Hi I am trying to use rack ssl with my nginx. Everything works fine on all pages apart from my statics dragonfly images which is serve as a proxy via nginx. Here is that part of the config (ofc when in non ssl mode all images serves just fine). Any idea how to solve this?:
server {
listen 0.0.0.0:443;
server_name server.com;
root /home/rails/production/current/public;
passenger_enabled on;
rails_env production;
ssl on;
ssl_certificate some.crt;
ssl_certificate_key some.key;
location /home {
rewrite ^ https://www.example.com/ permanent;
}
location /media {
try_files $uri #media;
}
location #media {
proxy_redirect off;
proxy_pass http://unix:/tmp/nginx-production.sock;
proxy_store /home/rails/production/current/public$uri;
proxy_store_access user:rw group:rw all:r;
}
}
EDIT ------
Ok I got abit further. I found a section of my nginx conf that had this:
server {
listen unix:/tmp/nginx-production.sock;
root /home/rails/production/current/public;
passenger_enabled on;
rails_env staging;
}
ofc you see rails_env was wrong so i changed it to production and all images returns fine if it was not populated via a ajax request.. so the hunt goes on :(
EDIT ------
found this also. All image that does not render under ssl have a URL of: https:///media/ chrome shows a 502
but ones that does redner have:
https:///media/?
Am starting to this is somthing with the way dragonfly is used? Then why is it ok for some and not other...
Related
I'm trying to use Nginx to expose my Web APIs on port 80 using proxy_pass. The Web APIs are written in Node using Express and they are all running on separate port numbers.
I have locations working in the nginx.conf file when pulling static files from the root and /test, but receive a 404 error when trying to redirect to the API. The API I'm testing with runs on port 8080 and I'm able to access and test it using Postman.
This is using Nginx 1.16.1 being hosted on a Windows 2016 Server
http {
include mime.types;
default_type application/octet-stream;
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost crowdtrades.com;
//Root and /test locations are working correctly
location / {
root c:/CrowdTrades;
index index.html index.htm;
}
location /test/ {
root c:/CrowdTrades/test;
index test.html;
}
// #Test2 this is the location I'm not able to get working
location /test2/ {
proxy_set_header Host $host;
proxy_pass http://localhost:8080/api/signup/;
}
}
}
So after trying all kinds of configuration changes and restarting Nginx each time I gave up for the night. My cloud VM is scheduled to shut down at night, when I picked this up in the AM it was working. I have no idea why it's working now but restarting the server seemed to help.
I am trying to use nginx as reverse proxy with ssl to access my locally running web services deployed by docker containers. When specifying locations in nginx, I don't only get the start page of the server but I am not able to follow any links on that page. Besides that, Images of my web service are not displayed.
I have already read the nginx documentation and tried out a lot of different things. For instance, when I am just omitting the location, the web service runs perfectly fine.
Working example of the nginx.conf:
location /{
location / {
proxy_pass http://127.0.0.1:7081/;
include /etc/nginx/proxy_params;
}
Not Working example of the nginx.conf:
location /wiki/ {
rewrite ^/wiki(.*) /$1 break;
proxy_pass http://127.0.0.1:7081/;
include /etc/nginx/proxy_params;
}
I am obviously missing something in the latter example. Does anyone know, what I am missing, so that I can simply proxy pass request directly to my dockerized web service?
EDIT:
Here a more and hopefully reproducible example:
The docker container I launched, was simply a base MediaWiki which was published internally on localhost on port 7081.
docker run --name some-mediawiki -p 127.0.0.1:7081:80 -d mediawiki
The file in /etc/nginx/sites-available/default looks like this:
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
server_name my.domain.de;
return 301 https://$host$request_uri; }
server {
listen 443 ssl;
server_name my.domain.de*;
# SSL-Certificate and key
ssl_certificate /etc/ssl/certs/my_full_chain.pem;
ssl_certificate_key /etc/ssl/private/my-key.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
location /wiki {
rewrite ^/wiki(.*) /$1 break;
proxy_pass http://127.0.0.1:7081/;
include /etc/nginx/proxy_params;
}
}
I've got a small website that I'm running on docker, with the 'dev' version on port 9090 and the 'master' version running on port 8080.
I'm using Nginx on the host (not running on docker) to handle the proxying on port 80/443 for requests coming from the internet.
The port 80/443 proxying works perfectly. No problems there.
Problem: When try and create a server running on port 90 (to show the dev version of the site) which is intended to be insecure, this seems to attempt a redirect back to the SSL version of the site, which is confirmed by the browser redirecting to SSL, and i get an error on the page : ERR_SSL_PROTOCOL_ERROR
If i comment out the server running on port 80, this problem goes away, but then i lose my port 80 redirects on the live/master site.
Can anyone see what might be the problem in how i'm setting up the config - thanks! Config below :
server {
listen 443 ssl;
server_name xxxxxxxxxxxxx.co.uk www.xxxxxxxxxxxxx.co.uk;
{some ssl config here}
add_header Strict-Transport-Security max-age=15768000;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_pass http://localhost:8080;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name xxxxxxxxxxxxx.co.uk www.xxxxxxxxxxxxx.co.uk;
return 301 https://$host$request_uri;
}
server {
listen 90;
server_name xxxxxxxxxxxxx.co.uk www.xxxxxxxxxxxxx.co.uk;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_pass http://localhost:9090;
proxy_redirect off;
}
}
Your problem is caused probably by Strict-Transport-Security header set on port 433. Which told browser to force SSL on this server/domain for the time in header.
Try to remove header and try on cache free browser.
On AWS, I'm trying to migrate a PHP Symfony app running on nginx. I want to be able to test the app by directly talking to the EC2 server and via an ELB (the public route in).
I've setup an elastic load balancer to decrypt all the SSL traffic and pass this on to my EC2 server via port 80, as well as pass port 80 directly onto my EC2 server via port 80.
Initially this caused infinite redirects in my app but I researched and then fixed this by adding
fastcgi_param HTTPS $https;
with some custom logic that looks at $http_x_forwarded_proto to figure out when its actually via SSL.
There remains one issue I can't solve. When a user logs into the Symfony app, if they come via the ELB, the form POST eventually returns a redirect back to
https://elb.mysite.com:80/dashboard
instead of
https://elb.mysite.com/dashboard
which gives the user an error of "SSL connection error".
I've tried setting
fastcgi_param SERVER_PORT $fastcgi_port;
to force it away from 80 and I've also added the
port_in_redirect off
directive but both make no difference.
The only way I've found to fix this is to alter the ELB 443 listener to pass traffic via https. The EC2 server has a self certified SSL certificate configured. But this means the EC2 server is wasting capacity performing this unnecessary 2nd decryption.
Any help very much appreciated. Maybe there is a separate way within nginx of telling POST requests to not apply port numbers?
Nginx vhost config:
server {
port_in_redirect off;
listen 80;
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/mysite.com/self-ssl.crt;
ssl_certificate_key /etc/nginx/ssl/mysite.com/self-ssl.key;
# Determine if HTTPS being used either locally or via ELB
set $fastcgi_https off;
set $fastcgi_port 80;
if ( $http_x_forwarded_proto = 'https' ) {
# ELB is using https
set $fastcgi_https on;
# set $fastcgi_port 443;
}
if ( $https = 'on' ) {
# Local connection is using https
set $fastcgi_https on;
# set $fastcgi_port 443;
}
server_name *.mysite.com my-mysite-com-1234.eu-west-1.elb.amazonaws.com;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log error;
rewrite ^/app\.php/?(.*)$ /$1 permanent;
location / {
port_in_redirect off;
root /var/www/vhosts/mysite.com/web;
index app.php index.php index.html index.html;
try_files $uri #rewriteapp;
}
location ~* \.(jpg|jpeg|gif|png)$ {
root /var/www/vhosts/mysite.com/web;
access_log off;
log_not_found off;
expires 30d;
}
location ~* \.(css|js)$ {
root /var/www/vhosts/mysite.com/web;
access_log off;
log_not_found off;
expires 2h;
}
location #rewriteapp {
rewrite ^(.*)$ /app.php/$1 last;
}
location ~ ^/(app|app_dev|config)\.php(/|$) {
port_in_redirect off;
fastcgi_pass 127.0.0.1:9000;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param HTTPS $fastcgi_https;
# fastcgi_param SERVER_PORT $fastcgi_port;
#fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/vhosts/mysite.com/web$fastcgi_script_name;
include fastcgi_params;
}
}
References:
FastCGI application behind NGINX is unable to detect that HTTPS secure connection is used
https://serverfault.com/questions/256191/getting-correct-server-port-to-php-fpm-through-nginx-and-varnish
http://nginx.org/en/docs/http/ngx_http_core_module.html#port_in_redirect
Finally got a solution via another channel.
The answer is to commented out SERVER_PORT with a # in the file fastcgi_params file.
Much thanks to Maxim from Nginx.
I have a VPS on digital ocean. I can able to run multiple rails apps on same VPS using nginx+passenger. Now i want to map domain names. For this what should I do?
My nginx.conf file
server {
listen 80;
server_name localhost;
location ~ ^/uvarsity(/.*|$) {
alias /home/uvarsity/public$1; # <-- be sure to point to 'public'!
passenger_base_uri /uvarsity;
passenger_app_root /home/uvarsity;
passenger_document_root /home/uvarsity/public;
passenger_enabled on;
rails_env production;
}
location ~ ^/uvarsity-landing(/.*|$) {
alias /home/uvarsity-lp/public$1; # <-- be sure to point to 'public'!
passenger_base_uri /uvarsity-landing;
passenger_app_root /home/uvarsity-lp;
passenger_document_root /home/uvarsity-lp/public;
passenger_enabled on;
rails_env production;
}
location / {
root /home/amaravati/public; # <-- be sure to point to 'public'
passenger_enabled on;
}
}
What you want is virtual hosting.
The trick here is to define an upstream section in NGINX to define each application's backend server(s), and then a server section that passes traffic to the upstream.
Here's a very simple example I used to provide a virtual host localhost that redirected to a virtual machine running on VirtualBox. I was using localhost but the only requirement is that your browser requests the host by the name matching the server_name setting in the server block in the nginx config.
upstream apache {
server 192.168.70.1:1025;
}
server {
server_name localhost;
location / {
proxy_pass http://apache;
}
}