I implement Load Balancer using NGINX , but when I try to use some of the webapps developed in Java using Spring Security, when I try to login in one of the apps returns HTTP 405 - Request method 'POST' not supported.
My NGINX conf file like this:
upstream myapp {
server 172.16.80.49:8095;
server 172.16.53.31:8091;
}
server {
listen 80;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://172.16.80.49:8092;
}
location /docentes {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://myapp;
}
location /gerentes {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://myapp;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
how i can solve this, I suppose the app the problem would be csrf token
Change my cof to:
upstream myapp {
ip_hash;
server 172.16.80.49:8095;
server 172.16.53.31:8091;
}
server {
listen 80;
location / {
proxy_pass http://172.16.80.49:8092;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
}
location /docentes {
proxy_pass http://myapp;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /gerentes {
proxy_pass http://myapp;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /dashboard {
proxy_pass http://myapp;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
Related
I try to run a .Net 6 API with NGINX on a Raspberry PI 3B, according to this documentation:
https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/linux-nginx?view=aspnetcore-6.0
I configured my API as described in the article, the API is reachable under localhost.
I installed NGINX, the landing page is only locally reachable under http://192.168.178.51/index.nginx-debian.html not from other clients.
Also http://192.168.178.51/swagger does not work, nether locally or from clients.
One question for me is, where to locate the ForwardHeadersOptions?
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
app.UseAuthentication();
The article says “Invoke the UseForwardedHeaders method at the top of Startup.Configure before calling other middleware.”
I have no Startup.Configure in my project. Does this description not fit for .Net 6?
This is my program.cs:
using Microsoft.AspNetCore.HttpOverrides;
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddControllers();
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen();
var app = builder.Build();
app.UseSwagger();
app.UseSwaggerUI();
if (app.Environment.IsDevelopment())
{
app.UseHttpsRedirection();
}
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
app.UseAuthentication();
app.UseAuthorization();
app.MapControllers();
app.Run();
Is it correct?
This is my default NGINX file:
server {
listen 80;
server_name test.abc *.test.abc;
location / {
proxy_pass http://127.0.0.1:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 80 default_server;
# listen [::]:80 default_server deferred;
return 444;
}
Whats wrong in my configuration?
BTW: No access from the internet possible, currently I’ll run it only in my local network.
I posted a minimal project here: https://github.com/Christoph1972/API_NGINX_Demo
I got it.
server {
listen 80 default_server;
location / {
proxy_pass http://127.0.0.1:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Any doubts for this solution?
Next I’ll figure out how to create a server name for a private network, like test.abc.
also after googling quite a bit I was not able to find the solution. I'm running a Plesk for Ubuntu and am currently deploying a react native app. All url-paths checkout fine and navigation within the app works. However if I'm for instance on www.mydomain.com/something/something and I refresh the page the refresh leads to a 404 error.
What I tried now
I ssh'ed into /var/www/vhosts/system/mydomain.com/conf and udpated the file nginx.conf with
server {
location / {
try_files $uri $uri/ /index.html?$query_string;
}
}
I restarted the service, however this does not do the trick.
Any idea how to fix that?
Thanks
Matt
Here is the full nginx.conf file:
#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
server {
listen 175.31.15.213:443 ssl http2;
server_name example.com;
server_name www.example.com;
server_name ipv4.example.com;
server_name "example.com.52-29-213-14.svr.fm";
ssl_certificate /opt/psa/var/certificates/certXTrwD4;
ssl_certificate_key /opt/psa/var/certificates/certXTrwD4;
ssl_client_certificate /opt/psa/var/certificates/certL2SKRF;
client_max_body_size 128m;
root "/var/www/vhosts/example.com/httpdocs";
access_log "/var/www/vhosts/system/example.com/logs/proxy_access_ssl_log";
error_log "/var/www/vhosts/system/example.com/logs/proxy_error_log";
if ($host ~* ^1519\.tirol$) {
rewrite ^(.*)$ https://www.example.com$1 permanent;
}
#extension letsencrypt begin
location ^~ /.well-known/acme-challenge/ {
root /var/www/vhosts/default/htdocs;
types { }
default_type text/plain;
satisfy any;
auth_basic off;
allow all;
location ~ ^/\.well-known/acme-challenge.*/\. {
deny all;
}
}
#extension letsencrypt end
location / {
proxy_pass https://175.31.15.213:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Internal /internal-nginx-static-location;
access_log off;
}
location /internal-nginx-static-location/ {
alias /var/www/vhosts/example.com/httpdocs/;
internal;
}
location ~ ^/(plesk-stat|awstats-icon|webstat|webstat-ssl|ftpstat|anon_ftpstat) {
proxy_pass https://175.31.15.213:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Internal /internal-nginx-static-location;
access_log off;
}
location /internal-nginx-static-location/ {
alias /var/www/vhosts/example.com/httpdocs/;
internal;
}
location ~ ^/(plesk-stat|awstats-icon|webstat|webstat-ssl|ftpstat|anon_ftpstat) {
proxy_pass https://175.31.15.213:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Internal /internal-nginx-static-location;
access_log off;
}
location ~ ^/~(.+?)(/.*?\.php)(/.*)?$ {
alias /var/www/vhosts/example.com/web_users/$1/$2;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass "unix:///var/www/vhosts/system/example.com/php-fpm.sock";
include /etc/nginx/fastcgi.conf;
}
location ~ ^/~(.+?)(/.*)?$ {
proxy_pass https://175.31.15.213:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Internal /internal-nginx-static-location;
access_log off;
}
location ~ \.php(/.*)?$ {
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass "unix:///var/www/vhosts/system/example.com/php-fpm.sock";
include /etc/nginx/fastcgi.conf;
}
location ~ /$ {
index "index.html" "index.cgi" "index.pl" "index.php" "index.xhtml" "index.htm" "index.shtml";
}
add_header X-Powered-By PleskLin;
include "/var/www/vhosts/system/example.com/conf/vhost_nginx.conf";
}
server {
listen 175.31.15.213:80;
server_name example.com;
server_name www.example.com;
server_name ipv4.example.com;
server_name "example.com.52-29-213-14.svr.fm";
client_max_body_size 128m;
if ($host ~* ^1519\.tirol$) {
rewrite ^(.*)$ https://www.example.com$1 permanent;
}
return 301 https://$host$request_uri;
}
server {
location / {
try_files $uri $uri/ /index.html?$query_string;
}
}
I am trying to configure nginx as a reverse proxy to protect another server (kibana) using an external authentication API.
This is the url that should log me into kibana dashboard - http://127.0.0.1/kibana_proxy?username=my.user&password=test67
Once the authentication done (i.e. https status 200), nginx is throwing a 404 error. But the error log has this -
2018/10/18 13:33:52 [error] 10718#0: *19 open()
"/usr/share/nginx/html/app/kibana" failed (2: No such file or
directory), client: 127.0.0.1, server: _, request: "GET /app/kibana
HTTP/1.1", host: "127.0.0.1", referrer:
"http://127.0.0.1/kibana_proxy/?username=my.user&password=test67"
This is my nginx conf file -
server {
listen *:80;
server_name _;
location = /auth {
set $query '';
if ($request_uri ~* "[^\?]+\?(.*)$") {
set $query $1;
}
proxy_pass http://127.0.0.1:8080/auth?$query;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
}
location /kibana_proxy/ {
proxy_pass http://127.0.0.1:5601/;
auth_request /auth;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
Whenever you are using Restricting Access with HTTP Basic Authentication then you should use the following url pattern to access the restricted url
http://username:password#example.com/
It is not possible to pass username and password via query parameters in standard HTTP auth.
Update:
I feel your nginx settings needs some update. You should rewrite the url to remove the /kibana_proxy/:
location /kibana_proxy/
{
rewrite ^/kibana_proxy/(.*) /$1 break;
proxy_pass http://localhost:5200;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_cache_bypass $http_upgrade;
}
For those seeking answer - here's the nginx server conf that solved the issue for me -
server {
listen *:80;
server_name 127.0.0.1;
location = /auth {
set $query '';
if ($request_uri ~* "[^\?]+\?(.*)$") {
set $query $1;
}
# add_header X-debug-message "Parameters being passed $is_args$args" always;
proxy_pass http://127.0.0.1:8080/auth?$query;
}
location /kibana/ {
rewrite ^/kibana/(.*) /$1 break;
proxy_pass http://127.0.0.1:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_cache_bypass $http_upgrade;
auth_request /auth;
}
location ~ (/app/|/app/kibana|/bundles/|/kibana4|/status|/plugins|/ui/|/api/|/monitoring/|/elasticsearch/) {
proxy_pass http://127.0.0.1:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
rewrite /kibana4/(.*)$ /$1 break;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
Restarting nginx :
# service nginx start
Starting nginx: nginx: [emerg] duplicate upstream "api" in /etc/nginx/sites-enabled/default:1
nginx: configuration file /etc/nginx/nginx.conf test failed
This is the config file :
upstream api{
least_conn;
server 127.0.0.1:5001 max_fails=2 fail_timeout=15s;
server 127.0.0.1:5002 max_fails=2 fail_timeout=15s;
server 127.0.0.1:5003 max_fails=2 fail_timeout=15s;
server 127.0.0.1:5004 max_fails=2 fail_timeout=15s;
}
server {
listen 192.168.10.33:80;
allow 192.168.0.0/20;
allow 127.0.0.1/32;
deny all;
server_name api api.my.intranet;
location ^~ (/images/|/css/|/javascripts/) {
root /var/www/myapi/public/;
expires 30m;
}
# serve all other stuff from appserver
location / {
if ($http_origin ~ (.*\.my\.intranet|.*\.my\.com) ) {
add_header 'Access-Control-Allow-Origin' $http_origin;
}
# add_header 'Access-Control-Allow-Origin' '*';
expires off;
proxy_pass http://api/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
}
}
server {
listen 175.30.33.14:80;
server_name api.my.com;
return 301 https://api.my.com$request_uri;
}
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/certs/my.com.2014.chain;
ssl_certificate_key /etc/ssl/private/my.com.2014.key;
server_tokens off;
server_name api api.my.com api.my.intranet;
location ^~ (/images/|/css/|/javascripts/) {
root /var/www/myapi/public/;
expires 30d;
}
# serve all other stuff from appserver
location / {
if ($http_origin ~ (.*\.my\.intranet|.*\.my\.com) ) {
add_header 'Access-Control-Allow-Origin' $http_origin;
}
# add_header 'Access-Control-Allow-Origin' '*';
expires off;
proxy_pass http://api/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
}
location /v2 {
rewrite ^/v2/(.*) /$1 break;
if ($http_origin ~ (.*\.my\.intranet|.*\.my\.com) ) {
add_header 'Access-Control-Allow-Origin' $http_origin;
}
# add_header 'Access-Control-Allow-Origin' '*';
expires off;
proxy_pass http://192.168.10.8:3000/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
Do you see any problem ?
a backup file: defuault.backup was in the same folder which created a conflict !
I'm trying to setup nginx as a reverse proxy, for serving static files, in front of apache. I'm having trouble configuring nginx for a Wordpress Multisite, using WP Super Cache. I have the following configuration, which doesn't work:
server {
listen 80;
# Main site domain
server_name main.com *.main.com;
# Mapped domains
server_name mapped.com www.mapped.com;
root /home/me/www/wordpress/htdocs;
access_log /home/me/www/wordpress/logs/access.log;
error_log /home/me/www/wordpress/logs/error.log;
index index.php index.html index.htm;
error_page 404 = #wordpress;
log_not_found off;
location / {
try_files $uri $uri/ /index.php?$args;
}
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires 24h;
log_not_found off;
}
############## WP MULTISITE ##############
rewrite ^/files/(.+) /wp-includes/ms-files.php?file=$1 last;
location ^~ /files/ {
rewrite ^.*/files/(.+)$ /wp-includes/ms-files.php?file=$1 last;
}
# Rewrite multisite '.../wp-.*' and '.../*.php'.
if (!-e $request_filename) {
rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 last;
rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ $1 last;
}
############## WP MULTISITE ##############
############## WP SUPER CACHE ############
if (-f $request_filename) {
#expires max;
break;
}
if (-d $request_filename) {
break;
}
set $supercache_file '';
set $supercache_uri $request_uri;
if ($request_method = POST) {
set $supercache_uri '';
}
if ($query_string) {
set $supercache_uri '';
}
if ($http_cookie ~* "comment_author_|wordpress|wp-postpass_" ) {
set $supercache_uri '';
}
if ($supercache_uri ~ ^(.+)$) {
set $supercache_file /wp-content/cache/supercache/$http_host/$1index.html;
}
if (-f $document_root$supercache_file) {
rewrite ^(.*)$ $supercache_file break;
}
############## WP SUPER CACHE ############
location #wordpress {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080;
}
location ~ \.php$ {
try_files $uri #wordpress;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080;
}
}
I get the following errors, when loading pages:
main.com : 310 - ERR_TOO_MANY_REDIRECTS
main.com/wp-admin/ : Loads WP admin page
www.main.com : Welcome to nginx!
mapped.com / www.mapped.com: 403 - Forbidden - "You don't have permission to access /index.php on this server."
any help is greatly appreciated!
Edit functions.php in your theme directory.
Add these code:
remove_filter('template_redirect', 'redirect_canonical');
OR
install this plugin:
http://wordpress.org/extend/plugins/permalink-fix-disable-canonical-redirects-pack/