nginx: convert apache proxypass configuration to nginx not working - apache

I have this configuration in apache working fine:
<VirtualHost *:80>
ServerAdmin mail#mail.com
ServerName opi4
<Directory "/var/www/html">
Require all denied
</Directory>
RewriteEngine on
RewriteRule "^/my-project$" "/my-project/" [L,R=301]
RewriteRule "^/amule$" "/amule/" [L,R=301]
RewriteRule "^/transmission$" "/transmission/web/" [L,R=301]
ProxyPass /my-project http://my-project.opi4
ProxyPassReverse /my-project http://my-project.opi4
ProxyPass /amule http://amule.opi4:4711
ProxyPassReverse /amule http://amule.opi4:4711
ProxyPass /transmission http://transmission.opi4:9091/transmission
ProxyPassReverse /transmission http://transmission.opi4:9091/transmission
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel debug
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
I writed this one to use it in nginx:
server {
listen 80;
server_name opi4;
location /amule {
rewrite ^/amule$ /amule/ permanent;
proxy_pass http://amule.opi4:4711;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /transmission {
rewrite ^/transmission$ /transmission/web/ permanent;
rewrite ^/transmission/$ /transmission/web/ permanent;
proxy_pass http://transmission.opi4:9091/transmission;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /my-project/ {
rewrite ^/my-project$ /my-project/ permanent;
proxy_pass http://my-project.opi4/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
/etc/hosts
127.0.0.1 amule.opi4
127.0.0.1 transmission.opi4
127.0.0.1 my-project.opi4
When I used with amule, transmission works fine, but no with my-project.
works: http://amule.opi4/
works: http://opi4/amule
works: http://transmission.opi4/
works: http://opi4/transmission
works: http://my-project.opi4/
NOT works: http://opi4/my-project it shows a "Welcome to nginx!" the same result as http://opi4/
some help will be apreciated, thank you

Related

Failed to make connection backend

I am running Apache/2.4.51, on Redhat Linux 9. I have disabled Selinux and set it to minimum. I have opened the firewall to the necessary ports. Lastly, I have changed the Vhost from IP based, to ''. When I change it to '' it will skip the Vhost and move to the next one for the ssl cert (if that makes sense)
I am moving servers, and this was working on Centos 8. I copied/pasted the httpd.conf and nginx.conf files.
I am getting the following : 503 Error
failed to make connection to backend: 38.17.51.135,
referer: https://www.fluttercode.com/service-worker.js
My Apache config files:
httpd.conf
<VirtualHost 38.17.51.135:80>
ServerAdmin webmaster#fluttercode.com
ServerName www.fluttercode.com
ServerAlias fluttercode.com
RewriteEngine on
RewriteCond %{SERVER_NAME} =fluttercode.com [OR]
RewriteCond %{SERVER_NAME} =www.fluttercode.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
httpd-le-ssl.conf:
<IfModule mod_ssl.c>
<VirtualHost 38.17.51.135:443>
ServerAdmin webmaster#fluttercode.com
ServerName www.fluttercode.com
ServerAlias fluttercode.com
ErrorLog /home/fluttercode/web_logs/error_log
CustomLog /home/fluttercode/web_logs/hit_log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =fluttercode.com
RewriteRule ^ https://www.fluttercode.com%{REQUEST_URI} [END,NE,R=permanent]
SSLProxyEngine on
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / https://38.17.51.135:4200/
ProxyPassReverse / https://38.17.51.135:4200/
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/fluttercode.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/fluttercode.com/privkey.pem
</VirtualHost>
</IfModule>
My nginx.conf (discourse.conf)
server {
access_log /var/log/nginx/access.log log_discourse;
listen 4200 default ssl;
gzip on;
gzip_vary on;
gzip_min_length 1000;
gzip_comp_level 5;
gzip_types application/json text/css text/javascript application/x-javascript application/javascript image/svg+xml application/wasm;
gzip_proxied any;
# Uncomment and configure this section for HTTPS support
# NOTE: Put your ssl cert in your main nginx config directory (/etc/nginx)
#
# rewrite ^/(.*) https://www.fluttercode.com/$1 permanent;
#
# listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/fluttercode.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/fluttercode.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
#
server_name www.fluttercode.com;
server_tokens off;
sendfile on;
keepalive_timeout 65;
# maximum file upload size (keep up to date when changing the corresponding site setting)
client_max_body_size 10m;
# path to discourse's public directory
set $public /var/www/discourse/public;
# without weak etags we get zero benefit from etags on dynamically compressed content
# further more etags are based on the file in nginx not sha of data
# use dates, it solves the problem fine even cross server
etag off;
# prevent direct download of backups
location ^~ /backups/ {
internal;
}
# bypass rails stack with a cheap 204 for favicon.ico requests
location /favicon.ico {
return 204;
access_log off;
log_not_found off;
}
location / {
root $public;
add_header ETag "";
# auth_basic on;
# auth_basic_user_file /etc/nginx/htpasswd;
location ~ ^/uploads/short-url/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Request-Start "t=${msec}";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $thescheme;
proxy_pass http://discourse;
break;
}
location ~ ^/secure-media-uploads/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Request-Start "t=${msec}";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $thescheme;
proxy_pass http://discourse;
break;
}
location ~* (fonts|assets|plugins|uploads)/.*\.(eot|ttf|woff|woff2|ico|otf)$ {
expires 1y;
add_header Cache-Control public,immutable;
add_header Access-Control-Allow-Origin *;
}
location = /srv/status {
access_log off;
log_not_found off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Request-Start "t=${msec}";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $thescheme;
proxy_pass http://discourse;
break;
}
# some minimal caching here so we don't keep asking
# longer term we should increase probably to 1y
location ~ ^/javascripts/ {
expires 1d;
add_header Cache-Control public,immutable;
add_header Access-Control-Allow-Origin *;
}
location ~ ^/assets/(?<asset_path>.+)$ {
expires 1y;
# asset pipeline enables this
# brotli_static on;
gzip_static on;
add_header Cache-Control public,immutable;
# HOOK in asset location (used for extensibility)
# TODO I don't think this break is needed, it just breaks out of rewrite
break;
}
location ~ ^/plugins/ {
expires 1y;
add_header Cache-Control public,immutable;
add_header Access-Control-Allow-Origin *;
}
# cache emojis
location ~ /images/emoji/ {
expires 1y;
add_header Cache-Control public,immutable;
add_header Access-Control-Allow-Origin *;
}
location ~ ^/uploads/ {
# NOTE: it is really annoying that we can't just define headers
# at the top level and inherit.
#
# proxy_set_header DOES NOT inherit, by design, we must repeat it,
# otherwise headers are not set correctly
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Request-Start "t=${msec}";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $thescheme;
proxy_set_header X-Sendfile-Type X-Accel-Redirect;
proxy_set_header X-Accel-Mapping $public/=/downloads/;
expires 1y;
add_header Cache-Control public,immutable;
## optional upload anti-hotlinking rules
#valid_referers none blocked mysite.com *.mysite.com;
#if ($invalid_referer) { return 403; }
# custom CSS
location ~ /stylesheet-cache/ {
add_header Access-Control-Allow-Origin *;
try_files $uri =404;
}
# this allows us to bypass rails
location ~* \.(gif|png|jpg|jpeg|bmp|tif|tiff|ico|webp)$ {
add_header Access-Control-Allow-Origin *;
try_files $uri =404;
}
# SVG needs an extra header attached
location ~* \.(svg)$ {
}
# thumbnails & optimized images
location ~ /_?optimized/ {
add_header Access-Control-Allow-Origin *;
try_files $uri =404;
}
proxy_pass http://discourse;
break;
}
location ~ ^/admin/backups/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Request-Start "t=${msec}";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $thescheme;
proxy_set_header X-Sendfile-Type X-Accel-Redirect;
proxy_set_header X-Accel-Mapping $public/=/downloads/;
proxy_pass http://discourse;
break;
}
# This big block is needed so we can selectively enable
# acceleration for backups, avatars, sprites and so on.
# see note about repetition above
location ~ ^/(svg-sprite/|letter_avatar/|letter_avatar_proxy/|user_avatar|highlight-js|stylesheets|theme-javascripts|favicon/proxied|service-worker) {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Request-Start "t=${msec}";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $thescheme;
# if Set-Cookie is in the response nothing gets cached
# this is double bad cause we are not passing last modified in
proxy_ignore_headers "Set-Cookie";
proxy_hide_header "Set-Cookie";
proxy_hide_header "X-Discourse-Username";
proxy_hide_header "X-Runtime";
# note x-accel-redirect can not be used with proxy_cache
proxy_cache one;
proxy_cache_key "$scheme,$host,$request_uri";
proxy_cache_valid 200 301 302 7d;
proxy_cache_bypass $bypass_cache;
proxy_pass http://discourse;
break;
}
# we need buffering off for message bus
location /message-bus/ {
proxy_set_header X-Request-Start "t=${msec}";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $thescheme;
proxy_http_version 1.1;
proxy_buffering off;
proxy_pass http://discourse;
break;
}
# this means every file in public is tried first
try_files $uri #discourse;
}
location /downloads/ {
internal;
alias $public/;
}
location #discourse {
proxy_set_header Host $http_host;
proxy_set_header X-Request-Start "t=${msec}";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $thescheme;
proxy_pass http://discourse;
}
Any help on config settings or linux settings to fix this problem would be greatly appreciated.

proxy subdirectory to subdomain using ngix

I have the following in apache config file
SSLProxyEngine on
ProxyPass "/blog" "https://external.com/"
ProxyPassReverse "/blog" "https://external.com/"
This works fine , mydomain.com/blog is showing content https://external.com/ , I want to do the same in nginx with following code
location ~/blog(.*)$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass https://external.com$1;
}
mydomain.com/blog is keep on reloading and mydomain.com/blog/ is showing my homepage

Yii2 + Nginx(proxy) + Apache(back)

I'm learning NGINX and I need to set a frontend webserver with NGINX and a backend webserver with Apache using .htaccess
This is the content of /etc/nginx/sites-available/my_test5.loc
server {
charset utf-8;
client_max_body_size 128M;
listen 80;
server_name my_test5.loc;
root /var/www/my_test5.loc/web;
#root /var/www/my_test5.loc;
index index.php;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
# deny accessing php files for the /assets directory
location ~ ^/assets/.*\.php$ {
deny all;
}
location ~ \.php$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080;
}
location ~* /\. {
# deny all;
allow all;
}
}
This is the content of /etc/apache2/sites-available/my_test5.loc.conf
<VirtualHost *:8080>
<Directory /var/www/my_test5.loc/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ServerAdmin admin#my_test5.loc
ServerName my_test5.loc
ServerAlias www.my_test5.loc
DocumentRoot /var/www/my_test5.loc/web/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Now all I have working is the main page. If I try to navigate to site/about for example I can't. What have I done wrong and how to use these 2 web servers?
I think your setup is only pointing correctly into index.php because of your location / {} directive, try editing your to be more permissive about your Apache access changing this block to pass through it and adding specific block to other kind of files, like assets.
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080;
}
location ~* \.(jpg|jpeg|png|gif|ico|css|js|ttf|ttc|otf|eot|woff|woff2)$ {
try_files $uri $uri/
}
This way NGINX serves your static files and Apache serves everything else.
For Nginx work
use .htaccess for apache
siteName.conf apache must be
siteName conf must be in nginx sites-available and sites-enable
be sure that you send request from 80 port to 8080(as in my case) and Apache are listening it

Nginx error log - invalid local address

I have a Amazon EC2 Server setup with Nginx 1.8.1 on port 80 and Apache 2.4 on port 8080.
My Nginx error log is filled with invalid local address "www.domain.com:80"
Can someone advise how to fix this error?
My domain.com under /etc/nginx/sites-enabled is as below
server {
listen 80;
server_name domain.com www.domain.com;
root /home/domain/public_html/;
index index.php index.htm index.html;
location / {
#try_files $uri $uri/ /index.php;
#try_files $uri $uri/ $uri.php;
try_files $uri $uri/ /index.php?/$request_uri;
}
location ~ \.php$ {
proxy_bind $host:80;
proxy_pass http://www.domain.com:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header X-Cache-Status $upstream_cache_status;
# Cache configuration
proxy_cache my-cache;
proxy_cache_valid 10s;
proxy_no_cache $cookie_PHPSESSID;
proxy_cache_bypass $cookie_PHPSESSID;
proxy_cache_key "$scheme$host$request_uri";
}
# Disable Cache for the file type html, json
location ~* .(?:manifest|appcache|html?|xml|json)$ {
expires -1;
}
# Enable Cache the file 30 days
location ~* .(jpg|png|gif|jpeg|css|mp3|wav|swf|mov|doc|pdf|xls|ppt|docx|pptx|xlsx)$ {
proxy_cache_valid 200 120m;
expires 30d;
proxy_cache my-cache;
#access_log off;
add_header X-Cache-Status $upstream_cache_status;
}
location ~ /\. {
access_log off;
log_not_found off;
deny all;
}
}
My domain.com under Apache Virtual Host is as below
<VirtualHost 172.31.xx.xxx:8080>
DocumentRoot /home/domain/public_html/
ServerName domaine.com
ServerAlias www.domain.com n1.domain.com
ErrorLog /home/domain/logs/error_log
CustomLog /home/domain/logs/access_log combined
<Directory /home/domain/public_html>
Options -Includes -ExecCGI
AllowOverride All
</Directory>
Is there any particular reason as to why you have the proxy_bind $host:80; directive? If not, remove it and it should stop the error (note that the address that you're binding to must be local, if you chose to go that route).

Trouble getting SSL to work with django + nginx + wsgi

I've followed a couple of examples for Django + nginx + wsgi + ssl, but I can't get them to work. I simply get an error in my browser than I can't connect.
I'm running two websites off the host. The config files are identical except for the ip addresses, server names, and directories.
When neither use SSL, they work fine. When I try to listen on 443 with one of them, I can't connect to either.
My config files are below, and any suggestions would be appreciated.
server{
listen xxx.xxx.xxx.xxx:80;
server_name sub.domain.com;
access_log /home/django/logs/nginx_customerdb_http_access.log;
error_log /home/django/logs/nginx_customerdb_http_error.log;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 32 4k;
}
location /site_media/ {
alias /home/django/customerdb_site_media/;
}
location /admin-media/ {
alias /home/django/django_admin_media/;
}
}
server{
listen xxx.xxx.xxx.xxx:443;
server_name sub.domain.com;
access_log /home/django/logs/nginx_customerdb_http_access.log;
error_log /home/django/logs/nginx_customerdb_http_error.log;
ssl on;
ssl_certificate sub.domain.com.crt;
ssl_certificate_key sub.domain.com.key;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Protocol https;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 32 4k;
}
location /site_media/ {
alias /home/django/customerdb_site_media/;
}
location /admin-media/ {
alias /home/django/django_admin_media/;
}
}
<VirtualHost *:8080>
ServerName xxx.xxx.xxx.xxx
ServerAlias xxx.xxx.xxx.xxx
LogLevel warn
ErrorLog /home/django/logs/apache_customerdb_error.log
CustomLog /home/django/logs/apache_customerdb_access.log combined
WSGIScriptAlias / /home/django/customerdb/apache/django.wsgi
WSGIDaemonProcess customerdb_wsgi processes=4 threads=5
WSGIProcessGroup customerdb_wsgi
SetEnvIf X-Forwarded-Protocol "^https$" HTTPS=on
</VirtualHost>
UDPATE: the existence of two sites (on separate IPs) on the host is the issue. if i delete the other site, the setting above mostly work. doing so also brings up another issue: chrome doesn't accept the site as secure saying that some content is not encrypted.
[This should actually be a comment ...]
You should also set
proxy_set_header X-Forwarded-Protocol $scheme
To indicate to Django when connections are secure, otherwise your https links will get redirected to http, which is bad.
This will set http when it actually is http, and https when it's https.
I changed the server that listens on 80 to rewrite to https removed all the other directives.