I just installed nginx and set it to work over an apache installation. As a matter of fact, my rules are:
server {
listen 80;
server_name example.com;
location / {
proxy_set_header X-Readl-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://example.com:8080;
}
location ~ /\.ht {
deny all;
}
}
and I wanted to configure a subdomain by:
server {
listen 80;
server_name sub.example.com;
location / {
proxy_pass http://example.com:8080/sub;
}
location ~/\.ht {
deny all;
}
}
And configuring my DNS like so:
NAME | TYPE | TARGET
//empty A 45.23.67.89
sub CNAME example.com
I waited for propagation, but i'm getting "too many redirects" in chrome...
The response is always 301, and redirected to the IP:80, I'm guessing that this is caused because of the A line in DNS... howver domain.com does redirect to apache and I do get the "it works" we all know so well...
Can anyone one point me to the right direction please?
Thanks!
UPDATE:
I added another subdowmain, sub-sub, following EXACTLY the same procedure, but it magically works... need help!
Put
ProxyRequests off
ProxyPass / http://127.0.0.1:2368/
ProxyPassReverse / http:/127.0.0.1:2368/
</VirtualHost>
This config was taken from Apache2 not sure if this will work on Nginx but this fixes it on Apache2. Obviously change the port of the localhost. That config is for Ghost Blog.
This will redirect the visitor to a specific port, this is good if you have HTTPS or SSL enabled and it's getting too many redirect requests. You can set the port to 443 (SSL port).
Ok Solved,
I added headers to the proxy_pass directive and it worked
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
However, it's still adding me a slash (/) at the end of the url, meaning that when i go to sub.example.com i get sub.exmaple.com//
Related
I have a prestashop instance and I want to be able to access it using multiple domains.
Lets say my domain is example.com and I've set prestashop main domain to be example.com.
I also have the domain example.net and I want to open the same shop, if I point example.net to the same location, the url will change from example.net to example.com
I want to have both domains without the url to change but I also don't want to use multiple shop(prestashop multistore functionality because it will be the exact same shop).
Is this possible somehow?
Creating a reverse proxy using Nginx (or Apache) for example can be another way to make this.
Here is a sample configuration for such one domain on Nginx :
server {
listen *:443 ssl;
listen *:80;
ssl_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.tld/privkey.pem;
server_name domain.tld domain2.tld domain3.tld;
access_log /var/log/nginx/domain.tld.access.log;
error_log /var/log/nginx/domain.tld.error.log;
root /srv/domain.tld/;
index index.html index.htm index.php;
location / {
proxy_pass http://prestashopdomain.tld;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header HTTPS $https;
}
}
Sorry to says this but you can achieve this via Multishop Function (in backoffice, in Preferences > General, at the bottom of the page) and point multiple address, it will still be the same shop and work the same.
This is way simpler !
With Apache, I can make reverse proxy working with this VirtualHost configuration.
I have executed nanoc view -p 8080to use 8080 port for nanoc web app.
With this setup, http://scalatra.prosseek is mapped to the nanoc.
<VirtualHost *:80>
ProxyPreserveHost On
ServerName scalatra.prosseek
ProxyPass /excluded !
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
</VirtualHost>
I need to have the same setup with Nginx, with some trial and error, I could make it work with this configuration.
upstream aha { # ??? (1)
server 127.0.0.1:8080;
keepalive 8;
}
# the nginx server instance
server {
listen 0.0.0.0:80;
server_name scalatra.prosseek;
access_log /usr/local/etc/nginx/logs/error_prosseek.log;
location / {
# ??? (2)
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://aha/; # ??? (1)
proxy_redirect off; # ??? (3)
}
}
It works, but I'm not sure if this is the best setup.
Here come my questions:
Is the setup OK for http://scalatra.prosseek to localhost:8080:
Are these correct setup of proxy_set_headers? Or did I miss something?
For the proxy_pass and upstream, is it just OK as long as two names are the same?
Do I need proxy_redirect off;?
Your configuration looks close.
Proxy headers should be fine. Normally Nginx passes headers through, so proxy_set_header is used when you want to modify those - for example forcing the Host header to be present even if the client does not provide one.
For the proxy_pass and upstream, yes the names need to match.
Consider leaving proxy_redirect on (default). This option modifies whether Nginx interferes with responses like 301 & 302 redirects including the port number. Turning it off means that your upsteam application must take responsibility for passing the correct public domain name and port in any redirect responses. Leaving it set to default means that if you accidentally try to direct the client to port 8080, Nginx would in some cases correct it to be port 80 instead.
You also did not include the /excluded path in your nginx config. Add that in with
location /excluded {
return 403;
}
I am using Ghost as a blogging platform and nginx as a reverse proxy for ghost as detailed in the documentation. Ghost is installed in a subdirectory and is served over the domain http://example.com/blog whereas the static website is served over example.com
I have set up SSL on my server and want to serve the ghost login page (example.com/blog/ghost) over SSL while serving the rest of the pages over normal HTTP. However if I use forceAdminSSL:true and try to go to http://example.com/blog/ghost it should automatically redirect me to https://example.com/blog/ghost. Instead I'm redirected to https://example.com/ghost and end up with 404 error. The only work around I have found that works is to use foreAdminSSL:{redirect:false} which is clumsy because then I have to manually type https in the address bar instead of http.
How do I server Ghost Admin panel over ssl while ghost is installed in a subdirectory? I guess this has something to do with configuration in nginx.
My nginx config block
server {
listen 80;
listen 443 ;
server_name *.example.com;
server_name example.com;
ssl on;
ssl_certificate /etc/nginx/ssl/certificate.crt;
ssl_certificate_key /etc/nginx/ssl/key.key;
location ^~/blog {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:2786;
proxy_redirect off;
}
location / {
root "/home/ubuntu/somedirectory/";
index index.html;
}
I think you haven't entered the config URL while setting up Ghost correctly.
You can do this by running the following commands:
ghost config URL https://my-domain.com/blog/
ghost restart
If this doesn't solve the problem, you can check out a detailed tutorial, solving this issue, on my blog here
I have common problem anyone can encounter when you run nginx as a reverse proxy server for apache, i want to add double proxy_pass variables to the nginx conf. file but this doesn't seems to be allowed by nginx.
For example situations i have is
In my website i have chat engine runs by openfire, which runs on port 5280 with Jetty and i have set the apache proxy pass directive set as
ProxyPass /member-chat http://xyx.com:5280/http-bind
ProxyPassreverse /member-chat http://xyx.com:5280/http-bind
ProxyRequests Off
but i want to pass anything that comes to the "/member-chat" send directly to the chat-server rather than the apache, because then what apache would do is again proxy pass that to the openfire (member-chat), which takes more time and useless loading for apache.
when i add the nginx as the proxy server i want to add like this below but this didn't work, for some reason, it cant find the location gives me 404 error.
location / {
proxy_pass http://85.xxx.yyy.2x2:7080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location ~ ^/member-chat {
proxy_pass http://85.xxx.yyy.2x2:5280;
proxy_connect_timeout 300;
}
I believe you missed out on specifying the URI for the Jetty service. With your current configuration, the request that will land up on Jetty port would be:
http://85.xxx.yyy.2x2:5280/member-chat
This is as per the proxy_pass documentation.
If proxy_pass is specified without a URI, the request URI is passed to the server in the same form as sent by a client when the original request is processed, or the full normalized request URI is passed when processing the changed URI
I don't think that is what you expect looking at your Apache configuration for the same. Try configuring the URI for proxy_pass directive as you have done for Apache.
location ~ ^/member-chat {
proxy_pass http://85.xxx.yyy.2x2:5280/http-bind;
proxy_connect_timeout 300;
}
So I've looked at every sample configuration I could find and yet every time I try and view a page that requires ssl, I end up in an redirect loop. I'm running nginx/0.8.53 and passenger 3.0.2.
Here's the ssl config
server {
listen 443 default ssl;
server_name <redacted>.com www.<redacted>.com;
root /home/app/<redacted>/public;
passenger_enabled on;
rails_env production;
ssl_certificate /home/app/ssl/<redacted>.com.pem;
ssl_certificate_key /home/app/ssl/<redacted>.key;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X_FORWARDED_PROTO https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Url-Scheme $scheme;
proxy_redirect off;
proxy_max_temp_file_size 0;
location /blog {
rewrite ^/blog(/.*)?$ http://blog.<redacted>.com/$1 permanent;
}
location ~* \.(js|css|jpg|jpeg|gif|png)$ {
if (-f $request_filename) {
expires max;
break;
}
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
Here's the non-ssl config
server {
listen 80;
server_name <redacted>.com www.<redacted>.com;
root /home/app/<redacted>/public;
passenger_enabled on;
rails_env production;
location /blog {
rewrite ^/blog(/.*)?$ http://blog.<redacted>.com/$1 permanent;
}
location ~* \.(js|css|jpg|jpeg|gif|png)$ {
if (-f $request_filename) {
expires max;
break;
}
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
Let me know if there's any additional info I can give to help diagnose the issue.
It's your line here:
listen 443 default ssl;
change it to:
listen 443;
ssl on;
This I'll call the old style.
Also, that along with
proxy_set_header X_FORWARDED_PROTO https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Url-Scheme $scheme;
proxy_redirect off;
proxy_max_temp_file_size 0;
did the trick for me. I see now i am missing the real IP line you have, but so far, this got rid of my infinite loop problem with ssl_requirement and ssl_enforcer.
I've toyed around with a bunch of these answers but nothing worked for me. Then I realized since I use Cloudflare the problem may not be in the server but with Cloudflare. Lo and behold when I set my SSL to Full (Strict) everything works as it should!
I found that it was this line
proxy_set_header Host $http_host;
Which should be changed to
proxy_set_header Host $host;
According to the nginx documentation by using '$http_host you're passing the "unchanged request-header".
Have you tried using "X-Forwarded-Proto" instead of X_FORWARDED_PROTO?
I've run into a problem with this header before, it wasn't causing redirects, but changing this header fixed it for me.
Since you have a rewrite statement found in both ssl and non-ssl sections
location /blog {
rewrite ^/blog(/.*)?$ http://blog.<redacted>.com/$1 permanent;
}
Where is the server section for blog..com?? Could that be the source of the issue?
I had a similar issue for my symfony2 application, albeit form a different cause: I had set fastcgi_param HTTPS off; when I of course needed fastcgi_param HTTPS on; in my nginx configuration.
location ~ ^/(app|app_dev|config)\.php(/|$) {
satisfy any;
allow all;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on;
}
In case someone else stumbles on this, I was attempting to configure both http and https via the same server {} block, but only added the "listen 443" directive believing that the "this line is default and implied" meant that it would also listen on 80 as well, it didn't. Uncommenting the "listen 80" line so that both listen lines were present corrected the infinite loop. No idea why it would have even been getting a redirect at all, but it did.
For those who are searching desperatly why their owncloud keep making a redirect loop in spite of having a good configuration file, i've found why it's not working.
My config:
nginx + php-fpm + mysql on a fresh centos 6.5
when installing php-fpm and nginx, default permission on /var/lib/php/session/ is root:apache
php-fpm through nginx store php session here, if nginx did not have authorization to write it fail miserably to keep any login session, resulting in an infinite loop.
So juste add nginx in apache group (usermod -a -G apache nginx) or change ownership of this folder.
Have a nice day.
X_FORWARDED_PROTO as in your file can cause errors and it did in my case. X-Forwarded-Proto is correct whereas the hiphens are more important than uppercase or lowercase letters.
You can avoid those problems by sticking to conventions ;)
see also here: Custom HTTP headers : naming conventions and here: http://www.ietf.org/rfc/rfc2047.txt