Quantcast
Channel: Nginx Forum - How to...
Viewing all 2931 articles
Browse latest View live

drupal - multisite - webcrawlers (no replies)

February 13, 2017, 11:40 am
$
0
0
We have a drupal multi site (7)

root /srv/www/htdocs

location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
Following the nginx drupal sample configuration we have the above code.

We are seeing errors where a web crawler is somehow looking for site links using the root path instead of the actual website url. The site is one of the multi-sites with the .../htdocs/sites/sitename folder path. The link is a relative link so only the uri is in the href. So what we see in the error logs is a GET to {root-path}/uri.

What I'm wondering is if the fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; line could be causing these errors as it fits the path in the failed GET request.
If it is the cause is there another way of writing this line to work with any site under the main site. maybe changing the $document_root to the $hostname variable or something. Or does the SCRIPT_FILENAME need to be the actual path.

Thanks
Search

Return 444 if https port(443) accesed via http (no replies)

February 14, 2017, 9:27 am
$
0
0
Hi All,

I am new to nginx and trying to port my app from Apache, I did google and gone through docs unfortunately not able to achieve below requirement.

If user access website for e.g. http://www.abc.com:443 then I would like to return 444, as of now nginx default 400 error page is returned. "The plain HTTP request was sent to HTTPS port
"

server block -
server {
listen 1.1.1.1:443 ssl;
server_name abc.com;
}

Thanks !

LEMP stack downloading php files (no replies)

February 22, 2017, 8:10 am
$
0
0
I'm working on doing a secure Drupal install on a LEMP stack and am getting php files, info.php or index.php downloading instead of displaying. I see no errors in the logs at all. php-fpm seems to be running ok. I've looked over several discussion groups and it seems to be a common issue when first configuring nginx on a linux box, with MySql (MariaDB) and PHP. I've tried this on an Ubuntu build and a CentOS. I've gotten the server setup to the point of installing drupal and the php processor is failing.

Everyone also seems to think, oh it's just a tweak to the default.conf file/nginx config.
so far I've tried at least a dozen different suggestions and nothing seems to get php files to display properly.

Does anyone know of a link to a tried and true set of tweaks or config suggestions?

Thanks,

Allow only specific User? (no replies)

February 22, 2017, 12:53 pm
$
0
0
I have htpasswd Authentication working for some directorys. In the htpasswd File, i have several Accounts. I want to use the same htpasswd File for all Directorys with the same file. But for some directorys, i want to allow only one specific User from this htpasswd file. But, if i use a construct like:

location ~ ^/somedir/ {
auth_basic "Restricted Directory";
auth_basic_user_file /etc/nginx/.htpasswd;

if ($remote_user != "adminuser")
{
return 403;
}
}

im allways denied to access the directory. No Credential Request is shown.

What can i do?

Nginx as Reverse Proxy for Home Server (no replies)

February 23, 2017, 5:35 pm
$
0
0
Hi all, I have managed to setup nginx as reverse proxy for most of my home server web apps with a lets encrypt ssl. So far, I managed to get the forwarding working for Nextcloud, Plex, Emby and Rutorrent which are some of the web apps that I use.
My main nginx conf file is as below:
server {
listen 443 ssl;
server_name abc.com;
include ssl_common.conf;
include proxy_setup.conf;
include mime.types;
default_type application/octet-stream;

#access_log logs/host.access.log main;

location / {
root /usr/local/www/nginx;
index index.html index.htm;
}

For all the forwarding I use a proxy.conf file, under which I have defined my forwarding rules. Example for Nextcloud:

location /nextcloud {
proxy_pass http://192.168.x.x/nextcloud;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

The above works well for the web apps that I mentioned most probably because the web root corresponds and matches to the location /path that I defined. The issue I'm facing is for most of my hardware based devices such as a BuffaloNAS and a CCTV DVR. For the buffalo nas, the LAN url is http://192.168.x.x/static/index.html
If I set location /static it does not work and i get error 404 of nignx. My cctv on the other hand is a direct url http://192.168.x.x with no forward slash path which makes me nuts in figuring how do I define the /location.
Someone having any idea here please please help. Thank you.

NAT and NGINX on the different server (no replies)

February 24, 2017, 1:17 am
$
0
0
Currently I am using Web server with NAT Gateway on AWS with single Public IP Address, Now i want to use multiple Public IP Address for out side traffic

Please can someone help me how I can deploy the NAT Gateway & NGINX on different servers with multiple Public IP Address.

Thanks,
Skynet

Want to do some modification if page served from cache (no replies)

February 26, 2017, 4:39 am
$
0
0
Hi All,

I would like to do some modification like set cookie, remove some header field only if page is served from cache and for rest pass response directly to client. I see there are some modules like nginscript, not sure if can be done through those.

Any help is greatly appreciated as trying for few days and not able to achieve.

Thanks !

Setting auth_request based on request method (no replies)

February 26, 2017, 11:58 pm
$
0
0
Hi,

I've implemented auth_request for a set of micro services I'm currently building and very much like this feature.
I am, however, having a bit of an issue with specifying what calls need the auth request based on the request method.

For example, I need to try and set up the following:
GET /object - NO auth needed
POST /object - auth needed
PATCH /object - auth needed

I've normalised the endpoints for the sake of this example and there are more endpoints but this should be enough to explain the scenario.

I currently have the following:

location /object {
auth_request /auth;
auth_request_set $auth $upstream_http_x_auth;

proxy_pass http://object; # an upstream
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Auth $auth;
proxy_set_header Host $http_host;
}

I tried using an IF statement but got errors because of auth_request not being allowed there.
How can I make it so that the GET request doesn't go through the auth request?

Thanks,
Gary
Search

Compile from source prerequisites (no replies)

February 27, 2017, 1:57 pm
$
0
0
Hi, first time going through the process of compiling. Confused in one area about prerequisites regarding the pcre, zlib and openssl libraries.

Running Centos 7 64.

If I yum install in centos the pcre-devel, zlib-devel, and openssl-devel libraries ahead of compiling Nginx from source, do I still need to make separate installations of these three libraries and set "–with-pcre=*path*" and "–with-zlib=*path*" in the ./configure script, as stated in the nginx docs?

https://www.nginx.com/resources/wiki/start/topics/tutorials/installoptions/

If so, is there a best practices as to where these three libraries are to be installed?

Thanks! Mark

Reverse Proxying to a certificate auth app-server (no replies)

March 2, 2017, 5:36 pm
$
0
0
Is it possible to configure Nginx as a reverse proxy where it will proxy the connecting client's authentication certificate?

I have an application service (hosted in tomcat) that requires a client-certificate for authentication but it can only be accessed via a proxy from the outside world. Is it possible to proxy the certificate from the client to the app-server? I believe this is doable in Apache, but we would prefer to use Nginx for this task (if possible). What options do I need to configure for this? Level 2 balancing is not possible in this environment.

SSL issues with PHP over HTTPS (no replies)

March 3, 2017, 10:59 am
$
0
0
I'm suffering in trying to get my test server up as SSL in readiness for my main server to move across.
Non php pages display ok. I've got the forced www redirect working and the https redirect working, but as soon as I go to view a php file using https I get a page not found.

This is my mail nginx.conf file

user nginx;
worker_processes auto;
#worker_priority -10;
worker_rlimit_nofile 100000;

timer_resolution 100ms;
pcre_jit on;

error_log /var/log/nginx/error.log crit;
pid /var/run/nginx.pid;


events {
worker_connections 3500;
use epoll;
#accept_mutex on;
#accept_mutex_delay 200ms;
multi_accept on;
}

http {



server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
server_name domain.com www.domain.com;
ssl on;
ssl_certificate /etc/nginx/ssl/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/myserver.key;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
if ($scheme = http) {
return 301 https://www.domain.com$request_uri;
}



# Config for Free SSL (LetEncrypt) - Do not Delete !
location ~ /.well-known {
allow all;
root /home/domain.com/public_html;
}

location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 256k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
fastcgi_param SCRIPT_FILENAME /home/domain.com/public_html$fastcgi_script_name;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
}


location / {
try_files $uri $uri/ /index.php?$uri&$args;
index index.php index.html index.htm;
}




}



include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf/ddos1.conf;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
more_set_headers "Server: Nginx";
more_set_headers "X-Powered-By: VPSSIM"
access_log off;
sendfile on;
sendfile_max_chunk 512k;

CentOS 7.3.x + NGINX Build from Source using PageSpeed & Roboo (Configure error on Roboo) (no replies)

March 5, 2017, 6:43 pm
$
0
0
CentOS 7.3.x + NGINX Build from Source using PageSpeed & Roboo (Configure error on Roboo)

/etc/nginx
/etc/nginx/nginx-1.11.10
/etc/nginx/modules/

ngx_pagespeed
Roboo-master (pulled from GitHub) https://github.com/yuri-gushin/Roboo (It say's to copy the Roboo.pm file) but it doesn't say where to copy it to... so I was unfamiliar with that.

Using the following configure ... I end with a config error on roboo as follows the configure line.

[code]
./configure --add-module=/etc/nginx/modules/ngx_pagespeed --add-module=/etc/nginx/modules/Roboo-master --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-file-aio --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --with-mail --with-mail_ssl_module --with-cc-opt='-O2 -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic'[/code]

Output with Error:

[code]
configuring additional modules
adding module in /etc/nginx/modules/ngx_pagespeed
mod_pagespeed_dir=/etc/nginx/modules/ngx_pagespeed/psol/include
build_from_source=false
checking for psol ... found
List of modules (in reverse order of applicability): ngx_http_write_filter_module ngx_http_header_filter_module ngx_http_chunked_filter_module ngx_http_range_header_filter_module ngx_pagespeed_etag_filter ngx_http_gzip_filter_module ngx_pagespeed ngx_http_postpone_filter_module ngx_http_ssi_filter_module ngx_http_charset_filter_module ngx_http_sub_filter_module ngx_http_addition_filter_module ngx_http_gunzip_filter_module ngx_http_userid_filter_module ngx_http_headers_filter_module
checking for psol-compiler-compat ... found
+ ngx_pagespeed was configured
adding module in /etc/nginx/modules/Roboo-master
./configure: error: no /etc/nginx/modules/Roboo-master/config was found
[/code]

I've installed all the required Perl Modules as noted on GitHub Readme. All without error.

Any tips would be super helpful! Thanks a bunch!

Subdomain and ssl how to have two different settings. (no replies)

March 8, 2017, 12:34 am
$
0
0
Got the main domain setup to enforce ssl with the following conf file

server {
listen 80;
listen [::]:80 default_server;
proxy_cache_valid 301 1m;
server_name kenyabuzz.com www.kenyabuzz.com;
return 301 https://$host$request_uri;
}

which then if http is redirected to https and the main ssl conf received the request. However the subdomain awards.kenyabuzz.com is affected.

so the subdomain ends up with enforced ssl.

what would be the best way without affecting the main domain prevent the subdomain from being caught by this.

How to achieve my below requirement (no replies)

March 9, 2017, 12:18 am
$
0
0
Hi Guys,

I have this requirement and let me know if that can be acheived using nginx reverse proxy? I have this site https://community.blueliv.com/map/

Which actually show the live thrat map, can I use Reverse Proxy and use customized hostname to display the portal? that is let proxy_pass https://community.blueliv.com/map/ while server_name would be map.xyz.com?

And can we strip off certain headers on reverse proxy? As in same example if I dont want to display blueliv logo and top band can I remove that in reverse proxy?

Please advise

Deny User Agents (no replies)

March 10, 2017, 8:51 am
$
0
0
I am new to ngnix, new as in I have never heard of it until 2 weeks ago.
I am trying to deny certain user agents access.
I have following code in the sites-available/default file.

set $block_user_agents 0;
if ($http_user_agent ~ "Wget") {
set $block_user_agents 1;
}
if ($block_user_agents = 1) {
return 404;
}
When I try to reload nginx it fails. when I comment out the code it works. My question is how do you block user agents and is my code in the correct file?

Thanks for any help.

I have found the answer.
if ($http_user_agent ~* (Wget) ) {
return 403;
}
Where is the link that shows you how to write if statements in nginx?
Search

Post an event to the event queue from another thread (no replies)

March 13, 2017, 7:13 am
$
0
0
I am writing a native module.
Is it possible to post events to the event queue in a thread safe way? It looks like the ngx_post_event function is not thread safe. ngx_add_timer seems also not to be thread safe.

Is the best approach to handle concurrency myself, schedule an event with ngx_add_timer from the event handling thread and check each time if the work is done in the event handler?

Please Help Me Clone Websites (no replies)

March 13, 2017, 10:41 am
$
0
0
Hi , first time i com here , ask for help!!

I have one big problem , and i just dont know how to resolve!!!

Is sample the problem , i have that domain : seuseriado.com

And someone create one script that scrape my domain for new post , and update that others domain with my data , and that script also change my urls to her domain , and take out all my javascript , and him just put announce and ads...

And because that i am lost very users views , because very people as open that other domain with google search and that users think that ads and other links is my work!!!

Please Help me , i need to block that other domain to stop scrape my domain...

Here one list of that other domain , with is clone of my website :
btcsolar.com
game4u.com
mytreatment-centers.info
escuelasiroko.com
5205209.com
elmundogeek.com
0208123.com
wordpresschurch.org
bootcampnyc.net
vyrlaw.net
nordicrealm.com
202738.com
mc-mx.com
cornplete-masonry.com
livevbingo72.com
tjhtz.net
ag7577.com
assaveli.com
cb-123.com
explorersmarttool.net
gethealthy4ever.com
smoodoo.us
bingo24bet85.com
michigan-marinas.com

Location Problem (no replies)

March 14, 2017, 3:47 am
$
0
0
Hi all,
I'm wondering what I'm doing wrong, hope someone will help me.

In a Wordpress configuration, I tried to allow access to admin page from the inside, denying it from outside my lan. It works fine.
In the same way, I'm trying to apply the same logic to WP-JSON, but it doesn't works as expected : I get 403 from outside, but 404 from the inside (while I'm expecting it to works fin from the inside).

Not clear if this is related to the fact that wp-json is a "virtual" path.

Thanks in advance for Your time.
FabioG

location /wp-admin
{
allow x.x.x.0/24;
allow y.y.y.0/24;
deny all;
}

location ~ wp-json
{
allow x.x.x.0/24;
allow y.y.y.0/24;
deny all;
}

limit_except per ad group? (no replies)

March 15, 2017, 3:21 am
$
0
0
Hello,
I want to limit access to a server via nginx. Therefore I want to have 2 AD groups: one with user allowed to read (use GET) and one with people to write (POST and PUT )
What I already found is the limit_except directive, but I see only a way to enable basic authentication.
Is this possible with a kerberos authentication user? (authentication in general is already working)

What I thin about is something like:
limit_except POST PUT HEAD GET{
allow auth_gss_authorized_group group1 ;
deny all;
};
limit_except HEAD GET {

allow auth_gss_authorized_group group2 ;
deny all;
};

CORS with location rewrite (no replies)

March 16, 2017, 6:14 am
$
0
0
Hi guys,

please help me to realize why nginx 1.8 returns 404 to subdomain page proxy_pass'ed to localhost:8088 when I try to enable CORS.


...

# main site conf
# commenting the following block makes subdomain page to be accessible again.
location / {
add_header 'Access-Control-Allow-Origin' https://subdomain.domain.extention;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}

if ($host ~* ^domain\.extention$) {
rewrite ^/subpage/ https://domain.extention/ permanent;
break;
}

...

#subdomain proxied by localhost:8088
location / {
proxy_pass https://127.0.0.1:8088/subpage/;
proxy_redirect https://127.0.0.1:8088/subpage/ /;
proxy_set_header Accept-Encoding "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_ssl_session_reuse off;
}

Thanks in advance,
JB
Viewing all 2931 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>