November 10, 2017, 2:42 pm
I have NZBGet running on port 6789 and SSL on port 6790. I am able to access both internally and externally by specifying my domain_name:port.
My nzbget.conf file looks like so:
upstream nzbget_server {
server 0.0.0.0:6789 fail_timeout=0;
}
server {
listen 81;
server_name nzbget.mydomain.com;
access_log /var/log/nginx/nzbget.access.log;
location ~ ^/($|./*) {
client_max_body_size 50M;
proxy_set_header Host $host;
proxy_pass http://nzbget_server;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/nzbget.mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/nzbget.mydomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
This works perfectly fine and I am able to access SSL through https://nzbget.mydomain.com, however the port that it connects to (as specified in the conf file) is still 6789 which is not an SSL port.
I have tried to change my nzbget.conf to:
upstream nzbget_server {
server 0.0.0.0:6790 fail_timeout=0;
}
This however does not work, though I am still able to access NZBGet through https://my_ip:6790. How can I configure NGiNX to connect through the SSL port?
↧
November 11, 2017, 12:46 am
Your proxy passing to http and not to https.
↧
↧
November 14, 2017, 12:31 am
Hi
Need help regarding url/uri encryption such like instead of showing real folder/files name in the website address such https://abc.com/?34kj334j33lkj43/=u83m3n434343ffgkj4545j or http://abc.com/?34kj334j33lkj43/=?!u83m3n434343ffgkj4545j
Using Nginx reverse proxy.
Regards
↧
November 18, 2017, 12:09 pm
Hello Everyone,
I appreciate helping me with following situation:
In normal processing, I have a requester that talks to a backend. The backend performs some processing and returns response back to requester. At this time, I have setup loadbalancer as shown in [1] below. However, when loadbalancer finishes job, it needs to send back to loadbalancer so that loadbalancer can return response back to requester. How can I accomplish this?
[1]
upstream backend {
server backend1.example.com;
server backend2.example.com;
server 192.0.0.1 backup;
}
server {
location / {
proxy_pass http://backend;
}
}
↧
November 18, 2017, 12:47 pm
..."However, when loadbalancer finishes job, it needs to send back to loadbalancer so that loadbalancer can return response back to requester. How can I accomplish this? "
to
However, when backend finishes job, it needs to send result back to loadbalancer so that loadbalancer can return it back to requester. How can I accomplish this?
↧
↧
November 25, 2017, 3:51 pm
Hi,
I have a configuration file called example.com,
that works.
It's stored in /etc/nginx/sites-available/example.com
I copied the example.com in dradamb.com,
Then I created a link to dradamb.com in sites-enabled,
and erased the link to example.com
but...
this new one doesn't work!!
The only difference seams to be the name.
Is it possible?
Andrea
↧
November 26, 2017, 1:02 pm
Hey everybody!
I have installed Nginx HDA Bundle from https://launchpad.net/~hda-me/+archive/ubuntu/nginx-stable/+packages1 with some dynamic modules along ngx_cache_purge on Ubuntu 16.04.3 LTS (GNU/Linux 4.13.0-16-generic x86_64)
I'm using PHP 7.0.22-0ubuntu0.16.04.1 with nginx/1.13.6 and php7.0-fpm
I have loaded the ngx_cache_purge module in nginx.conf and added the following configuration to the vhost file:
location ~ /purge(/.*) {
fastcgi_cache_purge WPCACHE "$scheme$request_method$host$1";
return 200;
}
For some reason when I try to purge the cache with http://mydomain.com/purge/wordpress_post the browser attempts to download a file called "download" , 0bytes in size. I mention that the website is running with no errors and the cache files are created.
No errors in nginx.log nor php7.0-fpm.log.
What am I doing wrong here as I'm stuck on this situation for about one week and haven't found a solution yet. How can I debug this issue? Where should I look in order to find out what is the cause for this?
↧
November 27, 2017, 2:28 pm
Hi everyone,
I am about at my wits end with this problem.
We have a web application (written in PHP w/ Laravel) and a major feature of this application is to export a list of residents from properties. MOST properties do export and the CSV downloads successfully.
However, for large properties, it fails after ~60 seconds. I have attempted to change the settings to increase the timeout times in NGINX and the php.ini, but nothing seems to fix the issue. The files are only 50kb, or so, but the script takes a good amount of time to process and generate the CSV.
Every property works on my local development environment - so I know the code is functional.
My NGINX config (I am using Laravel Forge):
===================================
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/{site_name}/before/*;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name default;
root /home/forge/{site_name}/current/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/{site_name}/273139/server.crt;
ssl_certificate_key /etc/nginx/ssl/{site_name}/273139/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!3DES';
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/{site_name}/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/{site_name}-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_read_timeout 120;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/{site_name}/after/*;
===================================
And my PHP.ini:
===================================
; Maximum execution time of each script, in seconds
; http://php.net/max-execution-time
; Note: This directive is hardcoded to 0 for the CLI SAPI
max_execution_time = 300
; Maximum request time before termination
request_terminate_timeout = 300s
; Maximum amount of time each script may spend parsing request data. It's a good
; idea to limit this time on productions servers in order to eliminate unexpectedly
; long running scripts.
; Note: This directive is hardcoded to -1 for the CLI SAPI
; Default Value: -1 (Unlimited)
; Development Value: 60 (60 seconds)
; Production Value: 60 (60 seconds)
; http://php.net/max-input-time
max_input_time = 60
===================================
↧
November 28, 2017, 7:18 am
I am currently running a cloud https server and a document https server behind an nginx reverse proxy server. Additionally I am running an openvpn server on UDP port 1194 (also on the cloud sever), which I would like to route via the nginx reverse proxy server on TCP port 443. I would appreciate any hints as I lack any experience on nginx.
This is my configuration file, naturally, example.org is not my real URL:
worker_processes 4; # Default 1
error_log logs/error.log;
error_log logs/error.log notice;
error_log logs/error.log info;
events {
worker_connections 512; # Default 1024
}
http {
include mime.types;
default_type application/octet-stream;
keepalive_timeout 65;
## Compression
gzip on;
gzip_buffers 16 8k;
gzip_comp_level 9;
gzip_http_version 1.1;
gzip_min_length 10;
gzip_types text/plain text/css application/x-javascript text/xml;
gzip_vary on;
gzip_static on; #Needs compilation with gzip_static support
gzip_proxied any;
gzip_disable "MSIE [1-6]\.";
## Server configuration
server {
listen 443 ssl;
server_name example.org;
ssl on;
ssl_certificate /root/fullchain.pem;
ssl_certificate_key /root/privkey.pem;
server_name_in_redirect off;
access_log logs/access.log;
client_max_body_size 10G ;
## proxy the PHP scripts to Apache listening on 127.0.0.1:80
location /nextcloud {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering off;
proxy_pass https://cloudserver:443;
}
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_redirect off;
proxy_buffering off;
proxy_pass https://documentserver:443/;
}
}
}
↧
↧
November 28, 2017, 10:55 am
Nginx-RTMP setup: something does not allow this HLS stream to be linked by another host then the one it is created on. The HTML at the bottom is on another VPS with another IP. I can play the stream in my browser from the origin server with the HLS addon in Chrome or Firefox anywhere. I can also play the html at the bottom from my local disk, though I can't play the html uploaded on a virtual host. I'm stuck. Below my server setup and the html to play.
server {
listen 80;
location / {
# Disable cache
add_header 'Cache-Control' 'no-cache';
# CORS setup
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Expose-Headers' 'Content-Length';
add_header X-Frame-Options "ALLOW-FROM https://my.site/";
# allow CORS preflight requests
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
add_header X-Frame-Options "ALLOW-FROM https://my.site/";
return 204;
}
types {
application/dash+xml mpd;
application/vnd.apple.mpegurl m3u8;
video/mp2t ts;
}
root /mnt/;
}
}
player (below video js, but same for vlc and clappr setup)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="generator" content="PSPad editor, www.pspad.com">
<title></title>
</head>
<body>
<video id=example-video width=960 height=540 class="video-js vjs-default-skin" controls>
<source
src="http://77.72.149.125:80/hls/stream.m3u8"
type="application/x-mpegURL">
</video>
<link href="http://vjs.zencdn.net/5.19/video-js.css" rel="stylesheet">
<script src="http://vjs.zencdn.net/ie8/1.1/videojs-ie8.min.js"></script>
<script src="http://vjs.zencdn.net/5.19/video.js"></script>
<script src="https://unpkg.com/videojs-contrib-hls/dist/videojs-contrib-hls.js"></script>
<script>
var player = videojs('example-video');
player.play();
</script>
</body>
</html>
↧
November 29, 2017, 8:25 am
Hello,
I'm trying to link authentication from /htpassword from nginx to an Active directory.
I'm a bit lost on how to do it.
First, is it possible to do it for free or I have to pay for 'nginx plus'.
I saw this tuto but not clear enough for me :
https://www.nginx.com/blog/nginx-plus-authenticate-users/
Then, how to proceees as I don't find this module :
http://nginx.org/en/docs/http/ngx_http_auth_request_module.html
Many thanks for your help.
Crapoulou.
↧
November 29, 2017, 1:52 pm
Hi,
I am replacing httpd by Nginx on my platform (httpd, Nginx and wordpress), but I have a problem blocking.
My architecture is as follows:
INTERNET --------https------> HAPROXY (SSL) -------> http ------> NGinx -------> Wordpress.
I have installed / configured haproxy and nginx. Both work and my site is in HTTPS. SSL is managed by HAProxy and Nginx does not do SSL.
Now I downloaded and unzipped wordpress. To follow the installation, I went to the homepage from an internet browser and problems begin.
On the homepage for installing wordpress, CSS and java scripts are not loaded whereas the same architecture works with httpd instead of NGinx.
I think the problem come from NGinx (an option to position ???).
any idea?
My configurations:
#####HAProxy
frontend https-in
bind X.X.X.X:443 ssl crt /etc/pki/certs
mode http
option httplog
acl my_site hdr(host) -i mon.site.fr
use_backend wp if my_site
rspadd Strict-Transport-Security:\ max-age=15768000
backend wp
mode http
option http-server-close
option forwardfor
http-request add-header X-Forwarded-Proto https if { ssl_fc }
server wp_1 X.X.X.X:8080
#####NGinx
server {
listen *:8080;
server_name mon.site.fr;
root /var/www/html/site1;
access_log /var/log/nginx/site1.access.log;
error_log /var/log/nginx/site1.error.log;
location / {
index index.php index.html;
try_files $uri $uri/ /index.php?$args;
}
if (!-e $request_filename) {
rewrite ^.*$ /index.php last;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
log_not_found off;
access_log off;
allow all;
}
location ~ /\. {
deny all;
}
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
location ~* \.(html|css|js|png|jpg|jpeg|gif|ico|svg|eot|woff|ttf)$ {
expires max;
log_not_found off;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php70-fpm.mon.site.fr.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
include fastcgi_params;
}
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/sites-enabled/*.conf;
# Real IP
set_real_ip_from X.X.X.X;
real_ip_header X-Forwarded-For;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
}
Thanx
↧
November 29, 2017, 10:24 pm
Hi,
So the conditional logging example on nginx website is this, which I've tried, and it works as advertised.
-----------
map $status $loggable {
~^[23] 0;
default 1;
}
access_log /path/to/access.log combined if=$loggable;[/quote]
-----------
What happens if I also want to stop logging for clients with the User Agent "Zabbix"? If I try this ...
-----------------
map $status $loggable {
~^[23] 0;
default 1;
}
map $http_user_agent $loggable {
Zabbix 0;
default 1;
}
access_log /path/to/access.log combined if=$loggable;
---------------
... then the first map is superceded by the second, i.e. the $status is ignored and only the $http_user_agent is used to decide what is logged.
Whats the trick for setting $loggable=0 for both cases?
↧
↧
November 30, 2017, 12:14 am
Use a third Map which does an OR or an AND on other map variables in to a new single variable for use.
map $http_user_agent $logv1 {
...
}
map $http_user_agent $logv2 {
...
}
map $http_user_agent $logv3 {
$logv1 0;
$logv2 1;
}
↧
November 30, 2017, 3:15 pm
I have more information.
Looking at the source code from the homepage, I have the following error messages:
Mixed Content: The page at 'https://mon.site.fr/wp-admin/install.php' was loaded over HTTPS, but requested an insecure stylesheet 'http://mon.site.fr/wp-includes/css/buttons.min.css?ver=4.9'. This request has been blocked; the content must be served over HTTPS.
install.php:9 Mixed Content: The page at 'https://mon.site.fr/wp-admin/install.php' was loaded over HTTPS, but requested an insecure stylesheet 'http://mon.site.fr/wp-admin/css/install.min.css?ver=4.9'. This request has been blocked; the content must be served over HTTPS.
I tried to add the following lines to the wordpress wp-config.php file, but that did not solve my problem.
if ($ _SERVER ['HTTP_X_FORWARDED_PROTO'] == 'https')
$ _SERVER [ 'HTTPS'] = 'on';
ideas
↧
December 6, 2017, 6:56 am
We currently have two application servers on a Linux box in AWS. One is on port 8080 and one is on port 7080. I wanted to know if we could possibly setup a configuration this way:
prefix1.domain.com > applicationserver:8080
prefix2.domain.com > applicationserver:7080
Also, we would specify a UCC SSL cert with both URLs as SANs.
Basically, I want to have nginx route to each application based on which prefix is defined in the request and to also host the SSL communications with a single UCC cert.
One idea I had was setting up two WAN IP's on the server, then setting up a DNS A record to route to either WAN IP based on the prefix. Then, hopefully nginx can listen on either adapter and route.
Does anyone know if this configuration can be setup in nginx, or if there is an easier way to do what I want it to?
↧
December 6, 2017, 7:37 am
https://serverfault.com/questions/832456/nginx-redirect-based-on-domain-name
↧
↧
December 6, 2017, 7:50 am
Thanks for the quick response! So if I'm reading this right, I just have to create a new vhost and don't even need to use two separate IP's or route DNS differently? Does it do this by reading the requested URL and then serving up whichever instance I have specified? Just interested in how this works. Thanks again!
↧
December 6, 2017, 9:21 am
So I just got a rough draft going with this:
map_hash_max_size 262144;
map_hash_bucket_size 262144;
map $http_host $new {
'prefix1.domain.com' '1';
'prefix2.domain.com' '2';
}
server {
listen 80;
if ($new = '1') {
rewrite ^(.*) http://prefix1.domain.com:8080 redirect;
}
if ($new = '2') {
rewrite ^(.*) http://prefix2.domain.com:7080 redirect;
}
}
I'm having issues logging into those servers, since it appears to just load the login page for both over and over again. Any ideas?
↧
December 6, 2017, 10:30 am
You need proxy_pass not a rewrite.
↧