Quantcast
Channel: Nginx Forum - How to...
Viewing all 2931 articles
Browse latest View live

saving binary POST data to disk (no replies)

October 2, 2019, 10:55 am
$
0
0
Hello,

I'm working on a Microsoft Office Online integration, and they POST data
to us (we use nginx in a rails app), but the post body is binary data,
not multipart/form-data.

I'd love to use nginx-upload-module, or something similar to save the
binary data to disk, then pass the request to rails. Is anyone aware of
any other nginx modules that would do this? I tried
nginx-upload-module but I get
NGX_HTTP_UNSUPPORTED_MEDIA_TYPE because there's no Content-Disposition
header coming through the POST.
Search

error_log shows notices even though it is set to "error" or "crit" (no replies)

October 3, 2019, 1:16 pm
$
0
0
I have setup Nginx on my Debian 10 server.
And in nginx.conf I have set error_log to error, which means it should only show errors or worse in the log (according to the docs).

Still my error_log gets filled with these notices:
2019/10/03 20:41:42 [notice] 25419#25419: signal process started

I even tried to go up one level from error to crit, and it still shows these notices.

How do I disable them?

Thank you!

Update Nginx with Certbot to most recent stable version (no replies)

October 7, 2019, 9:49 am
$
0
0
Hi. I'm very new to Linux and Nginx, so forgive me silly question.

I use Nginx with Certbot as reverse proxy on my little home server, with few apps on it. My Nginx version is 1.12. and I've heard that it has some security issues. So I decided to update Nginx to most recent stable version. As I said before I'm not good in all that Linux stuff, so I found some tutorials, how to make an update. But all of them made just new install of 1.16 without my config, which is quite complicated (a least for me).

So is there any chance to make a simple update to most recent stable version, without loosing my current config? If it's not too much, step by step instruction would be great.

Allow page to run bash script from another directory (no replies)

October 10, 2019, 9:42 am
$
0
0
So I have an nginx server block that looks like this:
server {
listen 80;
ssi on;
server_name utils.mydomain.com;
location / {
root /home/webroot/html;
}
location /cgibin {
root /home/webroot/cgibin;
gzip off;
fastcgi_pass unix:/run/fcgiwrap/fcgiwrap-nginx.sock;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME /home/webroot$fastcgi_script_name;
}
}

servers bash scripts just fine. But in one of the pages, I'm trying to run a shell script located somewhere else on the server, here's a simple example:
#!/bin/sh
echo "Content-type: text/html"
echo "<html><body>"
echo "Starting script:"
echo "<pre>"
/home/jps/Admin/new_lib param1 param2
cat << EOF
</pre>
<h3>Done.<h3>
</body></html>
EOF

I keep getting this error:
2019/10/10 09:12:46 [error] 57640#0: *4480 FastCGI sent in stderr: "/home/webroot/cgibin/agent/admin/new_lib_work: line 105: /home/jps/Admin/new_lib: Permission denied"

I tried using ACL controls to add the nginx user/group to the new_lib file with rwx perms, I tried even making nginx the owner of that whole folder. Always says permission denied. Is there a way to accomplish this? I don't want to do chmod 777. I'd like a somewhat secure way of doing this.

Thanks.

Redirect Error - Special character download (no replies)

October 11, 2019, 3:03 am
$
0
0
Hi to all,

I've install iRedMail software over a new VPS with CentOS 7.7 x64.
The scope of that server is manage mail from 3 domain (magri.email, sempai.it and zulberti.it).
Additional, i'd like to have 3 website (magri.email, sempai.it and zulberti.it) for each root folder under /var/www/html/
I've generate for each domain the following conf file under /etc/nginx/sites-available (and symbolyc lik under sites-enable) with that configuration :

server {
listen 80 http2;
listen [::]:80 http2;
server_name www.magri.email;
return 301 https://$host$request_uri;
}
server {
listen 80 http2;
listen [::]:80 http2;
server_name magri.email;
return 301 https://www.$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name magri.email;
return 301 https://www.magri.email$request_uri;
include /etc/nginx/templates/ssl.tmpl;
include /etc/nginx/templates/hsts.tmpl;
include /etc/nginx/templates/php_catchall.tmpl;
include /etc/nginx/templates/misc.tmpl;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.magri.email;
root /var/www/html/magri.email;
index index.php index.html index.htm;
include /etc/nginx/templates/ssl.tmpl;
include /etc/nginx/templates/hsts.tmpl;
include /etc/nginx/templates/php_catchall.tmpl;
include /etc/nginx/templates/misc.tmpl;
}

If i do a check with curl or firefox/chrome or other browser with https it work fine.
Redirect work successfully :

[root@srv-main sites-available]# curl -I https://magri.email
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 11 Oct 2019 10:01:57 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.magri.email/
Strict-Transport-Security: max-age=63072000

[root@srv-main sites-available]# curl -I https://www.magri.email
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 11 Oct 2019 10:02:02 GMT
Content-Type: text/html
Content-Length: 770
Last-Modified: Wed, 09 Oct 2019 23:26:53 GMT
Connection: keep-alive
ETag: "5d9e6cbd-302"
Strict-Transport-Security: max-age=63072000
Accept-Ranges: bytes

If i do the same check with HTTP over curl i've the following error output :

[root@srv-main sites-available]# curl -I http://magri.email
▒▒[root@srv-main sites-available]# xterm-256color
-bash: xterm-256color: command not found
[root@srv-main sites-available]# curl -I http://www.magri.email
▒▒[root@srv-main sites-available]# xterm-256color
-bash: xterm-256color: command not found

As you can see it try to print a special characther instead redirect over HTTPS.
From the browser start a file download.

How i can solve that problem :-( ?

Thanks for your support.

Nginx cakephp run subfolder (no replies)

October 12, 2019, 2:26 am
$
0
0
I am using cakephp + winNMP (nginx+mariadb+php), I have successfully run the web on nginx. http://localhost I want to run a similar cakephp code in a subdirectory. eg: http://localhost/subfolder My directory structure is :

link image Is config nginx :

root "c:/winnmp/www/huyquangltd";
autoindex on;
location ~ \.php$ {
#try_files $uri =404;
include nginx.fastcgi.conf;
include nginx.redis.conf;
fastcgi_pass php_farm;
fastcgi_hide_header X-Powered-By;
}

location / {
try_files $uri $uri/ /index.php?$args;
}
http://localhost/ <-- ok
http://localhost/subfolder <-- not ok

Please help me or have any ideas!

Thank you

[nginx settings] How do I combine a proxy pass: unix with a TCP:Port options? (no replies)

October 12, 2019, 3:13 am
$
0
0
Hello.
I have an Ubuntu 18.04 with VestaCP
(A Lightweight Web Hosting Control Panel which is simple and does exactly what I want to do with a few simple clicks)
for Hosting my Python Apps using Gunicorn.

I have configured Gunicorn to use a unix socket for more speed/performance and when I use that socket on my nginx settings file, I cannot use other options or I do not know how to use/combine them with proxy_pass unix socket.

VestaCP provides me customized settings for my web-apps for they are not customized for unix sockets
The reason I want to combine those settings with unix socket I can do my job a lot easier for customized error documents


When I don't use proxy_pass, an example of 404 Error:
https://i.imgur.com/1KG3UE2.png

If I use proxy_pass with Unix socket I get this:
https://i.imgur.com/a9ahcxF.png

and my settings
https://pastebin.com/26G6bT27

IMAP LOGIN command using literals, but not supported on backend (no replies)

October 14, 2019, 11:54 am
$
0
0
Hi,

I have an NGINX setup that is terminating SSL on the frontend and passing through to the backend IMAP server. When the client sends a command like "4 LOGIN username password", the corresponding command being sent by NGINX to the backend is "4 LOGIN {15}". NGINX is converting and using literals, unfortunately, the backend does not support this.

Is there a way to have NGINX just pass the LOGIN command as received, without using literals?

Thank you,
Louis
Search

Config line based by ip (no replies)

October 15, 2019, 5:55 am
$
0
0
Hi
Is there any possibility to place a config line for ngnix that would execute only for certain ip?
Something like if ip==...
Then do ...
Thanks

Auth module question (no replies)

October 23, 2019, 4:30 pm
$
0
0
I am very close setting up my auth module. Here is the config. My issue is I cannot pass $query to an external site without using resolver 8.8.8.8 and if I do that then I cannot get redirected after authentication, I receive a 404. Can someone help?

server {
listen 8080 ssl;
ssl_certificate cert.pem;
ssl_certificate_key key.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;


location / {
auth_request /auth;

auth_request_set $auth_status $upstream_status;


proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Authorization "Basic *****************"; # base64-encoded username:password to pass in header
proxy_pass https://172.16.1.221:2101; L
}

location = /auth {
internal;
# proxy_ssl_verify off;
set $query '';
if ($request_uri ~* "[^\?]+\?(.*)$") {
set $query $1;
}
resolver 8.8.8.8;
proxy_pass https://externalwebsite/auth.php?$query;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
# proxy_set_header X-Original-URI $request_uri;
}

error_page 401 = @error401;

# If the user is not logged in, redirect them to Vouch's login URL
location @error401 {
return 302 https://192.168.1.221:3000;
}
}

How to implement a Php (laravel) website trough Nginx reverse proxy? (no replies)

October 25, 2019, 2:23 am
$
0
0
Hello, I want to make a Laravel app that serves as DDoS protection. The goal is to show a challenge page to users and when they solve the captcha to get redirected to the website.

As for server configuration so far I've made a Nginx reverse proxy server which leads to the server where is the website.

At the moment if a user types `www.website.com` it will first go trough the reverse proxy and than will open the website. I want to implement the Laravel app here on the reverse proxy server.

Reverse proxy configuration:

server {

#Charset
charset utf-8;

listen 80 default_server;
server_name www.website.com website.com;
client_body_timeout 5s;
client_header_timeout 5s;

location / {
proxy_set_header Host $host;
proxy_pass http://xxx.xxx.xxx.xxx/; #upstream ip
}

#Logs
error_log /var/log/nginx/errors.log;
access_log /var/log/nginx/access.log;

#Show Real IPs
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2c0f:f248::/32;
set_real_ip_from 2a06:98c0::/29;

# use any of the following two
real_ip_header CF-Connecting-IP;

}

So my question is how to tell the reverse proxy server if a user hits the home page `www.website.com` to get redirected to the website which is on the other server and if it is another page lets say `www.website.com/about` to get redirected to the captcha challenge which is stored in /var/www/challenge ?

Mysterious 301s (no replies)

October 25, 2019, 4:23 am
$
0
0
Ok, I have nginx running on a server. I don't mind sharing the URLs.

One site on the server is rentmy.world - both www.rentmyworld and rentmyworld work, as http and https.
Now I'm trying to bring back online a second site, badllama.net. I've been trying to get http working before I delve into https.

Hitting http://www.badllama.net redirects with a 301 to http://badllama.net - that's fine, that's what I set up in the config.
But *then* http://badllama.net is redirecting with a 301 to https://badllama.net - that's not a problem in itself, eventually it's what I want it to do. But I've not setup https yet so I can't figure out *where* that 301 is coming from.

Any advice? Anything I can share from the server to help figure out where this 301 is coming from?

How to set up a NGINX captive portal for a website? (no replies)

October 27, 2019, 2:08 am
$
0
0
Hello, I have two servers. On one I run a website called `example.com`

And at the moment I use the other server as a Nginx proxy. So I aimed the domain to the proxy server, which proxy passes the IP of the website server.

How can I implement a page on the proxy server to stop all incoming traffic and ask them for a simple captcha authentication? If the captcah is solved they will be proxy_passed to the IP of the other server, and will never see this page again. If they don't they will stay at the captcha page until they solve it. How can I do this?

How to allow access to a URL from only a selected IP (1 reply)

October 29, 2019, 1:00 am
$
0
0
I am using Nginx on my Ubuntu 18.04 box, running OpenHAB. I am only wanting a particular IP on my network to be able to browse to any URL with '/paperui/' in the address.

My configuration files looks as follows:

server {
listen 80;
server_name mydomain_or_myip;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name mydomain_or_myip;

ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem; # or /etc/ssl/openhab.crt
ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem; # or /etc/ssl/openhab.key
add_header Strict-Transport-Security "max-age=31536000"; # Remove if using self-signed and are having trouble.

location / {
proxy_pass http://localhost:8080/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
satisfy any;
allow 192.168.0.1/24;
allow 127.0.0.1;
deny all;
auth_basic "Username and Password Required";
auth_basic_user_file /etc/nginx/.htpasswd;
}

#### When using Let's Encrypt Only ####
location /.well-known/acme-challenge/ {
root /var/www/mydomain;
}
}

Smtp proxy, modify headers, possibile? (no replies)

October 28, 2019, 5:17 pm
$
0
0
I want to use Nginx as a smtp proxy, is it possibile to add headers to email message being proxied?
Search

NGINX as Internet Proxy (no replies)

October 29, 2019, 9:06 pm
$
0
0
Hello everyone

I'm trying to use NGINX as a transparent proxy using module ngx_http_proxy_connect_module. The configuration works when I navegate to http website or set proxy on my browser, but when I try to acess https websites using nginx as transparent , it simply timeout , is there any way I can access https websites through nginx ?

thanks in advance.

Serve up 2 Sites, 1 is php (no replies)

November 1, 2019, 10:36 am
$
0
0
OK, so I'm trying to follow this page to serve up 2 sites on RHEL 7.5:

https://www.if-not-true-then-false.com/2011/install-nginx-php-fpm-on-fedora-centos-red-hat-rhel/

I've gotten pretty far, but can't seem to get the location directives right. The PHP site is by mediawiki, but for now just trying to get a phpinfo page to pop. Root of the site is going to a rundeck site which works fine as it is now. Here are my location attributes:

location /wiki {
alias /var/www/wiki/html;
index index.html index.htm index.php;
}

location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:8080;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}

location / {
proxy_pass http://localhost:4440;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

Seems like I'm not tying the /wiki site to the php directive, but I tried various things to do that and most of them I couldn't even get nginx to start with. Any help would be amazing!

Thanks,
Eric

nginx STARTER (no replies)

November 2, 2019, 1:55 pm
$
0
0
hello to everyone I'm interested in understating how ( by means of where in the source code ) nginx parses http packets and how can I set it up so I can make my own local connections and try to send packets.
where in the source code nginx handles the data inside of a packet ?

NGINX redirect to HTTPS, while still maintaining HTTP route for Let's Encrypt Challenges (no replies)

November 5, 2019, 5:18 am
$
0
0
I can successfully route traffic from port 80 to HTTPS, and I can also get the Let's Encrypt SSL certificate successfully. But my problem starts when I want to do both.

Whenever my certs are expiring I have to adjust the config to pass the Let's Encrypt challenges. And that's no good.

Here is the config that is passing the challenges successfully

------------------------------------------------

server {
listen 80;
listen [::]:80;
server_name example.com *.example.com;

#for certbot challenges (renewal process)
location ~ /.well-known/acme-challenge {
allow all;
root /data/letsencrypt;
}

root /data/letsencrypt;
index index.html;
}
------------------------------------------------------

And here is a config that routes the traffic to HTTPS

-----------------------------------------------------

server {
listen 80 default_server;
listen [::]:80 default_server;
server_name example.com *.example.com;

location / {
return 301 https://$host$request_uri;
}

return 444;
}
-----------------------------------------------------


Whenever I start trying to combine them, the routing to HTTPS seems to take over and the challenges break.

It could be also useful to note that I'm using Nginx as a reverse proxy in a Docker environment, so from HTTP, I'm routing to HTTPS, and from there I'm reverse proxying for other services.

Reverse Proxy URL Without Base URL (no replies)

November 6, 2019, 7:10 am
$
0
0
Hey Guys -

I use Nginx in my home lab as a reverse proxy for multiple locally hosted pages as well as add an SSL layer. Although I've successfully been able to configure most of my pages in the past, I'm having trouble with this one. Below are details followed by what I've tried with results…

Details
- Trying to forward URL which is hosted on port 80 of a LAN system - "http://prtgsvr" (prtgsvr is a hostname)
- Wish to rewrite it to https://mydomain.com/prtg
- Application does not offer option to configure a base URL
- Browsing to "http://prtgsvr" simply goes to "http://prtgsvr/index.html"

Attempt #1
location /prtg {
rewrite /prtg(.*) /$1 break;
proxy_pass http://prtgsvr;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Connection "";

Result #1
Page tries to load until it times out with 404 which then shows it was trying to go to "mydomain.com/index.html"

Attempt #2
location /prtg/ {
proxy_pass http://prtgsvr/;
proxy_redirect http://prtgsvr/ http://mydomain.com/prtg/;
proxy_set_header Host $host;
proxy_set_header Referer $http_referer;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
}

Result #2
Redirected to "mydomain.com/index.html" and displayed 404 since I do not have an index.html in the root. I also tried this using "https" on the proxy_redirect line with the same results.

If it Helps...
When searching for a solution, I did find the below config which someone used with the same application, however; it doesn't redirect it to a URL Base:

upstream prtgaero-rs {
server prtgaero.palmbeach.k12.fl.us;
keepalive 32;
}
server {
listen 443 ssl;
server_name prtgaero01.palmbeach.k12.fl.us
ssl on;
ssl_certificate /etc/nginx/ssl/prtgaero01.crt;
ssl_certificate_key /etc/nginx/ssl/prtgaero01.pem;
location / {
proxy_pass http://prtgaero-rs;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
}

Thanks Guys
Viewing all 2931 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>