Quantcast
Channel: Nginx Forum - How to...
Viewing all 4759 articles
Browse latest View live

Looking for jpg resource in other folder with location settings

May 25, 2018, 9:44 pm
$
0
0
0
down vote
favorite
I have a general nginx rule to serve jpgs from they uri.

so if uri is "http://example.com/images/1.jpg it will server is form the root of the site/images/1.jpg

I want to try and serve the image from alternative path if not found on the original path. how do I write the 2nd location:

here is what I got:

location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf|ico)$ {
try_files $uri $uri/ @fallback;
access_log off;
expires max;
log_not_found off;
}
How do I write the fallback to look for the files in another location like /home/user/anotherfodler/ ?

Thanks
Search

Re: Nginx as a Reverse Proxy for OpenVPN (TCP 443)

May 29, 2018, 2:46 pm
$
0
0
> That example works fine, the problem must be that a vpn request is not
> sending a vpn (ssl) SNI hostname, check the logfiles because the SNI
> names are in there when detected.
>
> If this is the case ssl_preread may need a patch to handle vpn names.

My nginx logs (using ssl_preread) do not show sni names for vpn traffic.
But I'm not sure my vpn is well setup...

Re: Using OpenVPN behind an NGINX Reverse Proxy using the TCP/UDP Stream Proxying Module

May 29, 2018, 2:59 pm

Re: Openvpn via nginx reverse proxy

May 29, 2018, 3:01 pm

Re: Openvpn via nginx reverse proxy

May 31, 2018, 2:55 am

Re: Using OpenVPN behind an NGINX Reverse Proxy using the TCP/UDP Stream Proxying Module

May 31, 2018, 8:39 am
$
0
0
@tmtben

Yes, I did. I actually had forgotten to forward the ports I was using for OpenVPN on my AWS Security Group.....

Nginx slim framework not working with try_file settings

May 31, 2018, 12:41 pm
$
0
0
I am very new to nginx. So I managed to setup with a lot of googling ready.
I have one pure php app running on this folder /var/www/html/app1

Next I want to build api links. So first I did this

composer create-project slim/slim-skeleton

I want to use the slim framework.So the slim-skeleton folder I renamed it as apitest. Next I adjusted my nginx config file its as below. Below I added this configuration

location /apitest {
alias /var/www/html/apitest1/public;
try_files $uri $uri/ /index.php$is_args$args;

location ~ \.php$ {
include fastcgi.conf;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_pass 127.0.0.1:9000;
}
}
but I keep getting 404 not found.

Below is my full nginx.conf file.

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
worker_connections 1024;
}

http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
server_tokens off;
access_log /var/log/nginx/access.log main;

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;

include /etc/nginx/mime.types;
default_type application/octet-stream;

# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/blockuseragents.rules;
limit_conn_zone $binary_remote_addr zone=addr:5m;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
#root /usr/share/nginx/html;
root /var/www/html;

# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;



error_page 404 /404.html;
location = /40x.html {
}

error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
if ($request_method !~ ^(GET|HEAD|POST)$) {
return 444;
}
limit_conn addr 1;

location /apitest {
alias /var/www/html/apitest1/public;
try_files $uri $uri/ /index.php$is_args$args;

location ~ \.php$ {
include fastcgi.conf;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_pass 127.0.0.1:9000;
}
}


}

Re: Using OpenVPN behind an NGINX Reverse Proxy using the TCP/UDP Stream Proxying Module

May 31, 2018, 4:16 pm
$
0
0
Great!
Would you mind sharing your nginx conf?
Search

Re: Using OpenVPN behind an NGINX Reverse Proxy using the TCP/UDP Stream Proxying Module

May 31, 2018, 4:22 pm
$
0
0
Here you are. :)

Let me know if you need any help.

https://github.com/zimmertr/NGINX-Reverse-Proxy-Config

Re: Using OpenVPN behind an NGINX Reverse Proxy using the TCP/UDP Stream Proxying Module

May 31, 2018, 11:09 pm
$
0
0
Many thanks @hanz_zimmer!

Which server name do you use for your vpn connection?

Re: Using OpenVPN behind an NGINX Reverse Proxy using the TCP/UDP Stream Proxying Module

June 1, 2018, 2:43 pm
$
0
0
I no longer have a VPN block defined in my nginx config on that GitHub repository. I rebuilt my lab on Proxmox a few weeks ago and haven't gotten around to implementing the VPN server again. If you look at the older commits on that repo you should be able to find an entry for it though. For example:

https://github.com/zimmertr/NGINX-Reverse-Proxy-Config/blob/849bb53ea7835cb5637764b5daf2ba8b352ccb33/tjzimmerman.com.conf#L158

Re: Using OpenVPN behind an NGINX Reverse Proxy using the TCP/UDP Stream Proxying Module

June 2, 2018, 1:28 am
$
0
0
Thanks again!

The vhost vpn.tjzimmerman.com is used for the OpenVPN AS interface admin only (port 943), not for the vpn connection (ports 8050 and 8051.

I would like to "reverse proxyfying" several vpn servers on the same host : exactly the same vpn conf, same port, only the server name is different.
But I'm not sure it's possible...

What's wrong with my config?

June 3, 2018, 11:03 am
$
0
0
What's wrong with my nginx config?

server {
if ($host = gextension.alter-community.com) {
return 301 https://$host$request_uri;
} # managed by Certbot

listen 80 default_server;
listen [::]:80 default_server;

server_name gextension.alter-community.com;
return 404; # managed by Certbot




}

server {
root /var/www/gextension/html;

server_name gextension.alter-community.com; # managed by Certbot
return 404; # managed by Certbot

listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot

ssl_certificate /etc/letsencrypt/live/gextension.alter-community.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/gextension.alter-community.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

index index.php index.html index.htm index.nginx-debian.html;

location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;

# With php7.0-cgi alone:
#fastcgi_pass 127.0.0.1:9000;
# With php7.0-fpm:
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}

I'm getting 404 Not found when going to a page. It does however redirect to https when I enter http. Please help. It's the correct fpm version and correct root.

Re: Using OpenVPN behind an NGINX Reverse Proxy using the TCP/UDP Stream Proxying Module

June 3, 2018, 11:11 am
$
0
0
No, that is what I am doing. That is done by a different mechanism in NGINX which is why you're not seeing the proxying occur in that block.

You have to purchase NGINX Enterprise or compile the open source version of the software with stream proxying enabled. Instructions for the latter are on the README of my github repository above. After which you can define stream{} blocks in addition to http{server{}} blocks. Configuring these will allow you to proxy data over TCP and UDP streams (VPN data).

Here is my configuration: https://github.com/zimmertr/NGINX-Reverse-Proxy-Config/blob/947d581c62948e8132a06f27aeae4ef5d6ea588b/nginx.conf#L11

Here is the documentation: https://nginx.org/en/docs/stream/ngx_stream_proxy_module.html

what is concept of backup and send_timeout ?

June 4, 2018, 5:36 am
$
0
0
Hi, I'm using 48 cores of cpu with 256 GB memory for loadbalancing,

I decide to use nginx as loadbalancer to handle +/- 4000 TPS

here is my configuration,

/etc/nginx/nginx.conf
user nginx;
worker_processes 48;
worker_rlimit_nofile 100000;

error_log /var/log/nginx/main_error.log warn;
pid /var/run/nginx.pid;


events {
worker_connections 100000;
use epoll;
multi_accept on;
}


http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

log_format upstreamlog '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"'
' to="$upstream_addr" rt="$request_time" uct="$upstream_connect_time" uht="$upstream_header_time" urt="$upstream_response_time" msec=$msec';


access_log /var/log/nginx/access.log main;

sendfile on;
tcp_nopush on;
tcp_nodelay on;
send_timeout 1000ms;
include /etc/nginx/conf.d/*.conf;
}




/etc/nginx/conf.d/*.conf
upstream xbox4-responder {
server 10.23.40.34:19001 fail_timeout=0s;
server 10.23.40.35:19001 fail_timeout=0s;
server 10.23.40.33:19001 fail_timeout=0s backup;
server 10.23.40.34:19002 fail_timeout=0s;
server 10.23.40.35:19002 fail_timeout=0s;
server 10.23.40.33:19002 fail_timeout=0s backup;
server 10.23.40.34:19003 fail_timeout=0s;
server 10.23.40.35:19003 fail_timeout=0s;
server 10.23.40.33:19003 fail_timeout=0s backup;
server 10.23.40.34:19004 fail_timeout=0s;
server 10.23.40.35:19004 fail_timeout=0s;
server 10.23.40.33:19004 fail_timeout=0s backup;
server 10.23.40.34:19005 fail_timeout=0s;
server 10.23.40.35:19005 fail_timeout=0s;
server 10.23.40.33:19005 fail_timeout=0s backup;
server 10.23.40.34:19006 fail_timeout=0s;
server 10.23.40.35:19006 fail_timeout=0s;
server 10.23.40.33:19006 fail_timeout=0s backup;
server 10.23.40.34:19007 fail_timeout=0s;
server 10.23.40.35:19007 fail_timeout=0s;
server 10.23.40.33:19007 fail_timeout=0s backup;
server 10.23.40.34:19008 fail_timeout=0s;
server 10.23.40.35:19008 fail_timeout=0s;
server 10.23.40.33:19008 fail_timeout=0s backup;
}

server {
listen 9092;
access_log /var/log/nginx/xbox4.access.log upstreamlog;
error_log /var/log/nginx/xbox4_error.log warn;

location / {
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
proxy_pass http://xbox4-responder;
proxy_next_upstream error timeout http_504 non_idempotent;
proxy_next_upstream_tries 3;
proxy_connect_timeout 50ms;
proxy_read_timeout 250ms;
}
}


Notes:
a. If directly accessing 1 port of upstream, without loadbalancer, I'm able to handle 1200TPS per port, using Jmeter.
And I'm expecting to have bigger TPS when using loadbalancer infront of it.

b. I put the non_idempotent, since my request is a post request, but didn't change any value.
<XBOXRequest><requestName>GetSubscriberMenuId</requestName><Subscriber_Number></Subscriber_Number><Source>UMB</Source><Trans_ID>0030180530173955288b1</Trans_ID><Home_POC>JK0</Home_POC><PRICE_PLAN>380408</PRICE_PLAN><PayCat>PRE-PAID</PayCat><Active_End>20180723</Active_End><Grace_End>20180822</Grace_End><Rembal>10</Rembal><IMSI></IMSI><VLR></VLR><IMEI></IMEI><CellID>89f062ad</CellID><Reqtime></Reqtime><Shortcode>*123#</Shortcode></XBOXRequest>

c. I'm using 3 nodes of upstream, with 8 port each.


Questions :

1. I put the value of fail_timeout=0s, expecting that I don't want to make a delay by using the default value. And I'm afraid, there will be a moment that all port will be unavailable if I set > 0s. Does my understanding is correct?
2. My backup upstream never involved on the retries, How to check that the port status not available at that moment? Does the "backup" flag is working or not? Did I put it correctly?

10.193.26.155 - - [04/Jun/2018:09:33:12 +0700] "POST / HTTP/1.1" 504 183 "-" "XBOX Client" to="10.23.40.34:19001, 10.23.40.34:19008, 10.23.40.35:19002" rt="0.751" uct="0.001, 0.000, 0.000" uht="0.251, 0.250, 0.250" urt="0.251, 0.250, 0.250" msec=1528079592.685
10.196.217.153 - - [04/Jun/2018:09:33:12 +0700] "POST / HTTP/1.1" 504 183 "-" "XBOX Client" to="10.23.40.34:19001, 10.23.40.35:19003, 10.23.40.34:19008" rt="0.750" uct="0.000, 0.000, 0.000" uht="0.250, 0.250, 0.250" urt="0.250, 0.250, 0.250" msec=1528079592.694
10.193.26.168 - - [04/Jun/2018:09:33:22 +0700] "POST / HTTP/1.1" 504 183 "-" "XBOX Client" to="10.23.40.34:19004, 10.23.40.34:19001, 10.23.40.35:19006" rt="0.750" uct="0.000, 0.000, 0.000" uht="0.250, 0.250, 0.250" urt="0.250, 0.250, 0.250" msec=1528079602.269
10.196.217.153 - - [04/Jun/2018:09:33:22 +0700] "POST / HTTP/1.1" 504 183 "-" "XBOX Client" to="10.23.40.34:19001, 10.23.40.34:19003, 10.23.40.34:19007" rt="0.750" uct="0.000, 0.000, 0.000" uht="0.250, 0.250, 0.250" urt="0.250, 0.250, 0.250" msec=1528079602.296

does my configuration is to aggressive?

3. What is send_timeout used for? what I'm thinking is that none of the request will be status code 200 if the rt is bigger than 1000 ms, but I saw it's success.

10.196.217.155 - - [04/Jun/2018:13:17:09 +0700] "GET /nbos_offer_detail?MENU_NAME=MN_XL_CLM_8110531_FREE&OPCODE=CPDELIVER&DELIVERMODE=0&DATETIME=20180604131708&SUBGROUP=11&SMSTYPE=&SHORTNO=&SUBSCRIBERID=1869827388 HTTP/1.1" 200 827 "-" "-" to="10.23.40.35:19002" rt="1.187" uct="0.000" uht="0.060" urt="0.060" msec=1528093029.586
10.196.217.155 - - [04/Jun/2018:13:33:15 +0700] "GET /nbos_offer_detail?MENU_NAME=MN_XL_CLM_8110529_NORM&OPCODE=CPDELIVER&DELIVERMODE=0&DATETIME=20180604133314&SUBGROUP=11&SMSTYPE=&SHORTNO=&SUBSCRIBERID=1063847878 HTTP/1.1" 200 804 "-" "-" to="10.23.40.35:19003" rt="1.061" uct="0.000" uht="0.143" urt="0.143" msec=1528093995.252
10.196.217.155 - - [04/Jun/2018:14:07:34 +0700] "GET /nbos_offer_detail?MENU_NAME=MN_XL_CLM_8110530_NORM&OPCODE=CPDELIVER&DELIVERMODE=0&DATETIME=20180604140733&SUBGROUP=11&SMSTYPE=&SHORTNO=&SUBSCRIBERID=1060114969 HTTP/1.1" 200 800 "-" "-" to="10.23.40.34:19007" rt="1.044" uct="0.000" uht="0.014" urt="0.014" msec=1528096054.613
10.22.233.192 - - [04/Jun/2018:07:07:51 +0700] "POST /xbox HTTP/1.1" 200 806 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" to="10.23.40.35:19003" rt="1.875" uct="0.000" uht="0.004" urt="0.004" msec=1528070871.993
10.22.233.192 - - [04/Jun/2018:07:07:54 +0700] "POST /xbox HTTP/1.1" 200 806 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" to="10.23.40.34:19006" rt="1.835" uct="0.000" uht="0.003" urt="0.003" msec=1528070874.698


Thanks
Search

Using nginx Reverse Proxy with no Apache

June 4, 2018, 10:13 am
$
0
0
So, I have a Ubuntu 16.04 server that is hosting 4 LXD containers. There are no websites associate with these containers, However each container is associated to a specific user. So when user A for instance want to use the app, I need to be able to route him to Container A.
The same for the other 3 users...B --> Container B, C --> Container C and D --> Container D. The app is an executable and functionally the same on all 4 containers. I just need the users have access to their own app.

Is nginx RP the way to go? And any comments on how to set this up?

Thanks,

Ray

Re: Using OpenVPN behind an NGINX Reverse Proxy using the TCP/UDP Stream Proxying Module

June 4, 2018, 1:42 pm
$
0
0
Yes, I agree with the stream mechanism.

But are you sure your tcp forwarding is based on hostnames?

Sorry for my poor english, here is the description I'm trying to do:
https://stackoverflow.com/questions/34741571/nginx-tcp-forwarding-based-on-hostname

Exec support for windows?

June 4, 2018, 1:50 pm
$
0
0
I've read that executing commands is not supported for windows. Is there a branch/build anywhere that does support this?

Alternatively, if I download the source, would it be possible to implement my own custom solution?

Re: Issue with the TCP Load Balancing

June 6, 2018, 4:00 am
$
0
0
Did you put some proxy_next_upstream_tries ?

nginx catch tcp flag

June 8, 2018, 4:33 am
$
0
0
I want to catch TCP flag of a packet to detect if a previous request is canceled. My goal is to detect FIN and RST flag.

My Nginx server receives some resquests from webservice. Some of these requests are long to proceed. I want to detect if client cancel its previous request. Requests are traited by an homemade process that Nginx call when it receives a request.

Where can I find these informations from Nginx ? I have to use fastcgi_param ? If yes, which one ? I search on Nginx documentation but doesn't find anything… I think I don't search on the good module…
Viewing all 4759 articles
Browse latest View live
Search