I am building a mapping application and am using TileStache for tile generation and caching. I am already using NGinx+Passenger for my rails app and am trying to figure out how to serve both my rails app and TileStache from the same web server (NGinx). From the NGinx documentation it looks like NGinx need to be re-compiled to add the WSGI module. Since I am already using Phusion Passenger module I am not sure how to go about doing this. Am I on the right track? Any suggestions would be appreciated.
Since for this specific project the data is static I have decided to use TileStache to seed/warm the cache and server the tiles as static assets.
We use nginx to serve the tiles out. Works great.
We configure nginx to proxy_pass to the wsgi server. In the sites-enabled file:
location / {
proxy_pass http://127.0.0.1:XXXXSOMEPORTXXXX;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 900s;
proxy_read_timeout 900s;
}
I gave it a long timeout so the client can wait awhile, you might want less.
I then created a python virtual environment and installed gunicorn to run the tilestache server. It can be run with a command like this:
XXXXPATHTOVIRTUALENVXXXX/bin/gunicorn --max-requests 1 --timeout 900 --graceful-timeout 890 -b 127.0.0.1:XXXXSOMEPORTXXXX -w 20 "TileStache:WSGITileServer('XXXXPATHTOTILESCONFIGXXXX/tiles.conf')"
We keep gunicorn running by using that line in supervisord so supervisor is responsible for firing up the gunicorn server when it terminates or the system restarts.
Tilestache is pretty awesome!
Related
i know similar questions have been asked a thousand times, but none seems to fit exactly to my problem.
i have a vue (cli3) prod build deployed to a server running nginx.
the recommended try_files $uri $uri/ /index.html works, but only if i open /
if i navigate from / to /dashboard, everything still works.
if i then refresh (and open /dashboard directly), index.html is returned for all assets, js, css, everything (and therefore says Uncaught SyntaxError: Unexpected token < for vendors.js and app.js)
(vue-router is set to history more)
what can i do to solve this? something has to be wrong... do i have to change anything else? anything on vue side? i'd appreciate any help :)
edit:
i tried adding /$uri /$uri/ to nginx config, to force loading assets from /, but that didn't work either :/
if you need any additional info on my configs, feel free to ask!
the (surprisingly simple) solution was:
i had my vue publicPath set to
publicPath: ('./'), (which means: assets are resolved relatively, so on /dashboard, it would look for /dashboard/app.js, which is obviously stupid)
after change to
publicPath: ('/'),, it works as expected.
sorry for wasting everyone's time, maybe someone someday will be saved a bit of headache with this answer :)
You have run the Vue Js application directly using Application path like for example root /var/www/path/of/Vuejs; I would recommend you to run the Vue Js application Using Pm2 start or npm serve and use Nginx reverse proxy of your application port. like your VueJs application is running 8080. below is the Nginx redirection code for the reference.
server {
listen 80;
listen [::]:80;
server_name xyz.com;
location / {
proxy_pass http://0.0.0.0:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
} }
I have a 5 rails application deployed on a VPS with (ubuntu 18.04 and Nginx) using capistrano, at first everything works perfectly, but I had to install a certaficat of security (letsencrypt) for the HTTPS, the application works in HTTPS but when I try to make a post request I see in the browser this message "The change you wanted was rejected."
And this is what my log shows
HTTP Origin header (https://domainename) didn't match request.base_url (http://domainename)
I saw some link talks abouts the same probleme, i tried their solutions but it does not work for me
Devise doesn't login in Google Chrome
https://github.com/rails/rails/issues/22965
https://github.com/plataformatec/devise/issues/4847
NOTE
I haven't this problem when i use Mozilla Browser !!!! but i have it with (Chrome, Opera, Safari ...)
I fixed it by adding this:
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header X-Forwarded-Host $ host;
in the part #puma in my nginx.conf, I had this problem because I use capistrano for the deployment, it changes a little bit the configuration of the file nginx.conf
I hope it will help somebody ! :)
I'm using Piwik behind an Nginx reverse proxy and Piwik is running on an Apache Server. I also use a rewrite rule ( /piwik/ to / ).
For Chrome and Safari on Mac the login process for Piwik isn't working (I only got the general error message to configure browser cookies and proxy server).
But my current configuration is working in FirefoxDeveloperEdition for Mac:
nginx.conf:
location /piwik {
rewrite ^/piwik/(.*)$ /$1 break;
proxy_pass http://piwik;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $http_host/piwik;
}
config.ini.php
[General]
proxy_client_headers[] = HTTP_X_FORWARDED_FOR
proxy_host_headers[] = HTTP_X_FORWARDED_HOST
When I remove the /piwik in nginx.conf to:
proxy_set_header X-Forwarded-Host $http_host;
The login is working but I got 2 other problems:
after login I got a wrong redirect to the root / (not Piwik anymore), but after reopening Piwik, I'm logged in
the logo is missing because of the wrong url http://localhost:2020/plugins/Morpheus/images/logo.svg instead of http://localhost:2020/piwik/plugins/Morpheus/images/logo.svg
I also would keep the rewrite rule, because the Apache Server is a universal docker container.
Probably I have to analyse the failing authentification condition, but I didn't find the correct line yet.
I have created a pull request to enable and consider a new header info for proxy environment.
nginx.conf (inform about missing path)
rewrite ^/piwik/(.*)$ /$1 break;
...
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Uri /piwik;
Enable header in config.ini.php
proxy_uri_header = 1
This option inserts the missing path to the current script name and redirects. See pull request for more details https://github.com/piwik/piwik/pull/12011
We are using MUP for Meteor deployment to AWS. Couple of weeks ago we got excited that we can now switch to a free cert, thanks to Letsencrypt and Kadira. Everything was working very nicely, until I realized in the logs that client IP is no longer being passed through the proxy... No matter what I do, I see 127.0.0.1 as my client IP. I was trying to get it in methods using this.connection.clientIP or headers package.
Well, after doing much research and learning in-depth how stub and nginx work, I came to conclusion that this was never working.
The best solution I came up with is to use proxy_protocol as described by Chris, but I could not get it to work.
I have played with settings of /opt/stud/stud.conf and attempted to turn write-proxy and proxy-proxy settings on.
This is what my nginx config looks like:
server {
listen 80 proxy_protocol;
server_name www.example.com example.com;
set_real_ip_from 127.0.0.1;
real_ip_header proxy_protocol;
access_log /var/log/nginx/example.access.log;
error_log /var/log/nginx/example.error.log;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto http;
}
}
Here is what my headers look like on production EC2 server:
accept:"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"
accept-encoding:"gzip, deflate, sdch"
accept-language:"en-US,en;q=0.8"
cache-control:"no-cache"
connection:"upgrade"
host:"127.0.0.1:3000"
pragma:"no-cache"
upgrade-insecure-requests:"1"
x-forwarded-for:"127.0.0.1"
x-forwarded-proto:"http"
x-ip-chain:"127.0.0.1,127.0.0.1"
x-real-ip:"127.0.0.1"
So, the questions of the day. Using MUP with SSL, is there a way to get a pass-though client IP address?
I know you said you have tried using headers, but you may give it another shot and see if you can get something this way. I was having alot of problems with x-forwarded-for counts not staying consistent, but if I pull from the header chain, [0] is always the client IP.
Put this code in your /server folder:
Meteor.methods({
getIP: function() {
var header = this.connection.httpHeaders;
var ipAddress = header['x-forwarded-for'].split(',')[0];
return ipAddress;
}
});
In your browser console:
Meteor.call('getIP', function(err, result){
if(!err){
console.log(result);
} else {
console.log(err);
}
};
See what you get from that response. If that works, you can just call the method on Template.rendered or whenever you need the IP.
Otherwise, I'm pretty sure you should be able to set the IP to an arbitrary header in your nginx conf and then access it directly in the req object.
By the way, in the nginx config you included, I think you need to use real_ip_header X-Forwarded-For; so that real_ip will use that header to locate the client IP, and you should also set real_ip_recursive on; so that it will ignore your trusted set_real_ip_from
Alright, so after a sleepless night and learning everything I could about the way STUD and HAProxy protocol works, I came to a simple conclusion it's simply not supported.
I knew I could easily go back to have SSL termination at Nginx, but I wanted to make sure that my deployment has automation as MUP.
Solution? MUPX. The next version of MUP, but still in development. It uses Docker and has SSL termination directly at Nginx.
So there you have it. Lesson? Stable is not always a solution. :)
How can I host multiple Rails apps with nginx and Unicorn?
I currently have one site up and running thanks to "Deploying to a VPS".
I have searched but I need a step-by-step guide to get this working. The results I found are not so well explained to help me understand how to accomplish this.
Basically, you do the same thing you did to get everything for your first application running minus the Nginx installation. So, however you got your Unicorn instance for your first application running, do it again for your next application.
You can then just add another server block into your Nginx config with an upstream that points to that new Unicorn instance.
One Nginx running for the entire machine will do fine, with one Unicorn running per application.
Hope this helps some.
Here is a sample of the additional server block you would need to add for Nginx to serve additional applications:
upstream unicorn_app_x {
server unix:/path/to/unicorn/socket/or/http/url/here/unicorn.sock;
}
server {
listen 127.0.0.1:80;
server_name mysitehere.com aliasfor.mysitehere.com;
root /path/to/rails/app/public;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
if (!-f $request_filename) {
proxy_pass http://unicorn_app_x;
break;
}
}
}
The instructions provided above were not enough.
my startup file: /etc/init.d/unicorn had several references to a single host's configuration. With these configurations, it would not serve a second host.
so I created a new startup instance of unicorn.
cp /etc/init.d/unicorn /etc/init.d/unicorn_app_x
edited /etc/init.d/unicorn_app_x, replacing references to the first site with references to the second: including the unique socket.
then I added the file to startup automatically: update-rc.d act_unicorn defaults
it finally worked!