host $host;

}


}


As you can see for certain hostnames *.ma.test.abcxyz.net; , I am doing 2 -way ssl .


The issue is: when I send via browser to mywebsite.ma.test.abcxyz.net, I can see that backend instance is getting the proxy headers properly filled up:

proxy_set_header X-SSL-Client-FINGERPRINT $ssl_client_fingerprint;
proxy_set_header X-Client-Cert $ssl_client_fingerprint;
proxy_set_header X-SSL-Session-Id $ssl_session_id;
proxy_set_header Host $host;

But when I send a same request through my client simulator ( ruby app ), I dont see these headers coming to backend proxy. Now, my backend proxy needs these header info.


I am wondering why nginx is not sending these proxy headers to backend instance when sending request thru client simulator but when I send thru browser, it sends... ?

Thanks
Search

[Help] Proxy pass downgrading to HTTP

August 11, 2017, 5:28 am
$
0
0
Hey,
I have a local setup of NGINX on Windows acting as a HTTPS proxy to another local HTTPS UI (i'm testing out some configuration, these will be on remote servers in due course), however, despite the configuration it appears to be downgrading the upstream connection to HTTP which then fails and results in a HTTP 502 (Bad Gateway), confirmed via browser network logs that the 502 is an immediate response to the initial request.

Anyone have any thoughts on why it would be downgrading?

BTW: I know there will be more configuration required in due course (e.g. proxy_redirect) for now i'm trying to sort out the basic connectivity.

Details below ............... Note that the upstream URL in the log extract has been downgraded to HTTP rather than using HTTPS per the configuration. I've also tried disabling ssl session reuse, increasing timeouts and explicitly configuring a trusted cert - all to no avail.


UI URL : https://locahost:9443/publisher/
* confirmed as accessible - normally returns a 302 Redirect
* using a generated certificate


NGINX Configuration :
* using a generated certificate

server {
listen 443 ssl;
server_name localhost;

ssl_certificate nginx.pem;
ssl_certificate_key nginx.key;

ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;

ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

location /gateway-pub/ {
proxy_pass https://localhost:9443/publisher/;
proxy_set_header Host localhost:9443;
proxy_ssl_protocols SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
proxy_ssl_verify off;
}
}


NGINX error.log while accessing https://localhost/gateway-pub/ :

2017/08/11 11:54:28 [error] 15920#10248: *109 upstream prematurely closed connection while reading response header from upstream, client: 127.0.0.1, server: localhost, request: "GET /gateway-pub/ HTTP/1.1", upstream: "http://[::1]:9443/publisher/", host: "localhost"
2017/08/11 11:54:28 [error] 15920#10248: *109 upstream prematurely closed connection while reading response header from upstream, client: 127.0.0.1, server: localhost, request: "GET /gateway-pub/ HTTP/1.1", upstream: "http://127.0.0.1:9443/publisher/", host: "localhost"

(no warnings/errors reported on loading the configuration and no additional information, or anything seemingly relevant, with increased logging when the above error is reported)

Re: [Help] Proxy pass downgrading to HTTP

August 11, 2017, 8:49 am
$
0
0
Should've added - v1.13.4 on Windows

Using OpenVPN behind an NGINX Reverse Proxy using the TCP/UDP Stream Proxying Module

August 13, 2017, 3:10 pm
$
0
0
I have been using NGINX as a reverse proxy for my home domain for a little over a year now. The proxy lives in an AWS EC2 instance and delivers traffic to my home IP Address and disguises all of the ugly port combinations.

I've never managed to get my OpenVPN server to work with NGINX though. When I try and connect to the server from BEHIND NGINX via my domain name, it times out and says:

TCP: connect to [AF_INET]777:777:777:777:8050 failed, will try again in 5 seconds: Connection timed out

Where `777.777.777.777` is the IP Address of my reverse proxy NOT my home IP Address which is `888.888.888.888`. Which NGINX should be stream proxying data to as defined by this block in my config file: https://gist.github.com/zimmertr/fc197a5cab1089f1468848ae7f86a3f2

Now, from what I can tell, I have configured NGINX properly. And, I know for a fact that I have configured the everything correct on the VPN/Home networking side as if I configure the OpenVPN server to use the IP Address of my home server is works fine: http://i.imgur.com/UycWpOO.png

`[OpenVPN Server] Peer Connection Initiated with [AF_INET]888.888.888.888:8051`

If that field is changed from `888.888.888.888` to `vpn.domain.com` instead, which uses the NGINX reverse proxy, then data isn't redirect to the proper IP Address. And instead OpenVPN attempts to connect to ports 8050 and 8051 on the AWS EC2 instance running NGINX.

Have I done something wrong? Is this not the intended purpose of stream proxying? Looking forward to hearing back from you guys. Thanks for the help!

EDIT: If it's not immediately obvious, I redacted my actual IPs. Which is why I used those invalid IPs.

PHP & Extensions Issue

August 14, 2017, 12:24 pm
$
0
0
Hi there,

Since recent upgrade on my QNAP NAS, I have been finding the following errors when starting the service up. Appreciate any troubleshooting support!

# /etc/init.d/QNginx.sh start
create symlink in opt
localization Share
Create html share if not exists
directory html exists
copy files index.html from Nginx if not exists
index.html file exists
copy files index.html from Nginx if not exists
50x.html file exists
copy files test.php from Nginx if not exists
test.php file exists
Generating some SSL self signed cert in case of, if not exist
cert files exists, not necessary
Starting PHP-FPM
Failed loading /opt/QNginx/lib/extensions/no-debug-non-zts-20131226/opcache.so: /opt/QNginx/lib/extensions/no-debug-non-zts-20131226/opcache.so: cannot open shared object file: No such file or directory
Failed loading /opt/QNginx/lib/extensions/no-debug-non-zts-20131226/opcache.so: /opt/QNginx/lib/extensions/no-debug-non-zts-20131226/opcache.so: cannot open shared object file: No such file or directory
[14-Aug-2017 14:10:05] NOTICE: PHP message: PHP Warning: PHP Startup: Unable to load dynamic library '/opt/QNginx/lib/extensions/no-debug-non-zts-20151012/http.so' - /opt/QNginx/lib/extensions/no-debug-non-zts-20151012/http.so: cannot open shared object file: No such file or directory in Unknown on line 0
[14-Aug-2017 14:10:05] NOTICE: PHP message: PHP Warning: PHP Startup: Unable to load dynamic library '/opt/QNginx/lib/extensions/no-debug-non-zts-20151012/uploadprogress.so' - /opt/QNginx/lib/extensions/no-debug-non-zts-20151012/uploadprogress.so: cannot open shared object file: No such file or directory in Unknown on line 0
[14-Aug-2017 14:10:05] NOTICE: PHP message: PHP Warning: Module 'imagick' already loaded in Unknown on line 0
[14-Aug-2017 14:10:05] NOTICE: PHP message: PHP Warning: Module 'apcu' already loaded in Unknown on line 0
[14-Aug-2017 14:10:05] NOTICE: PHP message: PHP Warning: Module 'timezonedb' already loaded in Unknown on line 0
[14-Aug-2017 14:10:05] NOTICE: PHP message: PHP Warning: Module 'raphf' already loaded in Unknown on line 0
[14-Aug-2017 14:10:05] NOTICE: PHP message: PHP Warning: Module 'propro' already loaded in Unknown on line 0
[14-Aug-2017 14:10:05] NOTICE: PHP message: PHP Warning: PHP Startup: Unable to load dynamic library '/opt/QNginx/lib/extensions/no-debug-non-zts-20151012/http.so' - /opt/QNginx/lib/extensions/no-debug-non-zts-20151012/http.so: cannot open shared object file: No such file or directory in Unknown on line 0
[14-Aug-2017 14:10:05] NOTICE: PHP message: PHP Warning: Module 'krb5' already loaded in Unknown on line 0
[14-Aug-2017 14:10:05] NOTICE: PHP message: PHP Warning: Module 'solr' already loaded in Unknown on line 0
[14-Aug-2017 14:10:05] NOTICE: PHP message: PHP Warning: Module 'mailparse' already loaded in Unknown on line 0
[14-Aug-2017 14:10:05] NOTICE: PHP message: PHP Warning: Module 'ev' already loaded in Unknown on line 0
[14-Aug-2017 14:10:05] NOTICE: PHP message: PHP Warning: Module 'eio' already loaded in Unknown on line 0
[14-Aug-2017 14:10:05] NOTICE: PHP message: PHP Warning: Module 'hrtime' already loaded in Unknown on line 0
[14-Aug-2017 14:10:05] NOTICE: PHP message: PHP Warning: PHP Startup: Unable to load dynamic library '/opt/QNginx/lib/extensions/no-debug-non-zts-20151012/uploadprogress.so' - /opt/QNginx/lib/extensions/no-debug-non-zts-20151012/uploadprogress.so: cannot open shared object file: No such file or directory in Unknown on line 0
[14-Aug-2017 14:10:05] NOTICE: PHP message: PHP Warning: Module 'OAuth' already loaded in Unknown on line 0
[14-Aug-2017 14:10:05] NOTICE: PHP message: PHP Warning: Module 'scrypt' already loaded in Unknown on line 0
[14-Aug-2017 14:10:05] NOTICE: PHP message: PHP Warning: Module 'xxtea' already loaded in Unknown on line 0
[14-Aug-2017 14:10:05] NOTICE: PHP message: PHP Warning: Module 'hprose' already loaded in Unknown on line 0
[14-Aug-2017 14:10:05] NOTICE: PHP message: PHP Warning: Module 'redis' already loaded in Unknown on line 0
[14-Aug-2017 14:10:05] NOTICE: PHP message: PHP Warning: Module 'xattr' already loaded in Unknown on line 0
[14-Aug-2017 14:10:05] NOTICE: PHP message: PHP Warning: Module 'xdebug' already loaded in Unknown on line 0
[14-Aug-2017 14:10:05] NOTICE: PHP message: PHP Warning: Xdebug MUST be loaded as a Zend extension in Unknown on line 0
[14-Aug-2017 14:10:05] ERROR: unable to bind listening socket for address '127.0.0.1:9000': Address already in use (98)
[14-Aug-2017 14:10:05] ERROR: FPM initialization failed
Starting NGinx
2017/08/14 14:10:05 [emerg] 3720#0: open() "/opt/QNginx/logs/error.log" failed (2: No such file or directory)

How to password protect Wordpress Multisite Site and subdirectory, file.

August 17, 2017, 10:05 am
$
0
0
I'm having Wordpress Multisite Setup with Wordpress MU Domain Mapping plugin and Nginx Helper using config in the link below.


https://paste.ngx.cc/7d

Can't make password protection over specific domains, subdirectories or files seem to work. After authentication WSOD or File download.

Wordpress in subdirectory

August 18, 2017, 6:18 am
$
0
0
wordpress and nginx both have instructions on how to configure nginx to work with wordpress.

https://codex.wordpress.org/Nginx
and
https://www.nginx.com/resources/wiki/start/topics/recipes/wordpress/

both assume a server dedicated to the wordpress site.

My situation is one that has the main symfony site at https://www.mydomain.com and I want the wordpress blog to be at https://www.mydomain.com/blog/

The server is configured for mydomain.com. I have a location for a forum package at /boards/ that works fine. However, I had extreme difficulties even getting /blog/ to load a standard index file.

One piece of the wordpress codex or nginx recipe that I haven't been able to figure out how to use is the upstream php block to abstract backend connections. Is that critical?
Is there a way for me to still use the upstream php with just one location?

I've attached my nginx config. Please let me know if I can provide more information, and thank you in advance for any help you can give me!

I cannot provide a link to what is happening with this config, but I can tell you that the wordpress index file is being hit. Unfortunately it's being downloaded instead of run though in Chrome.

How to remove all .html from the URL | Nignx

August 20, 2017, 6:53 am
$
0
0
I'm new to Nginx, I need to remove all the *.html extensions appear in my URL, e.g. http://mywebsite.com/events.html/beauty-must-haves.html

I've tried lots of solutions to fix this, but not able to fix, can anyone kindly help me to fix this. These are no hard coded pages, it generates at runtime the following link doesn't help fix it.

how to serve html files in nginx without showing the extension in this alias setup

I need it to be SEO Friendly e.g. http://mywebsite.com/events/beauty-must-haves

Thanx in Advance.
Search

Re: How to remove all .html from the URL | Nignx

August 20, 2017, 11:42 pm
$
0
0
The following code got me what I was looking for, but it doesn't remove the .html extension inside the URL, it only removes the ending extension:

rewrite ^(/.*)\.html(\?.*)?$ $1$2 permanent;
rewrite ^/(.*)/$ /$1 permanent;

try_files $uri/index.html $uri.html $uri/ $uri =404;

Any Help Please ... ?

How to setup a website with nginx, centos and a domain registed on cloudflare?

August 21, 2017, 9:45 am
$
0
0
I'm a newbie on setup a website on a vps hired, centos os , nginx and a domain registed on cloudflare. I have done setup enviroment on my centos such as LEMP ( Linux , nginx, mysql, php) but I have no idea what i'm doing next step. I look for some tutorials on internet but this solutions are unclear because of too simple. Such as https://nginx.org/en/docs/http/request_processing.html#simple_php_site_configuration.

So let give me a enough guide to configure a website with domain , dns register.

recource :
- ip address of my vps server is 155.94.xxx.15x
- my domain registed on cloudflare is domain.tk with A row " Name " : domain.tk points to address 155.94.xxx.15x. CNAME row is www.domain.tk is alias of domain.tk

thank you!!!!

Re: How to remove all .html from the URL | Nignx

August 22, 2017, 1:13 am
$
0
0
The following code works for me to hide the Extensions in the Middle of the URL, but it's redirecting twice:

rewrite ^(.+)\.html(/.*)?$ $1$2 permanent;
rewrite ^/(.*)/$ /$1 permanent;

try_files $uri/index.html $uri.html $uri/ $uri =404;

First, it redirects the end .html
Second, it redirects the middle .html
I require it to be in a single span. Any !dea?

proxy_add_x_forwarded_for giving invalid IP address

August 23, 2017, 1:28 am
$
0
0
We are using Nginx to terminate SSL and passing the requests to Varnish and then to Apache
We are getting invalid IP address from Nginx proxy_add_x_forwarded_for and remote_addr
Please find the Nginx settings as mentioned below:


FYI..
SSL is on port 443
Varnish is on port 80
Apache is on port 8080


Nginx Settings:
---------------------------
server {
listen *:443 ssl;
server_name *.website.com;

ssl on;
ssl_certificate /tmp/nginx_prabhathkota.crt;
ssl_certificate_key /tmp/prabhathkota.pem;

location / {
proxy_pass http://127.0.0.1:80;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_redirect off;

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Host $host;
proxy_set_header X-Custom-Header nginx;

}
}

nginx+Go

August 27, 2017, 3:47 pm
$
0
0
Hello!
I want to use nginx+Go in simple web app.
How I can do it using Go as 1)script (file xxx.go) 2)binary app
For example I have file hello.go in the nginx root:

package main
import "fmt"
func main() {
fmt.Printf("hello, world\n")
}

I should get:
http://myhost/hello.go
hello, world

Global search and replace on all header lines

August 28, 2017, 9:50 am
$
0
0
New to Nginx, trying to simply do a global search and replace of a string on all header lines while using proxy pass. The substitution module seems to work fine for search and replace on the response body. How do I do the same for all response headers?

Thanks

How to log $upstream_addr with fastcgi_cache_background_update on

August 31, 2017, 7:42 am
$
0
0
When fastcgi_cache_background_update is on nginx make request in background.

In that case $upstream_cache_status = STALE, $request_time equal to real upstream response time, but $upstream_addr and $upstream_response_time is empty.

How can I log correct $upstream_addr to identify which backend processed the request.
Search

logging to syslog

August 31, 2017, 10:21 am
$
0
0
Hello,

I'm trying to setup logging to syslog by following the instructions here;
https://www.nginx.com/resources/admin-guide/logging-and-monitoring/

The issue i'm hitting is that if i throw in say, this line
access_log syslog:server=our.syslog.server,facility=local7,tag=nginx,severity=warn;

It'll just log it to a log file named "our.syslog.server,facility=local7,tag=nginx,severity=warn" in /usr/share/nginx . Which will eventually grow and consume all the disk space on the server.
It does this whether I try to log to an external syslog server or the systems syslog. Can anyone point me to what i'm doing wrong?

Thanks!

reserved proxy to edit a file

September 1, 2017, 12:05 pm
$
0
0
hey,

i want to edit a m3u file which i download from tvheadend... the file looks like this


#EXTINF:-1 tvg-id="caa2fba86f064731beb97ed03f8cddf5",channel1
http://ip:9981/stream/channelid/687579850
#EXTINF:-1 tvg-id="bc97bedf581ea1bcbdb0d7db004b2245",channel2
http://ip:9981/stream/channelid/1606326204
#EXTINF:-1 tvg-id="d9d45e620c219249c2d4345d7d46fd4c",channel3
http://ip:9981/stream/channelid/1650382041
#EXTINF:-1 tvg-id="d950ed45a7ec93c02a196d56a097a175",channel4
http://ip:9981/stream/channelid/1173180633

the file is available at http://username:password@ip:9981/playlist... so now i want to get a edited file that looks like this:


#EXTINF:-1 tvg-id="caa2fba86f064731beb97ed03f8cddf5",channel1
http://username:password@ip:9981/stream/channelid/687579850
#EXTINF:-1 tvg-id="bc97bedf581ea1bcbdb0d7db004b2245",channel2
http://username:password@ip:9981/stream/channelid/1606326204
#EXTINF:-1 tvg-id="d9d45e620c219249c2d4345d7d46fd4c",channel3
http://username:password@ip:9981/stream/channelid/1650382041
#EXTINF:-1 tvg-id="d950ed45a7ec93c02a196d56a097a175",channel4
http://username:password@ip:9981/stream/channelid/1173180633


is it possible that nginx edit the file for me with the different usernames...?

greetz and thanks

How do I prove to myself that the least_conn directive is working as an HTTP load balancing mechanism?

September 2, 2017, 8:09 pm
$
0
0
I have configured a reverse proxy with Nginx. One Nginx instance distributes to three other Nginx web servers. I have used the proxy_pass directive and the least_conn directive. If I go directly to one of the servers that the reverse proxy distributes to (and bypass the reverse proxy), this does not seem to count as an active connection. Or I did not correctly implement the "least_conn;" directive correctly.

I am using the free version of Nginx. How long does the connection last? Is it just the download process? The web pages are just the default .html page. I want to test the least_conn; directive. So far I have seen no evidence that it is working. I have written a script to download the landing page several times. I configured one of the three servers to have a very big html page while keeping the others the same. This way download it takes time. The script downloading the landing page does not seem to be the equivalent of a connection. I have taken down one or two Nginx web servers. It seems like only round robin distribution is working.

How can I prove to myself that the least_conn directive is working with Nginx being a reverse proxy and an HTTP load balancer?

Can you use weight and max_fails or fail_timeout with the same server?

September 2, 2017, 10:13 pm
$
0
0
In default.conf I created a upstream backed {} section. For some servers I have used a weight=3. For these same servers, can I configure a max_fails= or fail_timeout= setting? Whenever I try both weight=3 and a max_fails or fail_timemout separate only by a space after the number "3", the Docker container will not start again. Is there a way to reconcile this and use a weight setting with a max_fails or fail_timeout setting too?

Is there a bug with the ip_hash directive when trying to use Nginx as an HTTP load balancer from a Docker container?

September 3, 2017, 7:19 am
$
0
0
I have the free version of Nginx running in Docker containers on a RedHat Linux server in AWS. I have configured proxy_pass to act as an HTTP load balancer. There is one Nginx instance that distributes traffic to other Nginx instances running in Docker containers. This distributor container fails if I introduce the ip_hash; directive inside the upstream backend {} section. The default.conf file may have this clause:


...
upstream backend {
server goodname1.com;
server goodname2.com;
server goodname3.com;
}

The above works. I can stop and restart the Docker container. I can prove round-robin distribution happens as I expect too.

If I add the ip_hash directive, the Docker container will never start again. For example, if I modify the default.conf file to look like this:

...
upstream backend {
ip_hash;
server goodname1.com;
server goodname2.com;
server goodname3.com;
}

once I stop the container, I can never restart it. The Docker container is never usable again. This problem is 100% reproducible. Has anyone else experienced this? Is it a bug with Nginx and Docker or am I doing something wrong?
Viewing all 4759 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>