Nginx 1 public IP 2 local servers - nginx-reverse-proxy

I need help configuring Nginx to point towards 2 servers on my local network.
Here is my situation :
On my local network I have a Glpi server (172.27.134.16) + a wiki.js server (172.27.134.8:3000)
I would like my public IP to be able to access both servers.
Both of my server blocs work individually, but when they are together only the first server block is executed when typing the pubic Ip address. When I want to connect to Glpi I move it up in the .conf file and vice-versa when I want to access Wiki.js.
Is there something I need to change in my .conf file? Should I create 2 separate files instead?
Here is my config
server {
listen 80;
listen [::]:80;
access_log /var/log/nginx/reverse-access.log;
error_log /var/log/nginx/reverse-error.log;
location / {
proxy_pass http://172.27.134.16;
}
}
server {
listen 80;
listen [::]:80;
access_log /var/log/nginx/reverse-access.log;
error_log /var/log/nginx/reverse-error.log;
location / {
proxy_pass http://172.27.134.8:3000;
}
}

Related

NGINX reverse proxy two different server as backend

I am just new to NGINX.
I set up NGINX as a reverse proxy from subdomain.example.com which affects the internal ip 192.168.xxx.x . This works great.
For now I want to reach another server in my network, let it call 192.168.xxx.Y .
The Y should be available under subdomain.example.com/Y .
How do I have to configure NGINX?
This is my first try - which does not work:
server {
listen 80;
server_name subdomain.example.com;
location / {
proxy_pass http://192.168.xxx.x:80;
}
location /Y {
proxy_pass http://192.168.xxx.Y:377;
}
}
Any suggestions what I am doing wrong?

NGINX Reverse Proxy redirecting instead of proxying

i have a NGINX server running as a reverse proxy. Proxy works for windows hosts however i have a owncloud server and the proxy will instead re wright the url to the internal host name or IP address. ex(I type cloud.example.com and my url bar will change to 10.1.1.19 which is unresolvable over wan
i have checked DNS records and made sure NGINX can resolve host name. also tried just forwarding http traffic to cloud server to make sure using domain name was not the issue.
server {
listen 80;
listen [::]:80;
server_name example.com;
location / {
proxy_pass http://10.1.1.16:80/;
}
}
server {
listen 80;
listen [::]:80;
server_name cloud.example.com;
location / {
proxy_pass http://10.1.1.19:80/;
}
}
server {
listen 80;
listen [::]:80;
server_name remote.example.com;
location / {
proxy_pass http://10.1.1.17:80/;
}
}
i just need NGINX to run as a proxy for "cloud.example.com" instead of rewriting URL
I found a partial answer to this -- Why is my Nginx reverse proxy doing a 301 redirect instead of proxying?.
For me, it kept nginx from changing the hostname (i.e. from good-domain.com to 10.1.5.5:8080), but there doesn't appear to be a way to stop nginx from appending the port to the client's request URL.
So, in using the answer referenced above, I was able to go from http://10.1.5.5:8080 to http://good-domain:8080. It's still not where I want to be, but it definitely gets me closer.

How to listen to different port on Nginx and proxy the request?

I am a newbie to Nginx config and all, I have a process which is an express app, running on port 3000 using pm2 and I have allowed port 3000 using ufw as well, and have made a server instance on Nginx to proxy it,
server {
# SSL configuration
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name .mysite.co;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/django/mysite;
}
proxy_cache mysite;
location / {
include proxy_params;
proxy_pass http://unix:/home/django/mysite/mysite.sock;
}
gzip_comp_level 3;
gzip_types text/plain text/css image/*;
ssl_certificate /etc/letsencrypt/live/mysite.co/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mysite.co/privkey.pem; # managed by Certbot
}
server {
if ($host = www.mysite.co) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = mysite.co) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name .mysite.co;
return 404; # managed by Certbot
}
server{
listen 3000;
listen 443 ssl http2;
server_name .mysite.co:3000;
location / {
proxy_pass https://localhost:3000;
}
}
I ran netstat -napl | grep 3000 and I could confirm that the process is running and pm2 status also says its running and no errors in log as well.
How could I make this work? Thanks for the help in advance.
You won't be able to use nginx to listen on port 3000 as well as your node process as only one service can really listen on the port at once. So you'll need to ensure nginx is listening for connections on a different port. I imagine what you're trying to do is to listen on port 80 / 443 and then send the request onto your express service which is listening on port 3000?
In this case your bottom server block is nearly correct. To get this working without TLS/SSL (just on port 80) you'll want to use something like this:
server {
listen 80;
server_name node.mysite.co
location / {
proxy_pass http://localhost:3000;
}
}
The following is a very basic example and you'll probably want to toggle some other settings. This will make "http://node.mysite.co" go proxy through to whatever service (in this case an Express server) is listening on port 3000 locally.
You do not need to make a firewall (ufw) exception for port 3000 in this case as it's a local proxy pass. You should close the port on the firewall so people can't access it directly, this way the must go through nginx.
If you want to get SSL/TLS working, you'll want another block that'll look something like the following. Again, this is very basic and doesn't have a lot of settings you probably want to research and set (such as cipher choices).
server {
listen 443 ssl;
server_name node.mysite.co
ssl_certificate certs/mysite/server.crt;
ssl_certificate_key certs/mysite/server.key;
location / {
proxy_pass http://localhost:3000;
}
}
You'll need to replace the cert and key path to point to your SSL/TLS ceritifcate and key respectively. This will enable you to access https://node.mysite.co and it'll be proxied onto the service on port 3000 as well.
Once you've done that you might then choose to go back and change the http (port 80) server to a redirect to https to force https only connections.
Also note that I've ensured the server_name is different to your existing django server_name with a subdomain (node.mysite.co). You might wish to change this value but you can't have two server blocks listening on the same port and server_name, otherwise nginx would have no idea what to do with the request. I'm sure you're doing this anyway but I wanted to make sure it was explicit and would work with your existing setup.
If you wish the site to be served only for mysite.co:3000
If for some reason you want the user to go to port 3000 on the domain mysite.co, then you will need to set the "listen" to 3000 and keep the server name as "mysite.co". This will allow someone to go to mysite.co:3000 in their browser and hit your node service. I imagine this isn't really what you want for a public facing website though, it also won't line up very nicely with your port 443 version.
Note: I don't claim to be an nginx expert, but I've used it for all my node projects for the past few years and I find this setup to be pretty clear. There might be some nicer syntax you can use.

Configure proxy_pass for intermittent service

I'm using Nginx within a Doccker container to host my application
I'm trying to configure Nginx to proxy traffic to the /.well-known/ directory to another container that handles the letsencrypt process to setup & renew SSL certificates, but I don't need that container to be running all the time, only when attempting to renew the certificates.
My idea was to use proxy_pass for the directory specific traffic, through to the leysencrypt container, but as it's not always running, the Nginx process exits complaining that the upstream is not available.
Is there a way to configure Nginx not to check the status of the upstream for proxy_pass setting?
Here's the current config, if it's useful…
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name domain.com;
root /var/www/html/web;
location / {
return 301 https://$host$request_uri;
}
location ^~ /.well-known/ {
proxy_pass http://letsencrypt/.well-known/;
}
}
I guess I could use an in app forwarding of files, but this feels clunky. I'd rather configure it within Nginx.
location ^~ /.well-known/ {
resolver 127.0.0.1;
set $upstream letsencrypt;
proxy_pass http://$upstream/.well-known/; # use variables to make nginx startable
}

How can I serve multiple rails apps on single VPS?

I have a VPS on digital ocean. I can able to run multiple rails apps on same VPS using nginx+passenger. Now i want to map domain names. For this what should I do?
My nginx.conf file
server {
listen 80;
server_name localhost;
location ~ ^/uvarsity(/.*|$) {
alias /home/uvarsity/public$1; # <-- be sure to point to 'public'!
passenger_base_uri /uvarsity;
passenger_app_root /home/uvarsity;
passenger_document_root /home/uvarsity/public;
passenger_enabled on;
rails_env production;
}
location ~ ^/uvarsity-landing(/.*|$) {
alias /home/uvarsity-lp/public$1; # <-- be sure to point to 'public'!
passenger_base_uri /uvarsity-landing;
passenger_app_root /home/uvarsity-lp;
passenger_document_root /home/uvarsity-lp/public;
passenger_enabled on;
rails_env production;
}
location / {
root /home/amaravati/public; # <-- be sure to point to 'public'
passenger_enabled on;
}
}
What you want is virtual hosting.
The trick here is to define an upstream section in NGINX to define each application's backend server(s), and then a server section that passes traffic to the upstream.
Here's a very simple example I used to provide a virtual host localhost that redirected to a virtual machine running on VirtualBox. I was using localhost but the only requirement is that your browser requests the host by the name matching the server_name setting in the server block in the nginx config.
upstream apache {
server 192.168.70.1:1025;
}
server {
server_name localhost;
location / {
proxy_pass http://apache;
}
}