Have a basic hello world ASP.NET Core web app with the only modifications being to program.cs -> removed httpsredirect and hsts so it's set up for http.
Published to an Ubuntu server under /var/www/hello_world with static files under /var/www/hello_world/wwwroot. The app sits behind a NGINX reverse proxy to the kestrel server listening on http://127.0.0.1:5000. Everything works fine for the main endpoint, but everything else (css|js|lib|.ico) returns a 404 unless I specify the static files directory in a separate location directive:
location ~* /(css|js|lib) { root /var/www/hello_world/wwwroot; }
I've tried setting up my nginx.conf in both an upstream configuration:
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
ssl_certificate /etc/ssl/certs/hello_world.pem;
ssl_certificate_key /etc/ssl/private/hello_world.key;
location / {
proxy_pass http://dotnet;
proxy_set_header Host $host;
}
}
upstream dotnet {
zone dotnet 64k;
server 127.0.0.1:5000;
}
and a straight-forward proxy_pass:
server {
listen 443 ssl;
server_name helloworld.com;
ssl_certificate /etc/ssl/certs/hello_world.pem;
ssl_certificate_key /etc/ssl/private/hello_world.key;
ssl_dhparam /etc/nginx/dhparam.pem;
location / {
proxy_pass http://127.0.0.1:5000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# returns 404 for static files unless I have this
location ~* /(css|js|lib|ico) {
root /var/www/hello_world/wwwroot;
}
}
I can see the shell info from dotnet that the directory structure is correct in the request that is getting passed to kestrel, but kestrel returns a 404 unless I add the location in the nginx.conf. Since none of the guides either from NGINX or Microsoft have this location block I'm assuming I configured something incorrectly. The way I assumed it would work is everything going to that server block with the location / would get passed to kestrel which the ASP.NET Core app would have the directory structure mapped and return the static files.
Any ideas?
For anyone else that runs into this, the issue was because I was running dotnet hello_world.dll
from an ssh shell in the /etc/nginx directory which in Linux makes it the working directory for that process and in turn, the content root path for the ASP.NET application. The fix is to run the dotnet hello_world.dll from the /var/www/hello_world directory or specify the working directory when making the service.
Thanks #marc_s for the edit. I'll remember to do better next question.
Related
I currently have my project running http without any issues. Now I am working on encrypting my traffic by using https. I have a certificate for my domain and I set up all the code and areas I thought were necessary to deploy it as https.
When I do this and run it my web page is not displayed, I just get the default nginx page. When I do this with http my web page is displayed.
I've used a few articles on here to setup mine the way I currently have it so now im assuming i'm missing just some small detail that is why my https isn't working.
Here are all the steps I used for setting up my certificate and deploying it as HTTPS:
1. .Net Core Project.
Appsettings.json I added these 2 sections.
“Kestrel”: {
“Endpoints”: {
“Http”: {
“Url”: “http://localhost:60110”
},
“Https”: {
“Url”: “https://localhost:60111”
}
}
},
“https_port”: 60111
2. Program.cs
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup<Startup>()
.UseUrls(#“http://*:60110”)
.UseUrls(#"https://*:60111")
.UseKestrel();
});
3. Startup.cs
I added app.UseHsts();
4. Nginx I have 2 vhost files. 1 is for my ‘listen 80;” which works.
My 2nd is this :
server {
listen 443 ssl;
ssl_certificate /path/to/fullchain.pem #managed by Certbot
ssl_certificate_key /path/to/privkey.pem #managed by Certbot
root /var/www/websiteFolder;
server_name MyDomain.tech
location / {
proxy_pass http://localhost:60111;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
I setup the symbolic link in nginx/sites-enabled from sites-available
I did the sudo nginx -t and my syntax passes.
I also did the nginx -s reload to reload all my conf and vhost files on nginx.
What am I missing or did I do wrong?
Thank you all.
UPDATE:
One thing I found out last night.
I found out one issue, I still haven't solved this yet but..
because I have:
.UseUrls(#"https://*:60111")
My service was unable to start on ubuntu. It said it could not find the certificate.
So I am going to remove this line and see what happens.
I read that I should only need to declare my certificate on the web server [nginx] and not have to do it twice. [.net & nginx]
if this doesnt work I also want to try on my nginx vhost conf file. to
location / {
proxy_pass https://localhost:60111;
OR
proxy_pass http://localhost:60110;
with a possible httpsredirect()
We have an app that uploads automatically generated SSL certificate to our NGINX load balancers. One time the we had this issue that a "bad certificate" got uploaded and then a automated nginx reload is thereafter executed, our server went offline for a while causing DNS issues (DNS not found) for our server domain. Causing a huge downtime to our clients.
However it is a feature / function in our application to allow apps to upload SSL cerficate and our backend server installs it automatically, is there a way to tell to ignore bad NGINX conf files and crt/key's altogether? Looking at the before logs I can remember that I saw something like SSL handshake error before the incident.
Here's how our main nginx-jelastic.conf looks like:
######## HTTP SECTION PROTOTYPE ########
http {
server_tokens off ;
### other settings hidden for simplicity
include /etc/nginx/conf.d/*.conf;
}
######## TCP SECTION PROTOTYPE ########
So what I am thinking if it's possible for nginx to just ignore all bad NGINX conf files that is located there. Here's a sample of what gets uploaded in the conf.d folder:
#
www.example-domain.com HTTPS server configuration
#
server {
listen 443 ssl;
server_name www.example-domain.com;
ssl_certificate /var/lib/nginx/ssl/www.example-domain.com.crt;
ssl_certificate_key /var/lib/nginx/ssl/www.example-domain.com.key;
access_log /var/log/nginx/localhost.access_log main;
error_log /var/log/nginx/localhost.error_log info;
proxy_temp_path /var/nginx/tmp/;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location / {
set $upstream_name common;
include conf.d/ssl.upstreams.inc;
proxy_pass http://$upstream_name;
proxy_next_upstream error;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Host $http_host;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
proxy_set_header X-URI $uri;
proxy_set_header X-ARGS $args;
proxy_set_header Refer $http_refer;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
For some reason the certificate and key indicated in the configuration could be wrong, that that is going to wreck the nginx server and since our domain is pointed to this server via A record, it us a total disaster if the nginx fails as DNS issues happens and it could take 24-48 hours for DNS to get back.
I've installed GitLab on a virtual machine in Microsoft Azure in which I also have an Apache2 web server that should respond with some static websites.
Since GitLab has an embedded NGinX web server I thought that it would have been sufficient to just make these two changes:
Make apache listen to another port rather than 80 (I changed it to 8090)
Add a server block to GitLab's NGinX (firstly by adding this configuration to gitlab.rb nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/*.conf;" and then by creating the following block in /etc/nginx/conf.d/serverblock.conf)
server {
root /var/www/;
server_name .notgitlabdomain.com;
access_log /etc/nginx/logs/notgitlabdomain_access.log;
error_log /etc/nginx/logs/notgitlabdomain_error.log;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass 127.0.0.1:8090;
add_header X-Upstream $upstream_addr;
add_header NLC_S "s";
}
}
The problem is that this is not working so far. I opened and checked whether the nginx.conf (in /var/opt/gitlab/nginx/conf/) file is actually reading the server block I added and it is. But when I follow a link in my notgitlabdomain.com domain it redirects me to notgitlabdomain.com/users/sign_in with a Sass error that couldn't import a some css files.
Open develop tools and check the request.
I guess this issue is related about the configuration of gitlab (domain url)
I am having a Amazon EC2 Ubuntu instance. I have installed LAMP server and tomcat 7. I also have application running in tomcat.
Now, my URL for apache is - http://ec2-54-xx-xx-xx.us-west-2.compute.amazonaws.com/
My URL for tomcat application is: http://ec2-54-xx-xx-xx.us-west-2.compute.amazonaws.com:8080
Instead of writing the 8080 part, I would like to call this directly via the URL http://ec2-54-xx-xx-xx.us-west-2.compute.amazonaws.com/.
I went through lot of tutorials, all are invalid, out dated or missing details. I am apache2, so the files inside the apache2 directory are below.
How can I do this "properly"? Because I will purchase a domain name in this weekend and I will replace the long amazon URL with this one soon as well.
What you need is a reverse proxy. You should setup nginx or httpd server instance, which would proxy requests from port 80 (http) to your local 8080 port (tomcat).
Here's a sample configuration for nginx:
upstream tomcat {
server 127.0.0.1:8080; # your tomcat app address
}
server {
listen 80;
root /path/to/your/app/directory;
index index.html index.htm;
server_name your.app.domain;
location / {
try_files $uri $uri/index.html $uri.html #tomcat;
}
location #tomcat {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
proxy_pass http://tomcat;
}
}
I am using Ghost as a blogging platform and nginx as a reverse proxy for ghost as detailed in the documentation. Ghost is installed in a subdirectory and is served over the domain http://example.com/blog whereas the static website is served over example.com
I have set up SSL on my server and want to serve the ghost login page (example.com/blog/ghost) over SSL while serving the rest of the pages over normal HTTP. However if I use forceAdminSSL:true and try to go to http://example.com/blog/ghost it should automatically redirect me to https://example.com/blog/ghost. Instead I'm redirected to https://example.com/ghost and end up with 404 error. The only work around I have found that works is to use foreAdminSSL:{redirect:false} which is clumsy because then I have to manually type https in the address bar instead of http.
How do I server Ghost Admin panel over ssl while ghost is installed in a subdirectory? I guess this has something to do with configuration in nginx.
My nginx config block
server {
listen 80;
listen 443 ;
server_name *.example.com;
server_name example.com;
ssl on;
ssl_certificate /etc/nginx/ssl/certificate.crt;
ssl_certificate_key /etc/nginx/ssl/key.key;
location ^~/blog {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:2786;
proxy_redirect off;
}
location / {
root "/home/ubuntu/somedirectory/";
index index.html;
}
I think you haven't entered the config URL while setting up Ghost correctly.
You can do this by running the following commands:
ghost config URL https://my-domain.com/blog/
ghost restart
If this doesn't solve the problem, you can check out a detailed tutorial, solving this issue, on my blog here