Quantcast
Channel: Nginx Forum - How to...
Viewing all 4759 articles
Browse latest View live

deny directive on specific proxy_pass implementation

March 2, 2019, 11:29 am
$
0
0
Hi,

I have two nginx servers:

First one is configured as upstream to the second one.

Second one is configured as proxy_pass with few virtual hosts.

All traffic incoming into 2'nd comes with 1'st public IP.

So in 2'nd directive deny in location of course don't work at all.

Do you have any idea how to get around this problem?
Search

Nginx Security Guide

March 5, 2019, 1:24 am
$
0
0
Hi to all, I am new to Nginx and I have been tasked to change the security settings of my company's website.

My current ngix.conf file (It is running on Centos 7) is as shown in the attached document. And I would like to change the security settings as per recommended within https://cipherli.st/

My question is:
1. If I were to change the settings, do I need to make any changes to the .crt and .key file? If yes, what do I need to do?
2. After updating, do I need to restart all services?
3. Any other stuff that I should look out for or do?

Any help will be much appreciated!

kubernetes nginx-ingress-controller tls termination for tcp connections

March 6, 2019, 8:33 am
$
0
0
Hi,
I've a TCP server running in a POD and I want to terminate TLS on the nginx-ingress-controller and have not-encrypted messages from the nginx-ingress-controller to my service and then to my POD. I've the stream module enabled but it's unclear how to configure nginx-ingress-controller to terminate the traffic. Is there any example I can use for the scope? I mean how the Ingress should be defined.
Thanks in advance
regards
alfonso

Nginx as DTLS termination proxy?

March 7, 2019, 12:02 am
$
0
0
Does Nginx or Nginx Plus can be used as DTLS termination proxy? I tried to do simple proxy something like this

stream {
server {
listen 20001 udp;
proxy_pass 172.17.0.1:20000;
}

server {
listen 1884;
proxy_pass 172.17.0.1:1883;
}
}

It works for TCP but it breaks connection/packets for UDP. I tried on a very simple python proxy and forwarding UDP packets works but with Nginx not. I want to achive something like this: MQTT-SN client -> (DTLS encryption) -> (DTLS termination proxy) -> MQTT-SN Gateway is it possible with Nginx?

How to add nginx on already existing apache 2.2 SSL, centos

March 8, 2019, 4:19 am
$
0
0
Hey guys.

I want to include nginx over apache, but my apache is already using certbot SSL certificate and listens to port 443, how to include nginx in it?

Things I'm running currently if needed

CentOS 6
PHP 7.2
Apache 2.2
MariaDB 10.3
Webmin

Redirect user base on Referer

March 9, 2019, 10:14 am
$
0
0
Hi guys,
Currently I'm having a problem.

I have 2 domains: example1.com, example2.com

In domain example1.com I have an HTML file with a small javasscript code: location.replace(location.href.split("#")[0]); (this means page will be reload when user access the page)

In my Nginx config file, at location / , I check if there's Referer field in request header ($http_referer) with value contain Example1.com, I will redirect them to example2.com
using write: rewrite ^ http://example2.com permanent; else I just keep serving the HTML in Example1.com

But the problem is, when I up the server, access example1.com, the page keep refreshing many many times until then browser is stop.

When I try change replace the Javascript code to: <a href="/">Redirect Link</a> (this means when user click, the page at example1.com will be refresh)

In this case everything is fine, after click the link user is redirected to example2.com, it means the referer has value match my condition set above.

I tried same thing with Cookie, but got same problem

What I'm wondering is, it seems like at the time user enter page, Nginx server see nothing in header and then keep serving the HTML of Example1.com so it leads to page reload again and again. It seems everything is empty at the very first time when user access page.

Does anyone know this issue can help me?

Thank you so much

Problem Transfer-Encoding give :ERR_INVALID_CHUNKED_ENCODING 200

March 14, 2019, 8:11 am
$
0
0
Hi,

I want to send chunked m4s but I have the following error in my console on Chrome I get

FetchLoader.js:87 GET https://*****************.m4s net::ERR_INVALID_CHUNKED_ENCODING 200 (OK)

I attachment there is my conf and the headers information.

I hope you will understand my problem and help me find a solution, you can ask me for precision.

I use nginx 1.15.8 and chrome 73.0.3683.75 on windows 10

Setting up server block file for my laravel api endpoints

March 14, 2019, 12:38 pm
$
0
0
When I do a request inside a node app of mine, I will do it to something like this: api.make.tube/{endpoint}

My current server block file looks like this:

server {
listen 80;

location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}

server {
listen 80;
server_name api.make.tube;
root /maketube/api/public;
location / {
try_files $uri $uri/ =404;
}
}


What I am not sure is how to route that url (api.make.tube/...) to my laravel app. Anyone able to help me with this?
Search

Re: Setting up server block file for my laravel api endpoints

March 14, 2019, 1:03 pm

Is it possible to push individial streams to different platforms?

March 15, 2019, 4:01 am
$
0
0
Hi all,

I have nginx set up to receive rtmp streams and can currently push the a stream to a facebook and youtube account simultaneously. I wanted to ask if it was possible, to push individual streams to different facebook/youtube platforms (for example stream1 to youtube/facebook account 1, stream 2 to to youtube/facebook account 2) ?


Thanks

How to redirect HTTP to different server IP and HTTPS to localhost

March 16, 2019, 3:59 am
$
0
0
Hi Team,

I am new to Nginx and using it with iRedmail. I have port forwarded - 80 and 433 to this Nginx server and I had to do both onto this server IP.

I want to forward any traffic that comes to only www - like WWW.mydomain.com to another server IP on the same LAN.

How can I forward/rewrite in Nginx configuration to achieve this?

Awaiting your reply.

Mathew

blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

March 16, 2019, 3:26 pm
$
0
0
In my nginx server block I have allowed access but I still get the message:

Access to XMLHttpRequest at 'http://api.mywebsite.com/tags/' from origin 'http://mywebsite.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

This is how my server block looks like:

server {
listen 80;

server_name mywebsite.com;

location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
add_header Access-Control-Allow-Origin mywebsite.com;

}

server {
listen 80;
server_name api.mywebsite.com;
add_header Access-Control-Allow-Origin mywebsite.com;

root /mywebsite/api/public;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri /index.php = 404;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}


Anyone know what I have done wrong? Or what I have to do to allow requests to subdomains?

Transparent proxy to websocket server on same machine

March 19, 2019, 3:20 am
$
0
0
Hello,

I want nginx and a websocket server on same machine. Users must be able to access both on port 80/443. I do this currently by having 2 separate IPs, but for logistical reasons I'd prefer one IP.

I know nginx can act as a proxy for a websocket server, but I also need the original IP to be carried to the websocket server, without additional headers.

I saw a small tutorial on this, so I know it's possible, but it assumed two separate servers and it involved iptables and routing. While I'm comfortable with nginx, I never had to edit iptables and routes manually and I don't want to mess them up.

What would be the simplest way to accomplish this?

How to cache gzip and brotli responses in nginx cache

March 20, 2019, 1:29 am
$
0
0
I'm trying to store gzip, and brotli html responses on the server side, in nginx cache itself, from my php framework.

I understand such modules like gzip_static, and brotli_static can fetch pre-ziped static files, but I'm looking for a solution able to store gziped and 'brotlied' versions of html responses from php. My html pages don't change too often.

That would save cpu (especially for brotli), and serve faster compressed html pages to clients, if already in cache.

I understand that using Varnish in front of nginx could store compressed html files produced by php. But is there a solution to use nginx cache directly to store br and gz versions of html files without adding another tool like Varnish?

My nginx cache config is as follows:

in nginx.conf:

fastcgi_cache_path /var/cache/nginx-cache levels=1:2 keys_zone=myZone:100m inactive=600m max_size=10g;


in server block:

location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_cache myZone;
fastcgi_cache_valid 3w;}

How to pipe incoming mails to php

March 20, 2019, 3:13 am
$
0
0
Hello,
I have already set MX records for my domain to My server,

Now i want to piple all incoming mails to usr/share/nginx/html/mailhandler.php To store them in database..

How can i do that?
Search

How To patch nginx source

March 21, 2019, 11:41 am
$
0
0
nable to patch nginx source (can't find file to patch)

[root@linux nginx]# patch -p1 </usr/local/nginx/0004-Accept-variable-name-as-upload_limit_rate-argument.patch
can't find file to patch at input line 14
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|From 8f4cad171fe4fed9cbd11a6a10fb4880e49bf9f6 Mon Sep 17 00:00:00 2001
|From: example <example@example.com>
|Date: Fri, 12 Feb 2016 11:28:56 +0600
|Subject: [PATCH] Accept variable name as upload_limit_rate argument
|
|---
| ngx_http_upload_module.c | 27 +++++++++++++++++----------
| 1 file changed, 17 insertions(+), 10 deletions(-)
|
|diff --git a/ngx_http_upload_module.c b/ngx_http_upload_module.c
|index 93ded70..6bd5027 100644
|--- a/ngx_http_upload_module.c
|+++ b/ngx_http_upload_module.c
--------------------------
File to patch:

What I am Doing Wrong Any?

Compiling Nginx from source gives a "leaving directory" error

March 22, 2019, 11:28 pm
$
0
0
Greetings,

I have been trying to compile Nginx from source with the following options:

./configure --with-http_stub_status_module --with-http_perl_module --with-http_flv_module --with-http_mp4_module --with-http_realip_module --with-http_ssl_module --add-module=/usr/local/nginx/nginx-upload-module-master --add-module=/usr/local/nginx/nginx_limit_speed_module --with-ld-opt="-Wl,-E"

This gives the following output;

Configuration summary
+ using system PCRE library
+ using system OpenSSL library
+ md5: using OpenSSL library
+ sha1: using OpenSSL library
+ using system zlib library

nginx path prefix: "/usr/local/nginx"
nginx binary file: "/usr/local/nginx/sbin/nginx"
nginx configuration prefix: "/usr/local/nginx/conf"
nginx configuration file: "/usr/local/nginx/conf/nginx.conf"
nginx pid file: "/usr/local/nginx/logs/nginx.pid"
nginx error log file: "/usr/local/nginx/logs/error.log"
nginx http access log file: "/usr/local/nginx/logs/access.log"
nginx http client request body temporary files: "client_body_temp"
nginx http proxy temporary files: "proxy_temp"
nginx http fastcgi temporary files: "fastcgi_temp"
nginx http uwsgi temporary files: "uwsgi_temp"
nginx http scgi temporary files: "scgi_temp"


Complete output here:
https://pastebin.com/JD7MKZ4F


make[1]: Leaving directory `/usr/local/nginx'
make -f objs/Makefile manpage
make[1]: Entering directory `/usr/local/nginx'
sed -e "s|%%PREFIX%%|/usr/local/nginx|" \
-e "s|%%PID_PATH%%|/usr/local/nginx/logs/nginx.pid|" \
-e "s|%%CONF_PATH%%|/usr/local/nginx/conf/nginx.conf|" \
-e "s|%%ERROR_LOG_PATH%%|/usr/local/nginx/logs/error.log|" \
< man/nginx.8 > objs/nginx.8
make[1]: Leaving directory `/usr/local/nginx'



When I proceed to do a make install

make -f objs/Makefile install
make[1]: Entering directory `/usr/local/nginx'
cd objs/src/http/modules/perl && make install
make[2]: Entering directory `/usr/local/nginx/objs/src/http/modules/perl'
Files found in blib/arch: installing files in blib/lib into architecture dependent library tree
Appending installation info to /usr/lib64/perl5/perllocal.pod
make[2]: Leaving directory `/usr/local/nginx/objs/src/http/modules/perl'
test -d '/usr/local/nginx' || mkdir -p '/usr/local/nginx'
test -d '/usr/local/nginx/sbin' || mkdir -p '/usr/local/nginx/sbin'
test ! -f '/usr/local/nginx/sbin/nginx' || mv '/usr/local/nginx/sbin/nginx' '/usr/local/nginx/sbin/nginx.old'
cp objs/nginx '/usr/local/nginx/sbin/nginx'
test -d '/usr/local/nginx/conf' || mkdir -p '/usr/local/nginx/conf'
cp conf/koi-win '/usr/local/nginx/conf'
cp: ‘conf/koi-win’ and ‘/usr/local/nginx/conf/koi-win’ are the same file
make[1]: *** [install] Error 1
make[1]: Leaving directory `/usr/local/nginx'
make: *** [install] Error 2



What am doing wrong or I missing? Thanks!

nginx container acting as LB

March 24, 2019, 11:25 pm
$
0
0
Hello

I have container with below file

user nginx;
worker_processes 1;

error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;

events {
worker_connections 1024;
}

stream {
upstream cb_80 {
server server-04.domain.com:35373 max_fails=2 fail_timeout=30s;
server server-05.domain.com:35373 max_fails=2 fail_timeout=30s;
server server-06.domain.com:35373 max_fails=2 fail_timeout=30s;
server server-07.domain.com:35373 max_fails=2 fail_timeout=30s;
server server-08.domain.com:35373 max_fails=2 fail_timeout=30s;
server server-09.domain.com:35373 max_fails=2 fail_timeout=30s;
server server-10.domain.com:35373 max_fails=2 fail_timeout=30s;
}
server {
listen 80;
proxy_pass cb_80;
}

}

stream {
upstream cb_443 {
server server-04.domain.com:33688 max_fails=2 fail_timeout=30s;
server server-05.domain.com:33688 max_fails=2 fail_timeout=30s;
server server-06.domain.com:33688 max_fails=2 fail_timeout=30s;
server server-07.domain.com:33688 max_fails=2 fail_timeout=30s;
server server-08.domain.com:33688 max_fails=2 fail_timeout=30s;
server server-09.domain.com:33688 max_fails=2 fail_timeout=30s;
server server-10.domain.com:33688 max_fails=2 fail_timeout=30s;
}

server {
listen 443;
proxy_pass cb_443;
}


}





the host which runs this conatiner will get he :80 & :443 with above

so mysite.domain.com:80 & mysite.domain.com:443 shuould do the lb

problem is

docker run --detach --name mysite --restart=unless-stopped --publish 80:80 --volume ${PWD}/nginx.conf:/etc/nginx/nginx.conf:ro nginx:stable-alpine

i can expose only 1 port

pls suggest

NGINX + MAGENTO 2 + MATOMO

March 26, 2019, 2:12 am
$
0
0
Hello

I'm currently stuck in the configuration of the server for Matomo/Piwik statistics. Can you please help me in resolving this configuration.
I want that nginx redirect all the trafic for URL https://www.mysite.com/matomo to /var/www/matomo root folder.
Here follow the 2 files used to configure the server running Magento 2:

***************** FIrst file

upstream fastcgi_backend {
server unix:/run/php/php7.2-fpm.sock;
}

server {
listen 80 default_server;
server_name mysite.com www.mysite.com;
return 301 https://$server_name$request_uri;
}

server {
listen 443 default_server;
server_name mysite.com www.mysite.com;
set $MAGE_ROOT /var/www/mysite;
include /var/www/mysite/nginx.conf.sample;
ssl on;
ssl_certificate /etc/ssl/ssl.crt/mysite.crt;
ssl_certificate_key /etc/ssl/ssl.key/mysite.key;
}


***************************** second file

## Example configuration:
# upstream fastcgi_backend {
# # use tcp connection
# # server 127.0.0.1:9000;
# # or socket
# server unix:/var/run/php/php7.0-fpm.sock;
# }
# server {
# listen 80;
# server_name mage.dev;
# set $MAGE_ROOT /var/www/magento2;
# include /vagrant/magento2/nginx.conf.sample;
# }
#
## Optional override of deployment mode. We recommend you use the
## command 'bin/magento deploy:mode:set' to switch modes instead.
##
## set $MAGE_MODE default; # or production or developer
##
## If you set MAGE_MODE in server config, you must pass the variable into the
## PHP entry point blocks, which are indicated below. You can pass
## it in using:
##
## fastcgi_param MAGE_MODE $MAGE_MODE;
##
## In production mode, you should uncomment the 'expires' directive in the /static/ location block

root $MAGE_ROOT/pub;

index index.php;
autoindex off;
charset UTF-8;
error_page 404 403 = /errors/404.php;
#add_header "X-UA-Compatible" "IE=Edge";

# PHP entry point for setup application
location ~* ^/setup($|/) {
root $MAGE_ROOT;
location ~ ^/setup/index.php {
fastcgi_pass fastcgi_backend;

fastcgi_param PHP_FLAG "session.auto_start=off \n suhosin.session.cryptua=off";
fastcgi_param PHP_VALUE "memory_limit=756M \n max_execution_time=600";
fastcgi_read_timeout 600s;
fastcgi_connect_timeout 600s;

fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}

location ~ ^/setup/(?!pub/). {
deny all;
}

location ~ ^/setup/pub/ {
add_header X-Frame-Options "SAMEORIGIN";
}
}

# PHP entry point for update application
location ~* ^/update($|/) {
root $MAGE_ROOT;

location ~ ^/update/index.php {
fastcgi_split_path_info ^(/update/index.php)(/.+)$;
fastcgi_pass fastcgi_backend;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
include fastcgi_params;
}

# Deny everything but index.php
location ~ ^/update/(?!pub/). {
deny all;
}

location ~ ^/update/pub/ {
add_header X-Frame-Options "SAMEORIGIN";
}
}

location / {
try_files $uri $uri/ /index.php$is_args$args;
}

location /pub/ {
location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) {
deny all;
}
alias $MAGE_ROOT/pub/;
add_header X-Frame-Options "SAMEORIGIN";
}

location /static/ {
# Uncomment the following line in production mode
# expires max;

# Remove signature of the static files that is used to overcome the browser cache
location ~ ^/static/version {
rewrite ^/static/(version[^/]+/)?(.*)$ /static/$2 last;
}

location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2|json)$ {
add_header Cache-Control "public";
add_header X-Frame-Options "SAMEORIGIN";
expires +1y;

if (!-f $request_filename) {
rewrite ^/static/?(.*)$ /static.php?resource=$1 last;
}
}
location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
add_header Cache-Control "no-store";
add_header X-Frame-Options "SAMEORIGIN";
expires off;

if (!-f $request_filename) {
rewrite ^/static/?(.*)$ /static.php?resource=$1 last;
}
}
if (!-f $request_filename) {
rewrite ^/static/?(.*)$ /static.php?resource=$1 last;
}
add_header X-Frame-Options "SAMEORIGIN";
}

location /media/ {
try_files $uri $uri/ /get.php$is_args$args;

location ~ ^/media/theme_customization/.*\.xml {
deny all;
}

location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
add_header Cache-Control "public";
add_header X-Frame-Options "SAMEORIGIN";
expires +1y;
try_files $uri $uri/ /get.php$is_args$args;
}
location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
add_header Cache-Control "no-store";
add_header X-Frame-Options "SAMEORIGIN";
expires off;
try_files $uri $uri/ /get.php$is_args$args;
}
add_header X-Frame-Options "SAMEORIGIN";
}




location /media/customer/ {
deny all;
}

location /media/downloadable/ {
deny all;
}

location /media/import/ {
deny all;
}

# PHP entry point for main application
location ~ ^/(index|get|static|errors/report|errors/404|errors/503|health_check)\.php$ {
try_files $uri =404;
fastcgi_pass fastcgi_backend;
fastcgi_buffers 1024 4k;

fastcgi_param PHP_FLAG "session.auto_start=off \n suhosin.session.cryptua=off";
fastcgi_param PHP_VALUE "memory_limit=756M \n max_execution_time=18000";
fastcgi_read_timeout 600s;
fastcgi_connect_timeout 600s;

fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}

gzip on;
gzip_disable "msie6";

gzip_comp_level 6;
gzip_min_length 1100;
gzip_buffers 16 8k;
gzip_proxied any;
gzip_types
text/plain
text/css
text/js
text/xml
text/javascript
application/javascript
application/x-javascript
application/json
application/xml
application/xml+rss
image/svg+xml;
gzip_vary on;

# Banned locations (only reached if the earlier PHP entry point regexes don't match)
location ~* (\.php$|\.htaccess$|\.git) {
deny all;
}

proxy_pass to subdomain does not work

March 26, 2019, 7:14 am
$
0
0
I have configured a reverse proxy that according to the url is redirected to a subdomain.

Example:
xxxx.domain.com -> test1.computer.com
zzzz.domain.com -> test2.computer.com

The problem is that wherever you enter, always redirect to a single server
xxxx.domain.com -> test1.computer.com
zzzz.domain.com -> test1.computer.com

configuration proxy reverse:

server {
listen 443 ssl http2;
server_name xxxx.domain.com
location / {
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://test1.computer.com;
}
}
server {
listen 443 ssl http2;
server_name zzzz.domain.com
location / {
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://test2.computer.com;
}
}

Configuration backend
server {
listen 80;
server_name test1.computer.com;
root /var/www/html/test1;
index index.php index.html index.htm;

location / {
try_files $uri $uri/ =404;
}

location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_TRANSLATED $document_root$fastcgi_path_info;
include fastcgi_params;
}
}

server {
listen 80;
server_name test2.computer.com;
root /var/www/html/test2;
index index.php index.html index.htm;

location / {
try_files $uri $uri/ =404;
}

location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_TRANSLATED $document_root$fastcgi_path_info;
include fastcgi_params;
}
}
Viewing all 4759 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>