Quantcast
Channel: Nginx Forum - How to...
Viewing all 4759 articles
Browse latest View live

Re: [Loadbalancing] error 404 but backend work fine

February 18, 2018, 1:11 am
$
0
0
2018/02/17 12:46:28 [debug] 15406#15406: *219 http upstream request: "/?"
[...]
2018/02/17 12:46:28 [debug] 15406#15406: *219 http proxy status 404 "404 Not Found"
Your upstream does not like /?

2018/02/17 12:46:28 [debug] 15406#15406: *219 http proxy header: "Server: Microsoft-HTTPAPI/2.0"
This only shows it's not a nginx thing returning 404.
Search

Re: How to redirect Nginx port 80 to 8080 Tomcat and make webapp main page?

February 18, 2018, 6:18 pm
$
0
0
Topic is not relevant anymore.
Found solution in Google.
Please, close it. Tnx.

Friendly URL in Nginx

February 18, 2018, 6:22 pm
$
0
0
Hello,
The question is how to make nginx show page www.somesite.co/adminpanel.zul as www.dashboard.somesite.co?
No just simple redirect but friendly url is needed!

Nginx answers with default server for all requests

February 19, 2018, 3:53 am
$
0
0
Hello Dear Users,

Since a few days I'm trying to setup nginx on my server.
I'm trying to install it on Docker container and I'm not able to configure it right.

From begin:
I need to configure 2 virtual hosts. On my private computer it's not any problem. It's taking more less 3 minutes. When I'm trying to do it on my server I have problem. Even when I copy same configuration which was working fine on private computer it's not working on remote machine.

In attachment you can find:
- nginx.conf
- sites-available/default
- /var/log/access.log

In my opinion this behavior looks like nginx have some problem with recognised correctly server_name because he answer for all requests with default block. Haven't idea why.

Nginx is installed in ubuntu docker container on my remote machine.

nginx version: nginx/1.10.3 (Ubuntu)

If I can deliver you some more informations please let me know.

Thank you for help in advance.

Nginx proxy problem on AWS EC2

February 20, 2018, 2:16 am
$
0
0
Hi all,

I am currently struggling to setup the nginx proxy on AWS EC2.
Here is my config file:
'''
upstream bokeh {
server 127.0.0.1:5006;
}

server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}

server {
listen 443 ssl;
ssl_certificate /etc/keys/fullchain.pem;
ssl_certificate_key /etc/keys/privkey.pem;
root /var/www/html/simview;
proxy_buffering off;
server_name localhost;
access_log /var/log/simview_access.log;
error_log /var/log/simview_error.log debug;

location / {
include uwsgi_params;
uwsgi_pass unix:/home/ubuntu/simview/simview.sock;
include uwsgi_params;
uwsgi_pass unix:/home/ubuntu/simview/simview.sock;
}


location /plot/ {
rewrite /plot/(.*) /$1 break;
proxy_pass http://bokeh$uri;
proxy_redirect off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$server_port;
}

location /plot/static {
alias /home/ubuntu/simview/static;
}

}
'''

On the AWS EC2 instance I have allowed inbound ports HTTP/80 and HTTPS/443. I even created ELB with Listeners SSL/443/TCP and HTTP/80/HTTP.

Now error I get is 'ERR_TOO_MANY_REDIRECTS' with above conf file. The 'rewrite' rule is to pass the request arguments to proxy server.

If I comment out the following lines:
rewrite /plot/(.*) /$1 break;
proxy_redirect off;

then I get 'Failed to connect to Bokeh server Error: Lost websocket connection' with the following output in the Nginx access log (nothing in the error log):

The Nginx access file (the first needs no proxy and is successful, the second required a proxy and not successful):

'''
172.31.42.90 - - [20/Feb/2018:09:57:54 +0000] "PROXY TCP4 172.31.42.90 172.31.42.90 33975 80" 400 182 "-" "-"
172.31.31.211 - - [20/Feb/2018:09:57:51 +0000] "PROXY TCP4 172.31.31.211 172.31.31.211 13216 80" 400 182 "-" "-"
'''

I appreciate if someone could help me or put me in the right direction.

Regards
Aso

2 apps behind nginx

February 20, 2018, 2:32 am
$
0
0
Hi guys.
I don't know nginx yet. A devops guy set one up back a while for our app.

this is the `nginx.conf` he setup.
```
user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
worker_connections 768;
multi_accept on;
}

http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";


proxy_cache_path /home/html_catch levels=1:2 keys_zone=appbacktocartcocatch:2m max_size=50m;
proxy_cache_key "$scheme$request_method$host$request_uri$is_args$args";
proxy_cache_valid 200 302 10m;
proxy_cache_valid 404 1m;




include /etc/nginx/sites-enabled/*.conf;




}
```

I can see that it `include`s some other files like this one which is for the app specifically


```
#proxy_cache_path /home/html_catch levels=1:2 keys_zone=appbacktocartcocatch:2m max_size=50m;
#proxy_cache_key "$scheme$request_method$host$request_uri$is_args$args";
#proxy_cache_valid 200 302 10m;
#proxy_cache_valid 404 1m;


upstream appbacktocartco {
# server localhost:3000;
server localhost:3001;
}


server {
listen 145.239.24.196:80;
server_name app.backtocart.co;

location / {

proxy_cache appbacktocartcocatch;

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://appbacktocartco;
proxy_read_timeout 90;
}


listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/app.backtocart.co/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/app.backtocart.co/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot

}
```

Now I just need to run another app like this on port 5000. I just copied this file tried changing a few things, then restarted nginx but got some errors I don't understand. Can you help me with this?

Reverse Proxy apparently not working location rules

February 20, 2018, 5:59 am
$
0
0
I have the following nginx settings:

upstream cluster_web {
ip_hash;
server 192.168.115.82 weight=3;
server 192.168.115.92 weight=2;
server 192.168.115.100 weight=2;
server 192.168.115.95 weight=3;
server 192.168.115.103 weight=1;
}

server {
location /app1 {
proxy_pass http://192.168.115.92;
}

location / {
proxy_pass http://cluster_web;
}
}

Users accessing /app1/ after accessign another pages (from the / location) aren't always being redirected to the specified server on location /app1. What am I missing?

Best regards

Re: sessions not working (nginx)

February 20, 2018, 6:30 am
$
0
0
Please use this line after login using root:

chown root:nginx /var/lib/php/session


[root@localhost nginx]# chown root:nginx /var/lib/php/session


Regards
Md Ruhul Amin
Search

OpenSSL FIPS & NGINX

February 20, 2018, 9:38 pm
$
0
0
Hi there,
I am hoping to get some guidance on enabling openssl fips mode for nginx.
So far I followed the openssl guide for enabling fips mode on the openssl.
That part works well:
# /usr/local/openssl/bin/openssl md5 /usr/local/openssl/bin/openssl
Error setting digest md5
139805371958952:error:060A80A3:digital envelope routines:FIPS_DIGESTINIT:disabled for fips:fips_md.c:180:

# cat /proc/sys/crypto/fips_enabled
1

For nginx I first tried to build nginx using this custom openssl (installed in /usr/local/openssl/):
/nginx-1.12.2/configure --with-http_ssl_module --with-openssl=/usr/local/openssl --with-ld-opt="-L/usr/local/openssl/lib"
This failed however since the /usr/local/openssl is the installed/binary location of custom openssl, not the source tree where I built custom openssl.

So I changed --with-openssl option to use openssl source tree as:
/nginx-1.12.2/configure --with-http_ssl_module --with-openssl=/usr/local/src/openssl-1.0.2n/ --with-ld-opt="-L/usr/local/openssl/lib"

This works and I am able to build and install nginx but I am not sure if proper openssl compile options to support fips mode
are passed during nginx configure.

When I print compile options:
nginx -V:
nginx version: nginx/1.12.2
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-18) (GCC)
built with OpenSSL 1.0.2n 7 Dec 2017

Yet the custom openssl is:
/usr/local/openssl/bin/openssl version
OpenSSL 1.0.2n-fips 7 Dec 2017

System's own openssl is still intact:
# /usr/bin/openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013


Do I need to be passing openssl compile option to enable fips support while configuring nginx?

Per "Configurable FIPS mode" thread (https://forum.nginx.org/read.php?10,257298,257298)
"Currently we solve this by compiling nginx ourselves after adding FIPS_mode_set(1) after the SSL library initialization code in systems where we require it."

Can someone let me know where and how to set FIPS_mode_set flag to Nginx will be using FIPS mode?

I searched for that setting and found one binary obj file under nginx:
nginx-1.12.2/objs/nginx

and a header file under openssl source directories:
openssl-1.0.2n/.openssl/include/openssl/crypto.h

(openssl was build using:
./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared fips)

Thanks in advance.

No welcome page after initial installation

February 21, 2018, 1:42 am
$
0
0
Hi guys,
I'm not getting the welcome page after the installation at Ubuntu 17., just display "This page isn’t working..ERR_EMPTY_RESPONSE" on Chrome, you can try it at http://35.229.160.102/

Below is my setup:

1. firewall is disabled

sudo ufw disable
Firewall stopped and disabled on system startup

2. service is up and running

xu_tomi3_gmail_com@jitsi:~$ sudo systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2018-02-21 09:25:52 UTC; 14min ago
Docs: man:nginx(8)
Process: 26083 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=0/SUCCESS)
Process: 28919 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 28910 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Main PID: 28923 (nginx)
Tasks: 2 (limit: 4915)
Memory: 2.6M
CPU: 22ms
CGroup: /system.slice/nginx.service
├─28923 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
└─28927 nginx: worker process

Feb 21 09:25:52 jitsi systemd[1]: Starting A high performance web server and a reverse proxy server...
Feb 21 09:25:52 jitsi systemd[1]: nginx.service: Failed to read PID from file /run/nginx.pid: Invalid argument
Feb 21 09:25:52 jitsi systemd[1]: Started A high performance web server and a reverse proxy server.

3. all the config is default

Any idea?

Re: OpenSSL FIPS & NGINX

February 21, 2018, 1:49 pm
$
0
0
Update: Inspecting the output from make command, looks like src/openssl/Makefile is being replaced by one build by Nginx make:
/usr/local/src/nginx-1.12.2# make
.....
.....
cd /usr/local/src/openssl-1.0.2n/ \
&& if [ -f Makefile ]; then make clean; fi \
&& ./config --prefix=/usr/local/src/openssl-1.0.2n/.openssl no-shared \
&& make \
&& make install_sw LIBDIR=lib
....
....
So options I had in the original src/openssl-1.0.2n/Makefile, including FIPS mode options, are being deleted while building Nginx.
At this point I am not sure how to pass FIPS options to Nginx build nor make Nginx use already installed fips capable custom openssl I installed.

Any comments or suggestions?
Thanks again...

Searches not working on Reverse Proxied Site

February 22, 2018, 4:53 am
$
0
0
Hi,

Am reverse proxying "journals.aps.org". But to my surprise searches thru its search bar don't yield any result.

My ngnix.conf is like,


server {
listen MY_IP:80;
server_name journals-aps-org-MY_DOMAIN;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen MY_IP:443 ssl;
server_name journals-aps-org-my.domain;
ssl_certificate /etc/nginx/ssl2017/nginx.crt;
ssl_certificate_key /etc/nginx/ssl2017/star.my.domain.key;
location / {

proxy_bind MY_IP;

proxy_pass https://journals.aps.org/;
}

location ^~ /error/ {
internal;
root /etc/nginx/html;
}

location /libs/mathjax/2.7.2/MathJax.js {
proxy_pass https://cdn.journals.aps.org;
}
}


Any help would be really needful.

installing 1.13.9 on debian 9

February 23, 2018, 2:58 pm
$
0
0
Dear all, as I'm trying to build an install for debian 9 including the fancyindexing module and HTTP/2 Server Push, I bump into some issues with the correct ./configure for that.

This is how the 1.13.3 precompiled package for debian 9 is currently configured on the same machine;

# nginx -V
nginx version: nginx/1.13.3
built with OpenSSL 1.1.0f 25 May 2017
TLS SNI support enabled
configure arguments:
--with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-1.13.3=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2'
--with-ld-opt='-Wl,-z,relro -Wl,-z,now -fPIC'
--prefix=/usr/share/nginx
--conf-path=/etc/nginx/nginx.conf
--http-log-path=/var/log/nginx/access.log
--error-log-path=/var/log/nginx/error.log
--lock-path=/var/lock/nginx.lock
--pid-path=/run/nginx.pid
--modules-path=/usr/lib/nginx/modules
--http-client-body-temp-path=/var/lib/nginx/body
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi
--http-proxy-temp-path=/var/lib/nginx/proxy
--http-scgi-temp-path=/var/lib/nginx/scgi
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi
--with-debug
--with-pcre-jit
--with-http_ssl_module
--with-http_stub_status_module
--with-http_realip_module
--with-http_auth_request_module
--with-http_v2_module
--with-http_dav_module
--with-http_slice_module
--with-threads
--with-http_addition_module
--with-http_geoip_module=dynamic
--with-http_gunzip_module
--with-http_gzip_static_module
--with-http_image_filter_module=dynamic
--with-http_sub_module
--with-http_xslt_module=dynamic
--with-stream=dynamic
--with-stream_ssl_module
--with-stream_ssl_preread_module
--with-mail=dynamic
--with-mail_ssl_module
--add-dynamic-module=/build/nginx-1.13.3/debian/modules/nginx-auth-pam
--add-dynamic-module=/build/nginx-1.13.3/debian/modules/nginx-dav-ext-module
--add-dynamic-module=/build/nginx-1.13.3/debian/modules/nginx-echo
--add-dynamic-module=/build/nginx-1.13.3/debian/modules/nginx-upstream-fair
--add-dynamic-module=/build/nginx-1.13.3/debian/modules/ngx_http_substitutions_filter_module

So, I'm trying to get a similar install, only adding fancyindexing and the 1.13.9 code (with Server push);

I was able to successfully get fancy indexing compiled, as well as ipv6 support --with-ipv6 and mp4 support, but I'm not sure how to correctly set these:

--with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-1.13.3=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2'
--with-ld-opt='-Wl,-z,relro -Wl,-z,now -fPIC'

and these:

--add-dynamic-module=/build/nginx-1.13.3/debian/modules/nginx-auth-pam
--add-dynamic-module=/build/nginx-1.13.3/debian/modules/nginx-dav-ext-module
--add-dynamic-module=/build/nginx-1.13.3/debian/modules/nginx-echo
--add-dynamic-module=/build/nginx-1.13.3/debian/modules/nginx-upstream-fair
--add-dynamic-module=/build/nginx-1.13.3/debian/modules/ngx_http_substitutions_filter_module

since they refer to paths that do not exist for 1.13.9 sources.

Can anyone help me get the best ./configure line for debian 9 x64 ?
I tried

./configure --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-1.13.9=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --with-stream_realip_module --with-mail=dynamic --with-mail_ssl_module --with-compat --with-ipv6 --with-file-aio --with-http_flv_module --with-http_mp4_module --with-http_random_index_module --with-http_secure_link_module --with-http_slice_module --add-module=/root/nginx/ngx-fancyindex --add-dynamic-module=/build/nginx-1.13.3/debian/modules/nginx-auth-pam --add-dynamic-module=/build/nginx-1.13.3/debian/modules/nginx-dav-ext-module --add-dynamic-module=/build/nginx-1.13.3/debian/modules/nginx-echo --add-dynamic-module=/build/nginx-1.13.3/debian/modules/nginx-upstream-fair --add-dynamic-module=/build/nginx-1.13.3/debian/modules/ngx_http_substitutions_filter_module

which yields an error at the end:

[...]
checking for getaddrinfo() ... found
configuring additional modules
adding module in /root/nginx/ngx-fancyindex
+ ngx_http_fancyindex_module was configured
configuring additional dynamic modules
adding module in /build/nginx-1.13.3/debian/modules/nginx-auth-pam
./configure: error: no /build/nginx-1.13.3/debian/modules/nginx-auth-pam/config was found

which seems logical, since it's 1.13.9 now, and the .3 /build/ is probably erased after install from the precompiled apt package.

Anyone able to help out here?

Re: Reverse Proxy apparently not working location rules

February 24, 2018, 9:41 am
$
0
0
hmm ok, I'm convinced that I've found a bug. I'll try another product.

Re: Reverse Proxy as a WAF?

February 26, 2018, 7:59 am
$
0
0
Hi @Togger75;

This article is excellent.Thank you for this.We thinking to replace our WAF solution with Nginx + Mod Security.It seems to be a good article for the beginning.
Search

Re: Reverse Proxy as a WAF?

February 26, 2018, 9:13 am
$
0
0
Hi yigit.basalma, thanks. Let me know if you get it going from this, it would be nice to know if it was worth writing down and is useful to someone

Imap proxy doesn't work

February 27, 2018, 3:49 am
$
0
0
Hello!

Start using nginx as smtp/imap proxy.

Smtp proxy works (but on the real smtp server I have to allow redirects from nginx IP).

Problem is IMAP proxy. It doesn't works at all. No differ - SSL or Startssl. Mail client - Thunderbird.

I run nginx on CentOS 7, IP:1.2.3.4, ports 25,143,993.
Target IMAP: outlook.office365.com.
If directly connect (no nginx), Thunderbird works fine with IMAP outlook.office365.com, SSL/TLS, port 993.
Via nginx nothing happens (IMAP: 1.2.3.4, SSL/TLS, port 993 or STARTTLS/143).
Thunderbird says: server 1.2.3.4 has disconnected. The server may have gone down...

Nginx mail config:

mail {
server_name 1.2.3.4;
auth_http 127.0.0.1:80/auth;

xclient off;

proxy_pass_error_message on;

ssl on;
ssl_prefer_server_ciphers on;
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;

imap_capabilities "IMAP4rev1" "UIDPLUS" "IDLE" "LITERAL+" "QUOTA";
smtp_capabilities "SIZE 10485760" "ENHANCEDSTATUSCODES" "8BITMIME" "DSN";

server {
listen 25;
protocol smtp;
smtp_auth login plain cram-md5;
}

server {
listen 993;
protocol imap;
imap_auth login plain cram-md5;
}

server {
listen 143;
protocol imap;
imap_auth login plain cram-md5;
}
}

There are no errors in /var/log/nginx/error.log.

How to trace where is the issue?

Re: Imap proxy doesn't work

February 27, 2018, 3:55 am
$
0
0
access log:

...
127.0.0.1 - - [27/Feb/2018:11:53:58 +0000] "GET /auth HTTP/1.0" 200 0 "-" "-" "-"
127.0.0.1 - - [27/Feb/2018:11:53:58 +0000] "GET /auth HTTP/1.0" 200 0 "-" "-" "-"

Transcode - Package - NGINX Origin

February 27, 2018, 6:48 am
$
0
0
Hi friends,

I have a transcoder and my intention is to stream VOD ad Live stream coming through the transcoder to be delivered in Intranet using NGINX.

Here Do I need Wowza kind of packager in between the transcoder and nginx for live stream delivery.

Regards

VJ

Re: Imap proxy doesn't work

February 28, 2018, 4:03 am
$
0
0
A little bit testing, error.log while try to connect:

recv() failed (111: Connection refused) while reading response from upstream, client: 19.177.26.18, server: 0.0.0.0:993, login: "user@domain.com", upstream: 2.3.4.5:143

19.177.26.18 - my ip
2.3.4.5 - backend IMAP server

What its can be? Backend server rejects connection?
Viewing all 4759 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>