We have the below nginx .conf settings in our local vm and it is working fine.
Summary: We are sending logs to loki by having nginx in front of loki where we have two levels of authentication:
Writing the logs
Reading the logs
The below file is working fine, now we want to move this nginx to k8.
In k8 what we want is to use our LB (projectname.dev.url.com) to write the logs under the path /loki/api/v1/push and read the logs under the path **/logs. **
Where we are right now is, we are able to successfully do a curl command towards our read path.
which is /projectname.dev.url.com/logs, however we are not able to push logs to loki write path(projectname.dev.url.com/loki/api/v1/push) as it is expecting headers.
Our ingress config file looks like below : can some one please help me in passing headers in k8 ingress set up, similar to how we pass in our VM nginx set up
upstream "FQDN Hostname2" {
# server XXXXXXXXXXXXXXXXX:443 weight=1;
server XXXXXXXXXXXXXXXXX:443 weight=1;
server XXXXXXXXXXXXXXXXX:443 weight=1;
server XXXXXXXXXXXXXXXXX:443 weight=1;
server XXXXXXXXXXXXXXXXX:443 weight=1;
}
map $remote_user $loki_scope_org_id {
"~^(?<scope_org_id>[^#]*)" $scope_org_id;
}
server {
listen 443 ssl;
server_name FQDN HOstname;
ssl_certificate /etc/pki/tls/certs/FQDN HOstname.crt;
ssl_certificate_key /etc/pki/tls/private/FQDN HOstname.key;
ssl_protocols TLSv1.2 TLSv1.3;
client_max_body_size 2G;
client_body_buffer_size 50M;
location /loki/api/v1/push {
log_subrequest on;
mirror /loki/api/v2/push;
auth_basic "Please provide X-Scope-OrgID";
auth_basic_user_file /etc/nginx/.htpasswd_agents;-----------**Writing Credentials**
proxy_pass http://FQDN HOstname:3100/loki/api/v1/push;
proxy_set_header X-Scope-OrgID $loki_scope_org_id;
}
location /loki/api/v2/push {
internal;
log_subrequest on;
auth_basic "Please provide X-Scope-OrgID";
auth_basic_user_file /etc/nginx/.htpasswd_agents;
proxy_pass https://FQDN Hostname2/logs/loki/api/v1/push;
proxy_set_header X-Scope-OrgID $loki_scope_org_id;
}
location / {
auth_basic "Please provide X-Scope-OrgID";
auth_basic_user_file /etc/nginx/.htpasswd_grafana;
proxy_pass http://FQDN HOstname:3100/;
proxy_set_header X-Scope-OrgID $remote_user;
}
location /logs {
auth_basic "Please provide X-Scope-OrgID";
auth_basic_user_file /etc/nginx/.htpasswd_grafana;
proxy_pass https://FQDN Hostname2/logs;
proxy_set_header X-Scope-OrgID $remote_user;
}
access_log /var/lib/loki/nginx/LOGNAME_access.log main;
error_log /var/lib/loki/nginx/LOGNAME_error.log warn;
}
-------------Ingress config file-------------
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
meta.helm.sh/release-name: loki
meta.helm.sh/release-namespace: loki
nginx.ingress.kubernetes.io/auth-realm: Authentication Required
nginx.ingress.kubernetes.io/auth-secret: **basic-auth**
nginx.ingress.kubernetes.io/auth-type: basic
nginx.ingress.kubernetes.io/rewrite-target: /$2
creationTimestamp: "2022-10-26T20:34:42Z"
generation: 9
labels:
app.kubernetes.io/component: gateway
app.kubernetes.io/instance: loki
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: loki-distributed
app.kubernetes.io/version: 2.4.2
helm.sh/chart: loki-distributed-0.47.4
name: loki-loki-distributed-gateway
namespace: loki
resourceVersion: "94038120"
uid: a9175373-458b-41ff-a261-d984e266a54e
spec:
ingressClassName: nginx
rules:
- http:
paths:
- backend:
service:
name: loki-loki-distributed-gateway
port:
number: 443
path: /logs(/|$)(.*)
pathType: Prefix
- backend:
service:
name: loki-loki-distributed-distributor
port:
number: 443
path: /logs/loki/api/v1/push
pathType: Exact
tls:
- hosts:
- '*.fqdn.fqdn.net'
status:
loadBalancer:
ingress:
- ip: X.X.X.159
- ip: X.X.X.17
- ip: X.X.X.49
- ip: X.X.X.72
- ip: X.X.X.76
- ip: X.X.X.78
- ip: X.X.X.83
- ip: X.X.X.120
- ip: X.X.X.123
- ip: X.X.X.127
- ip: X.X.X.144
- ip: X.X.X.145
- ip: X.X.X.167
- ip: X.X.X.168
- ip: X.X.X.171
- ip: X.X.X.177
- ip: X.X.X.178
- ip: X.X.X.183
- ip: X.X.X.185
- ip: X.X.X.186
- ip: X.X.X.190
- ip: X.X.X.197
- ip: X.X.X.4
- ip: X.X.X.6
I tried creating configmap file in ingress - which is shown as below, i have added "map" field in ingress configmap , similar to what we have in our vm set up,my question is how would $remote_user be mapped to username which is present in our secret file - basic-auth.
I have added auth file to ingress file . please see my main post.
Any help would be very appreciated.
worker_processes 5; ## Default: 1
error_log /dev/stderr;
pid /tmp/nginx.pid;
worker_rlimit_nofile 8192;
events {
worker_connections 4096; ## Default: 1024
}
http {
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
**map $remote_user $loki_scope_org_id {
"~^(?<scope_org_id>[^#]*)" $scope_org_id;
}**
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] $status '
'"$request" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /dev/stderr main;
sendfile on;
tcp_nopush on;
resolver rke2-coredns-rke2-coredns.kube-system.svc.cluster.local;
server {
listen 8080;
location = / {
return 200 'OK';
auth_basic off;
}
location = /api/prom/push {
proxy_pass http://loki-loki-distributed-distributor.loki.svc.cluster.local:310
}
location = /api/prom/tail {
proxy_pass http://loki-loki-distributed-querier.loki.svc.cluster.local:3100$re
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location ~ /api/prom/.* {
proxy_pass http://loki-loki-distributed-query-frontend.loki.svc.cluster.local:
}
location = /loki/api/v1/push {
proxy_pass http://loki-loki-distributed-distributor.loki.svc.cluster.local:310
proxy_set_header X-Scope-OrgID $loki_scope_org_id;
}
location = /loki/api/v1/tail {
proxy_pass http://loki-loki-distributed-querier.loki.svc.cluster.local:3100$re
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location ~ /loki/api/.* {
proxy_pass http://loki-loki-distributed-query-frontend.loki.svc.cluster.local:
}
}
}
worker_processes 5; ## Default: 1
error_log /dev/stderr;
pid /tmp/nginx.pid;
worker_rlimit_nofile 8192;
events {
worker_connections 4096; ## Default: 1024
}
http {
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
map $remote_user $loki_scope_org_id {
"~^(?<scope_org_id>[^#]*)" $scope_org_id;
}
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] $status '
'"$request" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /dev/stderr main;
sendfile on;
tcp_nopush on;
resolver rke2-coredns-rke2-coredns.kube-system.svc.cluster.local;
server {
listen 8080;
location = / {
return 200 'OK';
auth_basic off;
}
location = /api/prom/push {
proxy_pass http://loki-loki-distributed-distributor.loki.svc.cluster.local:310
}
location = /api/prom/tail {
proxy_pass http://loki-loki-distributed-querier.loki.svc.cluster.local:3100$re
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location ~ /api/prom/.* {
proxy_pass http://loki-loki-distributed-query-frontend.loki.svc.cluster.local:
}
location = /loki/api/v1/push {
proxy_pass http://loki-loki-distributed-distributor.loki.svc.cluster.local:310
proxy_set_header X-Scope-OrgID $loki_scope_org_id;
}
location = /loki/api/v1/tail {
proxy_pass http://loki-loki-distributed-querier.loki.svc.cluster.local:3100$re
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location ~ /loki/api/.* {
proxy_pass http://loki-loki-distributed-query-frontend.loki.svc.cluster.local:
}
}
}
worker_processes 5; ## Default: 1
error_log /dev/stderr;
pid /tmp/nginx.pid;
worker_rlimit_nofile 8192;
events {
worker_connections 4096; ## Default: 1024
}
http {
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
**map $remote_user $loki_scope_org_id {
"~^(?<scope_org_id>[^#]*)" $scope_org_id;
}**
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] $status '
'"$request" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /dev/stderr main;
sendfile on;
tcp_nopush on;
resolver rke2-coredns-rke2-coredns.kube-system.svc.cluster.local;
server {
listen 8080;
location = / {
return 200 'OK';
auth_basic off;
}
location = /api/prom/push {
proxy_pass http://loki-loki-distributed-distributor.loki.svc.cluster.local:310
}
location = /api/prom/tail {
proxy_pass http://loki-loki-distributed-querier.loki.svc.cluster.local:3100$re
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location ~ /api/prom/.* {
proxy_pass http://loki-loki-distributed-query-frontend.loki.svc.cluster.local:
}
location = /loki/api/v1/push {
proxy_pass http://loki-loki-distributed-distributor.loki.svc.cluster.local:310
proxy_set_header X-Scope-OrgID $loki_scope_org_id;
}
location = /loki/api/v1/tail {
proxy_pass http://loki-loki-distributed-querier.loki.svc.cluster.local:3100$re
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location ~ /loki/api/.* {
proxy_pass http://loki-loki-distributed-query-frontend.loki.svc.cluster.local:
}
}
}
Related
I am serving a Vue App via proxy_pass from my Nginx server. Here's my config looks like:
location /iframe/reports/ {
proxy_pass http://reports-frontend/reports;
proxy_set_header Host $host;
}
location ^~ /js/ {
proxy_pass http://reports-frontend/js/;
}
location ^~ /css/ {
proxy_pass http://reports-frontend/css/;
}
My Vue App is running inside a Nginx docker container with the following configuration:
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root /app;
index index.html;
try_files $uri $uri/ /index.html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
}
When I request localhost:8080/iframe/reports I am able to get the index.html and assets needed. But the routing seems not to be working. Why is that so?
Thanks!
also after googling quite a bit I was not able to find the solution. I'm running a Plesk for Ubuntu and am currently deploying a react native app. All url-paths checkout fine and navigation within the app works. However if I'm for instance on www.mydomain.com/something/something and I refresh the page the refresh leads to a 404 error.
What I tried now
I ssh'ed into /var/www/vhosts/system/mydomain.com/conf and udpated the file nginx.conf with
server {
location / {
try_files $uri $uri/ /index.html?$query_string;
}
}
I restarted the service, however this does not do the trick.
Any idea how to fix that?
Thanks
Matt
Here is the full nginx.conf file:
#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
server {
listen 175.31.15.213:443 ssl http2;
server_name example.com;
server_name www.example.com;
server_name ipv4.example.com;
server_name "example.com.52-29-213-14.svr.fm";
ssl_certificate /opt/psa/var/certificates/certXTrwD4;
ssl_certificate_key /opt/psa/var/certificates/certXTrwD4;
ssl_client_certificate /opt/psa/var/certificates/certL2SKRF;
client_max_body_size 128m;
root "/var/www/vhosts/example.com/httpdocs";
access_log "/var/www/vhosts/system/example.com/logs/proxy_access_ssl_log";
error_log "/var/www/vhosts/system/example.com/logs/proxy_error_log";
if ($host ~* ^1519\.tirol$) {
rewrite ^(.*)$ https://www.example.com$1 permanent;
}
#extension letsencrypt begin
location ^~ /.well-known/acme-challenge/ {
root /var/www/vhosts/default/htdocs;
types { }
default_type text/plain;
satisfy any;
auth_basic off;
allow all;
location ~ ^/\.well-known/acme-challenge.*/\. {
deny all;
}
}
#extension letsencrypt end
location / {
proxy_pass https://175.31.15.213:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Internal /internal-nginx-static-location;
access_log off;
}
location /internal-nginx-static-location/ {
alias /var/www/vhosts/example.com/httpdocs/;
internal;
}
location ~ ^/(plesk-stat|awstats-icon|webstat|webstat-ssl|ftpstat|anon_ftpstat) {
proxy_pass https://175.31.15.213:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Internal /internal-nginx-static-location;
access_log off;
}
location /internal-nginx-static-location/ {
alias /var/www/vhosts/example.com/httpdocs/;
internal;
}
location ~ ^/(plesk-stat|awstats-icon|webstat|webstat-ssl|ftpstat|anon_ftpstat) {
proxy_pass https://175.31.15.213:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Internal /internal-nginx-static-location;
access_log off;
}
location ~ ^/~(.+?)(/.*?\.php)(/.*)?$ {
alias /var/www/vhosts/example.com/web_users/$1/$2;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass "unix:///var/www/vhosts/system/example.com/php-fpm.sock";
include /etc/nginx/fastcgi.conf;
}
location ~ ^/~(.+?)(/.*)?$ {
proxy_pass https://175.31.15.213:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Internal /internal-nginx-static-location;
access_log off;
}
location ~ \.php(/.*)?$ {
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass "unix:///var/www/vhosts/system/example.com/php-fpm.sock";
include /etc/nginx/fastcgi.conf;
}
location ~ /$ {
index "index.html" "index.cgi" "index.pl" "index.php" "index.xhtml" "index.htm" "index.shtml";
}
add_header X-Powered-By PleskLin;
include "/var/www/vhosts/system/example.com/conf/vhost_nginx.conf";
}
server {
listen 175.31.15.213:80;
server_name example.com;
server_name www.example.com;
server_name ipv4.example.com;
server_name "example.com.52-29-213-14.svr.fm";
client_max_body_size 128m;
if ($host ~* ^1519\.tirol$) {
rewrite ^(.*)$ https://www.example.com$1 permanent;
}
return 301 https://$host$request_uri;
}
server {
location / {
try_files $uri $uri/ /index.html?$query_string;
}
}
I really hope you guys can help me out. I lost my way around different guides of setting up ssl.
When I try to access my site i just get 502 Bad Gateway. Plain old nginx works just fine, and "simple" ssl without forces ssl also works fine.
Here are my config files.
default.conf
## http://xn--srentorp-54a.dk redirects to https://xn--srentorp-54a.dk
server {
listen 80;
listen [::]:80;
server_name xn--srentorp-54a.dk;
include /etc/nginx/snippets/letsencrypt.conf;
location / {
return 301 https://xn--srentorp-54a.dk$request_uri;
}
}
## http://www.xn--srentorp-54a.dk redirects to https://www.xn--srentorp-54a.dk
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name www.xn--srentorp-54a.dk;
include /etc/nginx/snippets/letsencrypt.conf;
location / {
return 301 https://www.xn--srentorp-54a.dk$request_uri;
}
}
## https://xn--srentorp-54a.dk redirects to https://www.xn--srentorp-54a.dk
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name xn--srentorp-54a.dk;
ssl_certificate /etc/letsencrypt/live/xn--srentorp-54a.dk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xn--srentorp-54a.dk/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/xn--srentorp-54a.dk/fullchain.pem;
include /etc/nginx/snippets/ssl.conf;
location / {
return 301 https://www.xn--srentorp-54a.dk$request_uri;
}
}
## Serves https://www.xn--srentorp-54a.dk
server {
server_name www.xn--srentorp-54a.dk;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server ipv6only=on;
ssl_certificate /etc/letsencrypt/live/xn--srentorp-54a.dk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xn--srentorp-54a.dk/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/xn--srentorp-54a.dk/fullchain.pem;
include /etc/nginx/snippets/ssl.conf;
root /var/www/;
index index.html index.php;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
location ~/\.ht {
deny all;
}
}
server {
listen 80;
server_name torpinc.xn--srentorp-54a.dk;
location / {
proxy_pass http://localhost:8081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 150;
proxy_send_timeout 100;
proxy_read_timeout 100;
proxy_buffers 4 32k;
client_max_body_size 8m;
client_body_buffer_size 128k;
}
}
server {
listen 80;
server_name perpt.xn--srentorp-54a.dk;
location / {
proxy_pass http://localhost:8082;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 150;
proxy_send_timeout 100;
proxy_read_timeout 100;
proxy_buffers 4 32k;
client_max_body_size 8m;
client_body_buffer_size 128k;
}
}
letsencrypt.conf
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root /var/www/letsencrypt;
}
ssl.conf
sl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2;
ssl_ciphers EECDH+AESGCM:EECDH+AES;
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
I have two nginx vhosts which are identical apart from the domain and the SSL/root locations. They look like this:
/etc/nginx/sites-available/domain1.co.uk
server {
listen 80;
server_name domain1.co.uk;
rewrite ^/(.*) https://domain1.co.uk/$1 permanent;
}
server {
listen 80;
listen 443 ssl;
server_name www.domain1.co.uk;
ssl_certificate /etc/nginx/ssl/domain1.chained.crt;
ssl_certificate_key /etc/nginx/ssl/private/domain1.key;
return 301 $scheme://domain1.co.uk$request_uri;
}
server {
listen 443 ssl;
server_name domain1.co.uk;
root /var/www/domain1.co.uk/public_html;
ssl_certificate /etc/nginx/ssl/domain1.chained.crt;
ssl_certificate_key /etc/nginx/ssl/private/domain1.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
try_files $uri #prerender;
}
location /blog/ {
index index.php;
try_files $uri $uri/ /blog/index.php?$args;
}
# pass the PHP scripts to FastCGI server listening on the php-fpm socket
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ ^/api {
try_files $request_uri $request_uri/ /api/index.php?$query_string;
}
location #prerender {
proxy_set_header X-Prerender-Token 4398455894u5ugjgfgfj;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
set $prerender 0;
if ($http_user_agent ~* "googlebot|yahoo|bingbot|baiduspider|yandex|yeti|yodaobot|gigabot|ia_archiver|facebookexternalhit|twitterbot|developers\.google\.com") {
set $prerender 1;
}
if ($args ~ "_escaped_fragment_|prerender=1") {
set $prerender 1;
}
if ($http_user_agent ~ "Prerender") {
set $prerender 0;
}
if ($prerender = 1) {
rewrite .* /$scheme://$host$request_uri? break;
#proxy_pass http://localhost:3000;
proxy_pass http://service.prerender.io;
}
if ($prerender = 0) {
proxy_pass http://127.0.0.1:3000;
}
}
}
/etc/nginx/sites-available/domain2.co.uk
server {
listen 80;
server_name domain2.co.uk;
rewrite ^/(.*) https://domain2.co.uk/$1 permanent;
}
server {
listen 80;
listen 443 ssl;
server_name www.domain2.co.uk;
ssl_certificate /etc/nginx/ssl/domain2.chained.crt;
ssl_certificate_key /etc/nginx/ssl/private/domain2.key;
return 301 $scheme://domain2.co.uk$request_uri;
}
server {
listen 443 ssl;
server_name domain2.co.uk;
root /var/www/domain2.co.uk/public_html;
ssl_certificate /etc/nginx/ssl/domain2.chained.crt;
ssl_certificate_key /etc/nginx/ssl/private/domain2.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
try_files $uri #prerender;
}
location /blog/ {
index index.php;
try_files $uri $uri/ /blog/index.php?$args;
}
# pass the PHP scripts to FastCGI server listening on the php-fpm socket
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ ^/api {
try_files $request_uri $request_uri/ /api/index.php?$query_string;
}
location #prerender {
proxy_set_header X-Prerender-Token 4398455894u5ugjgfgfj;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
set $prerender 0;
if ($http_user_agent ~* "googlebot|yahoo|bingbot|baiduspider|yandex|yeti|yodaobot|gigabot|ia_archiver|facebookexternalhit|twitterbot|developers\.google\.com") {
set $prerender 1;
}
if ($args ~ "_escaped_fragment_|prerender=1") {
set $prerender 1;
}
if ($http_user_agent ~ "Prerender") {
set $prerender 0;
}
if ($prerender = 1) {
rewrite .* /$scheme://$host$request_uri? break;
#proxy_pass http://localhost:3000;
proxy_pass http://service.prerender.io;
}
if ($prerender = 0) {
proxy_pass http://127.0.0.1:3000;
}
}
}
When I visit domain1.co.uk it just works as expected, and redirects to the non-www https URL. If I visit domain2.co.uk though, it serves the correct SSL cert, but is showing the domain1 site on the domain2 URL.
I have a default server block as well:
server {
listen 80 default_server;
return 444;
}
server {
listen 443 default_server;
ssl on;
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
return 444;
}
How can I configure this so that domain2.co.uk is actually serving the files from /var/www/domain2.co.uk/public_html instead of domain1?
Ah! Sorry! I thought, you didn't have domain2.co.uk. Hoping you have "/var/www/domain2.co.uk/public_html" as root for "domain2.co.uk" server. Did you make nginx to read the /etc/nginx/sites-available/domain2.co.uk file, if it is not included. Basically, you would need to check the "include" directive in /etc/nginx/nginx.conf and also, create a sym link file "/etc/nginx/sites-enabled/domain2.co.uk" and point it to "/etc/nginx/sites-available/domain1.co.uk" to enable it.
Restarting nginx :
# service nginx start
Starting nginx: nginx: [emerg] duplicate upstream "api" in /etc/nginx/sites-enabled/default:1
nginx: configuration file /etc/nginx/nginx.conf test failed
This is the config file :
upstream api{
least_conn;
server 127.0.0.1:5001 max_fails=2 fail_timeout=15s;
server 127.0.0.1:5002 max_fails=2 fail_timeout=15s;
server 127.0.0.1:5003 max_fails=2 fail_timeout=15s;
server 127.0.0.1:5004 max_fails=2 fail_timeout=15s;
}
server {
listen 192.168.10.33:80;
allow 192.168.0.0/20;
allow 127.0.0.1/32;
deny all;
server_name api api.my.intranet;
location ^~ (/images/|/css/|/javascripts/) {
root /var/www/myapi/public/;
expires 30m;
}
# serve all other stuff from appserver
location / {
if ($http_origin ~ (.*\.my\.intranet|.*\.my\.com) ) {
add_header 'Access-Control-Allow-Origin' $http_origin;
}
# add_header 'Access-Control-Allow-Origin' '*';
expires off;
proxy_pass http://api/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
}
}
server {
listen 175.30.33.14:80;
server_name api.my.com;
return 301 https://api.my.com$request_uri;
}
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/certs/my.com.2014.chain;
ssl_certificate_key /etc/ssl/private/my.com.2014.key;
server_tokens off;
server_name api api.my.com api.my.intranet;
location ^~ (/images/|/css/|/javascripts/) {
root /var/www/myapi/public/;
expires 30d;
}
# serve all other stuff from appserver
location / {
if ($http_origin ~ (.*\.my\.intranet|.*\.my\.com) ) {
add_header 'Access-Control-Allow-Origin' $http_origin;
}
# add_header 'Access-Control-Allow-Origin' '*';
expires off;
proxy_pass http://api/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
}
location /v2 {
rewrite ^/v2/(.*) /$1 break;
if ($http_origin ~ (.*\.my\.intranet|.*\.my\.com) ) {
add_header 'Access-Control-Allow-Origin' $http_origin;
}
# add_header 'Access-Control-Allow-Origin' '*';
expires off;
proxy_pass http://192.168.10.8:3000/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
Do you see any problem ?
a backup file: defuault.backup was in the same folder which created a conflict !