Quantcast
Channel: Nginx Forum - How to...
Viewing all 4759 articles
Browse latest View live

Is an IP address valid for server_name?

January 4, 2018, 6:46 am
$
0
0
So I will be using nginx as a reverse proxy. I do not have a domain name for my server yet. I am in development.

Can I use the IP address such as the following in /etc/nginx/sites-available/default:

server {
listen 80;

server_name 1.2.3.4; //Obvious fake IP.

location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}

Thanks in advance for your reply!

Ray
Search

Re: Conditionally include conf files in ngin

January 4, 2018, 7:09 am
$
0
0
Hi, you may use the include directive with some glob() pattern tricks

For instance, replace this

include /path/to/something/nonexisting.conf

with

include /path/to/something/nonexisting[.]conf

the config parser won't complain if such file does not exist.

Re: Is an IP address valid for server_name?

January 4, 2018, 10:56 am

Re: Is an IP address valid for server_name?

January 4, 2018, 11:58 am
$
0
0
Thanks you sir. The answer I was hoping for.

Ray

How to redirect Nginx port 80 to 8080 Tomcat and make webapp main page?

January 9, 2018, 8:07 am
$
0
0
Hello,

I have site (its name is not real but something like) http://example.co
Tomcat it installed there on port 8080 with web app. http://example.co:8080/web_app/

The question is which Nginx server in nginx.conf configuration should i use to get web_app as http://example.co main page without port 8080 in URL and any external slashes?

I tried this manual:

https://stackoverflow.com/questions/19866203/nginx-configuration-to-pass-site-directly-to-tomcat-webapp-with-context

and also this

https://www.digitalocean.com/community/questions/how-to-change-the-default-nginx-page-to-my-web-application-home-page

but it does not work for me. It just redirects to 8080 port but i need to web_app page which should be opened as a main site page http://example.co without web_app suffix.

Prevent json truncation from large POST requests

January 9, 2018, 11:24 am
$
0
0
Hi there,
I'm having an issue with Nginx and sending large POST requests. I have a load balancer that forwards requests to an EC2 instance that has Nginx running on port 80 and my application running on port 9928. See attached image for an architecture diagram, I can tell that submitting directly to my application is fine while submitting through nginx causes the error, which makes me think this is an nginx issue.

When I submit moderate sized POST requests, everything is fine, but when I increase the size of the POST request to multiple megabytes, my application has the error "message is too long" and that the json is invalid because it has an unexpected end of input. I think my POST request is getting truncated somewhere between nginx and my application server because my $request_body when I save it as a log, looks fine.

Here is a snippet of my debug nginx log:

5 http client request body recv 8949
*5 http client request body rest 5239409
*5 recv: fd:9 -1 of 3693359
*5 recv() not ready (11: Resource temporarily unavailable)
*5 http client request body recv -2
*5 http client request body rest 5239409
*5 event timer: 9, old: 1515520710736, new: 1515520710905
*5 post event 000055A779AE3B40
*5 delete posted event 000055A779AE3B40
*5 http run request: "/mps/updateFunction?mode=async"

From Line 1796 of this Failed NGINX Log:
https://gist.github.com/CaptainChemist/b1562b40b4a2da89bf8ed452e7cac4d4

By comparison, this is a Successful NGINX Log:
https://gist.github.com/CaptainChemist/ab920a953ead13d7244a657e1521ab71

Here are my configuration files, clearly they are kind of a mess but thanks so much for your help!

**nginx.conf**

user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
worker_connections 768;
}

http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;

include /etc/nginx/mime.types;
default_type application/octet-stream;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log debug;

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}

**sites-enabled/default**

upstream processingServer {
server 127.0.0.1:9928;
keepalive 25600;
}

log_format postdata $request_body;
log_format upstreamlog $request_body;

server {
listen 80;
client_max_body_size 5000M;
client_body_buffer_size 5000M;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
keepalive_timeout 100000;
location / {
access_log /var/log/nginx/postdata.log postdata;
access_log /var/log/nginx/upstream_postdata.log upstreamlog;

add_header X-external-IP 54.89.000.000;
proxy_pass http://processingServer;
proxy_send_timeout 86400s;
proxy_read_timeout 300s;
proxy_http_version 1.1;
}
}

Is sendfile option compatibile with TLS?

January 9, 2018, 7:36 pm
$
0
0
Hello!

I'm stuck to understand how nginx handles encrypting messages with TLS protocol, when sendfile is ON.

The premise of sendfile is not to use user space, just redirect given file straight to the socket. So, it seems that there is no way to encrypt the file in the user space, using sendfile alone.
Is Nginx using some other solution, as described by folks from netflix? ( https://people.freebsd.org/~rrs/asiabsd_2015_tls.pdf ), or sendfile is always off, in HTTPS communication?

ssl_ciphers explained

January 9, 2018, 11:00 pm
$
0
0
Hi,

This may sound like a stupid questions, but I have not found any clear answers to it.
Could someone explain the ssl_ciphers options in nginx?

For example ''ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256'.

I have read that you should disable RSA due to the ROBOT vulnerability (https://robotattack.org/). Does that mean that I should remove all the ciphers above that contains RSA?

And does for example the cipher 'ECDHE-ECDSA-CHACHA20-POLY1305' mean in which order messages are encrypted?

Thanks for any answers!
Search

multiple nginx error log

January 10, 2018, 11:45 pm
$
0
0
Hi ,

I have a nginx 1.4.6 running on Ubuntu 14.04.5 LTS and recently i have changed the path of the access_log and error_log to a diff path (which has bigger disk).
However after changing the path in nginx.conf i still see the error log being written to the regular log path /var/log/nginx/error.log as well as the new path, - but with time difference and content. i am seeking advice from this forum for this issue. appreciate much. thanks..

[standard log path]
root@ip-172-31-13-74:/etc/nginx# ll /var/log/nginx/error.log
-rw-r--r-- 1 www-data root 75097175 Jan 11 15:40 /var/log/nginx/error.log

[new log path]
root@ip-172-31-13-74:/etc/nginx# ll /log/nginx/error.log
-rw-r----- 1 www-data adm 3716 Jan 11 15:29 /log/nginx/error.log

[nginx.conf setting for the logs]
access_log /log/nginx/access.log;
error_log /log/nginx/error.log;

Re: Missing /etc/nginx/sites-available/default

January 10, 2018, 11:50 pm
$
0
0
u can create the folders and the touch the default file urself...it will still work .

verify with nginx -t

Re: Missing /etc/nginx/sites-available/default

January 11, 2018, 12:09 am
$
0
0
adding to the thread above , the folders should be created provided you have the following config in your nginx.conf

include /etc/nginx/sites-enabled/*; #(for virtual hosts)

Re: Nginx reverse proxy

January 11, 2018, 12:22 am
$
0
0
hi aminbaik ,

you can use the following example and fill the values in <>

server {
listen 80;
server_name example.com;
return 301 https://$server_name$request_uri;
}

server {
listen 443 ssl;

server_name example.com;
error_log /var/log/nginx/example.com.error.log warn;
access_log /var/log/nginx/example.com.access.log warn;
ssl on;
ssl_certificate /etc/nginx/ssl/<yourkeys>.crt;
ssl_certificate_key /etc/nginx/ssl/<yourkeys>.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

location / {
proxy_pass http://<actualwebserverip>;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache_key backend$request_uri;
proxy_cache_valid 200 301 302 20m;
proxy_cache_valid 404 1m;
proxy_cache_valid any 15m;
proxy_cache_use_stale error timeout invalid_header updating;

}
}


hope this helps ! best of luck

Re: Nginx reverse proxy

January 11, 2018, 5:26 am
$
0
0
Hello,
it's not working because the nginx domain is example.com and the domain is point to this reverse proxy is reverdoamin.com
so I always get certificate error.
I want to have something like cloud flare service.
thanks.

Filtering by content type

January 11, 2018, 6:12 am
$
0
0
Hi everyone, I've been looking for this answer but I cound't find a straight answer.

I'm hardening my API REST, and one of the points I have to implement says: "Reject requests containing unexpected or missing content type headers with HTTP response status 406 Unacceptable or 415 Unsupported Media Type" I've been looking to do the filtering of content types, but I don't have any clue about how to solve this, and the other thing is that I haven't found how to send a specific http code in that scenario.

Can anyone guide me to how to solve this?

Thank you very much in advance.

Kindly regrads,
Rodrigoqwq

Nginx infront of WOWZA streaming server

January 12, 2018, 7:19 am
$
0
0
We have successfully set up Nginx ssl offloading server in front of our WOWza streaming server. HLS streams work without issues.

The problem comes in when trying to get streams to play on android devices. Is there a way to proxy the RTMPS like we do with the HLS traffic from the Nginx. or is there a better way to handle this traffic back to the wowza server?

TIA
Josh
Search

Non-caching aliases

January 15, 2018, 12:52 am
$
0
0
Here is its nginx config:

server {
server_name example.com m.example.com www.example.com www.m.example.com;
charset off;
disable_symlinks if_not_owner from=$root_path;
index index.html index.php;
root $root_path/$subdomain;
set $root_path /var/www/examplecom/data/www;
set $subdomain example.com;
ssi on;
access_log /var/www/httpd-logs/example.com.access.log ;
error_log /var/www/httpd-logs/example.com.error.log notice;
include /etc/nginx/vhosts-includes/*.conf;
include /etc/nginx/vhosts-resources/example.com/*.conf;
location / {
location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf|woff|ttf|otf||woff2|eot)$ {
try_files $uri $uri/ @fallback;
expires 6M;
}
location / {
try_files /does_not_exists @fallback;
}
location ~ [^/]\.ph(p\d*|tml)$ {
try_files /does_not_exists @fallback;
}
}
location @fallback {
error_log /dev/null crit;
proxy_pass http://127.0.0.1:8080;
proxy_redirect http://127.0.0.1:8080 /;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
access_log off ;
}
if ($host ~* ^((.*).example.com)$) {
set $subdomain $1;
}
gzip on;
gzip_comp_level 5;
gzip_disable "msie6";
gzip_types text/plain text/css image/jpeg image/png image/gif text/xml application/xml application/xhtml+xml text/javascript application/x-javascript application/javascript;
listen 8.1.35.82:80;
}


The problem is that the files on aliases m.example.com and www.m.example.com are not cached, but cached on example.com and www.example.com

What can be the problem of non-caching aliases m.example.com?

Proxy Cache - How to Always Return Stale Content

January 15, 2018, 3:33 am
$
0
0
Hello,

My use case is simple:
1) Serve static files coming from an upstream (using proxy_pass)
2) If the upstream returns a non-200/304 response - ALWAYS serve the file from cache, even if its expired/stale.

For the most part, 'proxy_cache_use_stale' does the trick.
However - it doesn't cover cases such as 401, 402, etc. (the full list it does support according to the docs: error | timeout | invalid_header | updating | http_500 | http_502 | http_503 | http_504 | http_403 | http_404 | http_429)

Is there a way I can achieve this? how can I force the file being served cache for the cases not covered by the 'proxy_cache_use_stale' directive? (even if it requires using lua)

Configure nginx to forward port from 3000 to 80

January 16, 2018, 7:38 pm
$
0
0
http {
server {
listen 80;

location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Real-Port $server_port;
proxy_set_header X-Real-Scheme $scheme;
}
}

I have an NodeJS/Express app listening on port 3000. How do I redirect requests to `<ip-address>:3000` to `<ip-address>:80`?

The above configuration did not work. (shows `404 Not Found
nginx/1.10.3 (Ubuntu)` when I go to port 80.)

Nginx configuration for multiple servers in folders

January 18, 2018, 6:45 am
$
0
0
I have just installed Nginx on my Raspberry and everything works smoothly.

I have created a basic index.html file and when I connect to my raspi, the web page is displayed correctly. Also php works.

I would like now to create a couple of projects as subdirectory of the /var/www default directory, project automation (/var/www/automation) and project information (/var/www/information), each 3 independent from the other.

So when connecting with the raspiIP (192.168.0.1), I would like to display the main or default website.

Then when connecting to raspiIP/automation, I would like to display the site dedicated to the automation and finally when connecting to rapiIP/information, I would like to display a third web site.

How can I configure nginx to achieve that?

I have tried what explained about Server Blocks (Virtual Hosts) but I have gone nowhere.

Can anyone please help me? Thanks, daniele

Need a developer badly

January 18, 2018, 5:24 pm
$
0
0
Hey there,
am not a developer or i have least knowledge about it. But am in very bad need, i want to mirror the "https://google.com/flights" in my blog. But as google had blocked the x-frame options for cross origin domains, so i can't do it by the iframe.

I googled it and found "reverse proxy" by which we can project the others website in our website. I knew one developer and he installed via reverse proxy on ngnix but its not working fine, he installed reverse proxy of google.com/flights on "booking.xyz.com". And i want to mirror the booking.xyz.com in xyz.com which is the actual blog via iframe.

But when am inserting the iframe of booking.xyz.com in xyz.com (although same origin) its not loading. Moreover booking.xyz.com is not working fine on mobile version (for desktop version its good), dynamic content not loading on clicking.

So i would like to know the proper way of installing reverse proxy or vice versa way to project the google.com/flights in my travel blog. Am ready to pay the developer if he can able to address the issue and successful install it and makes it working fine.

Looking for the answers
Viewing all 4759 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>