Quantcast
Channel: Nginx Forum - How to...
Viewing all 4759 articles
Browse latest View live

Upstream SSL for vmware autodeploy reverse proxy

September 4, 2018, 9:01 am
$
0
0
Hello everyone,

I am trying to use SSL on my upstream connection to my vCenter for my NginX Reverse Proxy, I've altered the config file that I found on Eric Gray's website (https://www.vcritical.com/2017/01/easy-auto-deploy-reverse-proxy-cache-with-an-nginx-container/):

Original:

user www-data;
worker_processes 4;
pid /var/run/nginx.pid;

events {
worker_connections 1024;
}

http {
sendfile on;
proxy_buffering on;
proxy_cache_valid 200 1d;
proxy_cache_path /var/www/cache levels=1:2 keys_zone=my-cache:15m max_size=1g inactive=24h;
proxy_temp_path /var/www/cache/tmp;

server {
listen 80;

location / {
proxy_pass https://${AUTO_DEPLOY};
keepalive_timeout 65;
tcp_nodelay on;
proxy_cache my-cache;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
}
daemon off;


My altered config:

user www-data;
worker_processes 4;
pid /var/run/nginx.pid;

events {
worker_connections 1024;
}

http {
sendfile on;
proxy_buffering on;
proxy_cache_valid 200 1d;
proxy_cache_path /var/www/cache levels=1:2 keys_zone=my-cache:15m max_size=1g inactive=24h;
proxy_temp_path /var/www/cache/tmp;

server { listen 80;

location / {
proxy_pass https://${AUTO_DEPLOY};
proxy_ssl_certificate /etc/ssl/certs/cert.crt;
proxy_ssl_certificate_key /etc/ssl/certs/cert.key;
proxy_ssl_trusted_certificate /etc/ssl/certs/chain.crt;
proxy_ssl_verify on;
proxy_ssl_protocols TLSv1.2;
proxy_ssl_verify_depth 3;
proxy_ssl_session_reuse on;
keepalive_timeout 65;
tcp_nodelay on;
proxy_cache my-cache;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
}
daemon off;

and even thought it works as a reverse proxy, when I do a tcp dump, I see that the data is going as clear text. I can't seem to figure out what I'm doing wrong.

Any help is appreciated.

Thanks

Michael
Search

Application access log is not logging the actual XFF of the real machine

September 5, 2018, 4:50 am
$
0
0
In application access log nginx should print actual machine ip from where the request is coming. But instead of printing the actual XFF it printing some remote client ip which we are not sure from where it is coming.
Tried several way by chaging the nginx.conf file to print the actual machine XFF value. But still it is printing the remote cilent ip.
Any help should be highly appreciated.

P.S. - Server is running on AWS.

404 Not Found - nginx

September 5, 2018, 5:48 am
$
0
0
Hello Team,
I have a PHP file and it loads fine sometimes and sometimes it gives "404 Not Found - nginx" error.
Kindly suggest me regarding same.

Thanks & Regards,
Vinod.

How does proxy_cache_background_update work?

September 6, 2018, 12:45 am
$
0
0
Hello guys,

I'm not able to find any information about how the proxy_cache_background_update works. Official documentation says:

Allows starting a background subrequest to update an expired cache item, while a stale cached response is returned to the client. Note that it is necessary to allow the usage of a stale cached response when it is being updated.

Ok I get this, but how does it work in detail? Is the background process checking all proxy cache keys in RAM? Can someone explain this in more detail please? I've activated this option but still receiving EXPIRED responses on the content I've checked.

Cheers,
Szop

DIfferent "home" / on same server

September 6, 2018, 12:18 pm
$
0
0
Hi, i'm having a little trouble setting up nginx to do the following.
I have an Angular 4 website, and I've just re-did the home page in Angular 6.
I want the "/" location to use the new Angular 6 index.html, and the rest to go to the old website files.

I've attached my current configuration, assuming the new version of the home page is in /usr/share/nginx/html/new-ms/.
How can I make it work?

Thank you!

Access router webpage securely (https) with nginx, how?

September 7, 2018, 10:46 am
$
0
0
Hello All,

In my current setting (Raspberry Pi running Raspbian (Debian Stretch 9.5) and nginx/1.10.3 (installed via sudo apt-get install nginx)
nginx -v log: https://pastebin.com/RsUmkr30

I have installed SSL certificate successfully and can access my Home Assistant installation securely (SSL) and successfully.

My router allows Web Management Port so the router webpage can be accessed but non-securely.

Please, kindly help configure nginx to access the router securely. I am able to access the router webpage securely but it is not displaying as it should:

router1.png shows router webpage non securely
router2.png shows router configuration
router3.png shows router wepage securely but it is not working

/etc/nginx/sites-available/default
is in
https://pastebin.com/JYwnf8aT

# port 4321 forwards to 4322 as a test since I access port 4322 directly
# this is the SSL server. / links to Home Assistant and and /dev01 should link securely to the router

Thank you in advance for your kind support,

Re: Access router webpage securely (https) with nginx, how?

September 7, 2018, 12:09 pm
$
0
0
Hello again,

/var/log/nginx/access.log in https://pastebin.com/6xVAyQJY

shows a number of files are expected to be loaded such as...
/login/encrypt.js
/login/login.css
/login/logo.png
/login/top-right.png
/login/username.png
/login/password.png

However, editing file default to:

location /dev01/ {
proxy_pass http://192.168.100.1/login/;
}

will result in "You have no authority to access this router!"

Any piece of advice is appreciated,

Nginx caching methods

September 10, 2018, 12:33 pm
$
0
0
Hi folks,

I am looking to enable caching more methods than the standards Nginx allows. Currently Nginx supports GET and POST caching, however I am looking to do PUT and DELETE. Is this possible with Nginx or other modules we can use? Any help would be great, Thank you.
Search

Redirect to another website if the visitor comes from a specific IP.

September 10, 2018, 1:58 pm
$
0
0
Hello forum members,

I have a question. Is it, it is certainly possible, unfortunately I do not know the way. I would like to redirect to an external website if the visitor owns a specific IP.

Maybe someone can help me there.

nginx image filter -> [emerg] unknown directive "image_filter_webp_quality", "image_filter_interlace", "image_filter_output"

September 11, 2018, 7:32 am
$
0
0
I compiled nginx with image filter module, but when including directives listed here

http://nginx.org/en/docs/http/ngx_http_image_filter_module.html

I gest errors when testing

nginx: [emerg] unknown directive "image_filter_webp_quality" in /usr/local/nginx/conf/conf.d/www.it.conf:245
nginx: [emerg] unknown directive "image_filter_output" in /usr/local/nginx/conf/conf.d/www.it.conf:246
nginx: [emerg] unknown directive "image_filter_interlace" in /usr/local/nginx/conf/conf.d/www.it.conf:45
nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed

obviously the compilation make give me that webp is supported in gd

checking for GD library ... found
checking for GD WebP support ... found

Re: nginx image filter -> [emerg] unknown directive "image_filter_webp_quality", "image_filter_interlace", "image_filter_output"

September 11, 2018, 9:25 am
$
0
0
Ok. Solved redownloading and recompiling.

Unable to browse websites from LAN

September 13, 2018, 12:12 pm
$
0
0
I run nginx on a VM and I rebuilt the machine that is hosting it. While I can view websites that are proxied from outside the network on the WAN, I get a “could not connect to the server” message when I try this from the LAN. I can still access websites using the IP address. How can I troubleshoot this to find and fix the problem?

How to set 2 or more wordpress htaccess on NGINX ?

September 14, 2018, 6:25 am
$
0
0
I have a problem . I have set a nginx+php fpm+redis+maria db on a vps but i am not pretty sure how could i use the information of different htaccess for different websites . I mean i would have 3 websites and i would need 3 different combinations of htaccess . How could i do it , into NGINX ? Any advice, tutorial , guide , or suggestion ? thankks

Simple question regarding server-config

September 18, 2018, 1:54 am
$
0
0
Hi guys,

just a simple question. I've got..

-) a "cam_alarms.php" stored in /var/www/html/
-) and (.avi-)video-files stored in /var/www/html/rec/videos

Browsing the .php via http://[IP]:4444/cam_alarms.php works fine - it generates links to the above mentioned *.avi's, but when I click a link (e.g. http://[IP]:4444/rec/videos/videofile.avi) nginx throws back "404 Not Found".

Could you please have a look at the .conf below? Many thanks in advance & BR, Christian

server {
listen 4444;
server_name [IP];

location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS off;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
root /var/www/html;
}

location ~ \.(avi|mp4) {
root /var/www/html/rec/;
}
}

Re: Simple question regarding server-config

September 18, 2018, 3:59 am
$
0
0
Look in the logs, the 404 will tell you where nginx expects the file to be.
Search

Re: Simple question regarding server-config

September 18, 2018, 6:10 am
$
0
0
Hi @itpp2012, many thanks for your reply.

According to /var/log/nginx/error.log;

2018/09/18 15:02:15 [error] 19354#19354: *7 open() "/usr/share/nginx/html/rec/videos/CCCC.avi" failed (2: No such file or directory), client: A.A.A.A, server: B.B.B.B, request: "GET /rec/videos/CCCC.avi HTTP/1.1", host: "B.B.B.B:4444", referrer: "http://B.B.B.B:4444/cam_alarms.php"

I'm very aware of the fact, that NGINX wants to open /usr/share/nginx/html/rec/videos, though the server's root for port 4444 is defined as "root /var/www/html;".

Thanks & BR,
Christian

Re: Simple question regarding server-config

September 18, 2018, 1:24 pm
$
0
0
https://stackoverflow.com/questions/47193849/nginx-root-directive-inside-location-doesnt-seem-to-be-working

anonymous ldap ??

September 18, 2018, 9:51 pm
$
0
0
Hello.,

We are trying to find the clue on setting nginx.conf to integrate with LDAP anonymously ? Where We have only LDAP URL (for ex ldap://openldap.localhost:389/ou=people,dc=odc,dc=im"

We donot want to expose bindDn and bindPW. Is there any such information on how to integrate ? Just like UNIX machine can access LDAP and limit to LDAP based users for SSH purpose. With this, we set anonymously, do we have similar manner for nginx ?

Nginx as Reverse Proxy for multiple servers binded to proxy using UNIX sockets - how to reached in LAN

September 20, 2018, 11:14 pm
$
0
0
I am trying to configure nginx as a reverse proxy for multiple servers on my LAN. They should go out on my WAN with different subdomains.
Unlike the approach described in Use Nginx as Reverse Proxy for multiple servers I want to use UNIX socket for the interprocess communication on my server.

Based on

- the above post
https://serverfault.com/questions/706694/use-nginx-as-reverse-proxy-for-multiple-servers
- nginx reverse ssl proxy with multiple subdomains
https://serverfault.com/questions/538803/nginx-reverse-ssl-proxy-with-multiple-subdomains
- Using Nginx as Webserver
https://serverfault.com/questions/433053/nginx-to-apache-reverse-proxy-instruct-use-of-unix-sockets
- Nginx to apache reverse proxy, instruct use of unix sockets
https://serverfault.com/questions/433053/nginx-to-apache-reverse-proxy-instruct-use-of-unix-sockets
- Difference between socket- and port-based connection to outer NGINX?
https://meta.discourse.org/t/difference-between-socket-and-port-based-connection-to-outer-nginx/60071
- keeping in mind the solution given in How do I configure Nginx proxy_pass Node.js HTTP server via UNIX socket?
https://serverfault.com/questions/316157/how-do-i-configure-nginx-proxy-pass-node-js-http-server-via-unix-socket

my configuration shall look something like this below, doesn't it? In order to keep the main file slim, I would like to outsource the location blocks.
I find all on the web more or less but nothing about wow I can reach the servers in within the LAN? Do I need to set up a local DNS server as described in Running DNS locally for home network (https://superuser.com/questions/45789/running-dns-locally-for-home-network)?

main proxy file

server {
listen 80;
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
#include letsencrypt.conf;
server_app1 app1subdomain.domain.eu;
*read app1location.file*
}

server {
listen 80;
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
#include letsencrypt.conf;
server_app2 app2subdomain.domain.eu;
*read app2location.file*
}

location files for proxied web servers:

location / {
proxy_pass http://unix:/home/app1/app1.com.unix_socket;
proxy_set_header X-Real-IP $remote_addr; #Authorization
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
}

-

location / {
proxy_pass http://unix:/home/app2/app2.com.unix_socket;
proxy_set_header X-Real-IP $remote_addr; #Authorization
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
}

NGINX reset established connection when upstream server goes up again.

September 21, 2018, 6:27 pm
$
0
0
Hello, everybody!

So, I have in my NGINX configuration an upstream with 3 server, "A", "B" and "C".
I am using "hash $remote_addr" mode, because I need direct a client’s requests to the same backend.
All is working fine, with only one inconvenient that I would like to solve.
When server "A" goes down, yours requests are send to server "B" or "C", until now that's ok, but when the server "A" goes back, it is like that claim by requests that already were yours end the client need login again. My questions are.


Are there any way to solve?

Are there any way to avoid that requests return to server A?

My NGINX configuration:


upstream firstplay {
hash $remote_addr;
server a.cer.com:443 max_fails=2 fail_timeout=5s;
server b.cer.com:443 max_fails=2 fail_timeout=5s;
server c.cer.com:443 max_fails=2 fail_timeout=5s;
}

server {
listen 443 ssl;
server_name abc.cer.com;
ssl_certificate /etc/ssl/certs/cert.crt;
ssl_certificate_key /etc/ssl/certs/cert.key;
proxy_http_version 1.1;
proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on;
proxy_connect_timeout 300;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 300;
error_log /var/log/nginx/cer-error.log;

location / {
proxy_pass https://firstplay/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
}
}
Viewing all 4759 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>