nginx is on windows server, version 1.12.2
how i can conlfigure location / forwarding for git ?
how i can conlfigure location / forwarding for git ?
↧
Re: nginx git configuration
↧
Add virtual path for a site
Hello,
I'm trying to add virtual path to a site and redirect it to the same content as the root.
This is the config I have at the moment:
server {
listen 80;
listen [::]:80;
server_name url.example.com;
root /var/www/url.example.com/path1/path2;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
I like to make it when the user using the url url.example.com/foo/bar/ it will display the same website as in /
I've tried several options I saw online, but none worked.
Any idea how can I get there?
Thanks!!
I'm trying to add virtual path to a site and redirect it to the same content as the root.
This is the config I have at the moment:
server {
listen 80;
listen [::]:80;
server_name url.example.com;
root /var/www/url.example.com/path1/path2;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
I like to make it when the user using the url url.example.com/foo/bar/ it will display the same website as in /
I've tried several options I saw online, but none worked.
Any idea how can I get there?
Thanks!!
↧
↧
sites-available default overriding other files
I had Nginx working for about a week except I couldn't get curl to work. Then, while troubleshooting that I had Nginx and php break so started over (reinstalled both). I want to use a domain name (grouperads.com) to access it only locally. And I want to use SSL. Like I said, I had it all working but now nothing seems to get it back.
After the new install, localhost works. And I did get a basic example.com site to also work. As soon as I tried anything with grouperads.com whether http or https nothing. Right now , localhost and http://grouperads.com/ both open the same page in /var/www/html/index.html
I can't tell if the default page is wrong and overriding grouperads.com or vice-versa. Or maybe something else?
running Ubuntu 16.04 PHP7.3 Latest repo version of Nginx
Thanks!
Here are my two sites-available files:
1st default
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
# listen 80 default_server;
# listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
# proxy_pass http://localhost:8080;
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection 'upgrade';
# proxy_set_header Host $host;
# proxy_cache_bypass $http_upgrade;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php7.0-fpm:
# fastcgi_pass unix:/run/php/php7.0-fpm.sock;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
______________________________________________________________________________________________
Now grouperads.com
server {
listen 80 ;
listen [::]:80;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
root /var/www/grouperads.com/html;
server_name grouperads.com www.grouperads.com;
#access_log /var/www/grouperads.com/html/logs/.access.log;
#error_log /var/www/logs/.error.log error;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
index index.php index.html index.htm index.nginx-debian.html;
location / {
try_files $uri $uri/ /index.php?$args ;
}
#Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
# Directives to send expires headers and turn off 404 error logging.
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires max;
}
location ~ \.php$ {
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
include snippets/fastcgi-php.conf;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~ /\.ht {
deny all;
}
}
After the new install, localhost works. And I did get a basic example.com site to also work. As soon as I tried anything with grouperads.com whether http or https nothing. Right now , localhost and http://grouperads.com/ both open the same page in /var/www/html/index.html
I can't tell if the default page is wrong and overriding grouperads.com or vice-versa. Or maybe something else?
running Ubuntu 16.04 PHP7.3 Latest repo version of Nginx
Thanks!
Here are my two sites-available files:
1st default
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
# listen 80 default_server;
# listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
# proxy_pass http://localhost:8080;
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection 'upgrade';
# proxy_set_header Host $host;
# proxy_cache_bypass $http_upgrade;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php7.0-fpm:
# fastcgi_pass unix:/run/php/php7.0-fpm.sock;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
______________________________________________________________________________________________
Now grouperads.com
server {
listen 80 ;
listen [::]:80;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
root /var/www/grouperads.com/html;
server_name grouperads.com www.grouperads.com;
#access_log /var/www/grouperads.com/html/logs/.access.log;
#error_log /var/www/logs/.error.log error;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
index index.php index.html index.htm index.nginx-debian.html;
location / {
try_files $uri $uri/ /index.php?$args ;
}
#Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
# Directives to send expires headers and turn off 404 error logging.
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires max;
}
location ~ \.php$ {
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
include snippets/fastcgi-php.conf;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~ /\.ht {
deny all;
}
}
↧
Reverse proxy for ssh
Hello !
Need to make my nginx server listen to a specific domain address on port 80 and to pass it to my ssh linux server.
Of course I could do it with my router, but I have to many servers to do it with the router.
I think this is possible with last version, but how??
Thanks for your help
Need to make my nginx server listen to a specific domain address on port 80 and to pass it to my ssh linux server.
Of course I could do it with my router, but I have to many servers to do it with the router.
I think this is possible with last version, but how??
Thanks for your help
↧
Nginx - How do yo sync data across web servers?
Hello,
I am in the process of designing the underlying infrastructure for a Joomla CMS that will operate on top of NGINX. The site needs to be resilient so that in the event of an outage the site can remain live.
I had planned on having 2 web servers and 2 database servers that would be split between our two datacentres and load balanced via Citrix Netscalers. My question is, where should I keep the site data and how would I replicate it?
I have looked into NFS Servers that are clustered or perhaps keeping the site data on the web front ends and using a tool like csync to replicate and synchronise. Does NGINX provide any features that can do this?
Any advice would be appreciated.
Thanks,
I am in the process of designing the underlying infrastructure for a Joomla CMS that will operate on top of NGINX. The site needs to be resilient so that in the event of an outage the site can remain live.
I had planned on having 2 web servers and 2 database servers that would be split between our two datacentres and load balanced via Citrix Netscalers. My question is, where should I keep the site data and how would I replicate it?
I have looked into NFS Servers that are clustered or perhaps keeping the site data on the web front ends and using a tool like csync to replicate and synchronise. Does NGINX provide any features that can do this?
Any advice would be appreciated.
Thanks,
↧
↧
Re: sites-available default overriding other files
I got it solved. Don't know why but I'm not complaining :-).
I redid the sites-available/default file to this and everything (the grouperads.com site) came back up and WITH CURL working now!
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.php?$args ;
# proxy_pass http://localhost:8080;
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection 'upgrade';
# proxy_set_header Host $host;
# proxy_cache_bypass $http_upgrade;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
I redid the sites-available/default file to this and everything (the grouperads.com site) came back up and WITH CURL working now!
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.php?$args ;
# proxy_pass http://localhost:8080;
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection 'upgrade';
# proxy_set_header Host $host;
# proxy_cache_bypass $http_upgrade;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
↧
rewrite + proxy_pass in named location?
Hi,
I have a named location where I'm trying to perform a proxy_pass, but of course I can't have a URI in the proxy_pass itself so I'm trying to use rewrite with proxy_pass. However, i've tried so many different things that don't seem to work.
Essentially, I want my proxy_pass URI to be "https://ph-service/authentication/token".
This is what I have so far and it's not working.
location @token {
rewrite ^ /$1/authentication/token break;
proxy_pass https://ph-service;
}
Thanks for the help!
I have a named location where I'm trying to perform a proxy_pass, but of course I can't have a URI in the proxy_pass itself so I'm trying to use rewrite with proxy_pass. However, i've tried so many different things that don't seem to work.
Essentially, I want my proxy_pass URI to be "https://ph-service/authentication/token".
This is what I have so far and it's not working.
location @token {
rewrite ^ /$1/authentication/token break;
proxy_pass https://ph-service;
}
Thanks for the help!
↧
'Redirect' POST request when path to the service changes
Hey guys,
I'm not an expert on NGINX and am struggling with the redirection (if we can call it this way) of POST requests.
The thing is a service changed from, let's say, 'https://ip-address/app-label/rest/my-operation' to 'https://ip-address/new-app-label/rest/my-operation'
As you can see, the identification of the app changed and the rest of the URI is preserved.
To the old path, I used to have a NGINX location (the rule uses a regex, ^/app-label(/.*)$) and I only changed that to use the 'new-app-label' instead. It works.
But, at least temporarily, I need to keep the old path working (there are clients around using it).
So, my idea was to create another location still using the old label, and 'forwarding' the requests to the new location (preserving, naturally, the POST data).
In the beginning, I tried duplicating the location and playing with both labels, and both locations were pointing (and I'm using proxy_pass here) to the same upstream (the application properly said, in practical terms). But, because the app label (a.k.a. context path) changed, I also had to change the app context in the app setup. So, I believe I need to, somehow, modify (rewrite) the original request, replacing the old 'context path' by the new one, yet preserving the POST data, before I actually use proxy_pass to send it to the application. Makes sense to you? If it does, how'd you do it? I tried many combinations, but couldn't make it work yet.
If more info is required to clarify the issue, let me know. I hope I was able to explain the scenario.
Thanks so much for any help, in advance.
Cheers,
Pedro
I'm not an expert on NGINX and am struggling with the redirection (if we can call it this way) of POST requests.
The thing is a service changed from, let's say, 'https://ip-address/app-label/rest/my-operation' to 'https://ip-address/new-app-label/rest/my-operation'
As you can see, the identification of the app changed and the rest of the URI is preserved.
To the old path, I used to have a NGINX location (the rule uses a regex, ^/app-label(/.*)$) and I only changed that to use the 'new-app-label' instead. It works.
But, at least temporarily, I need to keep the old path working (there are clients around using it).
So, my idea was to create another location still using the old label, and 'forwarding' the requests to the new location (preserving, naturally, the POST data).
In the beginning, I tried duplicating the location and playing with both labels, and both locations were pointing (and I'm using proxy_pass here) to the same upstream (the application properly said, in practical terms). But, because the app label (a.k.a. context path) changed, I also had to change the app context in the app setup. So, I believe I need to, somehow, modify (rewrite) the original request, replacing the old 'context path' by the new one, yet preserving the POST data, before I actually use proxy_pass to send it to the application. Makes sense to you? If it does, how'd you do it? I tried many combinations, but couldn't make it work yet.
If more info is required to clarify the issue, let me know. I hope I was able to explain the scenario.
Thanks so much for any help, in advance.
Cheers,
Pedro
↧
Re: Nginx as reverse web proxy changes all to apache default page.
It's been almost 3 weeks and no one has any input on this?? I could really use some direction here. I can't even find the Apache.html page on any of the VM's so I don't know where it's coming from or why. HELP!!!
↧
↧
Serve Image files only
I am trying to serve images files only in this location block.
location /image \.(png|jpg)
{
alias /site/;
}
But I keep receiving errors. What is the correct way to serve only png and jpg matching /images.
location /image \.(png|jpg)
{
alias /site/;
}
But I keep receiving errors. What is the correct way to serve only png and jpg matching /images.
↧
Re: Serve Image files only
nginx_user10 Wrote:
-------------------------------------------------------
> I am trying to serve images files only in this location block.
>
> location /image \.(png|jpg)
> {
> alias /site/;
> }
>
> But I keep receiving errors. What is the correct way to serve only png
> and jpg matching /images.
*********************** update *************************
This location block works if I put a redirect in the block. But if I try to show the image via <img src or make a link clickable nothing works.
location ~* /images2/.+\.(png|jpg)$
{
}
The error logs says the following
GET /images2/flowers/type/T.png/ HTTP/1.1" 404 209
-------------------------------------------------------
> I am trying to serve images files only in this location block.
>
> location /image \.(png|jpg)
> {
> alias /site/;
> }
>
> But I keep receiving errors. What is the correct way to serve only png
> and jpg matching /images.
*********************** update *************************
This location block works if I put a redirect in the block. But if I try to show the image via <img src or make a link clickable nothing works.
location ~* /images2/.+\.(png|jpg)$
{
}
The error logs says the following
GET /images2/flowers/type/T.png/ HTTP/1.1" 404 209
↧
Re: Serve Image files only
nginx_user10 Wrote:
-------------------------------------------------------
> nginx_user10 Wrote:
> -------------------------------------------------------
> > I am trying to serve images files only in this location block.
> >
> > location /image \.(png|jpg)
> > {
> > alias /site/;
> > }
> >
> > But I keep receiving errors. What is the correct way to serve only
> png
> > and jpg matching /images.
>
>
> *********************** update *************************
>
> This location block works if I put a redirect in the block. But if I
> try to show the image via <img src or make a link clickable nothing
> works.
>
> location ~* /images2/.+\.(png|jpg)$
> {
> }
>
> The error logs says the following
>
> GET /images2/flowers/type/T.png/ HTTP/1.1" 404 209
*******************************solved*****************************
location ~ ^/images/(.+\.(?:gif|jpe?g|png))$
{
include /etc/nginx/mime.types;
alias /site/$1;
}
Not certain but I needed to add $1 to the end and changed the regex a little.
-------------------------------------------------------
> nginx_user10 Wrote:
> -------------------------------------------------------
> > I am trying to serve images files only in this location block.
> >
> > location /image \.(png|jpg)
> > {
> > alias /site/;
> > }
> >
> > But I keep receiving errors. What is the correct way to serve only
> png
> > and jpg matching /images.
>
>
> *********************** update *************************
>
> This location block works if I put a redirect in the block. But if I
> try to show the image via <img src or make a link clickable nothing
> works.
>
> location ~* /images2/.+\.(png|jpg)$
> {
> }
>
> The error logs says the following
>
> GET /images2/flowers/type/T.png/ HTTP/1.1" 404 209
*******************************solved*****************************
location ~ ^/images/(.+\.(?:gif|jpe?g|png))$
{
include /etc/nginx/mime.types;
alias /site/$1;
}
Not certain but I needed to add $1 to the end and changed the regex a little.
↧
Nginx - Multiple reverse proxied sites with relative content
I am trying to set up Nginx to work as a reverse proxy for multiple web apps running on the same server, however I have an issue where relative paths for content (CSS & JS) aren't looking in the correct location and thus returning 404 errors.
My Nginx config is set up like so:
server {
listen 80 default_server;
listen [::]:80 default_server;
location / {
proxy_pass http://localhost:5000;
}
location /app/firstapp/
{
proxy_pass http://localhost:5100/;
}
location /app/secondapp/
{
proxy_pass http://localhost:5200/;
}
}
When I go to localhost/app/firstapp in a browser, the html loads, but then the CSS and JS on that page are referenced with a relative path, so it tries to look at localhost/css/basecss.css rather than localhost/app/firstapp/css/basecss.css.
I can't use sub domains to resolve this, as I need the device this is running on to be accessible through it's own domain, and through a LAN network with it's own hostname.
I looked at http_sub_module, but as the JS on each app with perform AJAX requests with a relative path "/api/...." I can't replace the path in the JS as i'm unused as to where it will be defined.
Also, I am working under the assumption that I don't have control over the content of the two apps, so I can't change the paths to content eg. href=/css to href=http://localhost/app/firstapp/css.
The closest I got was using the $http_referer to redirect requests for the CSS and JS. This worked, however, the CSS file also has a reference to another file with a relative path, and this request uses the CSS file as the referrer, so looking for /app/firstapp in the referral doesn't catch this second request.
I'm struggling as to how to do this implementation, if at all possible? Any advice would be greatly appreciated.
My Nginx config is set up like so:
server {
listen 80 default_server;
listen [::]:80 default_server;
location / {
proxy_pass http://localhost:5000;
}
location /app/firstapp/
{
proxy_pass http://localhost:5100/;
}
location /app/secondapp/
{
proxy_pass http://localhost:5200/;
}
}
When I go to localhost/app/firstapp in a browser, the html loads, but then the CSS and JS on that page are referenced with a relative path, so it tries to look at localhost/css/basecss.css rather than localhost/app/firstapp/css/basecss.css.
I can't use sub domains to resolve this, as I need the device this is running on to be accessible through it's own domain, and through a LAN network with it's own hostname.
I looked at http_sub_module, but as the JS on each app with perform AJAX requests with a relative path "/api/...." I can't replace the path in the JS as i'm unused as to where it will be defined.
Also, I am working under the assumption that I don't have control over the content of the two apps, so I can't change the paths to content eg. href=/css to href=http://localhost/app/firstapp/css.
The closest I got was using the $http_referer to redirect requests for the CSS and JS. This worked, however, the CSS file also has a reference to another file with a relative path, and this request uses the CSS file as the referrer, so looking for /app/firstapp in the referral doesn't catch this second request.
I'm struggling as to how to do this implementation, if at all possible? Any advice would be greatly appreciated.
↧
↧
Disable TLS1.1 with NGINX & Tengine
Hi,
We use the NGINX server with tengine version tengine-2.1.0 & openresty version - ngx_openresty-1.7.2.1 .
On the NGINX conf the ssl supported protocols have been restricted to use only TLS1.2. However the server is still accepting the TLS1.1.
Could you please suggest what changes are required to disable TLS1.1
We use the NGINX server with tengine version tengine-2.1.0 & openresty version - ngx_openresty-1.7.2.1 .
On the NGINX conf the ssl supported protocols have been restricted to use only TLS1.2. However the server is still accepting the TLS1.1.
Could you please suggest what changes are required to disable TLS1.1
↧
nginx as reverse proxy with client ssl authentication
Hi,
I am using nginx 1.13.11 on Windows 10
I am trying to set up a reverse proxy for a HTTPS backend requiring client ssl authentication.
Tried this with the following config
---
worker_processes 1;
error_log logs/error.log debug;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 443 ssl;
server_name localhost;
ssl_certificate C:/data/nginx-1.13.11/conf/crt;
ssl_certificate_key C:/data/nginx-1.13.11/conf/key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location /path {
proxy_pass https://backend
proxy_ssl_certificate C:/data/nginx-1.13.11/conf/backend.crt;
proxy_ssl_certificate_key C:/data/nginx-1.13.11/conf/backend.key;
}
}
}
---
This does not work. Debug log of a request can be found in the attached file.
When accessing the backend directly with importing the backend cert+key into Firefox works out of the box.
I do not know what software the backend is using.
Using an own apache with client authentication as a backend for my nginx reverse proxy, this given config works.
I have no clue how to solve this. Maybe its an SSL Problem between the nginx and the backend?
Does anyone has a hint how to get it work or how to analyse the reason of not working?
I am using nginx 1.13.11 on Windows 10
I am trying to set up a reverse proxy for a HTTPS backend requiring client ssl authentication.
Tried this with the following config
---
worker_processes 1;
error_log logs/error.log debug;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 443 ssl;
server_name localhost;
ssl_certificate C:/data/nginx-1.13.11/conf/crt;
ssl_certificate_key C:/data/nginx-1.13.11/conf/key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location /path {
proxy_pass https://backend
proxy_ssl_certificate C:/data/nginx-1.13.11/conf/backend.crt;
proxy_ssl_certificate_key C:/data/nginx-1.13.11/conf/backend.key;
}
}
}
---
This does not work. Debug log of a request can be found in the attached file.
When accessing the backend directly with importing the backend cert+key into Firefox works out of the box.
I do not know what software the backend is using.
Using an own apache with client authentication as a backend for my nginx reverse proxy, this given config works.
I have no clue how to solve this. Maybe its an SSL Problem between the nginx and the backend?
Does anyone has a hint how to get it work or how to analyse the reason of not working?
↧
Re: nginx as reverse proxy with client ssl authentication
2018/04/05 13:45:15 [debug] 2708#4940: *8 http proxy status 401 "401 Unauthorized"
2018/04/05 13:45:15 [debug] 2708#4940: *8 http proxy header: "X-message-code: PWD_WRONG"
2018/04/05 13:45:15 [debug] 2708#4940: *8 http proxy header: "WWW-Authenticate: Basic realm="Password""
2018/04/05 13:45:15 [debug] 2708#4940: *8 http proxy header: "X-message-code: PWD_WRONG"
2018/04/05 13:45:15 [debug] 2708#4940: *8 http proxy header: "WWW-Authenticate: Basic realm="Password""
↧
Re: nginx as reverse proxy with client ssl authentication
Yes. This is a specialty of the backend. It does a basic auth if client ssl auth does not work.
But getting this auth request means something went wrong before...
But getting this auth request means something went wrong before...
↧
↧
Re: nginx as reverse proxy with client ssl authentication
Ad addintional info because my question is maybe a bit confusing.
I want to do the reverser proxy doing the client-cert-auth. So the real clients can access the backend thru the reverse proxy without doing client-cert-auth on their own.
I want to do the reverser proxy doing the client-cert-auth. So the real clients can access the backend thru the reverse proxy without doing client-cert-auth on their own.
↧
no www in host header
Hi there,
I have an http/ https config in place which works but there is one issue our marketing team have asked about regarding no www in the URL. when users navigate to example.com the stanza redirects them to https://www.example.com fine but if they type in https://example.com the site loads but there is now www. This is apparently messing with SEO stats, etc.
I have pasted config below. I am not entirely sure why it does this I'd appreciate any thoughts.
server {
listen 443 ssl http2;
server_name .example.com;
ssl_certificate /etc/ssl/certs/example.com.crt;
ssl_certificate_key /etc/ssl/private/example.com.key;
ssl_trusted_certificate /etc/ssl/certs/ca.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 180m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DHE+AES128:!ADH:!AECDH:!MD5;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options DENY;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass "http://127.0.0.1:3000";
}
}
server {
listen 80;
server_name .example.com;
return 301 https://www.example.com$request_uri;
}
I have an http/ https config in place which works but there is one issue our marketing team have asked about regarding no www in the URL. when users navigate to example.com the stanza redirects them to https://www.example.com fine but if they type in https://example.com the site loads but there is now www. This is apparently messing with SEO stats, etc.
I have pasted config below. I am not entirely sure why it does this I'd appreciate any thoughts.
server {
listen 443 ssl http2;
server_name .example.com;
ssl_certificate /etc/ssl/certs/example.com.crt;
ssl_certificate_key /etc/ssl/private/example.com.key;
ssl_trusted_certificate /etc/ssl/certs/ca.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 180m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DHE+AES128:!ADH:!AECDH:!MD5;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options DENY;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass "http://127.0.0.1:3000";
}
}
server {
listen 80;
server_name .example.com;
return 301 https://www.example.com$request_uri;
}
↧
connection timed out (110: Connection timed out) while proxying connection
My config looks likes this:
stream {
server {
listen 9999 ssl;
tcp_nodelay on;
ssl_certificate /etc/nginx/cert.crt;
ssl_certificate_key /etc/nginx/cert.key;
ssl_protocols TLSv1.2;
ssl_session_cache shared:TLS:2m;
proxy_pass xxx.xxx.xxx.xxx:8888;
}
}
Under heavy traffic, things look fine. Under low traffic, I get lots of:
2018/04/10 19:10:47 [info] 8856#8856: *1 connection timed out (110: Connection timed out) while proxying connection, client: yyy.yyy.yyy.yyy, server: 0.0.0.0:9999, upstream: "xxx.xxx.xxx.xxx:8888", bytes from/to client:11417/75978, bytes from/to upstream:75978/11417
Why? How do I fix that?
Site note: I use to use stunnel which had some TCP keepalive related settings. I was wondering whether I need something like this with nginx. Is there a way to send TCP keep alives to xxx.xxx.xxx.xxx:8888 ?
stream {
server {
listen 9999 ssl;
tcp_nodelay on;
ssl_certificate /etc/nginx/cert.crt;
ssl_certificate_key /etc/nginx/cert.key;
ssl_protocols TLSv1.2;
ssl_session_cache shared:TLS:2m;
proxy_pass xxx.xxx.xxx.xxx:8888;
}
}
Under heavy traffic, things look fine. Under low traffic, I get lots of:
2018/04/10 19:10:47 [info] 8856#8856: *1 connection timed out (110: Connection timed out) while proxying connection, client: yyy.yyy.yyy.yyy, server: 0.0.0.0:9999, upstream: "xxx.xxx.xxx.xxx:8888", bytes from/to client:11417/75978, bytes from/to upstream:75978/11417
Why? How do I fix that?
Site note: I use to use stunnel which had some TCP keepalive related settings. I was wondering whether I need something like this with nginx. Is there a way to send TCP keep alives to xxx.xxx.xxx.xxx:8888 ?
↧