nginx as frontend for apache - apache

I have nginx as frontend for apache. Apache listen port 8008.
Nginx config
server {
listen 80;
server_name SERVER_NAME;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass http://localhost:8008;
}
}
When I open url SERVER_NAME, browser actualy opens url SERVER_NAME:8008. And apache respons to the browser, not nginx.

You should not have the forwarding if you want your proxy to act as front-end.
Thy just this:
server {
listen 80;
server_name SERVER_NAME;
location / {
proxy_pass http://localhost:8008;
}
}

Related

Deploy UrlShortner to prodction

I am trying to create a urlshortner which would redirect the user to an external url.
I am using node express + nginx to host it.
My express routing is very simple and is as below:
router.get('/:code', async (req, res) => {
fetch code from db
return res.redirect(longUrl)
}
and my nginx conf looks like:
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/ssl/cert/ssl.pem;
ssl_certificate_key /etc/ssl/cert/ssl.pem;
server_name {server_name};
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "keep-alive";
}
}
This works well over http without nginx but when I introduce proxy using nginx it starts to redirect me to https://localhost/longUrl rather than https://longUrl
I also tried https module without nginx and I got the same result.
Any suggestions would be great, thanks.

Configuration issues trying to get 2 apps to work on nginx

I'm trying to deploy a Vue app with a Strapi backend on nginx.
I created 2 files in sites-available, and symlinks in sites-enabled.
I also got an ssl-cert from let’s encrypt.
When I visit the domain, I see nothing in the browser, and have a 304 and some 404 errors in the network tab. When I visit domain.com/admin, I see a strapi splashscreen, but not the login form that I need.
When I go directly to the ip, I see the frontend app, and when I visit :1337/admin, I see the backend. Any idea what I’m doing wrong here?
Thanks
my frontend.conf looks like this
server {
# Listen HTTP
listen 80;
server_name companynamefront.com;
# Redirect HTTP to HTTPS
return 301 https://$host$request_uri;
}
server {
# Listen HTTPS
listen 443 ssl;
server_name companynamefront.com;
# SSL config
ssl_certificate /etc/letsencrypt/live/new.companyname.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/new.companyname.com/privkey.pem;
# Static Root
location / {
root /var/www/html/companyname/v-frontend/dist;
}
}
and the backend.conf looks like this
server {
# Listen HTTP
listen 80;
server_name companyname.com;
# Redirect HTTP to HTTPS
return 301 https://$host$request_uri;
}
server {
# Listen HTTPS
listen 443 ssl;
server_name companyname.com;
# SSL config
ssl_certificate /etc/letsencrypt/live/new.companyname.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/new.companyname.com/privkey.pem;
# Static Root
location / {
root /var/www/html/companyname/backend/build;
}
# Strapi API and Admin
location /admin/ {
rewrite ^/admin/(.*)$ /$1 break;
proxy_pass http://localhost:1337;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass_request_headers on;
}
}

Setting up Jenkins DNS

I've been trying to set up Jenkins on my VPS.
I did everything and got it to work on the ip:8080.
What I am really wanting to do is get it working on ci.domain.com, but I have been having trouble.
I use Pterodactyl on the same machine, which runs on Nginx.
When I point the domain to the ip I get redirected to Pterodactyl which is on hub.domain.com.
I tried setting up Jenkins with apache and leaving Pterodactyl on Nginx but didn't work.
Is there a way to make make it work?
Cheers.
I had the same issue, seems like the nginx congif on the website doesn't work well.
Try this one:
upstream jenkins {
server 127.0.0.1:8080 fail_timeout=0;
}
server {
listen 80;
server_name ci.domain.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name ci.domain.com;
#if you want sll
#ssl_certificate put_path_here;
#ssl_certificate_key put_path_here;
location / {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// https://;
proxy_pass http://jenkins;
# Required for new HTTP-based CLI
proxy_http_version 1.1;
proxy_request_buffering off;
proxy_buffering off; # Required for HTTP-based CLI to work over SSL
# workaround for https://issues.jenkins-ci.org/browse/JENKINS-45651
add_header 'X-SSH-Endpoint' 'jenkins.domain.tld:50022' always;
}
}

Cannot access nginx reverse proxy remotely

I am using nginx on a Raspberry Pi in my local network. The IP address is 192.168.188.32.
I am using a Fritz!Box as Router and a myfritz.net address as a DynDNS. Also, I enabled a port forwarding on the Router for the Pi and Port 80 on the Router and the Pi.
My nginx configuration:
server {
listen 80;
server_name 192.168.188.32;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name 192.168.188.32;
ssl_certificate /etc/ssl/openhab.crt;
ssl_certificate_key /etc/ssl/openhab.key;
location / {
proxy_pass http://localhost:8080/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
satisfy any;
allow 192.168.0.1/24;
allow 127.0.0.1;
deny all;
auth_basic "Username and Password Required";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}
Local access is possible but when I try to access remotely, I get redirected to the IP 192.168.188.32 and I get a timeout ("Safari could not open the page because the server stopped responding"). I tried to change the server_name to my xxxxxxxxx.myfritz.net but then I don't have local access anymore. Even if I opened more ports in the Router, it didn't work.
I hope you can help me :-)

How to redirect on the same port from http to https with nginx reverse proxy

I use reverse proxy with Nginx and I want to force the request into HTTPS, so if a user wants to access the url with http, he will be automatically redirected to HTTPS.
I'm also using a non-standard port.
Here is my nginx reverse proxy config:
server {
listen 8001 ssl;
ssl_certificate /home/xxx/server.crt;
ssl_certificate_key /home/xxx/server.key;
location / {
proxy_pass https://localhost:8000;
proxy_redirect off;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Proto https;
}
}
I've tried many things and also read posts about it, including this serverfault question, but nothing has worked so far.
Found something that is working well :
server {
listen 8001 ssl;
ssl_certificate /home/xxx/server.crt;
ssl_certificate_key /home/xxx/server.key;
error_page 497 301 =307 https://$host:$server_port$request_uri;
location /{
proxy_pass http://localhost:8000;
proxy_redirect off;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Ssl on;
}
}
Are you sure your solution is working? It is listening for 8001 ssl. Will it accept http request?
I do it this way:
server {
listen 80;
server_name yourhostname.com;
location / {
rewrite ^(.*) https://yourhostname.com:8001$1 permanent;
}
}
Then goes your config:
server {
listen 8001 ssl;
ssl_certificate /home/xxx/server.crt;
ssl_certificate_key /home/xxx/server.key;
location / {
proxy_pass https://localhost:8000;
proxy_redirect off;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Proto https;
}
}
This worked for me:
server {
listen 80;
server_name localhost;
...
if ($http_x_forwarded_proto = "http") {
return 301 https://$server_name$request_uri;
}
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8080;
}
...
}
You can
use $server_name to avoid hard coding your domain name again (DRY),
use return 301 for a bit easier reading (a web dev should know this http status code)
Note: I put 443 for https server. You may listen to 8001 if you really want that.
server {
listen 80;
server_name your_hostname.com;
return 301 https://$server_name$request_uri;
}
...
server {
listen 443 ssl;
server_name your_hostname.com
...
}
This is my approach, which I think is quite clean and allows you to add further locations if needed. I add a test on the $http_x_forwarded_proto property which if true forces all HTTP traffic to HTTPS on a NGINX Reverse Proxy setup
upstream flask_bootstrap {
server flask-bootstrap:8000;
}
server {
# SSL traffic terminates on the Load Balancer so we only need to listen on port 80
listen 80;
# Set reverse proxy
location / {
proxy_pass http://flask_bootstrap;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect http://localhost/;
# Permanently redirect any http calls to https
if ($http_x_forwarded_proto != 'https') {
return 301 https://$host$request_uri;
}
}
}