Hi, i work on this html file, but when i run it on web browser (with install NGINX), i see it like pic part 1, but it should be like in pic part 2. Any help?
↧
NGINX error (no replies)
↧
Nginx hangs when proxy_passing to nodejs (no replies)
Hi,
Could anyone give me some clue on how to troubleshooting such an issue. Here is my problem.
I'm setting up nginx as the reverse proxy for a new nodejs app. But when testing it, only 50% ~ 60% requests are passed to the nodejs app, other requests simple fail as a result of upstream timed out. The failure occurs even in a consistent way. The 1st request is successful, the 2nd request times out, then success, then timeout...
I even tried with a trivial expressjs app, which only respond to a GET request and send an empty response body. It fails in the same way. In the meantime, I'm use the same nginx instance to reverse proxy a Java app, it works well, no failure at all.
What I found is nginx didn't pass the requests to node in 50% of the time, it was just hanging there until timeout.
What should I check? What nginx or network setting may lead to such behavior? Thanks in advance!
My Env:
CentOS 8
nginx 1.14.1
nginx and the apps are on the same virtual machine
Could anyone give me some clue on how to troubleshooting such an issue. Here is my problem.
I'm setting up nginx as the reverse proxy for a new nodejs app. But when testing it, only 50% ~ 60% requests are passed to the nodejs app, other requests simple fail as a result of upstream timed out. The failure occurs even in a consistent way. The 1st request is successful, the 2nd request times out, then success, then timeout...
I even tried with a trivial expressjs app, which only respond to a GET request and send an empty response body. It fails in the same way. In the meantime, I'm use the same nginx instance to reverse proxy a Java app, it works well, no failure at all.
What I found is nginx didn't pass the requests to node in 50% of the time, it was just hanging there until timeout.
What should I check? What nginx or network setting may lead to such behavior? Thanks in advance!
My Env:
CentOS 8
nginx 1.14.1
nginx and the apps are on the same virtual machine
↧
↧
Reverse proxy first time setup (no replies)
Hello
I want to setup a reverse proxy "before" my local netwrok
I have a public IP for the nginx server which is 85.123.144.5
the local IP is 10.29.20.22
from the nginx server I can go to 172.16.x.x and also 10.29.x.x (all ports are open )
in the nginx I put a simple "FirstPage.html" that have links to all my devices (172.16.254.200 , 172.16.41.4 10.129.20.21 and so on)
when I press the link it get stuck and get error connection to wanted ip
what I need to do to make this work?
this is what I have (after trying all kind of things) - please feel free to fix and teach me
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location ~ ^/FirstPage.html/(.*)$ {
#proxy_set_header Host $http_host$request_uri;
proxy_pass http://x.x.x.x/$1;
#proxy_read_timeout 120s;
#access_log on;
}
{
can some one guide me and explain to me what I need to do ?
* I know this not good , but this is the last test I made - I have try all kind of setting *
Thanks ,
I want to setup a reverse proxy "before" my local netwrok
I have a public IP for the nginx server which is 85.123.144.5
the local IP is 10.29.20.22
from the nginx server I can go to 172.16.x.x and also 10.29.x.x (all ports are open )
in the nginx I put a simple "FirstPage.html" that have links to all my devices (172.16.254.200 , 172.16.41.4 10.129.20.21 and so on)
when I press the link it get stuck and get error connection to wanted ip
what I need to do to make this work?
this is what I have (after trying all kind of things) - please feel free to fix and teach me
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location ~ ^/FirstPage.html/(.*)$ {
#proxy_set_header Host $http_host$request_uri;
proxy_pass http://x.x.x.x/$1;
#proxy_read_timeout 120s;
#access_log on;
}
{
can some one guide me and explain to me what I need to do ?
* I know this not good , but this is the last test I made - I have try all kind of setting *
Thanks ,
↧
setting connection limit and requets persecond on child location (no replies)
This this is my config file
limit_conn_zone $binary_remote_addr zone=addr:10m;
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www;
limit_conn addr 6;
server_name _;
location /Temp/ {
limit_conn addr 6;
limit_rate 2048k;
}
}
that mean all link on my location Temp is limit in 6 connection per second and 2megabityes/per request per second
but if i want to limit child folder in Temp (folder that i create in future like /Temp/ChildTemp1_20200525140220100...), how can i limit child folder to 2 request per child link and max is 1mbitye/request
limit_conn_zone $binary_remote_addr zone=addr:10m;
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www;
limit_conn addr 6;
server_name _;
location /Temp/ {
limit_conn addr 6;
limit_rate 2048k;
}
}
that mean all link on my location Temp is limit in 6 connection per second and 2megabityes/per request per second
but if i want to limit child folder in Temp (folder that i create in future like /Temp/ChildTemp1_20200525140220100...), how can i limit child folder to 2 request per child link and max is 1mbitye/request
↧
Nginx proxy cache (no replies)
Есть ли возможность получить доступ к инфе о кеширование объектов через proxy_cache
↧
↧
404 error for php redirects after moving server info from nginx.conf to conf.d/site.conf (2 replies)
environment: centos 8, nginx 1.14.1, php-fpm 7.2.11
set up a php web application in /usr/share/nginx/html/webapp with server details in /etc/nginx/nginx.conf. everything seemed to be working fine. now i'm trying to move the configuration to a seperate site.conf file in /etc/nginx/conf.d.
/etc/nginx/nginx.conf remains unchanged except i commented out the server settings.
/etc/nginx/conf.d/site.conf now contains the server section copied from nginx.conf. i did change the listening port from 80 to 7070.
reloaded nginx and the new configuration works fine for the nginx test page, a php info test page in /usr/share/nginx/html, and i can login and use a phpmyadmin instance which is a subdirectory of /usr/share/nginx/html.
when i try to access the web application index.php appears to load as the uri redirects to a new login uri, however nginx returns a 404 error. on a browser which logged into the webapp under the old configuration, i am brought to the main page of the web app. however trying to navigate to any links on the page return a 404 error (i don't believe this is a cached page, held down shift and reloaded in firefox, but i could be wrong).
by removing the new conf file, restoring the old nginx.conf file, and restarting nginx, the webapp works fine again. also, if i change the listening port in nginx.conf and reload nginx, the webapp works fine.
any help is greatly appreciated.
here is the site.conf file:
server {
listen 7070 default_server;
listen [::]:7070 default_server;
server_name _;
root /usr/share/nginx/html;
location / {
}
# phpMyAdmin:
location /phpmyadmin {
root /usr/share/nginx/html;
index index.php;
}
# webapp:
location /webapp {
root /usr/share/nginx/html;
index index.php;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/run/php-fpm/www.sock;
fastcgi_index index.php;
client_max_body_size 2000M;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
}
}
and the nginx.conf file, when trying to use site.conf:
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
}
set up a php web application in /usr/share/nginx/html/webapp with server details in /etc/nginx/nginx.conf. everything seemed to be working fine. now i'm trying to move the configuration to a seperate site.conf file in /etc/nginx/conf.d.
/etc/nginx/nginx.conf remains unchanged except i commented out the server settings.
/etc/nginx/conf.d/site.conf now contains the server section copied from nginx.conf. i did change the listening port from 80 to 7070.
reloaded nginx and the new configuration works fine for the nginx test page, a php info test page in /usr/share/nginx/html, and i can login and use a phpmyadmin instance which is a subdirectory of /usr/share/nginx/html.
when i try to access the web application index.php appears to load as the uri redirects to a new login uri, however nginx returns a 404 error. on a browser which logged into the webapp under the old configuration, i am brought to the main page of the web app. however trying to navigate to any links on the page return a 404 error (i don't believe this is a cached page, held down shift and reloaded in firefox, but i could be wrong).
by removing the new conf file, restoring the old nginx.conf file, and restarting nginx, the webapp works fine again. also, if i change the listening port in nginx.conf and reload nginx, the webapp works fine.
any help is greatly appreciated.
here is the site.conf file:
server {
listen 7070 default_server;
listen [::]:7070 default_server;
server_name _;
root /usr/share/nginx/html;
location / {
}
# phpMyAdmin:
location /phpmyadmin {
root /usr/share/nginx/html;
index index.php;
}
# webapp:
location /webapp {
root /usr/share/nginx/html;
index index.php;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/run/php-fpm/www.sock;
fastcgi_index index.php;
client_max_body_size 2000M;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
}
}
and the nginx.conf file, when trying to use site.conf:
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
}
↧
avoid auth_request for internal calls (no replies)
Hi,
I have a docker-compose based system, with nginx as the application gateway.
I am also using the auth_request for the authentication mechanism.
Nginx is also used for direct files access using the "alias" with the mounted volume path.
My problem is: some of my internal services also require direct files access, but I do not want them to require the authentication...
How can I add some sort of rules or conditions in my nginx config which bypasses the auth_request based on whether the source of the request is from the docker-compose services domain vs. from the outside?
I have been looking around but failed to find a solution for this.
Any way to do this?
Thank you very much!!
Gil
I have a docker-compose based system, with nginx as the application gateway.
I am also using the auth_request for the authentication mechanism.
Nginx is also used for direct files access using the "alias" with the mounted volume path.
My problem is: some of my internal services also require direct files access, but I do not want them to require the authentication...
How can I add some sort of rules or conditions in my nginx config which bypasses the auth_request based on whether the source of the request is from the docker-compose services domain vs. from the outside?
I have been looking around but failed to find a solution for this.
Any way to do this?
Thank you very much!!
Gil
↧
How to Support multiple Virtual Servers WITHOUT Domain Names (no replies)
Don't even know if this is possible, but if it is, would like to learn how I can use NGINX running on an arbitrary Debian 10.4-based VPS with a fixed IP to support three or four different websites under development.
I think this should be possible by assigning different HTTP/HTTPS ports per site, but perhaps there are other ways.
Alternatively, its been suggested to me that I could create a local hosts file with containing multiple domain names that when connecting to the VPS's IP could be distinguished by Nginx.
Any/All suggestions welcome!
I think this should be possible by assigning different HTTP/HTTPS ports per site, but perhaps there are other ways.
Alternatively, its been suggested to me that I could create a local hosts file with containing multiple domain names that when connecting to the VPS's IP could be distinguished by Nginx.
Any/All suggestions welcome!
↧
Nginx issue when using regex in a map (no replies)
I'm stuck on what seems to be a trivial problem when generating a rewrite url using a map.
I've tried multiple regex, but can't get the map to match for both conditions.
$some_var is a variable that may or may not be passed from an upstream server and I want to rewrite a location, if it's present or not.
This is what I've got, but it's not working. Any help greatly appreciated!
map $some_var $rewrite_url {
# if $some_var has any value I want to match this (this never matches)
~(.*) /path/to/thing2.js;
# if $some_var is not present I want to match this (this always matches)
default /path/to/thing.js;
}
# elsewhere in server config
location /getThing.js {
rewrite ^ $rewrite_url;
}
I've tried multiple regex, but can't get the map to match for both conditions.
$some_var is a variable that may or may not be passed from an upstream server and I want to rewrite a location, if it's present or not.
This is what I've got, but it's not working. Any help greatly appreciated!
map $some_var $rewrite_url {
# if $some_var has any value I want to match this (this never matches)
~(.*) /path/to/thing2.js;
# if $some_var is not present I want to match this (this always matches)
default /path/to/thing.js;
}
# elsewhere in server config
location /getThing.js {
rewrite ^ $rewrite_url;
}
↧
↧
Need help configuring my IP+Port with Google Domains (no replies)
Hello, today I put Lubuntu on an old PC. This is what I will be using to host a website, Discord bot, and maybe some other stuff. I port forwarded it a bit ago (along with configuring the default file with server_name (domain url) www.(domain url), listen 2020;, listen [::]:2020;, and location / {try_files $uri $uri/ =404;}) This works just fine when going to the IP (ip):2020, and comes up with the default page. However, I have no idea how to hook up my IP with port to my Google Domains in either the A record or in the easy forwarding option. I also need to make sure when going to the domain the address bar doesn't show (ip) but instead shows (domain url).
All help is appreciated, thanks.
All help is appreciated, thanks.
↧
Proxy to external website (no replies)
I need to see the headers nginx is passing along, and I found a lovely website called http://httpbin.org that lets you see all sorts of things. Just adding /headers to the path shows me the headers. Great!
So I quickly created a simple nginx.conf to proxy calls there, and even added the X-Forwarded header to be sure it was being set. But I suck at conf'ing. Keep getting a 404. Can anyone see what I'm doing wrong, or at least give me a working conf?
This is what I used.
So I quickly created a simple nginx.conf to proxy calls there, and even added the X-Forwarded header to be sure it was being set. But I suck at conf'ing. Keep getting a 404. Can anyone see what I'm doing wrong, or at least give me a working conf?
This is what I used.
↧
How do I pass through trailing headers (no replies)
I have nginx acting as the static file server for a single page web app I am developing. It acts as a proxy server for the "/api" portion on my url space.
The backend server is running on a different port on local host and is nodejs based.. Im using nginx as an http2 front end and using http 1/1 between nginx and the backend. In the main this is working well.
But I have one problem. I would like to make use of a trailing header. My outgoing request has the header "TE: trailers", and the response has a header "Trailers: API-Status" and then after the body it adds (using nodejs response.addTrailers({'API-Status': 'OK'})).
But nginx is stripping them out.
I can use curl to prove it
curl -b "MBFMVISIT=emailverify; expires=Sun, 07 Jun 2020 13:14:06 GMT;path=/;" -H "Content-Type: application/json" -H "TE: trailers" -X GET -c cookie.jar -i https://footdev.chandlerfamily.org.uk/api/config/config
goes via nginx and outputs the response (including the initial 'Trailers: API-Status' header, but not the trailing header
curl -b "MBFMVISIT=emailverify; expires=Sun, 07 Jun 2020 13:14:06 GMT;path=/;" -H "Content-Type: application/json" -H "TE: trailers" -X GET -c cookie.jar -i http://localhost:2040/api/config/config
goes directly to the backend. in this curl outputs the initial headers, the response and then after the response the trailing header 'API-Status: OK'
My nginx config for the proxy is
location /api/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_pass http://localhost:2040;
proxy_redirect default;
proxy_buffering off;
proxy_cache off;
}
So how do I tell nginx to pass the trailing header?
The backend server is running on a different port on local host and is nodejs based.. Im using nginx as an http2 front end and using http 1/1 between nginx and the backend. In the main this is working well.
But I have one problem. I would like to make use of a trailing header. My outgoing request has the header "TE: trailers", and the response has a header "Trailers: API-Status" and then after the body it adds (using nodejs response.addTrailers({'API-Status': 'OK'})).
But nginx is stripping them out.
I can use curl to prove it
curl -b "MBFMVISIT=emailverify; expires=Sun, 07 Jun 2020 13:14:06 GMT;path=/;" -H "Content-Type: application/json" -H "TE: trailers" -X GET -c cookie.jar -i https://footdev.chandlerfamily.org.uk/api/config/config
goes via nginx and outputs the response (including the initial 'Trailers: API-Status' header, but not the trailing header
curl -b "MBFMVISIT=emailverify; expires=Sun, 07 Jun 2020 13:14:06 GMT;path=/;" -H "Content-Type: application/json" -H "TE: trailers" -X GET -c cookie.jar -i http://localhost:2040/api/config/config
goes directly to the backend. in this curl outputs the initial headers, the response and then after the response the trailing header 'API-Status: OK'
My nginx config for the proxy is
location /api/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_pass http://localhost:2040;
proxy_redirect default;
proxy_buffering off;
proxy_cache off;
}
So how do I tell nginx to pass the trailing header?
↧
Nginx and my public ip partially work (1 reply)
Hello evryone,
I run Nginx on a raspberry pi 3 with a wordpress site
When I launch my site with my public ip adresse (that I forwarded in my router to the raspberry local ip with port 80) is ok, the site is launched but...
css and others things are not loaded because the ip adress used is still the local adresse instead of the public one
For example, in the browser console I see
"http://192.168.1.2/wp-content/themes/radiate/style.css?ver=5.4.1"
But it should be "http://my-public-ip-adress/wp-content/themes/radiate/style.css?ver=5.4.1"
So the css file is not loaded
Here are my settings
wp-config:
define('WP_HOME','http://my-public-ip-adress');
define('WP_SITEURL','my-public-ip-adress');
-------------------------------------------------------------------
/etc/nginx/sites-available/wordpress:
upstream php-wp {
server unix:/var/run/wordpress.sock;
}
server {
listen 80;
listen [::]:80;
root /var/www/html/wordpress;
index index.php;
server_name 192.168.1.2 http://my-public-ip-adress;
access_log /var/log/nginx/http://my-public-ip-adress.access_log;
error_log /var/log/nginx/http://my-public-ip-adress.error_log
notice;
# location ~ \.php$
#{
# include snippets/fastcgi-php.conf;
#fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
#}
location / {
try_files $uri $uri/ /index.php?$args;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ .php$ {
include fastcgi.conf;
fastcgi_pass php-wp;
}
location ~* .(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}
-------------------------------------------------------------------
/etc/php/7.3/fpm/pool.d/wordpress.conf:
[wordpress]
listen = /var/run/wordpress.sock
listen.owner = pi
listen.group = www-data
user = pi
group = www-data
pm = ondemand
pm.max_children = 92
pm.process_idle_timeout = 60s
pm.max_requests = 500
-------------------------------------------------------------------
of course, when I run the wordpress locally, everythings is fine
someone could help me with that ?
I run Nginx on a raspberry pi 3 with a wordpress site
When I launch my site with my public ip adresse (that I forwarded in my router to the raspberry local ip with port 80) is ok, the site is launched but...
css and others things are not loaded because the ip adress used is still the local adresse instead of the public one
For example, in the browser console I see
"http://192.168.1.2/wp-content/themes/radiate/style.css?ver=5.4.1"
But it should be "http://my-public-ip-adress/wp-content/themes/radiate/style.css?ver=5.4.1"
So the css file is not loaded
Here are my settings
wp-config:
define('WP_HOME','http://my-public-ip-adress');
define('WP_SITEURL','my-public-ip-adress');
-------------------------------------------------------------------
/etc/nginx/sites-available/wordpress:
upstream php-wp {
server unix:/var/run/wordpress.sock;
}
server {
listen 80;
listen [::]:80;
root /var/www/html/wordpress;
index index.php;
server_name 192.168.1.2 http://my-public-ip-adress;
access_log /var/log/nginx/http://my-public-ip-adress.access_log;
error_log /var/log/nginx/http://my-public-ip-adress.error_log
notice;
# location ~ \.php$
#{
# include snippets/fastcgi-php.conf;
#fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
#}
location / {
try_files $uri $uri/ /index.php?$args;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ .php$ {
include fastcgi.conf;
fastcgi_pass php-wp;
}
location ~* .(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}
-------------------------------------------------------------------
/etc/php/7.3/fpm/pool.d/wordpress.conf:
[wordpress]
listen = /var/run/wordpress.sock
listen.owner = pi
listen.group = www-data
user = pi
group = www-data
pm = ondemand
pm.max_children = 92
pm.process_idle_timeout = 60s
pm.max_requests = 500
-------------------------------------------------------------------
of course, when I run the wordpress locally, everythings is fine
someone could help me with that ?
↧
↧
proxy-authenticate with nginx as proxy server (no replies)
Hello. I am having trouble with authentication when using nginx as a proxy server.
I am using the ngx_http_auth_pam_module for proxy authentication on the proxy server. I want this to return a 407 error code and the Proxy-Authenticate header to the client on connect. I patched the ngx_http_auth_pam_module to return a 407 error code instead of a 401.
The client is getting a 407 error code back, but I am not seeing any authentication box pop up on both firefox and chrome. On chrome, I am getting a ERR_UNEXPECTED_PROXY_AUTH error when trying to connect to the proxy server.
I did notice that the 407 error was commented out in nginx source code, but I don't know why. Does anyone have any experience with authentication using Proxy-Authenticate?
I am using the ngx_http_auth_pam_module for proxy authentication on the proxy server. I want this to return a 407 error code and the Proxy-Authenticate header to the client on connect. I patched the ngx_http_auth_pam_module to return a 407 error code instead of a 401.
The client is getting a 407 error code back, but I am not seeing any authentication box pop up on both firefox and chrome. On chrome, I am getting a ERR_UNEXPECTED_PROXY_AUTH error when trying to connect to the proxy server.
I did notice that the 407 error was commented out in nginx source code, but I don't know why. Does anyone have any experience with authentication using Proxy-Authenticate?
↧
NGINX rewrite (no replies)
I'm attempting to write a PHP application, and I'm not sure how to make the friendly URLs appear as "/category/abc.X/" where abc is a URL slug and X is an ID.
Ideally, I'd like to pass it to something like "category.php?id=X&$args"
Ideally, I'd like to pass it to something like "category.php?id=X&$args"
↧
Reverse proxy and client validation using .crt certificates (no replies)
Hello,
I have a web api installed using docker in my Ubuntu. What I want to do is to expose my API using nginx reverse proxy so that the clients consume my API using a https endpoint. One requirement is to allow only clients with known digital certificates to consume the API. I have the crt files of the clients. I installed nginx on my Ubuntu 18.04 and generated a self signed certificate for the nginx server. I don’t know how to do with the client side. I tried to set ssl_client_certificate to use one of my client certificates but I am having a 400 error.
I have a web api installed using docker in my Ubuntu. What I want to do is to expose my API using nginx reverse proxy so that the clients consume my API using a https endpoint. One requirement is to allow only clients with known digital certificates to consume the API. I have the crt files of the clients. I installed nginx on my Ubuntu 18.04 and generated a self signed certificate for the nginx server. I don’t know how to do with the client side. I tried to set ssl_client_certificate to use one of my client certificates but I am having a 400 error.
↧
systemctl cannot start nginx when access_log is set to /tmp/nginx/access.log (no replies)
I happened to find this annoying issue - not sure this is a systemctl issue or an nginx problem.
The issue is reproducible on amazonlinux2 and centos8 (I tried both on AWS EC2)
steps to re-produce:
in /etc/nginx/nginx.conf
change the line from:
access_log /var/log/nginx/access.log main;
to:
access_log /tmp/bbb/access.log main;
and mkdir /var/bbb/ set the ownership and mode to match /var/log/nginx/
now run systemctl start nginx. The nginx won't start. The log says:
<code>
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Mon 2020-06-15 01:13:19 UTC; 5s ago
Process: 32642 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=1/FAILURE)
Process: 32626 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
Jun 15 01:13:18 ip-10-161-21-238.ec2.internal systemd[1]: Starting The nginx HTTP and reverse proxy server...
Jun 15 01:13:18 ip-10-161-21-238.ec2.internal nginx[32642]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Jun 15 01:13:18 ip-10-161-21-238.ec2.internal nginx[32642]: nginx: [emerg] open() "/tmp/bbb/access.log" failed (2: No such file or directory)
Jun 15 01:13:18 ip-10-161-21-238.ec2.internal nginx[32642]: nginx: configuration file /etc/nginx/nginx.conf test failed
Jun 15 01:13:19 ip-10-161-21-238.ec2.internal systemd[1]: nginx.service: control process exited, code=exited status=1
Jun 15 01:13:19 ip-10-161-21-238.ec2.internal systemd[1]: Failed to start The nginx HTTP and reverse proxy server.
Jun 15 01:13:19 ip-10-161-21-238.ec2.internal systemd[1]: Unit nginx.service entered failed state.
Jun 15 01:13:19 ip-10-161-21-238.ec2.internal systemd[1]: nginx.service failed.
</code>
I don't have to write the access_log to /tmp/ as it is not a good practice.
I just found this error while I was trying something. If I set access_log to be /tmp/access.log, it works. I am very interested to find out what causes this inconsistency.
The issue is reproducible on amazonlinux2 and centos8 (I tried both on AWS EC2)
steps to re-produce:
in /etc/nginx/nginx.conf
change the line from:
access_log /var/log/nginx/access.log main;
to:
access_log /tmp/bbb/access.log main;
and mkdir /var/bbb/ set the ownership and mode to match /var/log/nginx/
now run systemctl start nginx. The nginx won't start. The log says:
<code>
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Mon 2020-06-15 01:13:19 UTC; 5s ago
Process: 32642 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=1/FAILURE)
Process: 32626 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
Jun 15 01:13:18 ip-10-161-21-238.ec2.internal systemd[1]: Starting The nginx HTTP and reverse proxy server...
Jun 15 01:13:18 ip-10-161-21-238.ec2.internal nginx[32642]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Jun 15 01:13:18 ip-10-161-21-238.ec2.internal nginx[32642]: nginx: [emerg] open() "/tmp/bbb/access.log" failed (2: No such file or directory)
Jun 15 01:13:18 ip-10-161-21-238.ec2.internal nginx[32642]: nginx: configuration file /etc/nginx/nginx.conf test failed
Jun 15 01:13:19 ip-10-161-21-238.ec2.internal systemd[1]: nginx.service: control process exited, code=exited status=1
Jun 15 01:13:19 ip-10-161-21-238.ec2.internal systemd[1]: Failed to start The nginx HTTP and reverse proxy server.
Jun 15 01:13:19 ip-10-161-21-238.ec2.internal systemd[1]: Unit nginx.service entered failed state.
Jun 15 01:13:19 ip-10-161-21-238.ec2.internal systemd[1]: nginx.service failed.
</code>
I don't have to write the access_log to /tmp/ as it is not a good practice.
I just found this error while I was trying something. If I set access_log to be /tmp/access.log, it works. I am very interested to find out what causes this inconsistency.
↧
↧
SAMEORIGIN vs CORS (no replies)
Hi all,
I'm using nignx in order to serve an application that (can) make use of CORS settings. That means that in the dashboard of the application I can have some settings for restricting CORS to specific domains.
I also have this line in my nginx configuration :
add_header X-Frame-Options SAMEORIGIN;
But I also have these lines :
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
I understand that x-frame options has to do with being able to load the web application in an iframe or not.
My question is:
Should having CORS set for a certain domain name, enable loading code within the iframe on the domain names set as unrestricted inthe CORS settings? Or in other words: should CORS settings be able to override the x-frame options line for specific domains?
Thanks,
Lex
I'm using nignx in order to serve an application that (can) make use of CORS settings. That means that in the dashboard of the application I can have some settings for restricting CORS to specific domains.
I also have this line in my nginx configuration :
add_header X-Frame-Options SAMEORIGIN;
But I also have these lines :
add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
I understand that x-frame options has to do with being able to load the web application in an iframe or not.
My question is:
Should having CORS set for a certain domain name, enable loading code within the iframe on the domain names set as unrestricted inthe CORS settings? Or in other words: should CORS settings be able to override the x-frame options line for specific domains?
Thanks,
Lex
↧
REVERSE PROXY - access to script blockedby cors policy (no replies)
Good Day;
Can you please kindly help with error we are having below we are running URLs proxy pass on an Nginx Reverse Proxy. we are getting this error below from one of the URLS
access to script at + has been blocked by CORS policy. No Access-Control-Allow-Origin HEADER IS PRESENT ON THE REQUESTED RESOURCE....
Your assistance is greatly appreaciated.
Regards;
Abson
Can you please kindly help with error we are having below we are running URLs proxy pass on an Nginx Reverse Proxy. we are getting this error below from one of the URLS
access to script at + has been blocked by CORS policy. No Access-Control-Allow-Origin HEADER IS PRESENT ON THE REQUESTED RESOURCE....
Your assistance is greatly appreaciated.
Regards;
Abson
↧
Noob Needs some assistance (no replies)
First off, I'm a total noobie to NGINX. And even worse, I'm a Windows guy. So I'll apologize in advance.
But I have a simple NGINX install on a Windows PC running at home. All I'm currently running it for is a HTTPS proxy server for my Icecast Server. Long story short, it was much easier for me to get some certs setup for my existing broadcast by running the traffic through NGNIX. And it has been working well.
What I would like to do is add a folder I can browse locally on the Windows PC, via HTTPS. I tried and failed at adding a new server item. I'm not sure if I don't have my original setup correctly, or if it's the setup of the new one that is an issue.
This is my config for the HTTPS server currently.
server {
listen 443 ssl;
server_name broadcast.bismarckweather.net;
ssl_certificate cert.crt;
ssl_certificate_key private.crt;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://192.168.1.106:8000/;
root html;
index index.html index.htm;
}
This is what I was trying to add. I have 2 DNS host names pointing to my router. I was hoping the server name would split that out. But I have a local folder in NGINX named IPTL I was hoping to be able to browse to.
server {
listen 443 ssl;
server_name iptl.bismarckweather.net;
ssl_certificate cert.crt;
ssl_certificate_key private.crt;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location /iptl {
root iptl;
index index.html index.htm;
autoindex on;
}
}
So what am I missing, besides a lot of knowledge? Thanks....
But I have a simple NGINX install on a Windows PC running at home. All I'm currently running it for is a HTTPS proxy server for my Icecast Server. Long story short, it was much easier for me to get some certs setup for my existing broadcast by running the traffic through NGNIX. And it has been working well.
What I would like to do is add a folder I can browse locally on the Windows PC, via HTTPS. I tried and failed at adding a new server item. I'm not sure if I don't have my original setup correctly, or if it's the setup of the new one that is an issue.
This is my config for the HTTPS server currently.
server {
listen 443 ssl;
server_name broadcast.bismarckweather.net;
ssl_certificate cert.crt;
ssl_certificate_key private.crt;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://192.168.1.106:8000/;
root html;
index index.html index.htm;
}
This is what I was trying to add. I have 2 DNS host names pointing to my router. I was hoping the server name would split that out. But I have a local folder in NGINX named IPTL I was hoping to be able to browse to.
server {
listen 443 ssl;
server_name iptl.bismarckweather.net;
ssl_certificate cert.crt;
ssl_certificate_key private.crt;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location /iptl {
root iptl;
index index.html index.htm;
autoindex on;
}
}
So what am I missing, besides a lot of knowledge? Thanks....
↧