nginx 403 external image error - apache

I have just setup a nginx server for the first time. And I cannot load external images on my website.
I am trying to load resources from "ia.media-imdb.com" and receiving a 403 forbidden error. I believe it's likely this error message is due to the source server preventing the type of hotlinking I'm attempting to do, which can easily be done through the web server configuration right.
But I still haven't figured out what to change in the configuration.
I have granted 755 access to almost all the files and folder
This is my site conf in nginx/sites_availible/conf
server {
listen 80;
server_name _;
location /{
proxy_pass http://178.62.31.49:4000;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
allow all;
}
If anyone could point me in the right direction or help me solve this, that would be great.

Related

NGINX reverse proxy to ASP.NET Core web app 404 static files

Have a basic hello world ASP.NET Core web app with the only modifications being to program.cs -> removed httpsredirect and hsts so it's set up for http.
Published to an Ubuntu server under /var/www/hello_world with static files under /var/www/hello_world/wwwroot. The app sits behind a NGINX reverse proxy to the kestrel server listening on http://127.0.0.1:5000. Everything works fine for the main endpoint, but everything else (css|js|lib|.ico) returns a 404 unless I specify the static files directory in a separate location directive:
location ~* /(css|js|lib) { root /var/www/hello_world/wwwroot; }
I've tried setting up my nginx.conf in both an upstream configuration:
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
ssl_certificate /etc/ssl/certs/hello_world.pem;
ssl_certificate_key /etc/ssl/private/hello_world.key;
location / {
proxy_pass http://dotnet;
proxy_set_header Host $host;
}
}
upstream dotnet {
zone dotnet 64k;
server 127.0.0.1:5000;
}
and a straight-forward proxy_pass:
server {
listen 443 ssl;
server_name helloworld.com;
ssl_certificate /etc/ssl/certs/hello_world.pem;
ssl_certificate_key /etc/ssl/private/hello_world.key;
ssl_dhparam /etc/nginx/dhparam.pem;
location / {
proxy_pass http://127.0.0.1:5000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# returns 404 for static files unless I have this
location ~* /(css|js|lib|ico) {
root /var/www/hello_world/wwwroot;
}
}
I can see the shell info from dotnet that the directory structure is correct in the request that is getting passed to kestrel, but kestrel returns a 404 unless I add the location in the nginx.conf. Since none of the guides either from NGINX or Microsoft have this location block I'm assuming I configured something incorrectly. The way I assumed it would work is everything going to that server block with the location / would get passed to kestrel which the ASP.NET Core app would have the directory structure mapped and return the static files.
Any ideas?
For anyone else that runs into this, the issue was because I was running dotnet hello_world.dll
from an ssh shell in the /etc/nginx directory which in Linux makes it the working directory for that process and in turn, the content root path for the ASP.NET application. The fix is to run the dotnet hello_world.dll from the /var/www/hello_world directory or specify the working directory when making the service.
Thanks #marc_s for the edit. I'll remember to do better next question.

Get Request with Axios to Express return HTML instead of JSON - Suspecting an issue with NGINX reverse proxy set up

I am having an issue when I GET request data from my react.js app to my Express.js backend, I am getting HTML garbage back instead of what my backend is supposed to return. Upon debugging and researching, I found out that the reason for that is because my GET route "/order/getTimeSlots" actually returns HTML content that is displayed when I go to mywebsite.com/order/getTimeSlots instead of my backend. I have set up proxy in my development environment and it works, however, it does not work in production. I am using nginx to serve my react app and here is my nginx config
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/mywebsite.com;
index index.html index.htm index.nginx-debian.html;
server_name mywebsite.com www.mywebsite.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# try_files $uri $uri/ =404;
try_files $uri /index.html;
}
location /ordersubmit {
proxy_pass http://localhost:8080; #this is where my backend app is running on
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /order/getTimeSlots {
proxy_pass https://localhost:8080; #this is where my backend app is running on
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
When trying curl on localhost:8080/getTimeSlots from my server console, I am getting the correct response.
I know there is a problem with my reverse proxy set up, but I cannot figure out what the issue is, so I was wondering if someone here can help
Thank you everyone
Fixed the issue myself, I realized that I was adding those locations under the server that listens to port 80, but since I am using https, I was supposed to use port 443

NGINX ignore bad certificate and configuration and just run?

We have an app that uploads automatically generated SSL certificate to our NGINX load balancers. One time the we had this issue that a "bad certificate" got uploaded and then a automated nginx reload is thereafter executed, our server went offline for a while causing DNS issues (DNS not found) for our server domain. Causing a huge downtime to our clients.
However it is a feature / function in our application to allow apps to upload SSL cerficate and our backend server installs it automatically, is there a way to tell to ignore bad NGINX conf files and crt/key's altogether? Looking at the before logs I can remember that I saw something like SSL handshake error before the incident.
Here's how our main nginx-jelastic.conf looks like:
######## HTTP SECTION PROTOTYPE ########
http {
server_tokens off ;
### other settings hidden for simplicity
include /etc/nginx/conf.d/*.conf;
}
######## TCP SECTION PROTOTYPE ########
So what I am thinking if it's possible for nginx to just ignore all bad NGINX conf files that is located there. Here's a sample of what gets uploaded in the conf.d folder:
#
www.example-domain.com HTTPS server configuration
#
server {
listen 443 ssl;
server_name www.example-domain.com;
ssl_certificate /var/lib/nginx/ssl/www.example-domain.com.crt;
ssl_certificate_key /var/lib/nginx/ssl/www.example-domain.com.key;
access_log /var/log/nginx/localhost.access_log main;
error_log /var/log/nginx/localhost.error_log info;
proxy_temp_path /var/nginx/tmp/;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location / {
set $upstream_name common;
include conf.d/ssl.upstreams.inc;
proxy_pass http://$upstream_name;
proxy_next_upstream error;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Host $http_host;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
proxy_set_header X-URI $uri;
proxy_set_header X-ARGS $args;
proxy_set_header Refer $http_refer;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
For some reason the certificate and key indicated in the configuration could be wrong, that that is going to wreck the nginx server and since our domain is pointed to this server via A record, it us a total disaster if the nginx fails as DNS issues happens and it could take 24-48 hours for DNS to get back.

NginX Server block on GitLab is ignored

I've installed GitLab on a virtual machine in Microsoft Azure in which I also have an Apache2 web server that should respond with some static websites.
Since GitLab has an embedded NGinX web server I thought that it would have been sufficient to just make these two changes:
Make apache listen to another port rather than 80 (I changed it to 8090)
Add a server block to GitLab's NGinX (firstly by adding this configuration to gitlab.rb nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/*.conf;" and then by creating the following block in /etc/nginx/conf.d/serverblock.conf)
server {
root /var/www/;
server_name .notgitlabdomain.com;
access_log /etc/nginx/logs/notgitlabdomain_access.log;
error_log /etc/nginx/logs/notgitlabdomain_error.log;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass 127.0.0.1:8090;
add_header X-Upstream $upstream_addr;
add_header NLC_S "s";
}
}
The problem is that this is not working so far. I opened and checked whether the nginx.conf (in /var/opt/gitlab/nginx/conf/) file is actually reading the server block I added and it is. But when I follow a link in my notgitlabdomain.com domain it redirects me to notgitlabdomain.com/users/sign_in with a Sass error that couldn't import a some css files.
Open develop tools and check the request.
I guess this issue is related about the configuration of gitlab (domain url)

ExpressJS + serve-favicon + nginx

I'm having problems serving favicons with nginx as a reverse proxy in front of my express app.
Tried to search for answers but couldn't find any. My configuration file is as shown:
server {
listen 80;
server_name vogueverve.com;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|pdf|txt|tar|w$
root /var/www/hashiontag/public;
}
}
Please help! Thank you so much!
I found my answer here:
https://serverfault.com/questions/308299/how-to-set-a-favicon-ico-for-a-specific-virtual-host-on-nginx#answer-308304
Apparently, for nginx, the default is to put the favicon at the root directory, because nginx directs the clients to get favicon from www.domainname.com/favicon.ico by default.
This means that, (I think) with nginx as the reverse proxy, the favicon request never reaches the express layer, and hence it can't serve it.