Harbor 2.5.0 behind Apache reverse proxy - apache

I installed Harbor in a server inside the company farm and I can use it without problem through https://my-internal-server.com/harbor.
I tried to add the reverse proxy rules to Apache to access it through the public server for harbor, v2, chartrepo, service endpoints, like https://my-public-server.com/harbor, but this doesn't work.
For example:
ProxyPass /harbor https://eslregistry.eng.it/harbor
ProxyPassReverse /harbor https://eslregistry.eng.it/harbor
I also set in harbor.yaml:
external_url: https://my-public-server.com
When I try to access to https://my-public-server.com/harbor with the browser I see a Loading... page and 404 errors for static resources because it tries to get them with this GET:
https://my-public-server.com/scripts.a459d5a2820e9a99.js
How can I configure it to work?


You should pass the whole domain, not only the path. Take a look at the official Nginx config to have an idea how this might look like.
upstream harbor {
server harbor_proxy_ip:8080;
}
server {
listen 443 ssl;
server_name harbor.mycomp.com;
ssl_certificate /etc/nginx/conf.d/mycomp.com.crt;
ssl_certificate_key /etc/nginx/conf.d/mycomp.com.key;
client_max_body_size 0;
chunked_transfer_encoding on;
location / {
proxy_pass http://harbor/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
}
Note that you should disable proxy or buffering

Related

Nginx config for location/api

Placed frontend and backend in nginx. I'm trying to correctly configure that after authorization, nginx redirected me to the original page.
Nginx Conf:
##Frontend
server_name atlas.com;
location / {
root /ops/front_2.0/dist/;
index index.html;
}
##Backend
location /api {
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
With this configuration, the backend does not work, I will not get to the authorization page and a 404 Not Found error occurs.
But if, with the same settings, you place the Backend on another domain name, for example:
server_name server.atlas.com;
location / {
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
}
Then everything works fine. But such a solution does not suit me, since it is not convenient to use for Frontend, since a CORS error is raised.

Nginx Problem: Nginx adds comma and duplicate the url

I've just deployed a flask application with Gunicorn and Nginx. The application is running under 192.168.25.49 address. Nginx configured as following:
server {
listen 80;
server_name 192.168.25.49;
location / {
include proxy_params;
proxy_redirect off;
proxy_set_header host $host;
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-forward-for $proxy_add_x_forwarded_for;
proxy_pass http://unix:/home/avin/Saba/saba.sock;
}
}
The problem is: When I enter 192.168.25.49 in the address bar, it automatically changes to http://192.168.25.49,192.168.25.49/login. This problem occurs on login and logout too.
I've searched whole the internet but nothing found for this problem. If anyone with Nginx knowledge help me will appreciate.

Multiple subdomains on CloudFlare

Is it possible to set up DNS records using CloudFlare that would allow me to have subdomains pointing to two different ports on my local machine?
For example, one application running on port 80, and another on port 8880? According to this link the ports should both be supported:
https://blog.cloudflare.com/cloudflare-now-supporting-more-ports/
I'd like to have:
sub1.domain.com -> 1.2.3.4:80
sub2.domain.com -> 1.2.3.4:8880
I've looked at SRV records, but it doesn't seem to allow IP addresses as targets.

You can use a reverse proxy like nginx and use it along with Cloudflare for the purpose.
Check this link to learn about installing and configuring nginx as reverse proxy.
https://www.digitalocean.com/community/tutorials/how-to-set-up-a-node-js-application-for-production-on-ubuntu-16-04
an example configuration looks like this
server {
listen 80;
server_name subdomain.example.com;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://local_ip:8081;
}
}
server {
listen 80;
server_name subdomain2.example.com;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://local_ip:port;
}
}

How to install gitlab separate on centos7?

I wish to install gitlab on my Centos 7 server. But I need to separate the gitlab and apache folder. That is when I type localhost should get the index page in HTML folder and when I type git.example.com should get the gitlab page. Is there any way to do this? Please help me, anyone.

Might not be the best solution, but what I did was to set a "front NGINX" to proxy my 3 services: Apache (at www), Redmine (at issues) and GitLab (at git)
Then I configured my Apache to listen on another port (say 808). And my GitLab to listen on its own port (say 809).
And I added a server configuration in NGINX with a proxypass using something like this:
server {
listen 80;
server_name www.example.com;
location / {
access_log off;
proxy_pass http://localhost:808;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
and one for the GitLab as:
server {
listen 80;
server_name git.example.com;
location / {
access_log off;
proxy_pass http://localhost:809;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
error_page 502 /502.html;
location = /502.html {
root /opt/gitlab/error_pages;
}
}

nginx location directive : authentication happening in wrong location block?

I'm flummoxed.
I have a server that is primarily running couchdb over ssl (using nginx to proxy the ssl connection) but also has to serve some apache stuff.
Basically I want everything that DOESN'T start /www to be sent to the couchdb backend. If a url DOES start /www then it should be mapped to the local apache server on port 8080.
My config below works with the exception that I'm getting prompted for authentication on the /www paths as well. I'm a bit more used to configuring Apache than nginx, so I suspect I'm mis-understanding something, but if anyone can see what is wrong from my configuration (below) I'd be most grateful.
To clarify my use scenario;
https://my-domain.com/www/script.cgi should be proxied to
http://localhost:8080/script.cgi
https://my-domain.com/anythingelse should be proxied to
http://localhost:5984/anythingelse
ONLY the second should require authentication. It is the authentication issue that is causing problems - as I mentioned, I am being challenged on https://my-domain.com/www/anything as well :-(
Here's the config, thanks for any insight.
server {
listen 443;
ssl on;
# Any url starting /www needs to be mapped to the root
# of the back end application server on 8080
location ^~ /www/ {
proxy_pass http://localhost:8080/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# Everything else has to be sent to the couchdb server running on
# port 5984 and for security, this is protected with auth_basic
# authentication.
location / {
auth_basic "Restricted";
auth_basic_user_file /path-to-passwords;
proxy_pass http://localhost:5984;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Ssl on;
}
}

Maxim helpfully answered this for me by mentioning that browsers accessing the favicon would trigger this behaviour and that the config was correct in other respects.