I have set up nginx to reverse proxy, but I am having a weird problem. If I browse to
http://www.example.com/
The website displays correctly. However, if I browse to
example.com
I am sent to a different site!
This is part of my nginx config file:
server {
listen 80;
server_name www.example.com;
location / {
proxy_pass http://localhost:8051;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
I got this to work, I think the problem is that browser cache.
Related
Now this might be a very simple issue but I can't seem to figure out how get SSL to work with Nginx. I will list what I have done so far:
Used certbot to create a fullchain.pem and privkey.pem file
Added the following code to /etc/nginx/conf.d/pubgstats.info
server {
listen 80;
server_name pubgstats.info www.pubgstats.info;
location '/.well-known/acme-challenge' {
root /srv/www/pubg-stats;
}
location / {
proxy_pass http://localhost:4200;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /secure {
auth_pam "Secure zone";
auth_pam_service_name "nginx";
}
}
server {
listen 443;
ssl on;
ssl_certificate /srv/www/pubg-stats/certs/fullchain.pem;
ssl_certificate_key /srv/www/pubg-stats/certs/privkey.pem;
server_name pubgstats.info www.pubgstats.info;
location / {
root /srv/www/pubg-stats/;
}
}
From what I understand, the configuration listens on port 80 and upgrades a HTTP request to HTTPS. The code was mostly taken from this article. I added the SSL part of the configuration as stated here. Now visiting the site over HTTP works. On HTTPS, the connection is reset. What am I missing in the configuration and what's the best way to configure SSL with Nginx in this case?
I don't understand why you didn't add this to /etc/nginx/nginx.conf, but the issue appears to be that you've declared multiple server blocks for the same server. In that case, nqinx will usually choose the first depending on different criteria.
With this configuration, nginx will use SSL by default. If that is not what you want, remove default_server. You don't need ssl on as that is now obsolete and replaced with the ssl parameter in the listen directive.
server {
listen 80;
listen 443 default_server ssl;
ssl_certificate /srv/www/pubg-stats/certs/fullchain.pem;
ssl_certificate_key /srv/www/pubg-stats/certs/privkey.pem;
server_name pubgstats.info www.pubgstats.info;
location '/.well-known/acme-challenge' {
root /srv/www/pubg-stats;
}
location / {
proxy_pass http://localhost:4200;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /secure {
auth_pam "Secure zone";
auth_pam_service_name "nginx";
}
}
I've needed to set up SSL on my server, and have been putting it off, I've now done it, and found it a lot simpler than expected, so for anyone else, here's the process I followed.
I have a dedicated server, and have downloaded a GeoTrust Certificate and Private Key (supplied by my host).
I have uploaded both of these to /etc/nginx/ssl/ (as root).
I added the following to my Nginx default.conf:
server {
server_name www.example.com;
listen 443;
ssl on;
ssl_certificate /etc/nginx/ssl/www.example.com_ssl_certificate.cer;
ssl_certificate_key /etc/nginx/ssl/www.example.com_private_key.key;
location / {
allow all;
# Proxy Headers
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Cluster-Client-Ip $remote_addr;
# The Important Websocket Bits!
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://examplecom;
}
}
I have opened up port 443 as follows:
firewall-cmd --permanent --zone=public --add-port=443/tcp
And added https service:
firewall-cmd --permanent --zone=public --add-service=https
I can now access the app over https at my domain.
The final issue is setting up the Phoenix web sockets over wss, I will edit this post and add that information as soon as I have it done.
HTH someone.
Centos 7
Nginx 1.10.1
you need to configure it in this way for using it with Nginx
server {
listen 80;
listen 443 ssl;
server_name www.example.com ;
ssl_certificate_key /etc/letsencrypt/live/api.domain.com/privkey.pem;
ssl_certificate /etc/letsencrypt/live/api.domain.com/fullchain.pem;
error_page 403 404 500 502 503 504 /critical_error.html;
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
access_log /var/log/nginx/exampleApi-access.log main;
error_log /var/log/nginx/exampleApi-error.log;
location / {
proxy_pass http://yourip:port;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
It will work for sure you should try this.
In our current architecture we have two apache front servers, in front of them, we have an nginx load balancer. And in front of that an nginx reverse proxy.
My problem is that i'm trying to run Apache Zeppelin through the reverse proxy, and i'm having some problems with the websockets.
I get an error like this : 400 HTTP method GET is not supported by this URL
And here is a screenshot of what the Chrome's Networks tab shows :
I add my reverse proxy config for Zeppelin:
error_log /var/log/nginx/nginx_error.log warn;
server {
listen 80;
server_name localhost;
location /zeppelin/ {
proxy_pass http://zeppelin:8080/;
proxy_http_version 1.1;
proxy_set_header Upgrade websocket;
proxy_set_header Connection upgrade;
}
# fallback
location / {
return 301 http://ci.blablalablab.com/app/;
}
}
Zeppelin is running inside a docker container, and i have exposes the 8080 port, its host name is : zeppelin.
If you have any questions on the architecture or so, don't hesitate to ask.
Thank you very much guys !
you can add to your reverse proxy configuration
location /ws { # For websocket support
proxy_pass http://zeppelin:8080/ws;
proxy_http_version 1.1;
proxy_set_header Upgrade websocket;
proxy_set_header Connection upgrade;
proxy_read_timeout 86400;
}
Reference: Zeppelin 0.7 auth docs
After a lot of digging around, i ended up with this configuration :
location /zeppelin/ {
proxy_pass http://zeppelin:8080/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_redirect off;
}
location /zeppelin/ws {
proxy_pass http://zeppelin:8080/ws;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
This is working pretty good, thank you everyone for your efforts ;)
I want to configure an node.js project using socket.io through nginx with ssl,But I failed,when I start it an error occours like this:
I spent a whole noon search and read documents but still can not figure out how to solve this..If anyone meet this problem before or have any idea about it please help me,thanks a lot.
This is my client side js code:
let socket = io.connect('//wechat.pageguy.tech/ws', {transports: ['websocket']});
This is nginx code:
server {
listen 443;
server_name wechat.pageguy.tech;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
#charset koi8-r;
#access_log /var/log/nginx/log/host.access.log main;
ssl on;
ssl_certificate /etc/ssl/private/pageguy.crt;
ssl_certificate_key /etc/ssl/private/pageguy.key.unsecure;
location / {
#root /usr/share/nginx/html;
#index index.html index.htm;
proxy_pass http://localhost:3335;
}
location /ws/ {
proxy_pass http://localhost:3005;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
}
}
My express port is 3335,my socket.io port is 3005.Everything were fine before I added ssl in the nginx configuration file.
Nobody help me 555, but I solved problems by myself.
in client side js code:
let socket = io.connect('https//wechat.pageguy.tech/', {transports: ['websocket']});
in nginx configure file:
location /socket.io/(not /ws/ because its default value)
I've been trying to run Ratchet.io over SSL (this problem: php ratchet websocket SSL connect?).
My webserver is running at myhost.mobi, and I have created a separate virtual host for websocket service "wws.myhost.mobi".
My web socket:
$webSock = new React\Socket\Server($loop);
$webSock->listen(8080, '0.0.0.0');
$webServer = new Ratchet\Server\IoServer(
new Ratchet\Http\HttpServer(
new Ratchet\WebSocket\WsServer(
new Ratchet\Wamp\WampServer(
$pusher
)
)
),
$webSock
);
My nginx config (I'm on nginx 1.5.8):
upstream websocketserver {
server localhost:8080;
}
server {
server_name wss.myapp.mobi;
listen 443;
ssl on;
ssl_certificate /etc/ssl/myapp-mobi-ssl.crt;
ssl_certificate_key /etc/ssl/myapp-mobi.key;
access_log /var/log/wss-access-ssl.log;
error_log /var/log/wss-error-ssl.log;
location / {
proxy_pass http://websocketserver;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_read_timeout 86400; # neccessary to avoid websocket timeout disconnect
proxy_redirect off;
}
}
My client-side script:
var conn = new ab.Session('wss://wss.myapp.mobi', function(o) {
// ...
}, function() {
console.warn('WebSocket connection closed');
}, {
skipSubprotocolCheck: true
});
So, when I load the page in Firefox, I see an outgoing connection to wss://wss.myapp.mobi:8080/, which is hanging (the spinner) and never completes or dies. I do not see any trace of request arriving on the backend in the logs.
What am I missing there?
Thanks!
EDIT I have realized that I should be connecting to wss://wss.myapp.mobi, but now I am getting "101 Switching Protocols" status.
EDIT 2 Everything is working now with the config above. "101 Switching Protocols" status turns out to be a normal message. PROBLEM SOLVED!
By checking question edit history, it is clear that, the configuration in the question was correct, temuri was trying to connect from client with port set in,
upstream websocketserver {
server localhost:8080;
}
but this code block tells Nginx there is a tcp server running on port 8080, represents it as websocketserver alias, but the running server is not accessible to public.
Check the below configuration,
server {
server_name wss.myapp.mobi;
listen 443;
ssl on;
ssl_certificate /etc/ssl/myapp-mobi-ssl.crt;
ssl_certificate_key /etc/ssl/myapp-mobi.key;
access_log /var/log/wss-access-ssl.log;
error_log /var/log/wss-error-ssl.log;
location / {
proxy_pass http://websocketserver;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_read_timeout 86400; # neccessary to avoid websocket timeout disconnect
proxy_redirect off;
}
}
this configuration binds the domain wss.myapp.mobi to port 443 enabling ssl and proxying the requests to the local websocket server via proxy_pass directive, rest directives are for connection upgrades handling.
So the websocket server can be accessed from browser client with
// connect through binded domain
// instead of wss.myapp.mobi:8080 which will not work
var url = 'wss://wss.myapp.mobi';