I am trying to transfer files between two devices (browsers) using WebRTC. I followed this GitHub repo to setup the signalmaster signaling-server, and it works fine. So, I put a simple index.html page in the same folder. But when I goto http://localhost:8888, it doesn't show the page. I then figure out that the Signaling server is not a webserver. So, I setup a webserver using Web server for chrome.
At this point I am confused about:
the need for signaling-server while having a webserver !! and
how I am going to use the signaling server if I am unable to load the webpage !!
in simple, why do I need the signaling-server for if I am already not using it ?! Also, how can I setup a signling-server and webserver together so that my page could load!
This gives a good overview of the role a signaling server plays with WebRTC:
https://www.html5rocks.com/en/tutorials/webrtc/infrastructure/
It's possible to use your current Webpage in combination with nodejs, php and nginx.
Nodejs and the signaling server are running in the background on port 8888 and with a reverse proxy you can call the webpage without a port in the url.
server {
listen 80 default;
server_name http://192.168.229.128;
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
location / {
proxy_pass http://localhost:8888;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~* \.io {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:8888;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
In this case, socket.io is used, but you can remove it, if you want.
Related
I am trying to deploy my app with vue.js as frontend and fastapi as backend. But I am having issue when deploy the app on the cloud. I have nginx configure like below.
I am binding backend to port 8080 and frontend to 8000. But with this configuration, I can only see my frontend page. The backend api is not respond. Can anyone show me how to fix it?
server {
listen 80;
server_name example.com;
charset utf-8;
root vis/dist;
index index.html index.htm;
location /api/ {
proxy_pass http://127.0.0.1:8000;
}
location / {
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_redirect off;
proxy_connect_timeout 90s;
proxy_read_timeout 90s;
proxy_send_timeout 90s;
}
error_log /var/log/nginx/vue-app-error.log;
access_log /var/log/nginx/vue-app-access.log;
}
This is the original nginx configuration I have here, working fine:
server {
listen 8080; # http
# Forward requests to our node app at port 8082
#
location /mui {
# Remove the '/mui' portion of the path (and any extraneous trailing slash)
rewrite ^/mui/?(.*)$ /$1; break;
proxy_pass http://localhost:8082;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location / {
# We also rewrite the Java servlet urls to move additional, 'RESTful' path elements
# to a url query parameter named '_path_suffix'
#
rewrite ^/(.*)$ /server?_path_suffix=$1; break;
proxy_pass http://localhost:8081;
proxy_redirect off;
}
}
I want to add basic authentication to everything - EXCEPT for one single page... /mui/river
If I include the basic authentication lines in the server block, and put the auth_basic off inside location /mui block, it works as expected for this configuration (it requires authentication for / but not for /mui):
server {
listen 8080; # http
auth_basic "Restricted Area";
auth_basic_user_file /etc/ngnix/.htpasswd;
# Forward requests to our node app at port 8082
#
location /mui {
# Remove the '/mui' portion of the path (and any extraneous trailing slash)
rewrite ^/mui/?(.*)$ /$1; break;
proxy_pass http://localhost:8082;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
auth_basic off;
}
location / {
# We also rewrite the Java servlet urls to move additional, 'RESTful' path elements
# to a url query parameter named '_path_suffix'
#
rewrite ^/(.*)$ /server?_path_suffix=$1; break;
proxy_pass http://localhost:8081;
proxy_redirect off;
}
}
Almost perfect. Next step would be to make it request authentication for everything inside /mui, except for page /mui/river.
That's where my problem is... I tried the following, and when I reach /mui/river it still requires authentication...
server {
listen 8080; # http
auth_basic "Restricted Area";
auth_basic_user_file /etc/ngnix/.htpasswd;
location = /mui/river {
rewrite ^/mui/?(.*)$ /$1; break;
proxy_pass http://localhost:8082;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
auth_basic off;
}
# Forward requests to our node app at port 8082
#
location /mui {
# Remove the '/mui' portion of the path (and any extraneous trailing slash)
rewrite ^/mui/?(.*)$ /$1; break;
proxy_pass http://localhost:8082;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location / {
# We also rewrite the Java servlet urls to move additional, 'RESTful' path elements
# to a url query parameter named '_path_suffix'
#
rewrite ^/(.*)$ /server?_path_suffix=$1; break;
proxy_pass http://localhost:8081;
proxy_redirect off;
}
}
How can I open access only for /mui/river?
Update:
This is my latest attempt, still not working - still blocking everything. Note that I also tried to change the rewrite line:
server {
listen 8080; # http
# Forward requests to our node app at port 8082
#
location = /mui/river {
rewrite ^/mui/river?(.*)$ /river$1; break;
auth_basic off;
proxy_pass http://localhost:8082;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /mui {
# Remove the '/mui' portion of the path (and any extraneous trailing slash)
rewrite ^/mui/?(.*)$ /$1; break;
proxy_pass http://localhost:8082;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
auth_basic "Restricted Area";
auth_basic_user_file /etc/ngnix/.htpasswd;
}
location / {
# The Java servlet is always assumed to be named 'server', so add that to the path.
#
# We also rewrite the Java servlet urls to move additional, 'RESTful' path elements
# to a url query parameter named '_path_suffix'
#
rewrite ^/(.*)$ /server?_path_suffix=$1; break;
proxy_pass http://localhost:8081;
proxy_redirect off;
auth_basic "Restricted Area";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}
Right now your basic auth is set at the server level (inside the server {...} block), so it will apply to all location blocks.
If you want to protect everything except /mui/river, move the following 2 lines inside the location /mui {...} and location / {...} you wish to protect:
auth_basic "Restricted Area";
auth_basic_user_file /etc/ngnix/.htpasswd;
https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
I have set up nginx to reverse proxy, but I am having a weird problem. If I browse to
http://www.example.com/
The website displays correctly. However, if I browse to
example.com
I am sent to a different site!
This is part of my nginx config file:
server {
listen 80;
server_name www.example.com;
location / {
proxy_pass http://localhost:8051;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
I got this to work, I think the problem is that browser cache.
I followed this tutorial to set up a secure version of Nifi registry: https://community.hortonworks.com/content/kbentry/170966/setting-up-a-secure-apache-nifi-registry.html
I am working on an ubuntu server. I do not have the possibility to generate the keychain and to access the graphical interface of nifi I use google chrome on my local machine (windows10). So I imported the p12 file in my browser. My nginx configuration file is as follows:
upstream container {
server 172.0.0.2:9000;
}
server {
listen 443 ssl;
ssl On;
ssl_certificate /etc/letsencrypt/live/sm/fullchain.pem; #/etc/nginx/ssl/fullchain.$
ssl_certificate_key /etc/letsencrypt/live/sm/privkey.pem; #/etc/nginx/ssl/privkey$
if ($ssl_protocol = "") {
rewrite ^ https://$host$request_uri? permanent; # optional, to force use of$
}
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.php;
server_name workshop1.smart-mobility.alstom.com; # managed by Certbot
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
}
location ~ /\.ht {
deny all; }
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
auth_basic "Restricted";auth_basic_user_file /etc/nginx/.htpasswd;
}
location /nifi-registry-api/ {
rewrite ^/nifi-registry-api/(.*) /nifi-registry-api/$1 break;
proxy_pass https://localhost:18443/nifi-registry;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /nifi-registry/ {
proxy_pass https://localhost:18443/nifi-registry;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-ProxyScheme "https";
proxy_set_header X-ProxyHost $proxy_host;
proxy_set_header X-ProxiedEntitiesChain "<%{SSL_CLIENT_S_DN}>";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_connect_timeout 1;
} }
When I log on to the nifi-registry page I have the following error: 502 Bad Gateway
can someone help me on this point please I do not find examples
Error log nginx :
*28739 SSL_do_handshake() failed (SSL: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:SSL alert number 42) while SSL hands
In our current architecture we have two apache front servers, in front of them, we have an nginx load balancer. And in front of that an nginx reverse proxy.
My problem is that i'm trying to run Apache Zeppelin through the reverse proxy, and i'm having some problems with the websockets.
I get an error like this : 400 HTTP method GET is not supported by this URL
And here is a screenshot of what the Chrome's Networks tab shows :
I add my reverse proxy config for Zeppelin:
error_log /var/log/nginx/nginx_error.log warn;
server {
listen 80;
server_name localhost;
location /zeppelin/ {
proxy_pass http://zeppelin:8080/;
proxy_http_version 1.1;
proxy_set_header Upgrade websocket;
proxy_set_header Connection upgrade;
}
# fallback
location / {
return 301 http://ci.blablalablab.com/app/;
}
}
Zeppelin is running inside a docker container, and i have exposes the 8080 port, its host name is : zeppelin.
If you have any questions on the architecture or so, don't hesitate to ask.
Thank you very much guys !
you can add to your reverse proxy configuration
location /ws { # For websocket support
proxy_pass http://zeppelin:8080/ws;
proxy_http_version 1.1;
proxy_set_header Upgrade websocket;
proxy_set_header Connection upgrade;
proxy_read_timeout 86400;
}
Reference: Zeppelin 0.7 auth docs
After a lot of digging around, i ended up with this configuration :
location /zeppelin/ {
proxy_pass http://zeppelin:8080/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_redirect off;
}
location /zeppelin/ws {
proxy_pass http://zeppelin:8080/ws;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
This is working pretty good, thank you everyone for your efforts ;)