I have the issue with my Nginx configuration, I can't set my server_name.
I tried to build my docker container with Nginx configuration inside.
Body of my Dockerfile.
FROM nginx
RUN rm -rf /etc/nginx/conf.d/*
RUN mkdir /etc/nginx/ssl
RUN chown -R root:root /etc/nginx/ssl
RUN chmod -R 600 /etc/nginx/ssl
COPY etc/ssl/certs/qwobbleprod.crt /etc/nginx/ssl
COPY etc/ssl/certs/app.qwobble.com.key /etc/nginx/ssl
COPY nginx/default.conf /etc/nginx/conf.d/
COPY dist /usr/share/nginx/html
EXPOSE 443
and my Nginx configuration file ->
server {
listen 443 ssl default_server;
root /usr/share/nginx/html;
server_name blabla.com www.blabla.com;
access_log /var/log/nginx/nginx.access.log;
error_log /var/log/nginx/nginx.error.log;
ssl on;
ssl_certificate /etc/nginx/ssl/blabla.crt;
ssl_certificate_key /etc/nginx/ssl/blabla.com.key;
sendfile on;
location / {
try_files $uri /index.html =404;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|html)$ {
expires max;
log_not_found off;
}
}
I tried to build and run my docker container
docker build -t <name> .
docker run -it -p 443:443 <name>
As the result, I have my app on https://localhost:443
but I haven't access to my app through https://blabla.com:443 or https://www.blabla.com:443
I'm a newbie in working with Docker and Nginx, and I have no idea what is wrong.
I will be grateful for any help!
In this case I would expect that you actually need the blabla.com domain and that the dns (Domain Name Service) should point to your external IP address.
You must then configure the router to accept connections on port 443 (what you desire) and point (port forwarding) it to the computer running your docker image on the port that it is actually running on.
It might also be necessary to open firewall settings on the computer docker is running on.
I see you also want to listen to https so you might need some certificates for that.
or if you want to fake it you can edit your hosts file (on mac or linux /etc/hosts) and add an entry like:
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
127.0.0.1 blabla.com
but now blabla.com will only work on your machine...
Hope it helps
I currently have Apache configured and serving content over port 80 and 443.
I wish to serve content over port 8000 using NGINX. I've followed this guide.
in /etc/nginx/sites-available/default I changed
server {
listen 80 default_server;
....
to
server {
listen 8000 default_server;
....
According to the guide, this show allow me to access both
http://my_ip_or_domain:8000
http://my_ip_or_domain:80
at the same time. However, I can access it via port 80, but going over port 8000 returns a ERR_CONNECTION_TIMED_OUT. There's no output in /var/log/nginx/error.log. How can I access it using port 8000?
You have to open the specified port
$ sudo ufw allow 8000
This command would open the 8000 port
This is my setup:
Got a domain : domain.com .
Within my local network I got DNS provided by an active directory box,
an IIS web server running on port 80, host name iis.domain.com,
and this has sites iis1.domain.com, iis2.domain.com
an Apache web server running on port 80, host name apache.domain.com,
with the sites apache1.domain.com and apache2.domain.com.
Within my local network I can access all these sites just fine.
I also have external dns entries for iis1,iis2,apache1 and apache2.
I only have one public IP address and I would like to setup another box which would get port forwarded into the internet ( port forward port 80 and 443 ).
I would like to know what to install on that box and how to configure it.
I have looked at nginx, haproxy and IIS ARR, but I would like to know which of these are the easiest to setup and have the least overhead.
In my mind I would like to specify something like.... ok if it's a request for site iis1.domain.com then take that one to the IIS web server, and if it is for apache1.domain.com then go to the Apache web server.
I would like to go with a Linux solution, but I am not sure which and how to set it up.
Thank you in advance.
P.S.
I saw a possible solution here.
Would something like this work ?
server {
listen 80 default_server;
server_name iis1.domain.com;
location / {
proxy_pass http://iis1.domain.com/;
}
}
server {
listen 80 default_server;
server_name apache1.domain.com;
location / {
proxy_pass http://apache1.domain.com/;
}
}
I would go with haproxy (easiest in my opinion)
just be very careful with your External vs Internal DNS.
the example you have in your question forwards to a dns....which points back to the proxy(external)....which points to the dns...i think you get my meaning.
HAProxy would point to your backends IP address so both internal and external DNS would point to your proxy and get routed fine to its intended backend
the HAProxy config would look something like this :
global
# default globals
defaults
# default globals
frontend http-in
bind YOUR.IP.GOES.HERE:80
bind YOUR.IP.GOES.HERE:443 ssl crt PATH/TO/CERT-FILE.PEM no-sslv3
mode http
option httplog
option httpclose
option forwardfor
acl iis1 hdr(Host) -i iis1.domain.com
acl iis2 hdr(Host) -i iis2.domain.com
acl apache1 hdr(Host) -i apache1.domain.com
acl apache2 hdr(Host) -i apache2.domain.com
use_backend iis if iis1
use_backend iis if iis2
use_backend apache if apache1
use_backend apache if apache2
backend iis
server IIS xxx.xxx.xxx.xxx:80 check
backend apache
server APACHE xxx.xxx.xxx.yyy:80 check
I managed to actually get this to work by installing a linux box with nginx. Port 80 from this box is forwarded into the internet.
In /etc/nginx I added a line to look for other config files -> include /etc/nginx/sites-enabled/*.conf; .
So in /etc/nginx/sites-enabled/ I created one config file, with this info:
server {
listen 80;
server_name apache1.domain.com;
location /{
proxy_pass http://apache1.domain.com;
}
}
server {
listen 80;
server_name apache2.domain.com;
location /{
proxy_pass http://apache2.domain.com;
}
}
server {
listen 80;
server_name iis1.domain.com;
location /{
proxy_pass http://iis1.domain.com;
}
}
server {
listen 80;
server_name iis2.domain.com;
location /{
proxy_pass http://iis2.domain.com;
}
}
I was using virtual box and have had httpd installed on it, the network was configured as 'nat' and I forward port 8080 of Host Machine to port 80 of Virtual Machine.
Then I tried to access the Website hosted on the virtual machine via curl localhost:8080 -vv, but I got Empty reply from server, instead if I use curl 127.0.0.1:8080 -vv then everything is ok, why would it be like this ?
I recently installed an SSL certificate on my Amazon EC2 Ubuntu 12.04(32bit) server running Apache 2.
When I attempt to access my site via https, it does not load. When I perform an nmap scan, i see that port 443 is not open.
I tried to open port 443 in my ip tables to no avail. iptables -L yeilds
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:https
Here's how I installed ssl
I modified /etc/init.d/apache2.conf to include ssl.conf and modified ssl.conf to include the requisite
paths of my certificate files, ie
SSLCertificateFile /path/file
SSLCertificateKeyFile /path/file
SSLCertificateChainFile /path/file
I configured my security group to allow inbound requests from port 443 (TCP source:0.0.0.0/0)
When I perform the following test with php
if (!extension_loaded('openssl'))
{
echo "not loaded";
}
else
{
echo "loaded" ;
}
I get "loaded".
Any ideas?
In httpd-ssl.conf, do you have
Listen 443
If not, try adding that, and restarting apache.
First check if mod_ssl is enabled. If not, enable it by running a2enmod ssl. Then check if Apache is listening on port 443 for https. Then check if the firewall is not blocking port 443.
If anyone else finds this and is using Amazon Lightsail (like me), you have to use their web UI to explicitly open port 443.
I spent hours pouring over my server config files before I discovered that :/
In httpd.conf the following is disabled by default:
# Secure (SSL/TLS) connections
# Include conf/extra/httpd-ssl.conf
Simply remove the # from the Include and restart Apache.
If you can connect locally (e.g. with telnet localhost 443 as mti suggests), check if the firewall is configured properly.
In my case, ufw was blocking everything, so I had to ufw allow 443 which fixed the underlying problem to the same symptom.
I just ran into a situation where there was a process listening on port 443, the firewall was completely open, SELinux was disabled, and I still couldn't telnet to port 443. Not even from the localhost. I kept getting:
telnet 127.0.0.1 443
telnet: connect to address 127.0.0.1: Connection refused`
It turns out the iptables NAT table had some rules redirect traffic coming in on port 443 to a different port (8443). Nothing was listening on port 8443.
# iptables --table nat --list
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere anywhere tcp dpt:https redir ports 8443
Removing the relevant NAT entries fixed the problem for me.
For me it's the stupid Chrome cache. Ctrl + Shift + Del to clear the cache, restart Chrome, and SSL is correctly working now.
If the SSL keys are not set (or were inexplicably commented out by gremlins), Apache 2.2 SSL will silently fail. There will be no error in the log, and it will not be listening to 443. The http:80 sites will work.
First, Check processes on port "80" and "443" sudo netstat -peanut | grep ':80' and *sudo netstat -peanut | grep ':443'* .If 443 is has no process then this would help:
Editing the Apache configuration file to serve the cert works well.
Use the command sudo certbot --apache
You are good
Sometimes an iptables -F works. I had the port 443 open for inbound in Amazon, but still the site was not opening in my browser.
Logged on to the site, gave an iptables -F and immediately the site was accessible.