Quantcast
Channel: Nginx Forum - How to...
Viewing all 4759 articles
Browse latest View live

Re: Reverse Proxy: Redirected HTTP Sites Throwing Mixed Content Error

January 12, 2019, 8:41 am
$
0
0
Thanks for the reply...

I just realized that reverse proxy doesnt have anything to do with it - sorry. Here's hopefully a better explaination.

The root of my website is Organizr v2. It allows you to put shortcuts to other websites on the side then when clicking on one, typically opens it using iframe to show the selected page in the main windows while keeping the Organizr shortcuts on the side. My shortcuts are all local pages which are linked using an HTTP source. When visiting my homepage, everything loads fine as its all Organizr and HTTPS as no content comes from HTTP address.

The issue is when I select one of the shortcuts with HTTP source, nothing appears in the main iframe pane. This is when the shield icon appears in the address bar. Clicking it mentions mixed content with an option to "Load unsafe scripts.". Clicking this allows the selected shortcut to properly display in the main iframe of the page.

Example
- Source URL: http://192.168.0.35:9000/portainer
- Homepage: https://mydomain.com

If browsing to my homepage above, there's a link to show Portainer via its source URL in the main iframe pane. Clicking it results in the issue above. Selecting option to "Load unsafe scripts" displays the page in the iframe properly.

Hope that explains it better. Thanks!
Search

Re: Reverse Proxy: Redirected HTTP Sites Throwing Mixed Content Error

January 12, 2019, 10:19 am
$
0
0
Due to the unsafe message it sounds like a DNS issue, or some other setting that believes the link is safe which now is no longer the case, if it works despite the unsafe message its not a nginx issue.

Where is the location of "if" statement?

January 13, 2019, 2:03 am
$
0
0
Hello.
I want to add below "if" statement:

if ($request_method !~ ^(GET|HEAD|POST)$ )
{
return 405;
}

But where is the location of it? Under "http"?

Thank you.

Constant 10053 Error in Log

January 13, 2019, 5:30 pm
$
0
0
Hey Guys -

I recently moved my hosting to a new and up to date (1.15.8) version of NGINX (for Windows) with PHP 7.3.0 on a new system running Windows Server 2016. I mostly use the installation to host an internal page (Organizrv2), reverse proxy of internal sites, and to apply SSL using a 3rd party signed cert.

When performance seemed slower than before, I started looking through NGINX's error.log and found 3 different issues. I wanted to post details about them in hopes someone could help me find a solution. Below are the errors followed by a snippet from my nginx.conf...

This error was listed every 1-3 seconds when it seemed someone was actively browsing. To note, 192.168.0.35 is the IP NGINX is hosted upon:
2019/01/13 17:38:10 [crit] 6288#3576: *129415 SSL_write() failed (SSL:) (10053: An established connection was aborted by the software in your host machine) while sending to client, client: 192.168.0.35, server: mydomain.com, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "mydomain.com"

This error appears a good amount too, but not nearly as often as the above one:
2019/01/13 17:21:57 [error] 6288#3576: *127342 WSARecv() failed (10054: An existing connection was forcibly closed by the remote host) while reading response header from upstream, client: 192.168.0.35, server: mydomain, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "mydomain.com"

Finally, I had a couple of "10060: A connection attempt failed because the connected party did not properly respond after a period of time" entries, but understand this as the site it references can be slow to respond.

nginx.conf Snippet
Below is the first part of my nginx.conf. The last part I left out as it only defines RP locations, is repetitive, and I didn't think was needed:

worker_processes 1;
events {
worker_connections 1024;
}

http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;

#Redirect requests from 80 to 443
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name mydomain.com;
return 301 https://$host$request_uri;
}

# Configures Logging Options
log_format main 'site="$server_name" server="$host” dest_port="$server_port" dest_ip="$server_addr" '
'src="$remote_addr" src_ip="$realip_remote_addr" user="$remote_user" '
'time_local="$time_local" protocol="$server_protocol" status="$status" '
'bytes_out="$body_bytes_sent" bytes_in="$upstream_response_length" '
'http_referer="$http_referer" http_user_agent="$http_user_agent" '
'nginx_version="$nginx_version" http_x_forwarded_for="$http_x_forwarded_for" '
'http_x_header="$http_x_header" uri_query="$query_string" uri_path="$uri" '
'http_method="$request_method" response_time="$upstream_response_time" '
'cookie="$http_cookie" request_time="$request_time" ';
access_log logs/access.log;
error_log logs/error.log;

# Configures NGINX to listen on 443 for SSL
server {
listen 443 ssl;
server_name mydomain.com;
send_timeout 100m;
ssl_certificate c:/nginx/ssl/mydomaincombined.crt;
ssl_certificate_key c:/nginx/ssl/mydomain.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:AES128-SHA;
ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security max-age=31536000;
resolver 8.8.4.4 8.8.8.8 valid=300s;
resolver_timeout 10s;
ssl_stapling off;
ssl_stapling_verify off;
location / {
root html;
index index.php index.html index.htm;
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
# Defines location of robots.txt
location /robots.txt {
alias C:/nginx/global/robots.txt;
}
gzip on;
gzip_vary on;
gzip_min_length 1000;
gzip_proxied any;
gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
gzip_disable "MSIE [1-6]\.";
client_max_body_size 100M;

# The below section configures reverse proxy for locally hosted services
# CrushFTP HTTP Configuration
location /crush {
proxy_pass http://192.168.0.25:8686/crush;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_buffering off;
client_max_body_size 10000M;
proxy_request_buffering off;
}
... and so on...

php.ini
My php.ini is all defaults except for the below uncommented lines (if needed):
extension_dir = "ext"
extension=php_openssl.dll
extension=php_pdo_sqlite.dll
extension=php_curl.dll
extension=php_sqlite3.dll
sqlite3.extension_dir = ext

Any suggestions? Thanks!!

How to open the site without using port.

January 14, 2019, 4:18 am
$
0
0
Hello guys,

I'm new to nginx and still trying to figure out how the things happens.
From more than a week I'm reading articles, watching videos and still can't fix my problem.
I'll be glad if someone help me a little.

My confing is windows server 2012, MYSQL, NGINX, PHP and phpMyAdmin.

This is my nginx conf file:

listen 8080;
server_name 192.168.200.95;

location / {
root html;
index index.html index.htm index.php /_h5ai/server/php/index.php;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}

location ~ .php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}

}

# phpmyadmin on port 81
server {
listen 81;
server_name localhost;
root phpmyadmin;
index index.php /_h5ai/server/php/index.php;
if (!-e $request_filename) {
rewrite ^/(.+)$ /index.php?url=$1 last;
break;
}
location ~ .php$ {
#root phpmyadmin;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
# phpmyadmin end

When I enter "192.168.200.95:8080/site" in my browser everything works fine, but I want to reach my site without using the port. I have tried using proxy_pass , but without success.

Thank you in advance!

Reverse Proxy to multiple servers one subdomain

January 14, 2019, 1:25 pm
$
0
0
I'm a total newbie to nginx, but I managed to get it up and running on a Raspberry Pi, with SSL from certbot / Let's Encrypt, and was able to point it back to a web app running on a Linux server without issue. What I'm trying to do is the following and would appreciate any help that could be provided.

I have one sub-domain pointing to my home IP address, home.domain.com

I have a few Linux boxes running various web apps that I'd like to be able to point to as follows:

home.domain.com/server1/app1
home.domain.com/server2/app2
home.domain.com/server1/app1
home.domain.com/server2/app2

And so on. I've tried digging around and playing around with some things on my own, but haven't been able to get it working. Any help would be greatly appreciated, thanks in advance!

How to use Nginx to rout traffic to a squid forwarding proxy

January 16, 2019, 1:30 pm
$
0
0
Hi,

We are running squid with a custom authentication application. Is it possible to have nginx pass a proxy tunnel to a squid forward proxy?
I've seen the https://github.com/chobits/ngx_http_proxy_connect_module , but that looks like trying to have nginx manage the proxy tunnel directly.
Any help would be appreciated. Thanks

curl -> nginx -> squid

weird 403

January 17, 2019, 3:07 am
$
0
0
hello,
I have a wamp net setup with nginx and laravel, dev environment. Until yesterday everything was working fine. Then I had to do git pull as my colleague did push some new features, after that basic installation of laravel is still working fine, but when I request a particular url as:

http://mysite/games/mygame

nginx throws a 403, treating that as folder, when it should not. I did not change nginx conf from yesterday, so I really dont understand, until yesterday that url was working just fine.

This is my conf:

server
{
listen 127.0.0.1:80;
error_log C:\wamp.net-1.1.1\bin\1-nginx_1.13.1_x86\logs\error.log emerg;
server_name "setonline.test";
root "C:/wamp.net-1.1.1/sites/setonline/public/";
location /
{
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$
{
fastcgi_pass 127.0.0.1:728;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}

server
{
listen 127.0.0.1:443 ssl;
server_name "setonline.test";
root "C:/wamp.net-1.1.1/sites/setonline/public/";
ssl_certificate "C:/wamp.net-1.1.1/bin/1-nginx_1.13.1_x86/conf/vhosts/setonline.test.crt";
ssl_certificate_key "C:/wamp.net-1.1.1/bin/1-nginx_1.13.1_x86/conf/vhosts/setonline.test.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location /
{
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$
{
fastcgi_pass 127.0.0.1:728;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}

any suggestion?
thanks a lot
Search

Multiple listen() call in Nginx server

January 18, 2019, 7:59 am
$
0
0
Hi,

While running Nginx server, even if I enabled only one port (443), listen() API is calling two times. Why it is so? Only one listen() call is required ?

Thanks in advance

Does Nginx automatically cache subfolders ?

January 20, 2019, 12:49 am
$
0
0
Hello

I use Nginx as an http cache in front of my Cloudera manager server and basically it works well.
However, one thing is not clear to me. When I specify a location to cache (which is actually a path), does it also automatically cache all subfolders ?
For example, if I specify /api/v16/clusters will it also cache /api/v16/clusters/cluster1/services ?

Because I think I see many misses in the access log for subfolders of paths I explicitly cache.

Thank you

Guy

Problem with try_files

January 20, 2019, 9:43 am
$
0
0
Please tell me how you can specify the path to the necessary file in try_files in nginx for wp-rocket to output static files in wordpress.
The latest version of wp-rocket forms the next path to the static file -
wp-content/cache/wp-rocket/site.com/sterilisation-kitten/q=%2fsterilisation-kitten%2f/index.html

the wp-rocket manual contains the following code for nginx:

location / {
try_files /wp-content/cache/wp-rocket/$http_host/$cache_uri/index.html $uri/ /index.php?$args;
}

but nginx doesn't see it because there's another folder "q=%2fsterilisation-kitten%2f"

If I do that:
location / {"pos(192,210)}and the location / {{"pos(192,210)}.
try_files /wp-content/cache/wp-rocket/$http_host/$cache_uri/q=%2f$cache_uri%2f/index.html $uri/ /index.php?$args;
}

doesn't work :(

Please tell me how to do it correctly. Or just how to use a regular expression like to take any folder ".*"
Thank you.

Re: Problem with try_files

January 20, 2019, 4:07 pm
$
0
0
the problem is that the $cache_uri variable contains / instead of %2f. How to remove / from the variable? or how to make sure that nginx does not convert / to %2f when saving?

Re: Multiple listen() call in Nginx server

January 20, 2019, 8:25 pm

Re: Multiple listen() call in Nginx server

January 20, 2019, 8:41 pm
$
0
0
Hi,

I would like to add some more points for the clarification of my doubt.

I am using nginx 1.11.10.
Openssl 1.1.0h

After creating socket, binding it to the port and listening, in the function "ngx_open_listening_sockets(cycle)", the listen() function is again calling in the function "ngx_configure_listening_sockets(cycle)". What is the need of the second listen() function call ?

Thanks in advance

With regards,
Ashique CK

Dynamic Ip Whitelisting using redis or a database

January 21, 2019, 1:50 am
$
0
0
hello everyone,

i am looking for a solution to dynamically ip whitelist client that we have .
i have seen the solution that NGINX provide with the key-val store but for now we don't have money to spare on it, i am looking for an alternative.
is there a a way to implement a whitelisting solution using redis or any other database system ?

Thanks for you help
Eitan
Search

Re: NGINX as Reverse Proxy works for HTTPS but not with HTTP

January 21, 2019, 2:02 am
$
0
0
i think that the use of
`ssl on`
directive is deprecated on your version of NGINX

listen 443 ssl;

is what i use on my NGINX and it works fine

Upstream url not showing.

January 21, 2019, 7:13 am
$
0
0
Hi Team,

I am new to Nginx. My configuration below with LB and ssl.

When I am hitting url, it is redirecting properly without a port. I want url with a port. Below is my configuration.

Could anyone help and do the needful.


http {
include mime.types;
default_type application/octet-stream;

sendfile on;
#tcp_nopush on;

#keepalive_timeout 0;
keepalive_timeout 65;

#gzip on;
upstream testserver{
ip_hash;
server 10.21.36.232:8081;
server 10.21.36.232:8082;
}

server {
listen 80;
listen 443 ssl;
ssl_certificate /usr/local/nginx/ssl/localhost.crt;
ssl_certificate_key /usr/local/nginx/ssl/localhost.key;
#server_name localhost;
server_name testserver;
if ($scheme != "https") {
return 301 https://$server_name/Test$request_uri;
}
}
server {
server_name testserver;
#charset koi8-r;
#access_log logs/host.access.log main;

# location / {
location / {
#root html;
#index index.html index.htm;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_pass https://testserver/Test/;
}

#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}


}

nginx community supports 2 load balancers?

January 22, 2019, 9:05 pm
$
0
0
Hi, does Nginx Community version support working of 2 load balancers? I found examples with 1 load balancer, but i want to use 2 load balancers.

How to enable gzip on ssi

January 22, 2019, 9:20 pm
$
0
0
Hello!

I need help in setting up gzip compression for server side included files.

I have enabled gzip compression in nginx.conf

This is the configuration that I have used
gzip on;
gzip_vary on;
gzip_disable "msie6";
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

I also have ssi on at the server block level.

When I check the response headers for SSI files, it does not show content-encoding header. However, when I check the response header for a .css file served from the same server, I get the content-encoding header.

Therefore, I get a "enable text compression" suggestion in Chrome lighthouse for the SSI files.

I have pasted the response headers

1. For the SSI file

alt-svc: clear
cache-control: no-cache
content-type: text/html
date: Wed, 23 Jan 2019 05:03:31 GMT
server: nginx/1.14.0 (Ubuntu)
status: 200
vary: Accept-Encoding
via: 1.1 google

2. For the CSS file

age: 386917
alt-svc: clear
cache-control: max-age=31536000,public, no-transform
content-encoding: gzip
content-length: 30438
content-type: text/css
date: Fri, 18 Jan 2019 16:30:06 GMT
expires: Sat, 18 Jan 2020 16:30:06 GMT
server: nginx/1.14.0 (Ubuntu)
status: 200
vary: Accept-Encoding
via: 1.1 google

Could you please help me solve this?

Thanks for your time.

Custom log format user_agent

January 23, 2019, 1:16 pm
$
0
0
Hi there.

i try to setup a server with a "stream" segment in the configuration.That works as expected. I defined some basic logfile format for acces.log. It looks like the following now:

stream {
log_format basic '$remote_addr [$time_local] $protocol $status $bytes_sent bytes send - $bytes_received bytes received - $session_time session time - $upstream_addr';
}

I wonder if there is some way to identify clients. Is there some equivalent for $http_user_agent or some similar thing? And what i also miss there is a $request variable. Both variables seems not existing in stream context. The only reason i want to identify the client is, that i would only allow access for some clients and denie access for others.
Viewing all 4759 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>