I am using NGINX as load balancer for Apache WebServers (WordPress). All servers are made with AWS EC2. My config for NGINX:
cat /etc/nginx/sites-available/default
upstream web_backend {
server 35.157.101.5;
server 35.156.213.23;
}
server {
listen 80;
location / {
proxy_pass http://web_backend;
}
}
But after NGINX restart i am access load balancer via public ip and getting an error:
Bad Request
Your browser sent a request that this server could not understand.
Additionally, a 400 Bad Request error was encountered while trying to
use an ErrorDocument to handle the request.
Apache/2.4.29 (Ubuntu) Server at
ip-172-31-35-36.eu-central-1.compute.internal Port 80
If i refresh page i am getting same error but with another ip in the end (second server’s private ip), so i understand that NGINX do the work and it is Apache problem.
I tried to add 80 port for my servers in nginx config, replace ips with dns and private ip, but it didn’t help. Access log on Apache doesn’t show anything useful, just 400 errors.
What could be the problem?
Don’t use ‘_’ for upstream name, it was the only reason for my problem.
Just check on which ports are the Apache WebServers Running. You have to add those to your upstreams.
E.g.:
upstream web_backend {
server 35.157.101.5:8080; //assuming that your apache webserver is running on this port on this host
server 35.156.213.23:3000;//And a different port on the other.. you still need to add them here if your ports are same
}
ttI am adding an nginx reverse proxy in front of my existing nextcloudpi server in order to be able to route traffic to different servers in my network depending to the domain that is used. Currently the nextcloudpi server is the only one running, so all traffic is directly routed to it.
The server is only accessible via https and letsencrypt handles the certifactes on the nextcloudpi server.
In order to route traffic from my reverse proxy to the nextcloudpi server via https, I have set up the default.conf file to look like this:
server {
listen 443;
listen [::]:443;
server_name <my-public-url>;
location / {
proxy_pass https://<hostname-of-my-nextcloudpi-server>;
}
}
Unfortunately that doesn't work. Firefox returns SSL_ERROR_RX_RECORD_TOO_LONG and Chrome ERR_SSL_PROTOCOL_ERROR
I have also not seen anywhere where traffic is proxied to a https location. I am aware that in my internal network I can and should just route to the target location on port 80 but since the server is already set up to use https I want to keep it that way.
Thanks for your help
I have a winstone server (Jenkins) listening on 8443.
Jenkins has a valid cert, and Jenkins is doing the cert termination successfully:
JENKINS_ARGS="--httpPort=-1 --httpsKeyStore=/secure/jenkins.keystore --httpsKeyStorePassword=MY_PASSWORD --httpsPort=8443"
The only problem is that users now have to go:
https://example.com:8443
I don't want that port number in the URL.
I want:
https://example.com:8443 -> https://example.com
https://example.com -> https://example.com
http://example.com -> https://example.com
So I figure I'll run nginx on the same instance that is running Jenkins.
So my question is:
Do I have to reconfigure jenkins to NOT do cert termination so that nginx does it only?
Can nginx redirect 80 and 443 to localhost:8443 without a cert (Since Jenkins is doing cert termination)?
Do BOTH nginx AND Jenkins need to do cert termination?
Sorry for those similar questions.
I'm pretty sure an AWS ELB cannot replace what nginx is doing here, but I thought I'd throw it out there, in case an ELB can solve this for me too.
1) No, you can have Nginx Stream the connection directly to the Jenkins using the Stream Module.
Do note this was added in 1.9.0 but is not part of the default build so you might have to build it yourself.
It works a lot like an http server block but you have to set it up outside of the http block.
stream {
upstream jenkins_server {
server jenkins:443;
}
server {
listen 443;
proxy_pass jenkins_server;
}
}
2) You do not need a cert on nginx but you should have a http server block for port 80 that does a 301 to the 443 stream talked about in answer part 1.
server {
listen 80;
server_name your_server_name_here;
return 301 https://$host$request_uri;
}
3) No, you don't as you can use the nginx stream to passthru the ssl from the client to the Jenkins server.
My aim is to run Node.js on port 80. This is because I am finding node.js is being blocked from certain networks which do not allow traffic from any other port.
It appears that the best way to do this is by proxying Apache through Node.js. I have tried using node-http-proxy to do this but I have not had any luck.
The code I am using is here:
var util = require('util'),
http = require('http'),
httpProxy = require('http-proxy');
httpProxy.createServer(9000, 'localhost').listen(80);
http.createServer(function (req, res) {
res.writeHead(200, { 'Content-Type': 'text/plain' });
res.write('request successfully proxied to: ' + req.url + '\n' + JSON.stringify(req.headers, true, 2));
res.end();
}).listen(9000);
But I keep getting the error "Address in use" for port 80. I must be doing something wrong.
How do I proxy Apache through node.js using node-http-proxy? Will this enable me to run node.js on port 80? And is node-http-proxy the best way to achieve this?
Thank you.
run your app on a high port 8080 or whatev then
sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
If you are not using ngnix or apache
The simplest solution: safely configure your node app to run on port 80.
sudo apt-get install libcap2-bin
sudo setcap cap_net_bind_service=+ep /path/to/node
Ta da! You're done.
Why do I like it?
You don't have to use apache or nginx
You don't have to run your application as root
You won't have to forward ports (and handle that each time your machine boots)
Reference Link: https://www.digitalocean.com/community/tutorials/how-to-use-pm2-to-setup-a-node-js-production-environment-on-an-ubuntu-vps (A great article on how to set up your node app on cloud hosting).
What you need to do is have 2 ip's for the server you are running. Apache has 1 ip bound to port 80 and then node.js has the other ip bound to port 80.
Using node and its listen directive has 2 values eg. .listen(80, NODEJS_IP or DNS NAME);
Some other advice.
I would not use apache with nodejs as it's not evented. So this really isn't recommended. I would actually look into using NGINX as its a much better pairing with Node.
It is currently not recommended to run node on port 80, as that requires running node as root.
How attached are you to apache? Proxying node through nginx is a tried and true solution, with an nginx-config such as this:
upstream node_cluster {
ip_hash;
server 127.0.0.1:8000;
server 127.0.0.1:8001;
server 127.0.0.1:8002;
}
server {
listen 0.0.0.0:80;
server_name foo;
access_log /var/log/nginx/foo.log;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass http://node_cluster/;
proxy_redirect off;
}
}
Nginx documentation:
http://wiki.nginx.org/HttpProxyModule
http://wiki.nginx.org/HttpUpstreamModule
Your code looks like example code in which you're creating a Node-based proxy from port 80 to port 9000, and then creating a Node-based HTTP server on port 9000. (i.e. Node:80 -> Node:9000)
You are getting "address in use" when you launch Node because Apache is already using port 80. If you want to use Apache to proxy, you must use Node on a different port (say 9000) and have Apache listening on port 80 and forwarding the requests to Node on port 9000. (i.e. Apache:80 -> Node:9000)
It looks like the library you're using is for doing the opposite: using Node as the proxy and forwarding requests to Apache. In this case you must configure Apache to run on another port than port 80. (i.e. Node:80 -> Apache:9000).
Are you wanting to do Node:80 -> Apache:9000 or Apache:9000 -> Node:80, in the end?
EDIT after comments:
If you want to do Apache:80 -> Node:9000, you can use mod_proxy on Apache and use the ProxyPass/ProxyPassReverse directives, something like
ProxyPass /nodeurls/ http://localhost:9000/
ProxyPassReverse /nodeurls/ http://localhost:9000/
where nodeurls is the family of URLs you wish for Apache to forward to Node.
If you are a non-root user, you cannot run or bind with ports lower than 1024 (in Unix system). To allow non-root user can run node on port lower than 1024 use this command.
$ sudo setcap 'cap_net_bind_service=+ep' $(which node)
I was having the same issue, here is how I resolved it using node-http-proxy to listen on port 80, then forward to either express or apache.
https://stackoverflow.com/a/9645091/500270
I had the same issue, I just changed my port to 8080 and it worked.
httpsServer.listen(8080, () =>
console.log(chalk.rgb(208, 60, 240)(`Server listening on port: 8080`))
);
if you just in develop environment mode
you can su root, then
node index.js or ./node_modules/coffee-script/bin/coffee index.coffee
apache + ssl is configured using xampp on windows server 2003. http content has no problem by domain name, but https content can only be visited from localhost. "netstat -a" shows
Proto Local Address Remote Address State
...
TCP hostname:https hostname:0 Listening
...
How to config to enable https via domain name?
Found the reason. Another program take the 443 port so apache https failed. use "netstat -a -o -n" can get the detail.
I'm assuming you can already access apache using this domain name.
Take a look in your ports.conf, usually found at
/etc/apache2/ports.conf
It should contain a line like:
NameVirtualHost *:443
and also
Listen 8443 https