Nginx config for location/api - authentication

Placed frontend and backend in nginx. I'm trying to correctly configure that after authorization, nginx redirected me to the original page.
Nginx Conf:
##Frontend
server_name atlas.com;
location / {
root /ops/front_2.0/dist/;
index index.html;
}
##Backend
location /api {
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
With this configuration, the backend does not work, I will not get to the authorization page and a 404 Not Found error occurs.
But if, with the same settings, you place the Backend on another domain name, for example:
server_name server.atlas.com;
location / {
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
}
Then everything works fine. But such a solution does not suit me, since it is not convenient to use for Frontend, since a CORS error is raised.

Related

Hosting Blazor Standalone WASM on NGINX

I'm having some issues hosting blazor WASM standalone (without an asp.net core project as host) behind nginx as a reverse proxy.
Here is my Nginx default config file:
server {
listen 80;
listen [::]:80;
server_name localhost;
location / {
root /var/www/web/BlazorApp/wwwroot;
try_files $uri $uri/ index.html =404;
include /etc/nginx/mime.types;
types {
application/wasm wasm;
}
default_type application/octet-stream;
}
location /service1/ {
proxy_pass http://localhost:5001/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /service2/ {
proxy_pass http://localhost:5002/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /service3/ {
proxy_pass http://localhost:5003/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
This Configuration works in the sense that I can access my blazor app using
http://{server-ip-address}
and my other services using
http://{server-ip-address}/serviceX
where X would refer to service 1,2 and 3 respectively
First issue: when I navigate in my blazor app for example to http://{server-ip-address}/My-Blazor-Page and I refresh the page I get a 404 not found error.
for it to work back again I need to go back to the base address http://{server-ip-address} and navigate back to My-Blazor-Page.
I cannot refresh a page and go back to the same page.
Second issue: I would like my blazor app to have a different location. I would like to use http://{server-ip-address}/Blazor rather than http://{server-ip-address}/.
I tried everything to get it right but this is the only config that semi-works
Many thanks for your help!
The following nginx.conf file is simplified to show how to configure Nginx to send the index.html file whenever it can't find a corresponding file on disk.
When setting the NGINX burst rate limit with limit_req, Blazor WebAssembly apps may require a large burst parameter value to accommodate the relatively large number of requests made by an app. Initially, set the value to at least 60:
Increase the value if browser developer tools or a network traffic tool indicates that requests are receiving a 503 - Service Unavailable status code.
For more information on production Nginx web server configuration, see Creating NGINX Plus and NGINX Configuration Files.
The above will try the URL, and if no file matches, it'll serve index.html instead. This is the way.
For your second issue, you should set the base attribute value to "Blazor" and put all files in the Blazor directory (the config needs to match this). You can also route differently, but this is the easiest.

Harbor 2.5.0 behind Apache reverse proxy

I installed Harbor in a server inside the company farm and I can use it without problem through https://my-internal-server.com/harbor.
I tried to add the reverse proxy rules to Apache to access it through the public server for harbor, v2, chartrepo, service endpoints, like https://my-public-server.com/harbor, but this doesn't work.
For example:
ProxyPass /harbor https://eslregistry.eng.it/harbor
ProxyPassReverse /harbor https://eslregistry.eng.it/harbor
I also set in harbor.yaml:
external_url: https://my-public-server.com
When I try to access to https://my-public-server.com/harbor with the browser I see a Loading... page and 404 errors for static resources because it tries to get them with this GET:
https://my-public-server.com/scripts.a459d5a2820e9a99.js
How can I configure it to work?
You should pass the whole domain, not only the path. Take a look at the official Nginx config to have an idea how this might look like.
upstream harbor {
server harbor_proxy_ip:8080;
}
server {
listen 443 ssl;
server_name harbor.mycomp.com;
ssl_certificate /etc/nginx/conf.d/mycomp.com.crt;
ssl_certificate_key /etc/nginx/conf.d/mycomp.com.key;
client_max_body_size 0;
chunked_transfer_encoding on;
location / {
proxy_pass http://harbor/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
}
Note that you should disable proxy or buffering

Nginx Problem: Nginx adds comma and duplicate the url

I've just deployed a flask application with Gunicorn and Nginx. The application is running under 192.168.25.49 address. Nginx configured as following:
server {
listen 80;
server_name 192.168.25.49;
location / {
include proxy_params;
proxy_redirect off;
proxy_set_header host $host;
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-forward-for $proxy_add_x_forwarded_for;
proxy_pass http://unix:/home/avin/Saba/saba.sock;
}
}
The problem is: When I enter 192.168.25.49 in the address bar, it automatically changes to http://192.168.25.49,192.168.25.49/login. This problem occurs on login and logout too.
I've searched whole the internet but nothing found for this problem. If anyone with Nginx knowledge help me will appreciate.

NGINX Proxy Pass

I have a main server running NGINX and a second server running Apache/cPanel.
What we are trying to do is keep our micro sites seperate from the main server. The micro sites are mainly Wordpress
The issue that I am running into is that we want them to have the domain format of http://example.com/path.
However it has come to my attention that using the following proxy_pass below it does not work for more then one site.
It also has been recommended to me that the microsites get turned into subdomains on the second server to ease the proxy_pass confusion - path.example.com
I then run into the issue of how do I get http://example.com/path to mirror path.example.com and work like http://example.com/path
Currently it semi works by using the below however /private just loads /blog
Config:
location /blog/ {
include proxy-pass-settings.conf;
proxy_pass http://blogging.example.com/;
}
location /private/ {
include proxy-pass-settings.conf;
proxy_pass http://blogging.example.com/;
Proxy Config:
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
Try this:
location ^~ /blog/ {
include proxy-pass-settings.conf;
proxy_pass http://blogging.example.com;
}
location ^~ /private/ {
include proxy-pass-settings.conf;
proxy_pass http://blogging.example.com;
}
If proxy_pass is specified without a URI, the request URI is passed to the server in the same form as sent by a client when the original request is processed, or the full normalized request URI is passed when processing the changed UR.
Source: http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass

nginx location directive : authentication happening in wrong location block?

I'm flummoxed.
I have a server that is primarily running couchdb over ssl (using nginx to proxy the ssl connection) but also has to serve some apache stuff.
Basically I want everything that DOESN'T start /www to be sent to the couchdb backend. If a url DOES start /www then it should be mapped to the local apache server on port 8080.
My config below works with the exception that I'm getting prompted for authentication on the /www paths as well. I'm a bit more used to configuring Apache than nginx, so I suspect I'm mis-understanding something, but if anyone can see what is wrong from my configuration (below) I'd be most grateful.
To clarify my use scenario;
https://my-domain.com/www/script.cgi should be proxied to
http://localhost:8080/script.cgi
https://my-domain.com/anythingelse should be proxied to
http://localhost:5984/anythingelse
ONLY the second should require authentication. It is the authentication issue that is causing problems - as I mentioned, I am being challenged on https://my-domain.com/www/anything as well :-(
Here's the config, thanks for any insight.
server {
listen 443;
ssl on;
# Any url starting /www needs to be mapped to the root
# of the back end application server on 8080
location ^~ /www/ {
proxy_pass http://localhost:8080/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# Everything else has to be sent to the couchdb server running on
# port 5984 and for security, this is protected with auth_basic
# authentication.
location / {
auth_basic "Restricted";
auth_basic_user_file /path-to-passwords;
proxy_pass http://localhost:5984;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Ssl on;
}
}
Maxim helpfully answered this for me by mentioning that browsers accessing the favicon would trigger this behaviour and that the config was correct in other respects.