What is meant by server_name

October 5, 2018, 4:25 am

≫ Next: Forwarding a self-signed client certificate to backend

≪ Previous: Short Friendly URL

$

0

0

Hello, in my windows nginx.conf I have the server_name as .mydomain.com but it also works if I just leave it at localhost.

I have users getting kicked out after some time so I was wondering what the importance is of this setting and what can I add to the file to make sure streaming goes smooth for customers accessing the server? Thank you

---

Forwarding a self-signed client certificate to backend

October 5, 2018, 6:03 am

≫ Next: What version is recommended for 10K+ connections?

≪ Previous: What is meant by server_name

$

0

0

Hello everybody.
Help a newbie, please.
We have backend application web-server with authorization with login/pass + self-signed client certificate.
What parameters need to be specified so that the installed client certificate is forwarded to backend application server?
My config:

server {
listen 80;
server_name cab.site.com;
return 301 https://cab.site.com$uri$is_args$args;
}
server {
listen 443 ssl;
server_name cab.site.com;
ssl_certificate /etc/nginx/ssl/public.pem;
ssl_certificate_key /etc/nginx/ssl/private.key;
ssl_session_timeout 5m;
ssl_verify_client optional;
ssl_client_certificate /etc/nginx/ssl/self-ca.pem;
proxy_read_timeout 360;
proxy_pass_header Date;
proxy_pass_header Server;
proxy_pass_header Authorization;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $remote_addr;
real_ip_header X-Real-IP;
real_ip_recursive on;

location / {
proxy_pass https://10.0.0.22$uri$is_args$args;
proxy_set_header X-SSL-CERT $ssl_client_escaped_cert;
proxy_http_version 1.1;
}
error_log /var/log/nginx/cab-error.log;
access_log /var/log/nginx/cab-access.log;
}

What version is recommended for 10K+ connections?

October 5, 2018, 4:16 pm

≫ Next: Re: What version is recommended for 10K+ connections?

≪ Previous: Forwarding a self-signed client certificate to backend

$

0

0

Hello, What version is recommended for 10K+ connections?

Mainline version https://nginx.org/en/download.html - 1.15.5
Crow version http://nginx-win.ecsds.eu/ - 1.15.3.1

Re: What version is recommended for 10K+ connections?

October 5, 2018, 5:01 pm

≫ Next: javascript modules served with wrong MIME type

≪ Previous: What version is recommended for 10K+ connections?

$

0

0

What settings are recommended for a m3u8 streaming site? Seems to boot off the user at random times, 5-10 minutes.

javascript modules served with wrong MIME type

October 7, 2018, 5:45 pm

≫ Next: HTTP -> HTTPS Proxy

≪ Previous: Re: What version is recommended for 10K+ connections?

$

0

0

I'm trying to serve a javascript app with Nginx, which makes use of ES2016 modules. All of the module files have .the extension .js. When accessing the app from chrome, I receive the following error:

Failed to load module script: The server responded with a non-JavaScript MIME type of "text/plain". Strict MIME type checking is enforced for module scripts per HTML spec.

I've tried including mime.types and making use of

types {
application/javascript js;
}

In my nginx.conf, neither has made a difference. How should I configure nginx to serve javascript module files with the appropriate MIME type?

Thanks,
howardd

HTTP -> HTTPS Proxy

October 9, 2018, 8:27 am

≫ Next: grpc with browser client

≪ Previous: javascript modules served with wrong MIME type

$

0

0

Hi. We're developing an extension for an existing embedded hardware.
The device does not offer SSL but communicates with a server through HTTP.

We're building a hardware extension that acts as a HTTPS proxy with offloading of the SSL/TLS functionalitiy.

The device sends HTTP packets, our hardware extension (running Linux on arm) converts this to a HTTPS connection.
All SSL functions are done in the extension.

I figured it should work with nginx Proxy/ReverseProxy functionality.
So far I only came accross redirection which again gives the device a https url which it can't handle.

One idea would be that the extension is the http endpoint, unpacks the data and packs it again in HTTPS.
The extension should act as the only client that talks directly to the server.

This is basically the reverse view of "regular" ssl offloading done as a load balancing function.

I would really appreciate some help or some direction to look at.
Thanks

grpc with browser client

October 9, 2018, 10:15 am

≫ Next: CSRF token verification failed. Request aborted

≪ Previous: HTTP -> HTTPS Proxy

$

0

0

Hello,
We're experimenting with grpc and ways to expose those services to clients. I've followed along with the blog post here:
https://www.nginx.com/blog/nginx-1-13-10-grpc/ and gotten the helloworld client to connect to the helloworld server through nginx but now I'm wondering if it's possible to route normal web client traffic to the grpc server and send back a response suitable for a browser. We have a lot of existing web client code (html / javascript, etc) that we'd prefer not to muck with.

Our server is configured like:

server {
listen 80 http2;
listen 443 ssl http2;
server_name 127.0.0.1;

ssl_certificate cert.pem;
ssl_certificate_key cert.key;

ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;

ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

access_log logs/host.access.log main;

location / {
root /usr/share/nginx/html;
index index.html;
}

location /helloworld.Greeter/SayHello {
grpc_pass grpc://127.0.0.1:50051;
}

# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}

}

The request gets issued using curl:
curl -k -X POST https://127.0.0.1/helloworld.Greeter/SayHello

And the error in the error log:
2018/10/09 11:46:32 [error] 25850#25850: *60 upstream rejected request with error 2 while reading response header from upstream, client: 127.0.0.1, server: 127.0.0.1, request: "POST /helloworld.Greeter/SayHello HTTP/2.0", upstream: "grpc://127.0.0.1:50051", host: "127.0.0.1"

Other maybe useful information: using nginx 1.14.0 on arch linux. grpc server is the python version of the helloworld server

Any help would be greatly appreciated!

Thanks,
Derek

CSRF token verification failed. Request aborted

October 11, 2018, 5:19 am

≫ Next: Connection refused & Looking for advice on running two sites

≪ Previous: grpc with browser client

$

0

0

Hi All,

I am using nginx 1.15.3 in our application as a proxy server. It has a server config block which works as a HTTP as well as HTTPS server.(mentioned below).

x.y.z.f indicates IP of the HTTPS web server.

What is the use case ?
This is a case of redirection from HTTP to HTTPS server.
When the user opens up http://somedomain.com/users/ on the browser, he gets redirect to https://x.y.z.f/ as per the location config below. Also, "/users" in the location below is a just a placeholder to redirect to https://x.y.z.f and does not represent an actual api on https://x.y.z.f server.

Problem statement:
The location config works fine and i land on on login page of https://x.y.z.f, but i get a 403 Forbidden "CSRF verification failed. Request aborted." on login.

Please suggest.

server {
listen 80 default_server;
listen [::]:8080 default_server ipv6only=on;
client_max_body_size 30000m;

listen 443 ssl default_server;
listen [::]:443 ssl;
ssl_certificate abc.cert;
ssl_certificate_key abc.key;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 60m;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DHE+AES128:!ADH:!AECDH:!MD5;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;


location ~* ^/users/(.*)$ {
proxy_pass https://x.y.z.f;
rewrite ^/users/(.*)$ / break;
proxy_set_header X-Real_IP $remote_addr;
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Headers' 'Content-Type,Accept';
add_header 'Access-Control-Allow-Methods' 'POST';
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header Accept-Encoding "";
proxy_pass_header X-CSRFToken;

}

location ~* ^/static/(.*)$ {
proxy_pass https://x.y.z.f;
rewrite ^/users/(.*)$ / break;
proxy_set_header X-Real_IP $remote_addr;
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Headers' 'Content-Type,Accept';
add_header 'Access-Control-Allow-Methods' 'POST';
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header Accept-Encoding "";
proxy_pass_header X-CSRFToken;

}
}

---

Connection refused & Looking for advice on running two sites

October 13, 2018, 1:03 am

≫ Next: Nginx, Docker, React, Express with websocket

≪ Previous: CSRF token verification failed. Request aborted

$

0

0

Hello everyone,
I just switched my webserver from Apache to nginx and I have some problems. I did follow this tutorial: https://github.com/groovemonkey/hands_on_linux-self_hosted_wordpress_for_linux_beginners

I did open this post on StackExchange but since I couldnt get any good answer, I thought I could try it here.
https://unix.stackexchange.com/questions/475064/nginx-cant-bind-to-port-already-in-use-although-no-tasks-running-on-that-por/475136#475136

Firstly, I had the issue that nginx couln‘t bind the port. I could fix it after many hours of frustration by simply replacing my site.conf with the default.conf file in the sites-enabled folder. My system is Linux Mint.

It would be great if we could get it to work, all configs are in the stackexchange post. I‘m afraid I can‘t post them here because I‘m on a mobile device. I think it‘s worth mentioning that I still want to use the old wordpress site.

After it is up and running I have a question: what would be the easiest way to make a subdomain that points to a discourse forum?
Thank you very much in advance :)

Nginx, Docker, React, Express with websocket

October 14, 2018, 8:32 am

≫ Next: What are the rules around perl calls?

≪ Previous: Connection refused & Looking for advice on running two sites

$

0

0

I was developing an app which receives twitter feed in live format and everything worked fine untill i tested the production environment with docker.

The problem i have is that my client (react) does not want to connect to socket connection. (react code at the end)

This is my nginx.conf file

upstream client {
server client:3000;
}

upstream api {
server api:8080;
}

server{

listen 80;

location / {
proxy_pass http://client;
}

location /socket.io {
proxy_pass http://api;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}

location /api{
rewrite /api/(.*) /$1 break;
proxy_pass http://api;
}
}
and this my docker compose

version: "3"
services:
nginx:
restart: always
image: coco/nginx
build:
dockerfile: Dockerfile.dev
context: ./nginx
ports:
- "3050:80"
api:
image: coco/server
build:
dockerfile: Dockerfile.dev
context: ./server
volumes:
- /app/node_modules
- ./server:/app
client:
image: coco/client
build:
dockerfile: Dockerfile.dev
context: ./client
volumes:
- /app/node_modules
- ./client:/app
THE QUESTION

In my react container i have the entire code which is responsible for websocket communication but the key problem is to setup the websocket itself with this line of code const socket = socketIOClient("http://localhost:8080");, When it was on localhost it worked fine, and now when i start docker-compose, nginx maps everything to associated with back-end to port 3050. But now even if i write "http://api/" or localhost:3050, it doesnt want to connect directly, so im not sure what to do at this stage.

in my app.js file i have this

// configuring the port which is from config folder
let server = app.listen(config.port, function (err) {
if (err) throw err;
console.log("Server started on port " + config.port);
});

const io = require('socket.io').listen(server)

require('./routes/routes')(app, io)
In my react component i have a button, and when pressed it executes the following logic

const socket = socketIOClient("http://localhost:3050");
socket.on("connect", () => {
console.log("Socket Connected");
socket.on("tweets", data => {
console.log(data)
});
});
but it doesnt display anything nor it connects to anything

Pleas help

What are the rules around perl calls?

October 17, 2018, 5:13 pm

≫ Next: Basic reverse proxy setup (noobie)

≪ Previous: Nginx, Docker, React, Express with websocket

$

0

0

I'm playing with ngx_http_perl_module; for starters, just logging to error_log and setting headers:

location / {
set $target https://$host$request_uri;
perl ph::handler;
add_header X-debug-message "redirect target: $target" always;
return 302 $target;
}

However, if I have that return 302 in there, the perl module is ignored. Commenting it out makes it work. One of the things I may want the perl module to do is change $target or do something locally before issuing the redirect. The docs don't say when and when not the module is actually called... I'm pretty sure I can do the redirect inside perl, but it would be cleaner to do it this way...

Basic reverse proxy setup (noobie)

October 21, 2018, 7:30 am

≫ Next: Too many redirects

≪ Previous: What are the rules around perl calls?

$

0

0

Hi, I'm a NGIX noobie trying to setup basic reverse proxy server for the first time to harden my home security IP camera which doesn't support SSL natively. Camera is behind my pfSense firewall and DD-WRT router in it's own bridged subnet and I'm able to access it fine from outside and inside. I've installed NGIX successfully in my router, but I haven't managed to make it work.

I tried to follow the instructions found here:
https://security.stackexchange.com/questions/56779/securing-remotely-accessible-ip-cameras-that-do-not-support-https

My Nginx conf file is in the following path:
/opt/etc/nginx/nginx.conf

For testing purpose only I try to direct all HTTP traffic from 192.168.6.66:666 to 192.168.6.66:8080. I've set the router to start Nginx after reboot. Nginx is able to save all the configurations successfully after router reboot. I've also configured port forwarding on my router and my firewall, to ports mentioned above. I still can't access the camera from port 8080 (inside or outside). When I get the HTTP to work first, then I move on to HTTPS.

What am I doing wrong?
Find attached screenshot of Nginx configuration.
Are the configurations in wrong place? I wrote them in the beginning of configuration file.

Too many redirects

October 21, 2018, 9:08 am

≫ Next: Re: Basic reverse proxy setup (noobie)

≪ Previous: Basic reverse proxy setup (noobie)

$

0

0

Good day,

I have a problem with my site not loading due to 'too many redirects'. The issue is not browser or PC dependant. It seems to depend on the modem / connection used. On the same laptop it will either work in all browsers or work in no browser, depending on how it is connected to the internet. On some networks, the site will load fine, on others it will produce 'too many redirects' in all cases.

The nginx server redirects unknown subdomains and unencrypted connections to https (301).
When it fails, it will redirect https//www.mysite.com to itself indefinitely.

Does anyone know what could be causing this? Maybe some server header I am setting? Here is my configuration:

# redirect all http requests to https
server {
listen 80 ;
listen [::]:80 ;

#server_name _;

# ssl settings
include /etc/nginx/templates/ssl.tmpl;

if ($http_x_forwarded_proto = "http") {
return 301 https://$host$request_uri;
#return 301 https://$server_name$request_uri;
}
}


# redirect all unknown urls to https://www.mysite.com
server {
listen 80 default_server;
listen [::]:80 default_server;

listen 443 ssl default_server;
listen [::]:443 ssl default_server;

server_name _;
log_not_found off;

# ssl settings
include /etc/nginx/templates/ssl.tmpl;

return 301 https://www.mysite.com;
}

server {
listen 443 ssl;

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

set_real_ip_from ::ffff:127.0.0.1;
set_real_ip_from ::ffff:192.168.1.1;

real_ip_header X-Forwarded-For;
real_ip_recursive on;

root /var/www/www.mysite.com/;
server_name www.mysite.com;

# allow access from all domains
add_header Access-Control-Allow-Origin *;

index index.html index.htm;
client_max_body_size 3M;

# ssl settings
include /etc/nginx/templates/ssl.tmpl;
}

Re: Basic reverse proxy setup (noobie)

October 24, 2018, 1:52 pm

≫ Next: How to force mp4 downloads

≪ Previous: Too many redirects

$

0

0

It seems that these Nginx forum posts are unable to be edited afterwards. Strange... Nevertheless, here's some further clarification.

192.168.6.66 is my camera's current IP. It's behind my firewall and behind router in its own subnet.
My firewall faces Internet and my router is behind my firewall.
666 is the current TCP port I connect to when I want to use this camera from outside.
8080 is the TCP port I wish to use for Nginx reverse proxying. Meaning that I would like to connect to port 8080 from outside and Nginx should forward all the traffic from 8080 to 666.

I would like to first try it with HTTP only and move to HTTPS when HTTP works. Please keep in mind that Nginx is installed in my Linux DD-WRT router.

I am hesitating a bit with port forwarding. I have firstly opened TCP port 8080 from my firewall to forward all traffic coming from WAN IP and from port 8080 to my router. Then from my router I should obviously forward same TCP port to my Nginx (Nginx should be listening port 8080) in order for Nginx to be able to port forward from 8080 to my camera's port 666. Obviously Nginx should have its on IP, but how do I configure it? My router has DHCP on, but Nginx hasn't been shown up as an active client so obviously IP address needs to be configured manually.

Please bare with me, this is my first time configuring Nginx and installing it into router. I'd be happy to provide any further info.

BTW: I noticed a typo in my orginal script: Server token started with capital "S". It's now fixed and below is the corrected Nginx config as text. Config is currently for HTTP testing only:

server {
listen 8080;
location / {
proxy_pass http://192.168.6.66:666;
}
}
user nobody;
worker_processes 1;

#error_log /opt/var/log/nginx/error.log;
#error_log /opt/var/log/nginx/error.log notice;
#error_log /opt/var/log/nginx/error.log info;

#pid /opt/var/run/nginx.pid;


events {
worker_connections 64;
}


http {
include mime.types;
default_type application/octet-stream;

#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';

#access_log /opt/var/log/nginx/access.log main;

sendfile on;
#tcp_nopush on;

How to force mp4 downloads

October 25, 2018, 2:21 am

≫ Next: Re: ADFS 2016 / ADFS 4.0 behind Nginx

≪ Previous: Re: Basic reverse proxy setup (noobie)

$

0

0

Hello there!

Since switching to nginx/easyengine setup my mp4 files that are linked directly are no longer getting downloaded but instead opened up in the browser. How can I force nginx to download ALL (everything, because the server is used only for downloads) that is linked to ? (including mp4's)

I tried this but it didn't seem to work:
server {
location ~ \.mp4$ {
types { application/octet-stream .mp4; }
default_type application/octet-stream;
}
}

Any ideas?

---

Re: ADFS 2016 / ADFS 4.0 behind Nginx

October 28, 2018, 6:48 pm

≫ Next: directory index of "" is forbidden

≪ Previous: How to force mp4 downloads

$

0

0

an oldie but helpful for me
thanks

directory index of "" is forbidden

October 29, 2018, 10:54 am

≫ Next: Website loads css with direct IP address link, but the domain link doesn't. Digital Ocean : Nginx : Flask.

≪ Previous: Re: ADFS 2016 / ADFS 4.0 behind Nginx

$

0

0

Ubuntu 14.04
PHP Version => 5.5.9-1ubuntu4.26

I have hit a brick wall on this issue. Any insight is greatly greatly appreciated.

Error for NGINX logs

2018/10/29 17:46:09 [error] 3681#0: *14 directory index of "/usr/share/nginx/html/appointment-reminders-laravel/public/" is forbidden, client: 177.73.203.229, server: appointments.hudsonstreet.us, request: "GET / HTTP/1.1", host: "54.91.193.189:80"

Sites Available default file:

server {
listen 80;
listen [::]:80;
root /usr/share/nginx/html/appointment-reminders-laravel/public;
index index.php index.html index.htm;
server_name appointments.hudsonstreet.us;

location / {
try_files $uri /index.php?$query_string;
}


location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
include fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}

}

Website loads css with direct IP address link, but the domain link doesn't. Digital Ocean : Nginx : Flask.

October 30, 2018, 8:10 pm

≫ Next: Redirect js.map , css.map

≪ Previous: directory index of "" is forbidden

$

0

0

For some reason the css files and pictures (same folder) are loaded perfectly on the IP direct link, but then I run it through my domain name and doesn't load it. It simply just pulls an 404 error for some odd reason. Here is the visuals so you can understand it better.

Redirect js.map , css.map

November 1, 2018, 9:58 am

≫ Next: Htaccess Rewrite Problem

≪ Previous: Website loads css with direct IP address link, but the domain link doesn't. Digital Ocean : Nginx : Flask.

$

0

0

I am receiving multiple 404 errors for .map files which do not exist in my server logs. e.g.

/wp-includes/js/tinymce/skins/lightgray/skin.min.css.map
/wp-content/plugins/cornerstone/assets/dist/js/site/cs-head.js.map
/wp-content/plugins/cornerstone/assets/dist/js/site/cs-body.js.map

These files do not exist but I believe Chrome is asking for them when I am developing, hence the 404 errors in my logs.

How could I set up a redirect on Nginx so that files ending in css.map and js.map which do not exist, are redirected to a blank file called 404.map

In Apache I think this can be achieved as follows:

RewriteEngine On
Options +FollowSymlinks

# Prevent 404 Not Found for javascript/css source maps
RewriteCond %{REQUEST_URI} (\.map)$
RewriteRule (.*) 404.map [QSA]

Htaccess Rewrite Problem

November 3, 2018, 4:35 pm

≫ Next: Re: Htaccess Rewrite Problem

≪ Previous: Redirect js.map , css.map

$

0

0

I am using the Alti Watermark Plugin but my web server Nginx so i need to write the htaccess rules for nginx again but i couldn't.can you please help

the code I need to convert:

# BEGIN alti-watermark Plugin
<ifModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^(.*(-570x320|-768x([\d]+)|-([1-1][\d]{1,3}|[\d]{1,3})x1024|-1024x([1-1][\d]{1,3}|[\d]{1,3})|-555x650|-666x([\d]+)|-555x650|-666x([\d]+))\.jpg|.*(?<!-\dx\d)(?<!-\d\dx\d)(?<!-\dx\d\d)(?<!-\d\dx\d\d)(?<!-\d\d\dx\d\d)(?<!-\d\dx\d\d\d)(?<!-\d\d\dx\d\d\d)(?<!-\d\d\d\dx\d\d\d)(?<!-\d\d\d\dx\d\d)(?<!-\d\d\dx\d\d\d\d)(?<!-\d\d\d\dx\d\d\d\d)(?<!-\d\d\d\dx\d\d\d)(?<!-\d\d\d\dx\d\d)(?<!-\d\d\d\d\dx\d\d\d\d\d)\.jpg){1}((\?|\&)([^\.\?\ ]+))*$ ../plugins/alti-watermark/public/views/alti-watermark-public-bridge.php?imageRequested=$1 [PT]
</ifModule>
# [date=2018-11-03 08:59.31] [php=7.2.10] [width=570x320|768x0|1024x1024|555x650|666x0|555x650|666x0|fullsize] [plugin_name=alti-watermark] [version=alti-watermark]
# END alti-watermark Plugin


Thank You
Good Jobs