NginX Server block on GitLab is ignored - apache

I've installed GitLab on a virtual machine in Microsoft Azure in which I also have an Apache2 web server that should respond with some static websites.
Since GitLab has an embedded NGinX web server I thought that it would have been sufficient to just make these two changes:
Make apache listen to another port rather than 80 (I changed it to 8090)
Add a server block to GitLab's NGinX (firstly by adding this configuration to gitlab.rb nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/*.conf;" and then by creating the following block in /etc/nginx/conf.d/serverblock.conf)
server {
root /var/www/;
server_name .notgitlabdomain.com;
access_log /etc/nginx/logs/notgitlabdomain_access.log;
error_log /etc/nginx/logs/notgitlabdomain_error.log;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass 127.0.0.1:8090;
add_header X-Upstream $upstream_addr;
add_header NLC_S "s";
}
}
The problem is that this is not working so far. I opened and checked whether the nginx.conf (in /var/opt/gitlab/nginx/conf/) file is actually reading the server block I added and it is. But when I follow a link in my notgitlabdomain.com domain it redirects me to notgitlabdomain.com/users/sign_in with a Sass error that couldn't import a some css files.

Open develop tools and check the request.
I guess this issue is related about the configuration of gitlab (domain url)

Related

NGINX reverse proxy to ASP.NET Core web app 404 static files

Have a basic hello world ASP.NET Core web app with the only modifications being to program.cs -> removed httpsredirect and hsts so it's set up for http.
Published to an Ubuntu server under /var/www/hello_world with static files under /var/www/hello_world/wwwroot. The app sits behind a NGINX reverse proxy to the kestrel server listening on http://127.0.0.1:5000. Everything works fine for the main endpoint, but everything else (css|js|lib|.ico) returns a 404 unless I specify the static files directory in a separate location directive:
location ~* /(css|js|lib) { root /var/www/hello_world/wwwroot; }
I've tried setting up my nginx.conf in both an upstream configuration:
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
ssl_certificate /etc/ssl/certs/hello_world.pem;
ssl_certificate_key /etc/ssl/private/hello_world.key;
location / {
proxy_pass http://dotnet;
proxy_set_header Host $host;
}
}
upstream dotnet {
zone dotnet 64k;
server 127.0.0.1:5000;
}
and a straight-forward proxy_pass:
server {
listen 443 ssl;
server_name helloworld.com;
ssl_certificate /etc/ssl/certs/hello_world.pem;
ssl_certificate_key /etc/ssl/private/hello_world.key;
ssl_dhparam /etc/nginx/dhparam.pem;
location / {
proxy_pass http://127.0.0.1:5000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# returns 404 for static files unless I have this
location ~* /(css|js|lib|ico) {
root /var/www/hello_world/wwwroot;
}
}
I can see the shell info from dotnet that the directory structure is correct in the request that is getting passed to kestrel, but kestrel returns a 404 unless I add the location in the nginx.conf. Since none of the guides either from NGINX or Microsoft have this location block I'm assuming I configured something incorrectly. The way I assumed it would work is everything going to that server block with the location / would get passed to kestrel which the ASP.NET Core app would have the directory structure mapped and return the static files.
Any ideas?
For anyone else that runs into this, the issue was because I was running dotnet hello_world.dll
from an ssh shell in the /etc/nginx directory which in Linux makes it the working directory for that process and in turn, the content root path for the ASP.NET application. The fix is to run the dotnet hello_world.dll from the /var/www/hello_world directory or specify the working directory when making the service.
Thanks #marc_s for the edit. I'll remember to do better next question.

HTTP/HTTPS redirect problem with nginx and bitnamis dockerized osclass

I'm having a problem with a nginx configuration which I use as a reverse proxy for different containerized applications.
Basically Nginx is listening on port 80 and is redirecting every request to https. On different subdomains I'll then proxy pass to the port of the applications.
For example my gitlab config:
server {
listen 443 ssl; # managed by Certbot
server_name gitlab.foo.de www.gitlab.foo.de;
location /{
proxy_pass http://localhost:1080;
}
I'm redirecting to the gitlab http (not https) port. The systems nginx is taking care of SSL, I don't care if the traffic behind is encrypted or not.
This has been working for every app since yesterday.
I'd like to test https://github.com/bitnami/bitnami-docker-osclass for an honorary association. Same config as above but it is not working as intended.
Ressources are downloaded via https while the main page is getting a redirect to http.
Exmaple: https://osclass.foo.de --> redirect --> http://osclass.foo.de:1234/ (yes with the port in the domain which is very strange)
I don't get why? So I changed the config a little to:
server {
listen 443 ssl; # managed by Certbot
server_name osclass.foo.de www.osclass.foo.de;
location /{
proxy_pass http://localhost:1234;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Now the mainpage is loaded via https and I don't have the port in my domain anymore. But the whole page is broken because no ressources will be loaded due to
"mixed-content warning".
SEC7111: [Mixed-Content] Origin "https://osclass.foo.de" [...] "http://osclass.foo.de/oc-includes/osclass/assets/js/fineuploader/fineuploader.css"
Do I have a conflict with the integrated apache in the docker image or what am I doing wrong?
Any hints are appretiated!
Kind regards from Berlin!
I found a solution to fix the mixed content problem. I just edited the following line in
/opt/bitnami/osclass/config.php
# define('WEB_PATH', 'http://osclass.foo.de/');
define('WEB_PATH', 'https://osclass.foo.de/'); # with https

Unable to make NginX load balancing

I am new to the nginx config.
I am trying to do a load balancing example with nginx and wcf rest service in windows platform.
Here is what I have in my conf/nginx.conf file:-
upstream servers_customserver {
server 127.0.0.1:62133;
server 127.0.0.1:64897;
server 127.0.0.1:64921;
}
server {
listen 8070;
location /test {
proxy_pass http://servers_customserver/;
}
My motive is whenever, I try to enter a website name which contains "/test" then redirect to one of the urls in the
"servers_customserver".
Nginx is fine in localhost:8070.
But whenever I did localhost:8070/test, I am getting "404 Not Found nginx/1.12.0" in the browser. I am sure that my services are up.
Do, I need to work with my services in IIS or any webservers to make this to work?
Could some one guide me in solving this error.
Thanks.
Luckily,
After adding the following steps to the location block, the load balancing stuff works for me.
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host #server_name;
proxy_redirect off;
Thanks.

Hosting a JWT authentication app on my server

I followed following tutorial https://jonathanmh.com/express-passport-json-web-token-jwt-authentication-beginners/ for JWT authentication. The complete code is viewable at https://gist.github.com/JonathanMH/6bd82c0954fb8f21a837ce281da4265a .
On my local machine the app runs fine but I would like to be able to deploy it on a virtual private server running Ubuntu server with NGINX.
How should my configuration for NGINX look to get it working on the server? Currently it looks like I'm running into a CORS issue or something.
After a long search I was able to find a solution for this. I had to add the cors npm package to my app.js file .
Then I had to change the 'api' calls to use the public ip adress of the server (in the jwt-vanilla.js of the tutorial) and as I'm using a server that is based in an OpenStack environment I also had to allow the port 3000 in OpenStack. (more details on installing cors can be seen in following video ( https://egghead.io/lessons/angularjs-client-setup-for-jwt-authentication )
I used following nginx config:
server {
listen 80;
server_name yourdomain.com;
location /{
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:3000/;
}
}
So right now I'm running nginx and on the server in the location of the app.js (port 3000) I started 'node app.js', while in the public folder I started http-server ( npm install http-server -g) which runs on 8080.

Nginx as Reverse Proxy - Double Proxy Pass ? is this possible?

I have common problem anyone can encounter when you run nginx as a reverse proxy server for apache, i want to add double proxy_pass variables to the nginx conf. file but this doesn't seems to be allowed by nginx.
For example situations i have is
In my website i have chat engine runs by openfire, which runs on port 5280 with Jetty and i have set the apache proxy pass directive set as
ProxyPass /member-chat http://xyx.com:5280/http-bind
ProxyPassreverse /member-chat http://xyx.com:5280/http-bind
ProxyRequests Off
but i want to pass anything that comes to the "/member-chat" send directly to the chat-server rather than the apache, because then what apache would do is again proxy pass that to the openfire (member-chat), which takes more time and useless loading for apache.
when i add the nginx as the proxy server i want to add like this below but this didn't work, for some reason, it cant find the location gives me 404 error.
location / {
proxy_pass http://85.xxx.yyy.2x2:7080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location ~ ^/member-chat {
proxy_pass http://85.xxx.yyy.2x2:5280;
proxy_connect_timeout 300;
}
I believe you missed out on specifying the URI for the Jetty service. With your current configuration, the request that will land up on Jetty port would be:
http://85.xxx.yyy.2x2:5280/member-chat
This is as per the proxy_pass documentation.
If proxy_pass is specified without a URI, the request URI is passed to the server in the same form as sent by a client when the original request is processed, or the full normalized request URI is passed when processing the changed URI
I don't think that is what you expect looking at your Apache configuration for the same. Try configuring the URI for proxy_pass directive as you have done for Apache.
location ~ ^/member-chat {
proxy_pass http://85.xxx.yyy.2x2:5280/http-bind;
proxy_connect_timeout 300;
}