I keep getting ERR_CONNECTION_REFUSED
worker_processes 4;
events { worker_connections 1024; }
http {
sendfile off;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
server {
listen 80;
listen [::]:80;
# server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
add_header Allow "GET, HEAD" always;
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
if ( $request_method !~ ^(GET|HEAD)$ ) {
return 405;
}
return 200;
}
}
it successfully redirects me from http:localhost to https:localhost, but all I see is this immediately:
Does anyone know why this is happening? is it my certs?
I am just using localhost right now, so it probably isn't firewall thing. Unfortunately, nothing shows up in the access or error logs which is frankly pretty sorry.
The simple answer was I was using docker, and I needed to open up port 80 AND port 443:
docker run -d -p 80:80 -p 443:443 "$my_image"
Related
I have this setup of NGINX as a reverse proxy.
server {
listen 443 ssl;
server_name site1.example.com;
ssl_certificate /home/efwm/efwmsw/certificate/example.com.cer;
ssl_certificate_key /certificate/example.com.key;
location / {
proxy_pass http://127.0.0.1:8010;
}
}
server {
listen 443 ssl;
server_name site2.example.com;
ssl_certificate /certificate/example.com.cer;
ssl_certificate_key /certificate/example.com.key;
location / {
proxy_pass http://127.0.0.1:8020;
}
}
server {
listen 443 ssl;
server_name site3.example.com;
ssl_certificate /certificate/example.com.cer;
ssl_certificate_key /certificate/example.com.key;
location / {
proxy_pass http://192.168.1.50:8000;
}
}
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
For first two servers everything works fine but requests to third server get:ERR_CONNECTION_REFUSED.
I add that the first two services are contained in docker on the same server where NGINX runs, while the third is an autonomous server. Nothing is written in the error log. Of course I tried calling the exposed service on the third server and it works. Any suggestion is welcome. Thank you
I've been struggling to figure it all out, but I finally have something working with the following:
nginx:
server {
server_name example.com;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/example/example;
}
location / {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
include proxy_params;
proxy_pass http://unix:/tmp/daphne.sock;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name example.com;
return 404; # managed by Certbot
}
daphne.service:
[Unit]
Description=daphne daemon
After=network.target
[Service]
User=example
Group=www-data
WorkingDirectory=/home/example/example
StandardOutput=file:/var/example.log
StandardError=file:/var/example.log
ExecStart=/home/example/example/venv/bin/daphne \
-u /tmp/daphne.sock \
project.asgi:application
[Install]
WantedBy=multi-user.target
I'm constrained to using https. The page does load with that. However, if I try and make a websocket connection it fails with something about mixed protocols. So I change 'ws://' to 'wss://' and now I get The URL 'wss://' is invalid. How can I get this to work?
The problem was quite simple to resolve. In my JavaScript I had
new WebSocket(
window.location.protocol == 'https:' ? 'wss://' : 'ws://'
+ window.location.host
+ '/ws/'
);
when I should have had
new WebSocket(
(window.location.protocol == 'https:' ? 'wss://' : 'ws://')
+ window.location.host
+ '/ws/'
);
Note the parentheses.
Trying to use Nginx as a reverse proxy here. This is what I want to achieve:
Redirect example.com and www.example.com to https://example.com.
Proxy the request to another port.
This is the flow: example.com -> Nginx -> Go web server listening on port 5000
It seems that the rewriting is working properly, cause in the browser I get https://example.com, however I am getting this error in the browser:
ERR_TOO_MANY_REDIRECTS
If it matters, my DNS settings are as such:
# - A - 11.XX.XX.XX
www - A - 11.XX.XX.XX
Here is my /etc/nginx/nginx.conf file:
events {
worker_connections 1024;
}
http {
server {
listen 80;
listen [::]:80;
server_name www.example.com example.com;
rewrite ^(.*)$ https://example.com$request_uri permanent;
location / {
proxy_pass http://127.0.0.1:5000;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name www.example.com example.com;
ssl_certificate "/etc/letsencrypt/live/example.com/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/example.com/privkey.pem";
rewrite ^(.*)$ https://example.com$request_uri permanent;
location / {
proxy_pass http://127.0.0.1:5000;
}
}
}
Any help would be appreciated. Networking noob here.
In this server block, just redirect to HTTPS block, no need a location block here:
server {
listen 80;
listen [::]:80;
server_name www.example.com example.com;
return 301 https://example.com$request_uri;
}
No need to add the redirection 443 block as it is already redirected from 80 block. So try the following configuration:
events {
worker_connections 1024;
}
http {
server {
listen 80;
listen [::]:80;
server_name www.example.com example.com;
return 301 https://example.com$request_uri;
location / {
proxy_pass http://127.0.0.1:5000;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name www.example.com example.com;
ssl_certificate "/etc/letsencrypt/live/example.com/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/example.com/privkey.pem";
location / {
proxy_pass http://127.0.0.1:5000;
}
}
}
The other two answers were very helpful in fixing the answer to this question (Redirect loop). There was another bug however, which is that the www was showing up every time even though I redirected to non-www https version.
Here is the updated config that does the following:
Turn www to non-www
Turn http to https
events {
worker_connections 1024;
}
http {
server {
listen 80;
listen [::]:80;
server_name www.example.com example.com;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name www.example.com;
ssl_certificate "/etc/letsencrypt/live/example.com-0001/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/example.com-0001/privkey.pem";
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name example.com;
ssl_certificate "/etc/letsencrypt/live/example.com-0001/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/example.com-0001/privkey.pem";
location / {
proxy_pass http://127.0.0.1:5000;
}
}
}
My website always open in path localhost, but my server_name have other domen name. How i can fix it ?
My configuration
https://i.stack.imgur.com/MXm5k.jpg
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
server {
listen 80;
server_name mydomain;
#charset koi8-r;
access_log logs/host.access.log;
location / {
proxy_pass http://127.0.0.1:3037;
}
}
}
Change your config to below
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
server {
listen 80 default_server;
return 403;
}
server {
listen 80;
server_name mydomain;
#charset koi8-r;
access_log logs/host.access.log;
location / {
proxy_pass http://127.0.0.1:3037;
}
}
}
First server block is the default server nginx will serve the request from if no virtual host matches. So you need to have 2 blocks in case you only want specific server_name to be allowed and rest all to be denied
For testing and accepting doing a "catch-all", you can use server_name _
From: http://nginx.org/en/docs/http/server_names.html
In catch-all server examples the strange name “_” can be seen:
server {
listen 80 default_server;
server_name _;
return 444;
}
If you are using Ubuntu you also have to define in /etc/hosts your server name for you local ip:
127.0.0.1 mydomain www.mydomain.com mydomain.com
You have to match your custom domain name to your machine's local IP address.
This can be done using the default 127.0.0.1 or by typing the command, "ip addr" in your Ubuntu terminal. this command will list out two IP addresses offered by you machine.
You can match any of the IP addresses to your custom domain in the "/etc/hosts" file.
solution:
add bad urls to "/etc/hosts"
like this:
enter image description here
I'm very new to nginx, trying to add SSL on my website with the magnificent letsencrypt, helped with this tutorial
I have my file: /etc/nginx/sites-available/staging.example.com.conf, which contains:
server {
listen 443 ssl;
server_name staging.example.com;
ssl_certificate /etc/letsencrypt/live/staging.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/staging.example.com/privkey.pem;
access_log /var/log/nginx/staging.example.com.access.log;
error_log /var/log/nginx/staging.example.com.error.log;
location ~ \.(css|js|gif|jpg|png|html|svg|gz|ttf|otf|eot|woff|ico)$ {
root /vagrant/www/current/public;
expires 10d;
gzip_static on;
gzip_vary on;
}
error_page 502 /502.html;
}
server {
listen 80;
server_name staging.example.com;
return 301 https://$host$request_uri;
}
In /vagrant/www/current/public, I have test.html.
If I cURL http://staging.example.com/test.html, I get:
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.9.3</center>
</body>
</html>
But if I cURL https://staging.example.com/test.html I get curl: (7) Failed to connect to staging.mojjo.fr port 443: Connection timed out
Can't find any log or something (/var/log/nginx/staging.example.com.error.log doesn't contain anything). Any idea where I could find relevant information?
It feels like the port 80 rule works, but the listen 443 ssl won't.
Using nginx version: nginx/1.9.3
Can someone help? Thanks
Probably your port 443 isn't open. You can use single server definition for both HTTP and HTTPS:
server {
listen 80;
listen 443 ssl;
...
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
}