Why nginx keep on directing without instructions?
I followed this guide to redirect port 80 to 3000:
server {
listen 80;
server_name example.co.uk www.example.co.uk;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:3000;
}
}
It worked fine. Then I tried to roll back as before, and it just keeps on redirecting to https!
I even have removed nginx, but the browser is still redirecting to https! Why? What have done wrong? How can I fix it?
Any ideas?
This was the config before I tried on the redirect thingy:
server {
listen 80;
server_name example.co.uk www.example.co.uk;
return 301 https://$host$request_uri;
}
server {
# listen 80;
listen 433 ssl;
server_name example.co.uk www.example.co.uk;
ssl on;
ssl_certificate /etc/letsencrypt/live/example.co.uk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.co.uk/privkey.pem;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
location ~ /.well-known {
allow all;
}
the HTTPS was working fine to before that.
EDIT:
I have re-installed nginx and tested it with nginx -t:
$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Related
I tried to configure a Websocket proxy on my Nginx server, but unfortunately, I don't get it working. I have read various forms but cannot get out of it. I think it has something to do between the client connection to the server. Local om my pc is everything working fine
client code:
var port = new osc.WebSocketPort({
url: "wss://circusfamilyprojects.nl/"
});
server code:
var wss = new WebSocket.Server({
port: 8083
});
This is my configuration in Nginx
# custom code for hop by hop headers
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
#custom code for connection with websocket this is the port on the server
upstream websocket {
server 178.62.209.37:8083;
}
server {
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/circusfamilyprojects.nl/fullchain.pem; # managed by Cert$
ssl_certificate_key /etc/letsencrypt/live/circusfamilyprojects.nl/privkey.pem; # managed by Ce$
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
root /var/www/html/vue/cfdomotica/server/public;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name circusfamilyprojects.nl www.circusfmailyprojects.nl; # managed by Certbot
location / {
proxy_pass http://websocket;
proxy_set_header HOST $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass_request_headers on;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
server {
if ($host = www.circusfamilyprojects.nl) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = circusfamilyprojects.nl) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 8080 ;
listen [::]:8080 ;
server_name circusfamilyprojects.nl;
return 404; # managed by Certbot
}
In my browser I get the message "Status Code: 426 Upgrade Required" I hope someone can help me, thanks in advance!
I solved it my self by separating a server block for port 443 and a server block for the WebSocket client. I did the server block for the client on port 8086.
I have an out-of-the-box devpi-server running on http://
I need to get it to work on https:// instead.
I already have the certificates for the domain.
I followed the documentation for nginx-site-config, and created the /etc/nginx/conf.d/domain.conf file that has the server{} block that points to my certificates (excerpt below).
However, my devpi-server --start --init is totally ignoring any/all nginx configurations.
How do i point the devpi-server to use the nginx configurations? Is it even possible, or am I totally missing the point?
/etc/nginx/conf.d/domain.conf file contents:
server {
server_name localhost $hostname "";
listen 8081 ssl default_server;
listen [::]:8081 ssl default_server;
server_name domain;
ssl_certificate /root/certs/domain/domain.crt;
ssl_certificate_key /root/certs/domain/domain.key;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
gzip on;
gzip_min_length 2000;
gzip_proxied any;
gzip_types application/json;
proxy_read_timeout 60s;
client_max_body_size 64M;
# set to where your devpi-server state is on the filesystem
root /root/.devpi/server;
# try serving static files directly
location ~ /\+f/ {
# workaround to pass non-GET/HEAD requests through to the named location below
error_page 418 = #proxy_to_app;
if ($request_method !~ (GET)|(HEAD)) {
return 418;
}
expires max;
try_files /+files$uri #proxy_to_app;
}
# try serving docs directly
location ~ /\+doc/ {
try_files $uri #proxy_to_app;
}
location / {
# workaround to pass all requests to / through to the named location below
error_page 418 = #proxy_to_app;
return 418;
}
location #proxy_to_app {
proxy_pass https://localhost:8081;
proxy_set_header X-outside-url $scheme://$host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
}
}
This is the answer I gave to the same question on superuser.
Devpi doesn't know anything about Nginx, it will just serve HTTP traffic. When we want to interact with a web-app via HTTPS instead, we as the client need to talk to a front-end which can handle it (Nginx) which will in turn communicate with our web-app. This application of Nginx is known as a reverse proxy. As a reverse proxy we can also benefit from Nginx's ability to serve static files more efficiently than getting our web-app to do it itself (hence the "try serving..." location blocks).
Here is a complete working Nginx config that I use for devpi. Note that this is /etc/nginx/nginx.conf file rather than a domain config like yours because I'm running Nginx and Devpi in docker with compose but you should be able to pull out what you need:
worker_processes 1;
events {
worker_connections 1024;
}
http {
# Define the location for devpi
upstream pypi-backend {
server localhost:8080;
}
# Redirect HTTP to HTTPS
server {
listen 80;
listen [::]:80;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name example.co.uk; # This is the accessing address eg. https://example.co.uk
root /devpi/server; # This is where your devpi server directory is
gzip on;
gzip_min_length 2000;
gzip_proxied any;
proxy_read_timeout 60s;
client_max_body_size 64M;
ssl_certificate /etc/nginx/certs/cert.crt; Path to certificate
ssl_certificate_key /etc/nginx/certs/cert.key; Path to certificate key
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/pypi.access.log;
# try serving static files directly
location ~ /\+f/ {
error_page 418 = #pypi_backend;
if ($request_method !~ (GET)|(HEAD)) {
return 418;
}
expires max;
try_files /+files$uri #pypi_backend;
}
# try serving docs directly
location ~ /\+doc/ {
try_files $uri #pypi_backend;
}
location / {
error_page 418 = #pypi_backend;
return 418;
}
location #pypi_backend {
proxy_pass http://pypi-backend; # Using the upstream definition
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-outside-url $scheme://$host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
}
With Nginx using this configuration and devpi running on http://localhost:8080, you should be able to access https://localhost or with your machine with appropriate DNS https://example.co.uk. A request will be:
client (HTTPS) > Nginx (HTTP) > devpi (HTTP) > Nginx (HTTPS) > client
This also means that you will need to make sure that Nginx is running yourself, as devpi start won't know any better. You should at the very least see an Nginx welcome page.
I have been struggling with my Nginx server's .conf file. I am getting a redirection loop error while trying to redirect these urls :
http://example.com
http://www.example.com
https://www.example.com
http://11.111.11.11
https://11.111.11.11
to : https://example.com
So what I am trying to do is to redirect every non-ssl url, www prefixed url and my server's ip address to my domain name.
Here is my code :
# redirect ip to domain name
server {
listen 80;
listen 443 ssl;
server_name 11.111.11.11; #server_ip
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
return 301 $scheme://mydomain.com$request_uri;
}
# HTTP — redirect all traffic to HTTPS
server {
listen 80;
listen 443 ssl;
server_name www.mydomain.com;
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
return 301 $scheme://mydomain.com$request_uri;
}
# HTTPS — proxy all requests to the Node app
server {
# Enable HTTP/2
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mydomain.com;
# Use the Let’s Encrypt certificates
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
# Include the SSL configuration from cipherli.st
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:5000/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
Ok, I searched the web a little these last few days and it seems that the solution below works :
# HTTP — redirect all traffic to HTTPS
server {
listen 80;
listen [::]:80 default_server ipv6only=on;
server_name www.example.com 00.000.00.00; # www and your ip address
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
return 301 https://example.com$request_uri;
}
# HTTPS — proxy all requests to the Node app
server {
# Enable HTTP/2
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
# Use the Let’s Encrypt certificates
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# Include the SSL configuration from cipherli.st
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:5000/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
To document this a bit more, I was trying to proxy the nginx server to a nodejs server on port 5000. Also, I used this tutorial to setup the server and the conf file : https://code.lengstorf.com/deploy-nodejs-ssl-digitalocean/#enable-nginx
Hope this will help someone.
I've followed the instructions from here on setting up nginx to redirect all non-www requests into www but I keep getting ERR_TOO_MANY_REDIRECTS in my browser when I try to hit any page.
My goal is twofold:
All requests that don't have www should be redirected to www
All requests that aren't HTTPS should be redirected to HTTPS
My nginx config looks like this:
upstream mywebsite_proxy {
server unix:/home/deploy/mywebsite/tmp/sockets/puma.sock;
}
server {
listen 80;
listen [::]:80;
listen 443 default_server ssl;
server_name www.mywebsite.com;
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
location / {
proxy_pass http://mywebsite_proxy;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ ^/(robots.txt|sitemap.xml.gz)/ {
root /home/deploy/mywebsite/public;
}
}
Notice that there isn't any reference to SSL certificates. I'm using Cloudflare with SSL enabled and HTTPS seemed to just work right out the gate when my config looked like the one below. The non-www to www and non http to https redirects obviously didn't work though...
upstream mywebsite_proxy {
server unix:/home/deploy/mywebsite/tmp/sockets/puma.sock;
}
server {
listen 80;
listen 443;
server_name www.mywebsite.com mywebsite.com;
root /home/deploy/mywebsite/public;
location / {
proxy_pass http://mywebsite_proxy;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ ^/(robots.txt|sitemap.xml.gz)/ {
root /home/deploy/mywebsite/public;
}
}
In my opinion you do not need the if part in:
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
The redirect should look like this:
return 301 https://$server_name$request_uri;
Use 301 if you want to do a permanent redirect, which will be stored in the cache of your browser or 302 if you do not want it to be permanent. Furthermore, you can remove the www. part in the server_name and use return 301 https://www.$server_name$request_uri;
I did some thing similar in one of my previous project, here are the steps:
Left default config 'nginx.conf' as it is.
modified /etc/nginx/sites-available/default
(Gist: https://gist.github.com/faizulhaque-tp/db576dc6f22c820a0e23f7a6e1c8b740)
Apart from non-www to www, above configuration works.
I have an nginx setup like this:
/etc/nginx/sites-available/default-ssl.conf:
server {
listen 443 ssl;
server_name my.server.name;
ssl_certificate /etc/letsencrypt/live/my.server.name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my.server.name/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
# root /usr/share/nginx/html;
root /var/www/html;
index index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
location /proxiedhost/ {
rewrite ^/proxiedhost(/.*)$ $1 break;
proxy_pass http://127.0.0.1:6080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
}
<<<< A couple more of these blocks >>>>
}
server {
listen 80;
server_name origin.ticktockhouse.co.uk;
return 301 https://$host$request_uri;
}
/etc/nginx/sites-available/aptrepo.conf:
server {
listen 80; ## listen for ipv4; this line is default and implied
root /home/aptrepo/;
index index.html index.htm;
server_name aptrepo.server.name;
}
My problem is that when I browse to http://aptrepo.server.name, it automatically redirects to https://aptrepo.server.name, which I don't have a letsencrypt cert for. Of course, I could get one, but I don't particularly need it, and would like to get to the bottom of why this is happening.
I'm willing to believe it's the server block in the default-ssl.conf, but I'm confused as to why the other server block isn't something completely separate. I've looked around for an explanation, but unfortunately most articles/questions are around how to get https to redirect to http - obviously a problem I've already solved!
Might be the case of nginx not selecting the correct server {} block.
For testing purposes only, try commenting out return 301 https://$host$request_uri; and see if this solves the problem on aptrepo.server.name