I have an Nginx Proxy Manager server sitting in front of the mailcow Nginx server. Everything works fine ... the Sogo page loads. But when I try to login it issues a 502... logs on all servers don't really point to any issues.
Add the following to your Custom Nginx Configuration found in the advanced tab
location / {
proxy_pass http://site.you.want:9007/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 0;
proxy_buffer_size 128k;
proxy_buffers 64 512k;
proxy_busy_buffers_size 512k;
}
Related
My setup is the following
location / {
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol https;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Url-Scheme https;
proxy_set_header Front-End-Https on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Internal /internal-nginx-static-location;
access_log off;
proxy_pass http://127.0.0.1:5000;
}
Behind nginx i am running a docker container with an aspnet core application. But this application thinks it runs using schema http instead of https.
The aspnet core application has been setup using
options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
and
app.UseForwardedHeaders
So the application is available via ssl but as soon as i try to login, the secured cookies are not transfered to client and the proxy ends in an incorrect state (bad gateway). The login in the application itself was successful (in the logs the result is fine) but the nginx seems unable to bring the response to the client.
Some faced a similar issue?
I am trying to deploy my app with vue.js as frontend and fastapi as backend. But I am having issue when deploy the app on the cloud. I have nginx configure like below.
I am binding backend to port 8080 and frontend to 8000. But with this configuration, I can only see my frontend page. The backend api is not respond. Can anyone show me how to fix it?
server {
listen 80;
server_name example.com;
charset utf-8;
root vis/dist;
index index.html index.htm;
location /api/ {
proxy_pass http://127.0.0.1:8000;
}
location / {
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_redirect off;
proxy_connect_timeout 90s;
proxy_read_timeout 90s;
proxy_send_timeout 90s;
}
error_log /var/log/nginx/vue-app-error.log;
access_log /var/log/nginx/vue-app-access.log;
}
Hi guys i am having a problem with nginx, i have configure phpmyadmin to run with nginx phpmyadmin is configured to run on port 8080. I access phpmyadmin via localhost/phpmyadmin and it give me the proper login screen below.
phpmyadmin login screen
after login the url on the address bar changes to the configure port from localhost/phpmyadmin to localhost:8080/phpmyadmin and it throws
error message
here is my nginx configuration:
server{
listen 443 ssl;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_certificate /etc/certificate/live/localhost/permission.pem;
ssl_certificate_key /etc/certificate/live/localhost/privkey.pem;
include /etc/certificate/live/localhost/ssl-nginx.conf;
access_log /var/log/nginx/apache2-access.log;
error_log /var/log/nginx/apache2-error.log;
location /phpmyadmin{
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header Host $http_host;
proxy_set_header X-Ssl on;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080/phpmyadmin;
proxy_redirect off;
}
}
Thanks in advance.
You should not be using proxy_redirect off;. You want to change the redirects
location /phpmyadmin{
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header Host $http_host;
proxy_set_header X-Ssl on;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080/phpmyadmin;
proxy_redirect http://127.0.0.1:8080/ $scheme://$host/;
proxy_redirect http://localhost:8080/ $scheme://$host/;
proxy_cookie_domain 127.0.0.1 $host;
proxy_cookie_domain localhost $host;
}
And you also want to setup the cookie so login works
I have a Couchdb database that should not be accessed directly, so I need to use a reverse proxy.
How to configure Nginx or apache as a reverse proxy for Couchdb?
To reverse proxy in nginx, you need a config that looks like this https://www.nginx.com/resources/admin-guide/reverse-proxy/
upstream mycouch {
server 192.168.0.100:
}
server {
listen *:80;
server_name mycouch.mydomain.whatever.com;
underscores_in_headers on;
location / {
expires off;
proxy_pass http://mycouch;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
This will proxy HTTP calls for your couchdb. Since you tagged this question with docker, if you wanted to bake a container with this stuff, I'd suggest you start FROM nginx, https://hub.docker.com/_/nginx/ (or, just mount a config file in to nginx image as is)
Based on #djcrabhat replay, I created this config to enables replication
...
location / {
proxy_pass http://192.168.99.100:5984 //couchdb address
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ ^/(.*)/_changes {
proxy_pass http://192.168.99.100:5984 //couchdb address
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
...
I check the ip-address in the controller with
request.env['REMOTE_ADDR']
this works fine in my test environment.
But on the production server with nginx + unicorn I always get 127.0.0.1.
This is my nginx config for the site:
upstream unicorn {
server unix:/tmp/unicorn.urlshorter.sock fail_timeout=0;
}
server {
listen 80 default deferred;
# server_name example.com;
root /home/deployer/apps/urlshorter/current/public;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri #unicorn;
location #unicorn {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://unicorn;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}
I had trouble with this too; I found this question, but the other answer didn't help me.
I looked at Rails 3.2.8's implementation of Rack::Request#ip to see how it decided what to say; to get it to use an address passed via the environment without filtering out addresses from my local network (it's trying to filter out intermediate proxies, but that's not what I wanted), I had to set the HTTP_CLIENT_IP from my nginx proxy configuration block in addition to what you've got above (X-Forwarded-For has to be there too for this to work!):
proxy_set_header CLIENT_IP $remote_addr;
If you use request.remote_addr you'll get the of your Nginx proxy.
To get the real IP address of your user, you can use request.remote_ip.
According to Rails' source code, it checks for various http headers to give you the most relevant one : in Rails 3.2 or Rails 4.0.0.beta1
The answer is in your config file :) The following should do what you want:
real_ip = request.headers["X-Real-IP"]
more here: http://api.rubyonrails.org/classes/ActionDispatch/Request.html#method-i-headers
UPDATE: The proper answer is here in another Q:
https://stackoverflow.com/a/4465588
or in this thread:
https://stackoverflow.com/a/15883610
spoiler:
use request.remote_ip
For ELB - nginx - rails you want to follow this guide:
http://engineering.blopboard.com/resolving-real-client-ip-with-amazon-elb-nginx-and-php-fpm
See:
server {
listen 443 ssl spdy proxy_protocol;
set_real_ip_from 10.0.0.0/8;
real_ip_header proxy_protocol;
location /xxx {
proxy_http_version 1.1;
proxy_pass <api-endpoint>;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-By $server_addr:$server_port;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header CLIENT_IP $remote_addr;
proxy_pass_request_headers on;
}
...
The proxy_set_header CLIENT_IP $remote_addr; didn't work for me. Here's what did..
The solution I found after reviewing the actiondispatch code remote_ip.rb source. Now I get proper IP in my devise/warden processes as well as any other routine I'm looking at request.remote_ip
My config...
Ruby 2.2.1 - Rails 4.2.1 - NGINX v1.8.0 - Unicorn v4.9.0 - Devise v3.4.1
nginx.conf
HTTP_CLIENT_IP vs CLIENT_IP
location #unicorn {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HTTP_CLIENT_IP $remote_addr; <-----
proxy_redirect off;
proxy_pass http://unicorn;
}
Source actionpack-4.2.1/lib/action_dispatch/middleware/remote_ip.rb
Line 114:
client_ips = ips_from('HTTP_CLIENT_IP').reverse
Line 126:
"HTTP_CLIENT_IP=#{#env['HTTP_CLIENT_IP'].inspect} " +