Quantcast
Channel: Nginx Forum - How to...
Viewing all 4759 articles
Browse latest View live

How to define nginx code for per Domain?

December 11, 2018, 12:13 am
$
0
0
my /etc/nginx/nginx.conf code is :

server {
.....
location / {
root /var/www/public_folder;
index index.php index.html index.htm;
}
.
.
.
}

------------------------------------------------------------------------------------------------------------------------------------
and my created Domain config file is:
nano /etc/nginx/sites-available/definedname.com

server {

listen 80 default;
listen 443 http2 default_server;
listen [::]:443 http2 default_server;

server_name definedname.com www.definedname.com;
root /var/www/public_folder/definedname.com/$host;

.....
}

------------------------------------------------------------------------------------------------------------------------------------



when I want to go to my first page, I see global configuration index.html text, who defined within the global configuration route in /etc/nginx/nginx.conf , this text show in my domain first page

What is my mistake exactly?
Search

NGINX as Reverse Proxy works for HTTPS but not with HTTP

December 11, 2018, 12:12 pm
$
0
0
Guys,

I am very new to nginx and trying to use it as a reverse proxy for my apache/php application that is behind internal load balancer with IP : 10.0.1.4
I am trying to redirect traffic that comes to my NGINX reverse proxy to the internal load balancer's IP.

When i use HTTPS configuration in proxy.conf , it works fine with self signed cert errors

but when I use non SSL version of proxy.conf and try to hit nginx reverse proxy on port 80, it does not work.

following are the contents of my file. Please help me if you can. i spent a lot of time before posting the issue here. i could not get it working.

My environment : Red Hat Enterprise Linux Server release 7.6 (Maipo) on Azure
nginx version: nginx/1.15.5
Nginx.Service : Active and Running

-------------------------------------------------------------------------------------------
NGINX.CONF
-------------------------------------------------------------------------------------------

[root@webserver1 nginx]# vim nginx.conf
user nginx;
worker_processes 1;

error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;


events {
worker_connections 1024;
}


http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;
#tcp_nopush on;

keepalive_timeout 65;

#gzip on;

include /etc/nginx/conf.d/*.conf;

-----------------------------------------------------------------------------
WORKING HTTPS PROXY.CONF -- THIS WORKS
-----------------------------------------------------------------------------
:[root@webserver1 nginx]# cd conf.d/
[root@webserver1 conf.d]# vim proxy.conf

server {
listen webserver1:443;


ssl on;
ssl_certificate /etc/nginx/ssl/proxy.pem;
ssl_certificate_key /etc/nginx/ssl/proxy.key;

ssl_session_cache shared:SSL:1m;
ssl_session_timeout 2m;

location / {
proxy_pass http://10.0.1.4:80;
proxy_set_header Host $host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}

----------------------------------------------------------------------------------------------------------
NOT WORKING PROXY.CONF for HTTP access ONLY
-------------------------------------------------------------------------------------------
server {
listen 80 default_server;
location / {
proxy_pass http://10.0.1.4:80;
}
}

---------------------------------------------------------------------

When it works i am hitting the URL : https://webserver1 or https://10.0.1.5

I am trying to get URL : http://webserver1 or http://10.0.1.5 to work.

Any help is appreciated .

Thanks

Re: getting 304 status instead of needed 200

December 12, 2018, 11:07 am

Possible to keepalive connections per hostname consideration?

December 12, 2018, 9:35 pm
$
0
0
Hey folks,

Im running NGINX -> LB(F5) -> HA Proxy nodes fronting a private cloud platform(OpenShift),

We have found what happens with nginx keepalive to the LB then to the HA Proxy nodes that traffic meant for one "pod" on the cloud platform gets routed to another application pod by chance during active traffic meant for both because we have different proxy routes that all go to the same LB(ip:port) when NGINX reverse proxies and stores that active connection for reuse.

So with this directive in mind:
http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive

Is there any way at all to enforce nginx to make a new keepalive connection on a per hostname basis as opposed to just IP:PORT(even if the different hostnames share the same IP:PORT), so essentially the underlying keepalive cache not only tracks IP:PORT but a 3rd element of hostname to consider too? Could this potentially be done with openresty and the lua nginx module without modifying NGINX directly?

It may seem weird but its true, as soon as we disabled keepalive we found NGINX able to send traffic to our private cloud without different cloud service traffic getting routed to the wrong application pod.

I think this issue stems from the HA proxies doing client+server side keepalive to pods but I cannot ask the cloud team to change so its up to NGINX to fix the situation.

Thanks to anyone out there who knows in advance!,
Jeremy

how can restrict access to a site

December 16, 2018, 2:24 am
$
0
0
hi all,
I install nginx to have authentication page in order to accessing a site (KIBANA console). for this purpose, i write following in /etc/nginx/conf.d/default.conf file


server {
listen *:80;
server_name _;
location / {
proxy_pass http://192.168.170.149:5601;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
}

}


according this, when i using (localhost:80) it redirects to (192.168.170.149:5601) with an authentication page. but, when i directly enter 192.168.170.149:5601, it still can be accessible. is there any way which when i enter 192.168.170.149:5601, it redirects to authentication page?
thanks

redirect a suffix without move the old links

December 17, 2018, 6:21 am
$
0
0
Hello, i need to do a redirect like this:

domain.com/example > domain.com/example2

but the old links, example:

domain.com/example/this-is-a-redirect-example

do not be moved to the example2, is this possible?

i tried the following sitntax:

rewrite ^/example/ https://domain.com/example2/ perment;

Any help will be apreciated!
Very thanks in advance!

ps. i try google this a lot, but i think i cant express the right words to find a properly anwser.

Set an Nginx Bitrate Limit

December 17, 2018, 6:46 am
$
0
0
I run video site, in my Nginx conf i put this code to limit the bandwidth usage:

mp4;
limit_rate 150k;
limit_rate_after 4m;
I would like to setup a dynamic bitrate. For example i could set the dynamic bitrate to 1.2x video file bitrate.

It would provides ability to limit download speed depending on video file bitrate. I would specify a bitrate multiplier ( for example 1.2 )

Or if that's not possible limit rate to 1k after video bitrate for example.

Thanks for your help.

nginx bitrate

How to make to support 0-rtt in nginx web server

December 19, 2018, 6:06 am
$
0
0
Hi,
I am testing TLS 1.3 0-rtt in my nginx web server. My nginx is compiled with Boringssl. My browser is firefox nightly.

I first access my web server and after about 10 minutes, I again access my server.
And I looked at wireshark log. It shows client hello packet does not contain application data which means early-data 0rtt is not sent. It processes through regular procedures.
I have enabled firefox 0-rtt. I think it should be because of nginx configuration. Please help with my problem.
Search

NGINX - OpenResty - How to reverse proxy a call to 2 different servers based based on a string?

December 20, 2018, 9:18 pm
$
0
0
I'm trying to configure NGINX/OpenResty to proxy SOAP calls to 2 different servers based on a string present on the SOAP request.

What I'm able to do:
I am able to proxy requests to 2 different servers based on the path the SOAP client is calling:
location /pathA {
proxy_pass http://www.ServerA.com/PathA/;
}
location /pathB {
proxy_pass http://www.ServerB.com/PathB/;
}

What I can't do:
I can't separate the traffic based on the content of the request. The main reason I believe is that I can't correctly assemble the LUA script to extract the information and later use it to proxy the request.

location / {
conten_by_lua '
ngx.req.read_body()
local match = ngx.re.match(ngx.var.request_body,"STRING TO FIND")
if match then
proxy_pass http://www.ServerA.com/PathA/;
else
proxy_pass http://www.ServerB.com/PathB/;

how can I achieve this?

I installed OpenResty and LUA is working fine.

I think I read somewhere that if the request is not an HTTP POST "ngx.req.read_body()" would not work. Is that correct?

Thank you for your help.

Weighted load balancing Nginx

January 1, 2019, 6:40 am
$
0
0
Its my first time working with Nginx, and i started doing some balancing.

I have the next shema:

Nodejs app1 running (IP:5050).
Nodejs app2 running (IP:6060).

And i have this load balancing config:

upstream backend {
#least_conn;
#ip_hash;
server 172.29.24.1:5050 weight=3;
server 172.29.24.1:6060 weight=5;
}

I need to get this:

Make 1 of every 3 times load the first application and 2 of every 3 for the second application

Advanced HTTP Basic Auth query with determine IP address

January 1, 2019, 12:01 pm
$
0
0
Hello forum user, I have a page that can only be reached via IP address. Now I want to make this page open from the outside. But then an Auth _ Basic query is to come up.


I entered the following line in the domain configuration.

location / {
if ($remote_addr != XXX.XXX.XXX.XX)
{
try_files $uri $uri/ =404;
auth_basic "Externe Zugriffskontrolle";
auth_basic_user_file /.../...../........../........../.htpasswd;
}
}


Unfortunately, I keep getting the error message: "nginx: [emerg] " try _ files "directive is not allowed here in ... " Without a query it works. But then the query is always there. Can anyone help me?

Thanks in advance ...

How to make nginx to be able to send early data with post request.

January 1, 2019, 7:22 pm
$
0
0
I cannot send early data in post request in my local nginx web server. I am using TLS 1.3. I know that it is not secure to do that. But I only want to test it. Is it related with nginx version. If so, what can I do for that? Please advise me how to send early data with post method.

Check Header on outbound

January 3, 2019, 8:23 am
$
0
0
Hello.

I'm attempting to do a header verification within NGINX and I can't seem to find a good place to start.

I'm running NGINX 1.14.0 on Ubuntu 18.04 with default settings. My flow begins from inside our private network:

MyApp -> Proxy(Check Header) -> Outside Service.

In the case that the header doesn't match the definition, it should kick back a 403 to 'MyApp'.

I feel like I'm over-complicating this. Can someone point me in the right direction on where to start?

Thanks..

Best,

Jason M.

Newbie question

January 9, 2019, 12:11 pm
$
0
0
I am new to nginx, so sorry for stupid question ...

I configured some apps behind it, like for example added a block to /etc/nginx/sites-enabled/default:

## Emby ##
location /emby {
rewrite /emby/(.*) /$1 break;
proxy_pass http://127.0.0.1:8096;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#auth_basic "Restricted";
#auth_basic_user_file "/etc/nginx/.htpasswd";
}

So now I can I open it as <domain>/emby

Can I customize it to be emby. <domain> or other name?

Thx

Nginx rewrite not work

January 10, 2019, 12:51 am
$
0
0
nginx rewite does not work. Now I use it for the first time, so I haven't got a lot of it yet. I have such a link: myhost.ddns.net/newproj/index.php?oldal=menu1 I want to convert this. I tried it in several ways, but it doesn't work.
location /newproj/ {rewrite ^/index/(.*)$ /index.php?oldal=$1 last; }
what's the problem?
(Sorry for my english)
Search

Reverse Proxy: Redirected HTTP Sites Throwing Mixed Content Error

January 11, 2019, 11:00 am
$
0
0
Hey Guys -

I have used Nginx for Windows for a while now in my home lab which I use for various purposes including hosting an internal website (uses Organizr v2) and reverse proxy. It listens on 80 & 443 but forwards all requests to 80 to 443 as I also have installed a 3rd party signed SSL vert for my home domain.

This worked well until a recent migration of my Nginx installation to a new system. Now when I visit my homepage, I can view the content loaded from the actual root of the site, but not anything reverse-proxy pulls from an HTTP source. The only way I can view it is to click the small shield icon to the right of Chrome's address bar and choose to "Load unsafe scripts." Although able to view it afterwards, the URL changes to "Not Secure." I didn't have this issue with my old install and for the most part, nginx.conf is the same even though there are minor differences with the version of Nginx & PHP.

Below are details of my environment, a few notes, and finally the beginning of my nginx.conf (assuming that's where the issue will be resolved.) Any assistance would be appreciated...

Environment
- Windows 10 x64 1809
- Nginx 1.15.8 (for Windows)
- PHP 7.3.0-nts-Win32-VC15-x64

Notes
- I compared the old and new conf files side by side using NotePad++ but didn't see anything notable which was different. I would have copied the exact old conf and use it, but was having issues with hosting being really slow on that old system recently which I know wasn't related to resources
- Following the "/files" location shown at the end of the snippet below, there are approximately 15 additional locations - each with fairly similar formatting and are the only parts of the conf file I left out to keep it clean. The only other change was changing the name of the domain
- I only apply PHP config to root instead of entire site as there is another app referenced by reverse proxy which has it's own different PHP installation. Prior to applying it only to the root, I was unable to use that app via RP
- Other than the issue described, the service starts & everything works well
- Windows Firewall is disabled (all 3) and there are no other firewalls on my PC
- Issue exists on multiple PCs & multiple browsers

nginx.conf Snippet
worker_processes 1;
events {
worker_connections 1024;
}

http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;

#Redirect requests for port 80 to 443
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name mydomain.com;
return 301 https://$host$request_uri;
}

# Configures Logging Options
log_format main 'site="$server_name" server="$host” dest_port="$server_port" dest_ip="$server_addr" '
'src="$remote_addr" src_ip="$realip_remote_addr" user="$remote_user" '
'time_local="$time_local" protocol="$server_protocol" status="$status" '
'bytes_out="$body_bytes_sent" bytes_in="$upstream_response_length" '
'http_referer="$http_referer" http_user_agent="$http_user_agent" '
'nginx_version="$nginx_version" http_x_forwarded_for="$http_x_forwarded_for" '
'http_x_header="$http_x_header" uri_query="$query_string" uri_path="$uri" '
'http_method="$request_method" response_time="$upstream_response_time" '
'cookie="$http_cookie" request_time="$request_time" ';
access_log logs/access.log;
error_log logs/error.log;

# Configures NGINX to listen on 443 with SSL
server {
listen 443 ssl;
server_name mydomain.com;
send_timeout 100m;
ssl_certificate c:/nginx/ssl/mydomaincombined.crt;
ssl_certificate_key c:/nginx/ssl/mydomain.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:AES128-SHA;
ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security max-age=31536000;
resolver 8.8.4.4 8.8.8.8 valid=300s;
resolver_timeout 10s;
ssl_stapling off;
ssl_stapling_verify off;

#PHP Config in Root Only
location / {
root html;
index index.php index.html index.htm;
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}

# Defines location of robots.txt
location /robots.txt {
alias C:/nginx/global/robots.txt;
}
gzip on;
gzip_vary on;
gzip_min_length 1000;
gzip_proxied any;
gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
gzip_disable "MSIE [1-6]\.";
client_max_body_size 100M;

# The below section configures reverse proxy for locally hosted services
#CrushFTP Configuration
location /files {
proxy_pass http://192.168.0.35:4333/files;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_buffering off;
}
...
...
...

Any suggestions? Happy to post more details if needed. Thanks!

Re: Reverse Proxy: Redirected HTTP Sites Throwing Mixed Content Error

January 11, 2019, 12:23 pm
$
0
0
IP address changed in your proxy_pass ?

Nginx doesn't detect the OpenVPN client private IP

January 11, 2019, 2:20 pm
$
0
0
Hello,

I guess I should try to post this issue on the Nginx forum first.

Simply put, in our case, one VPN client (an offsite laptop) would like to visit a web app (e.g., https://sub.example.com) that is only open to the IPs from the intranet IP range. We set this up by using the "allow/deny" directives.

However, the Nginx front-end node (provides reverse proxy) fails to detect the VPN private IP from the OpenVPN client. So the OpenClient got an error of "430 Fordidden". When the lap sits on the intranet, it can connect to the web app successfully, without OpenVPN obviously.


Here is some basic information:
1. we have a public IP
2. general traffic path: Internet ---> Router (DD-WRT v24 sp1) ---> Front-end Node (Nginx Reverse Proxy) ----> upstream web server (with the web apps as virtual hsots)
3. DD-WRT (v24 sp1) define the intranet size: 10.12.0.1/16
3. The dnsmasq service on the DD-WRT serves as the local DNS server (IP: 10.12.0.1, obviously)
4. The OpenVPN service on the DD-WRT serves as the OpenVPN server. Bridge mode is used. The OpenVPN server is configured to assign a private VPN IP to each OpenVPN client from the pool of 10.12.8.1 --10.12.8.100)
5. Behind the router sits a front-end node that uses Nginx for reverse proxy.

Everything seems work just fine from the OpenVPN side. For example, when connected from an offsite public Wi-Fi at Starbucks to the intranet via OpenVPN,

===========
1. the OpenVPN client can connect to the OpenVPn server on the router successfully. The private VPN IP assigned as expected, for example, 10.12.8.2

2. the OpenVPN client can use the local DNS server (10.12.0.1) on the DD-WRT router to resolve all the server hostnames on the intranet. Direct visit by the local intranet IP addresses works just fine.

3. computers on the Intranet physically can connect to the subdomain (https://sub.exmaple.com) successfully. This subdomain has the following access restriction on its reverse proxy confguration on the front-end node


allow 10.12.0.0/16;
deny all;

When an offsite computer connects to the intranet through OpenVPn from a public Wi-Fi, an error of "403 Forbidden" showed up on the web browser for https://sub.example.com.

The log on the front-end node show

2019/01/11 15:27:45 [error] 17942#17942: *2513 access forbidden by rule, client: 172.58.232.64, server: sub.example.com, request: "GET / HTTP/1.1", host: "sub.example.com"

where 17.58.232.64 is the IP assigned to the offsite laptop by the public Wi-Fi when the laptop connected to it.


Our request is to how to help Nginx to detected the VPN private IP of 10.12.8.2. assigned by the OpenVPN server, so that the access restriction on the Nginx front-end for this subdomain of https://sub.example.com can work.

If something is missed, please let me know and we can provide extra information.


Can someone here help?

Thanks.

Nginx version: 1.10.3
OpenVPN Server 2.3.2

Re: Reverse Proxy: Redirected HTTP Sites Throwing Mixed Content Error

January 11, 2019, 8:06 pm
$
0
0
Thanks for the reply, but no - all of the locations are correct. This only occurs on locations which direct to an http address. I have a couple that direct to an HTTP one (same SSL cert too) which work fine. For the HTTP ones, once I click the shield icon in Chrome's address bar then select "Load unsafe scripts"; everything including the HTTP locations work except that the site is shown as "Not Secure."

Any other suggestions? Thanks

Re: Reverse Proxy: Redirected HTTP Sites Throwing Mixed Content Error

January 12, 2019, 12:13 am
$
0
0
Allow the not secure connection and see where it wants to connect to, this should be an address known to you. Also check the logfiles to see what nginx thinks is happening.
Viewing all 4759 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>