Tag: nginx

HTTPS + Nginx Reverse Proxy + URL rewrite

I am trying to direct all HTTPS traffic to Nginx server where it will handle all the requests as HTTP requests to all internal servers. So far, I am able to get the template below to work for most of my servers.

server {
    listen 443 default ssl;
    ssl_certificate /etc/letencrypt/live/somesite.com/fullchain.pem;
    ssl_certificate_key /etc/letencrypt/live/somesite.com/privkey.pem;
    server_name somesite.com;

    location ^~ /Service {
      proxy_pass http://192.168.1.2;
    }
}

However, I am restricted to always having to match up https://somesite.com/Service with http://192.168.1.2/Service in order for the above to work.

I can’t have https://somesite.com/Service to work with http://192.168.1.2/Hello.

Or that I can’t direct this to other port like https://somesite.com/Service with http://192.168.1.2:3000.

So I tried using rewrite in combination of what I have above, but I ran into a Page Not Found. I presume that it doesn’t seem to work for HTTPS maybe? Thus, it led me to asking the question of how to configure Nginx to reverse proxy with URL rewrite and HTTPS externally.

installation – Magento2 doesn’t load in Browser after fresh install and successful nginx config test

I successfully deployed the latest Magento 2.4.1 on Ubuntu 18.04, PHP, Nginx with letsencrypt cert.

Previously, when i visit my domain i was able to see the magento 2 welcome page. After having made the Command line installation successfully and got the unique link to admin panel, visiting magento through the browser is returning a server not found error.

When i send a GET request to local host (NOT https) from server side, it returns the following Nginx welcome page.

curl -XGET http://localhost

<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>

</body>
</html>

I am able to successfully ping my connected domain over the internet which returns the actual server IPv4 address

root@pc:~# ping domain.com
PING domain.com (xxx.xx.xxx.xx) 56(84) bytes of data.
64 bytes from xxx.xx.xxx.xx (xxx.xx.xxx.xx): icmp_seq=1 ttl=53 time=161 ms
64 bytes from xxx.xx.xxx.xx (xxx.xx.xxx.xx): icmp_seq=2 ttl=53 time=82.6 ms
64 bytes from xxx.xx.xxx.xx (xxx.xx.xxx.xx): icmp_seq=3 ttl=53 time=105 ms

If i ping my domain with “www.” before it retuns the below

root@pc:~# ping **www**.domain.com
ping: www.domain.com: Name or service not known

Possible issues:

I have magento installed in var/www/ instead of var/www/html but i made the necessary changes in default.conf as well as nginx.conf and the sample configuration file in the magento2 filesystem configuration (nginx.conf.sample)

The solution may be something very simple that i missed, does anyone have an idea?

Add subdomain for kibana with nginx

I’m trying to include a subdomain kibana.domain.com however the proxy setup isn’t working. The domain without the subdomain works, and all the redirects for no-www and ssl work for the base domain. Any recommendations would be helpful, thanks.

nginx.conf

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    include /etc/nginx/conf.d/*.conf;

    server {
        listen [::]:80;
        listen 80;
        server_name example.com www.example.com;

        include snippets/letsencrypt.conf;

        return 301 https://$host$request_uri;
    }

    server {
        listen [::]:443 ssl http2;
        listen 443 ssl http2;
        server_name www.example.com;

        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
        ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
        include snippets/ssl.conf;
        include snippets/letsencrypt.conf;

        return 301 https://example.com$request_uri;
    }
    
    server {
        listen [::]:443 ssl http2;
        listen 443 ssl http2;
        server_name example.com;

        access_log   /var/log/nginx.access_log  main;

        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
        ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
        include snippets/ssl.conf;
        include snippets/letsencrypt.conf;

        index index.html index.htm;

        location / {
            root /var/www/html;
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }
}

/etc/nginx/conf.d/kibana.conf

server {
    listen [::]:80;
    listen 80;
    server_name kibana.example.com;

    return 301 https://kibana.example.com$request_uri;
}

server {
    listen [::]:443 ssl http2;
    listen 443 ssl http2;
    server_name kibana.example.com;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
    include snippets/ssl.conf;
    include snippets/letsencrypt.conf;

    auth_basic "Restricted Access";
    auth_basic_user_file /etc/nginx/htpasswd.users;

    location / {
        proxy_pass https://localhost:5601;
        proxy_http_version 1.1;
        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_redirect off;
    }
}

linux – nginx: split requests to very large directories to subdirs

I have webdav server serving requests for items
like

  • /path/to/directory/not_a_problem1.json
    and
  • /path/to/directory/eeca9352c1ec475aadbd9d8c6e6aea94.ext. (long name of exactly specific number of chars, this directory contains A LOT of files, 100k+).

Is it possible to modify requests so they will be to something like /path/to/directory/eeca/9352/c1ec4/eeca9352c1ec475aadbd9d8c6e6aea94.ext and also re-order existing files (if it’s necessary)? (files not matching pattern should be left in place).

Reason – webdav server takes at least 20 seconds to answer every request to this directory (but <1 second on others).

Everything on ext4 formatted SSDs.

I can’t modify logic on WebDAV server.

I can modify nginx.

I can move files on storage attached to WebDAV server.

Nginx runs on Ubuntu 18. Webdav server is in docker container.

ssl – Nginx connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.128.1, server: hello-1.local

I am trying to setup ssl on my django + docker + nginx environment. However I encountered this error:

*19 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.128.1, server: hello-1.local, request: “GET / HTTP/1.1”, upstream: “https://192.168.128.4:443/”, host: “hello-1.local”

My Nginx config:

client_max_body_size 10M;

upstream web {  
  ip_hash;
  server web:443;
}

server {
    listen 80;
    server_name hello-1.local;
    return 301 https://$host$request_uri;
}

server {    
    
    location /static/ {    
        autoindex on;    
        alias /src/static/; 
    }

    location /media/ {
        autoindex on;
        alias /src/media/;
    }

``

    location / {
        proxy_pass https://web/;
    }
    
    listen 443 ssl;
    server_name hello-1.local;
    ssl_certificate /etc/certs/hello-1.local.crt;
    ssl_certificate_key /etc/certs/hello-1.local.key;
    
}

docker-compose.yml:

version: "3"

volumes:
  local_postgres_data: {}
  local_postgres_data_backups: {}

services:
  nginx:
    image: nginx:alpine
    container_name: nz01
    ports:
      - 443:443
      - 80:80
    volumes:
      - ./src:/src
      - ./config/nginx:/etc/nginx/conf.d
      - ./config/certs:/etc/certs
    depends_on:
      - web
    networks:
      - djangonetwork
  web:
    build:
      context: .
      dockerfile: compose/django/Dockerfile
    container_name: dz01
    depends_on:
      - db
    volumes:
      - ./src:/src
    expose:
      - 8000
    links:
      - redis
    env_file:
      - ./.envs/.django
    networks:
      - djangonetwork
  db:
    build:
      context: .
      dockerfile: compose/postgres/Dockerfile
    container_name: pz01
    env_file:
      - ./.envs/.postgres
    volumes:
      - local_postgres_data:/var/lib/postgresql/data
      - local_postgres_data_backups:/backups
    networks:
      - djangonetwork
  redis:
    image: redis:alpine
    container_name: rz01
    ports:
      - "6379:6379"
    networks:
      - djangonetwork

networks:
  djangonetwork:
    driver: bridge

In browser, I get 502 Bad Gateway error and without ssl, the website run well. What could be the problem?

Nginx SSL tuning tips

haydenjames.io


Nginx tuning tips: TLS/SSL HTTPS – Improved TTFB/latency

Nginx tuning tips to help improve the performance of Nginx w/ HTTPS for better TTFB and reduced latency. Includes HTTP/2, session cache, HSTS, OCSP stapling

haydenjames.io


haydenjames.io

How to deploy Flask application with Nginx and uWSGI?

I am deploying Flask application with Nginx and uWSGI for first time. Nginx will listen to port 8000 and WSGI will listen to 8081. I followed the instructions given in problem statement, but the NGINX fails to start.

Problem statement: Deploy a simple flask application with nginx and uwsgi.

Commands for configuring nginx server as per Problem statement:

  1. sudo vi /etc/nginx/nginx.conf
  2. The I was asked to include /projects/challenge/deploy.config in Virtual Host configs.
  3. sudo service nginx restart

For the code, this is what I did: wsgi.py

# Put your code here
from projects.challenge import app
if __name__ == "__main__":
    app.run()

deploy.conf

server {
    listen 8000;
    server_name localhost:8081;

    location / {
        include uwsgi_params;
        uwsgi_pass 127.0.0.1:8080;
    }

    location /Hello {
        alias /project/challenges/api.py
    }
}

The test code given in the question for testing deploy.conf is:

def test_conf_file_contents(self):
        with open('deploy.conf', 'r') as f:
            content = f.read()
            assert "location /Hello" in content
            assert "server localhost:8081" in content
            assert "listen 8000" in content

api.py

from flask import Flask, request, make_response


app = Flask(__name__)
app.secret_key = "Thisisyoursecret"


# Create a simple endpoint /Hello with return message "Welcome to your flask application"

@app.route('/Hello')
def hello():
  res=make_response("Welcome to your flask application")
  return res

As per instruction in the question, I included deploy.conf in Virtual Host Configs of nginx.conf file as follows:

http{
   ...
        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
        include /projects/challenge/deploy.conf
}

uwsgi.ini

(uwsgi)
socket=127.0.0.1:8081
wsgi-file=wsgi.py

The error is:

user@workspacede6jnv452qg2cr45:/projects/challenge$ sudo service nginx restart
 * Restarting nginx nginx                                                                (fail) 
user@workspacede6jnv452qg2cr45:/projects/challenge$

On going to path etc/nginx and starting:

user@workspacede6jnv452qg2cr45:/etc/nginx$ sudo service nginx restart
 * Restarting nginx nginx

nginx is failing to restart when I include deploy.conf in Virtual configuration of nginx.conf. But it starts when I do not include deploy.conf.

I might be making some obvious mistake, I went through Google and Youtube but could not figure out what to fix. No solution worked. I suspect the deploy.conf file but I have no clue how to fix the issue.

Kindly suggest me what to do.

ubuntu – Nginx rate limiting on unique IPs

we’ve been dealing with constant attacks on our authentication url, we’re talking millions of requests per day, my guess is they are trying to brute force passwords.

Whenever we would block the IP with the server firewall, few seconds later the attacks would start again from a different IP.

we ended up implementing a combination of throttling through rack-attack plus custom code to dynamically block the IPs in the firewall. But as we improved our software’s security, so did the attackers, and now we are seeing every request they make is done from a different IP, one call per IP, still several per seconds, not as many but still an issue.

Now i’m trying to figure out what else can i do to prevent this, we tried recaptcha but quickly ran out of the monthly quota and then nobody can login.

I’m looking into Nginx rate limiter but from what I can see it also uses the IP, considering they now rotate IPs for each request, is there a way that this would work?

Any other suggestions on how to handle this, maybe one of you went through the same thing?

Stack: Nginx and Rails 4, Ubuntu 16.

nginx – There is no organization established in GCP. Which channel can I use to reflect the status of GCP virtual machines?

There is no organization established in GCP. Which channel can I use to reflect the GCP virtual machine problem?

In the web server, I configure through nginx, but the timeout appears from time to time on the browser, and the timeout appears. The ping is normal but all ports on this IP seem to be inaccessible.

nginx – WordPress – Carga distinta en navegación normal e incógnito

¡Buenos días comunidad!

Recientemente hemos instalado en nuestro servidor Nginx con PHP 7.3 un WordPress en la versión más reciente. La instalación es correcta en todo momento y los problemas surgen al aplicar una plantilla.

En la navegación normal se ve como la plantilla se ha aplicado correctamente pero al entrar en navegación de incógnito se ve todo por defecto, sin cambios.

Entre las múltiples pruebas hemos reinicado Nginx, purgado caché de WordPress y el servidor. Hemos hecho cambios dentro de la instalación y continúan los problemas.

En este servidor tenemos varias instalaciones en WordPress y no hemos tenido problemas con éstas, simplemente con estas instalaciones limpias. ¿Alguien ha tenido algún problema parecido?

Muchas gracias y un saludo.

introducir la descripción de la imagen aquí

introducir la descripción de la imagen aquí¡