Quantcast
Channel: Nginx Forum - How to...
Viewing all 2931 articles
Browse latest View live

Friendly URL in Nginx (no replies)

February 18, 2018, 6:22 pm
$
0
0
Hello,
The question is how to make nginx show page www.somesite.co/adminpanel.zul as www.dashboard.somesite.co?
No just simple redirect but friendly url is needed!
Search

Nginx answers with default server for all requests (no replies)

February 19, 2018, 3:53 am
$
0
0
Hello Dear Users,

Since a few days I'm trying to setup nginx on my server.
I'm trying to install it on Docker container and I'm not able to configure it right.

From begin:
I need to configure 2 virtual hosts. On my private computer it's not any problem. It's taking more less 3 minutes. When I'm trying to do it on my server I have problem. Even when I copy same configuration which was working fine on private computer it's not working on remote machine.

In attachment you can find:
- nginx.conf
- sites-available/default
- /var/log/access.log

In my opinion this behavior looks like nginx have some problem with recognised correctly server_name because he answer for all requests with default block. Haven't idea why.

Nginx is installed in ubuntu docker container on my remote machine.

nginx version: nginx/1.10.3 (Ubuntu)

If I can deliver you some more informations please let me know.

Thank you for help in advance.

Nginx proxy problem on AWS EC2 (no replies)

February 20, 2018, 2:16 am
$
0
0
Hi all,

I am currently struggling to setup the nginx proxy on AWS EC2.
Here is my config file:
'''
upstream bokeh {
server 127.0.0.1:5006;
}

server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}

server {
listen 443 ssl;
ssl_certificate /etc/keys/fullchain.pem;
ssl_certificate_key /etc/keys/privkey.pem;
root /var/www/html/simview;
proxy_buffering off;
server_name localhost;
access_log /var/log/simview_access.log;
error_log /var/log/simview_error.log debug;

location / {
include uwsgi_params;
uwsgi_pass unix:/home/ubuntu/simview/simview.sock;
include uwsgi_params;
uwsgi_pass unix:/home/ubuntu/simview/simview.sock;
}


location /plot/ {
rewrite /plot/(.*) /$1 break;
proxy_pass http://bokeh$uri;
proxy_redirect off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$server_port;
}

location /plot/static {
alias /home/ubuntu/simview/static;
}

}
'''

On the AWS EC2 instance I have allowed inbound ports HTTP/80 and HTTPS/443. I even created ELB with Listeners SSL/443/TCP and HTTP/80/HTTP.

Now error I get is 'ERR_TOO_MANY_REDIRECTS' with above conf file. The 'rewrite' rule is to pass the request arguments to proxy server.

If I comment out the following lines:
rewrite /plot/(.*) /$1 break;
proxy_redirect off;

then I get 'Failed to connect to Bokeh server Error: Lost websocket connection' with the following output in the Nginx access log (nothing in the error log):

The Nginx access file (the first needs no proxy and is successful, the second required a proxy and not successful):

'''
172.31.42.90 - - [20/Feb/2018:09:57:54 +0000] "PROXY TCP4 172.31.42.90 172.31.42.90 33975 80" 400 182 "-" "-"
172.31.31.211 - - [20/Feb/2018:09:57:51 +0000] "PROXY TCP4 172.31.31.211 172.31.31.211 13216 80" 400 182 "-" "-"
'''

I appreciate if someone could help me or put me in the right direction.

Regards
Aso

2 apps behind nginx (no replies)

February 20, 2018, 2:32 am
$
0
0
Hi guys.
I don't know nginx yet. A devops guy set one up back a while for our app.

this is the `nginx.conf` he setup.
```
user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
worker_connections 768;
multi_accept on;
}

http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";


proxy_cache_path /home/html_catch levels=1:2 keys_zone=appbacktocartcocatch:2m max_size=50m;
proxy_cache_key "$scheme$request_method$host$request_uri$is_args$args";
proxy_cache_valid 200 302 10m;
proxy_cache_valid 404 1m;




include /etc/nginx/sites-enabled/*.conf;




}
```

I can see that it `include`s some other files like this one which is for the app specifically


```
#proxy_cache_path /home/html_catch levels=1:2 keys_zone=appbacktocartcocatch:2m max_size=50m;
#proxy_cache_key "$scheme$request_method$host$request_uri$is_args$args";
#proxy_cache_valid 200 302 10m;
#proxy_cache_valid 404 1m;


upstream appbacktocartco {
# server localhost:3000;
server localhost:3001;
}


server {
listen 145.239.24.196:80;
server_name app.backtocart.co;

location / {

proxy_cache appbacktocartcocatch;

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://appbacktocartco;
proxy_read_timeout 90;
}


listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/app.backtocart.co/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/app.backtocart.co/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot

}
```

Now I just need to run another app like this on port 5000. I just copied this file tried changing a few things, then restarted nginx but got some errors I don't understand. Can you help me with this?

Reverse Proxy apparently not working location rules (no replies)

February 20, 2018, 5:59 am
$
0
0
I have the following nginx settings:

upstream cluster_web {
ip_hash;
server 192.168.115.82 weight=3;
server 192.168.115.92 weight=2;
server 192.168.115.100 weight=2;
server 192.168.115.95 weight=3;
server 192.168.115.103 weight=1;
}

server {
location /app1 {
proxy_pass http://192.168.115.92;
}

location / {
proxy_pass http://cluster_web;
}
}

Users accessing /app1/ after accessign another pages (from the / location) aren't always being redirected to the specified server on location /app1. What am I missing?

Best regards

OpenSSL FIPS & NGINX (1 reply)

February 21, 2018, 1:49 pm
$
0
0
Hi there,
I am hoping to get some guidance on enabling openssl fips mode for nginx.
So far I followed the openssl guide for enabling fips mode on the openssl.
That part works well:
# /usr/local/openssl/bin/openssl md5 /usr/local/openssl/bin/openssl
Error setting digest md5
139805371958952:error:060A80A3:digital envelope routines:FIPS_DIGESTINIT:disabled for fips:fips_md.c:180:

# cat /proc/sys/crypto/fips_enabled
1

For nginx I first tried to build nginx using this custom openssl (installed in /usr/local/openssl/):
/nginx-1.12.2/configure --with-http_ssl_module --with-openssl=/usr/local/openssl --with-ld-opt="-L/usr/local/openssl/lib"
This failed however since the /usr/local/openssl is the installed/binary location of custom openssl, not the source tree where I built custom openssl.

So I changed --with-openssl option to use openssl source tree as:
/nginx-1.12.2/configure --with-http_ssl_module --with-openssl=/usr/local/src/openssl-1.0.2n/ --with-ld-opt="-L/usr/local/openssl/lib"

This works and I am able to build and install nginx but I am not sure if proper openssl compile options to support fips mode
are passed during nginx configure.

When I print compile options:
nginx -V:
nginx version: nginx/1.12.2
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-18) (GCC)
built with OpenSSL 1.0.2n 7 Dec 2017

Yet the custom openssl is:
/usr/local/openssl/bin/openssl version
OpenSSL 1.0.2n-fips 7 Dec 2017

System's own openssl is still intact:
# /usr/bin/openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013


Do I need to be passing openssl compile option to enable fips support while configuring nginx?

Per "Configurable FIPS mode" thread (https://forum.nginx.org/read.php?10,257298,257298)
"Currently we solve this by compiling nginx ourselves after adding FIPS_mode_set(1) after the SSL library initialization code in systems where we require it."

Can someone let me know where and how to set FIPS_mode_set flag to Nginx will be using FIPS mode?

I searched for that setting and found one binary obj file under nginx:
nginx-1.12.2/objs/nginx

and a header file under openssl source directories:
openssl-1.0.2n/.openssl/include/openssl/crypto.h

(openssl was build using:
./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared fips)

Thanks in advance.

No welcome page after initial installation (no replies)

February 21, 2018, 1:42 am
$
0
0
Hi guys,
I'm not getting the welcome page after the installation at Ubuntu 17., just display "This page isn’t working..ERR_EMPTY_RESPONSE" on Chrome, you can try it at http://35.229.160.102/

Below is my setup:

1. firewall is disabled

sudo ufw disable
Firewall stopped and disabled on system startup

2. service is up and running

xu_tomi3_gmail_com@jitsi:~$ sudo systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2018-02-21 09:25:52 UTC; 14min ago
Docs: man:nginx(8)
Process: 26083 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=0/SUCCESS)
Process: 28919 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 28910 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Main PID: 28923 (nginx)
Tasks: 2 (limit: 4915)
Memory: 2.6M
CPU: 22ms
CGroup: /system.slice/nginx.service
├─28923 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
└─28927 nginx: worker process

Feb 21 09:25:52 jitsi systemd[1]: Starting A high performance web server and a reverse proxy server...
Feb 21 09:25:52 jitsi systemd[1]: nginx.service: Failed to read PID from file /run/nginx.pid: Invalid argument
Feb 21 09:25:52 jitsi systemd[1]: Started A high performance web server and a reverse proxy server.

3. all the config is default

Any idea?

Searches not working on Reverse Proxied Site (no replies)

February 22, 2018, 4:53 am
$
0
0
Hi,

Am reverse proxying "journals.aps.org". But to my surprise searches thru its search bar don't yield any result.

My ngnix.conf is like,


server {
listen MY_IP:80;
server_name journals-aps-org-MY_DOMAIN;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen MY_IP:443 ssl;
server_name journals-aps-org-my.domain;
ssl_certificate /etc/nginx/ssl2017/nginx.crt;
ssl_certificate_key /etc/nginx/ssl2017/star.my.domain.key;
location / {

proxy_bind MY_IP;

proxy_pass https://journals.aps.org/;
}

location ^~ /error/ {
internal;
root /etc/nginx/html;
}

location /libs/mathjax/2.7.2/MathJax.js {
proxy_pass https://cdn.journals.aps.org;
}
}


Any help would be really needful.
Search

installing 1.13.9 on debian 9 (no replies)

February 23, 2018, 2:58 pm
$
0
0
Dear all, as I'm trying to build an install for debian 9 including the fancyindexing module and HTTP/2 Server Push, I bump into some issues with the correct ./configure for that.

This is how the 1.13.3 precompiled package for debian 9 is currently configured on the same machine;

# nginx -V
nginx version: nginx/1.13.3
built with OpenSSL 1.1.0f 25 May 2017
TLS SNI support enabled
configure arguments:
--with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-1.13.3=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2'
--with-ld-opt='-Wl,-z,relro -Wl,-z,now -fPIC'
--prefix=/usr/share/nginx
--conf-path=/etc/nginx/nginx.conf
--http-log-path=/var/log/nginx/access.log
--error-log-path=/var/log/nginx/error.log
--lock-path=/var/lock/nginx.lock
--pid-path=/run/nginx.pid
--modules-path=/usr/lib/nginx/modules
--http-client-body-temp-path=/var/lib/nginx/body
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi
--http-proxy-temp-path=/var/lib/nginx/proxy
--http-scgi-temp-path=/var/lib/nginx/scgi
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi
--with-debug
--with-pcre-jit
--with-http_ssl_module
--with-http_stub_status_module
--with-http_realip_module
--with-http_auth_request_module
--with-http_v2_module
--with-http_dav_module
--with-http_slice_module
--with-threads
--with-http_addition_module
--with-http_geoip_module=dynamic
--with-http_gunzip_module
--with-http_gzip_static_module
--with-http_image_filter_module=dynamic
--with-http_sub_module
--with-http_xslt_module=dynamic
--with-stream=dynamic
--with-stream_ssl_module
--with-stream_ssl_preread_module
--with-mail=dynamic
--with-mail_ssl_module
--add-dynamic-module=/build/nginx-1.13.3/debian/modules/nginx-auth-pam
--add-dynamic-module=/build/nginx-1.13.3/debian/modules/nginx-dav-ext-module
--add-dynamic-module=/build/nginx-1.13.3/debian/modules/nginx-echo
--add-dynamic-module=/build/nginx-1.13.3/debian/modules/nginx-upstream-fair
--add-dynamic-module=/build/nginx-1.13.3/debian/modules/ngx_http_substitutions_filter_module

So, I'm trying to get a similar install, only adding fancyindexing and the 1.13.9 code (with Server push);

I was able to successfully get fancy indexing compiled, as well as ipv6 support --with-ipv6 and mp4 support, but I'm not sure how to correctly set these:

--with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-1.13.3=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2'
--with-ld-opt='-Wl,-z,relro -Wl,-z,now -fPIC'

and these:

--add-dynamic-module=/build/nginx-1.13.3/debian/modules/nginx-auth-pam
--add-dynamic-module=/build/nginx-1.13.3/debian/modules/nginx-dav-ext-module
--add-dynamic-module=/build/nginx-1.13.3/debian/modules/nginx-echo
--add-dynamic-module=/build/nginx-1.13.3/debian/modules/nginx-upstream-fair
--add-dynamic-module=/build/nginx-1.13.3/debian/modules/ngx_http_substitutions_filter_module

since they refer to paths that do not exist for 1.13.9 sources.

Can anyone help me get the best ./configure line for debian 9 x64 ?
I tried

./configure --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-1.13.9=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --with-stream_realip_module --with-mail=dynamic --with-mail_ssl_module --with-compat --with-ipv6 --with-file-aio --with-http_flv_module --with-http_mp4_module --with-http_random_index_module --with-http_secure_link_module --with-http_slice_module --add-module=/root/nginx/ngx-fancyindex --add-dynamic-module=/build/nginx-1.13.3/debian/modules/nginx-auth-pam --add-dynamic-module=/build/nginx-1.13.3/debian/modules/nginx-dav-ext-module --add-dynamic-module=/build/nginx-1.13.3/debian/modules/nginx-echo --add-dynamic-module=/build/nginx-1.13.3/debian/modules/nginx-upstream-fair --add-dynamic-module=/build/nginx-1.13.3/debian/modules/ngx_http_substitutions_filter_module

which yields an error at the end:

[...]
checking for getaddrinfo() ... found
configuring additional modules
adding module in /root/nginx/ngx-fancyindex
+ ngx_http_fancyindex_module was configured
configuring additional dynamic modules
adding module in /build/nginx-1.13.3/debian/modules/nginx-auth-pam
./configure: error: no /build/nginx-1.13.3/debian/modules/nginx-auth-pam/config was found

which seems logical, since it's 1.13.9 now, and the .3 /build/ is probably erased after install from the precompiled apt package.

Anyone able to help out here?

Imap proxy doesn't work (1 reply)

February 27, 2018, 3:55 am
$
0
0
Hello!

Start using nginx as smtp/imap proxy.

Smtp proxy works (but on the real smtp server I have to allow redirects from nginx IP).

Problem is IMAP proxy. It doesn't works at all. No differ - SSL or Startssl. Mail client - Thunderbird.

I run nginx on CentOS 7, IP:1.2.3.4, ports 25,143,993.
Target IMAP: outlook.office365.com.
If directly connect (no nginx), Thunderbird works fine with IMAP outlook.office365.com, SSL/TLS, port 993.
Via nginx nothing happens (IMAP: 1.2.3.4, SSL/TLS, port 993 or STARTTLS/143).
Thunderbird says: server 1.2.3.4 has disconnected. The server may have gone down...

Nginx mail config:

mail {
server_name 1.2.3.4;
auth_http 127.0.0.1:80/auth;

xclient off;

proxy_pass_error_message on;

ssl on;
ssl_prefer_server_ciphers on;
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;

imap_capabilities "IMAP4rev1" "UIDPLUS" "IDLE" "LITERAL+" "QUOTA";
smtp_capabilities "SIZE 10485760" "ENHANCEDSTATUSCODES" "8BITMIME" "DSN";

server {
listen 25;
protocol smtp;
smtp_auth login plain cram-md5;
}

server {
listen 993;
protocol imap;
imap_auth login plain cram-md5;
}

server {
listen 143;
protocol imap;
imap_auth login plain cram-md5;
}
}

There are no errors in /var/log/nginx/error.log.

How to trace where is the issue?

Transcode - Package - NGINX Origin (no replies)

February 27, 2018, 6:48 am
$
0
0
Hi friends,

I have a transcoder and my intention is to stream VOD ad Live stream coming through the transcoder to be delivered in Intranet using NGINX.

Here Do I need Wowza kind of packager in between the transcoder and nginx for live stream delivery.

Regards

VJ

Using a variable in PROXY_PASS (no replies)

February 28, 2018, 7:10 am
$
0
0
Dear friends,
I'll go straight to the point. This is my nginx.conf:

set $upstream_portainer "http://my_portainer-service:9000";

location /portainer/ {
proxy_http_version 1.1;
proxy_set_header Host $http_host; # required for docker client's sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;

proxy_set_header Connection "";
proxy_buffers 32 4k;
#proxy_pass http://my_portainer-service:9000/; # --> this WORKS
#proxy_pass $upstream_portainer/; # --> this does NOT work
proxy_pass ${upstream_portainer}/; # --> this does NOT work
}

Why doesn't it work with the alias? I'm sure I have seen it used many times, especially in conunction with Docker service names, so that they'd be reevaluated periodically rather than just at startup of NGINX.

Thank you so much,
Best regards,
Roberto

nginx - rate limit by argument value (no replies)

March 1, 2018, 12:00 am
$
0
0
First let me tell you that I'm new to nginx. I'm trying to limit request by arguments in uri.

localhost/?argId=1
localhost/?argId=2
localhost/?argId=3

----------------
nginx.conf

http {
...
limit_req_zone $arg_argId zone=mylimit:10m rate=1r/m;
...
server {
...

location / {
root html;
index index.html index.htm;

limit_req zone=mylimit;
}
...
----------------

I tried it with $request_uri but still not working. Request are treated as same. Any suggestions?

Proxy Server or Load Balancer to pass specific URLS (no replies)

March 3, 2018, 9:51 am
$
0
0
Hi, I am new to Nginx and require some beginner advice.

I have multiple webservers, running various apps (seafile, zammand, urbackup) all as VMs on the same network. All need to be accessed via https protocol.

After hours of reading, I'm still a bit lost on how to move forward. Looking at load-balancing, it doesn't seem to do what I'm after as it passes traffic to a random server in case one is down) BUT I see the backup/upstream is possibly what I'm after.

Actual scenario:

Servers:
172.16.1.21 - NGINX Server - All incoming WAN HTTP/HTTPS traffic goes to this Server
172.16.1.12 - WebServer1 - support.y-tec.co.uk
172.16.1.20 - WebServer2 - cloud.y-tec.co.uk

I want to pass all incoming HTTP/HTTPS traffic to "172.16.1.21 - NGINX Server" which will then pass to the correct server depending on which incoming url was passed;
So traffic to support.y-tec.co.uk will be routed to "172.16.1.12 - WebServer1" (https)
and
traffic to cloud.y-tec.co.uk will be routed to "172.16.1.20 - WebServer2" (https)

Is it possible to just edit say the config (or maybe active-sites) on "172.16.1.21 - NGINX Server" with "headers" (e.g. support.y-tec.co.uk) which then passes to the backend server?

Thanks.

subdirectory reverse proxy to root directory of internal proxy (no replies)

March 5, 2018, 1:47 pm
$
0
0
Hello,

Im trying to configure a reverse proxy which would act as a frontend for all internal applications hosted on different servers. On the reverse proxy, each internal application would be served inside a sub-folder.

The URL scheme would be `https://frontend.net/internal_app` which would proxy to any `https://internal-app` or `https://internal-app/app`

For example:
server {
server_name frontend.net
location /app {
proxy_pass https://internal-service/app;
}
}


If i go straight to the internal app `https://login.nwk.jwm2.net` with my browser, my logs are so:
10.xxx.xx.202 - - [05/Mar/2018:21:28:05 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0"
10.xxx.xx.202 - - [05/Mar/2018:21:28:05 +0000] "GET /css/authelia.css HTTP/1.1" 304 0 "https://login.nwk.jwm2.net/" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0"
10.xxx.xx.202 - - [05/Mar/2018:21:28:05 +0000] "GET /js/authelia.js HTTP/1.1" 304 0 "https://login.nwk.jwm2.net/" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0"
10.xxx.x.202 - - [05/Mar/2018:21:28:05 +0000] "GET /img/icon.png HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0"
10.xxx.xx.202 - - [05/Mar/2018:21:28:05 +0000] "GET /img/user.png HTTP/1.1" 304 0 "https://login.nwk.jwm2.net/" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0"
10.xxx.xx.202 - - [05/Mar/2018:21:28:05 +0000] "GET /img/background.svg HTTP/1.1" 304 0 "https://login.nwk.jwm2.net/css/authelia.css" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0"

No issues there!

But through the reverse...

internal app logs:
10.xxx.xx.212 - - [05/Mar/2018:21:42:35 +0000] "GET / HTTP/1.0" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0"

reverse frontend logs:
xxxxx - - [05/Mar/2018:16:25:38 -0500] "GET /login HTTP/2.0" 401 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0" "-"
xxxxx - - [05/Mar/2018:16:25:52 -0500] "GET /login HTTP/2.0" 204 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36" "-"
xxxxx - - [05/Mar/2018:16:26:02 -0500] "GET /login HTTP/2.0" 401 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0" "-"
xxxxx- - [05/Mar/2018:16:27:35 -0500] "GET /login HTTP/2.0" 200 1784 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0" "-"
xxxxx - - [05/Mar/2018:16:27:35 -0500] "GET /css/authelia.css HTTP/2.0" 404 169 "https://squid-lab.nwk.jwm2.net/login" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0" "-"
xxxxx - - [05/Mar/2018:16:27:35 -0500] "GET /img/user.png HTTP/2.0" 404 169 "https://squid-lab.nwk.jwm2.net/login" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0" "-"
xxxxx - - [05/Mar/2018:16:27:35 -0500] "GET /js/authelia.js HTTP/2.0" 404 169 "https://squid-lab.nwk.jwm2.net/login" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0" "-"

My reverse proxy location is configured as such:
location /login {
rewrite /login(.*)$ /$1 break;
proxy_pass https://login.nwk.jwm2.net;
}

With the above configuration im able to get some data but not all images and scripts show/run properly.

Im feel it has something to do with my `rewrite` rule but cant figure it out....
Any input would be appreciated.


Thanks!
dave
Search

Init script on Custom built nginx (no replies)

March 8, 2018, 11:17 pm
$
0
0
Facing some problems after installing source built nginx
Installed using automatic pagespeed installer on NEW Ubuntu 16.04 (Clean install)
Doc Link : https://www.modpagespeed.com/doc/build_ngx_pagespeed_from_source

bash <(curl -f -L -sS https://ngxpagespeed.com/install) \
--nginx-version latest

i.e it is source built and not from ubuntu repo

root@xyz:~# vi "/usr/local/nginx/conf/nginx.conf"
root@xyz:~# vi "/usr/local/nginx/conf/nginx.conf"
root@xyz:~# nginx -t
The program 'nginx' can be found in the following packages:
* nginx-core
* nginx-extras
* nginx-full
* nginx-light
Try: apt install <selected package>
root@xyz:~# vi "/usr/local/nginx/conf/nginx.conf"
root@xyz:~# sudo service nginx restart
Failed to restart nginx.service: Unit nginx.service not found.
root@xyz:~# sudo /usr/sbin/nginx -V
sudo: /usr/sbin/nginx: command not found
root@xyz:~# sudo /usr/local/nginx -V
sudo: /usr/local/nginx: command not found
root@xyz:~# sudo /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.13.9
built by gcc 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.9)
configure arguments: --add-module=/root/incubator-pagespeed-ngx-latest-stable
root@xyz:~# sudo /usr/local/nginx/sbin/nginx restart
nginx: invalid option: "restart"
root@xyz:~# sudo service nginx restart
Failed to restart nginx.service: Unit nginx.service not found.
root@xyz:~# sudo systemctl restart nginx
Failed to restart nginx.service: Unit nginx.service not found.
root@xyz:~# sudo service nginx restart
Failed to restart nginx.service: Unit nginx.service not found.
root@xyz:~# /usr/local/nginx/sbin/nginx -s reload
nginx: [error] open() "/usr/local/nginx/logs/nginx.pid" failed (2: No such file or directory)
root@xyz:~# /usr/local/nginx/sbin/nginx start
nginx: invalid option: "start"
root@xyz:~# ps aux | grep nginx
root 20012 0.0 0.1 12944 1084 pts/0 S+ 06:50 0:00 grep --color=auto nginx


also i get only this when finding nginx

sudo find / -type f -name "nginx"
/usr/local/nginx/sbin/nginx
/root/nginx-1.13.9/objs/nginx



AFter Searching a lot on google finally i found that i need init script but still not sure which one to use
https://www.nginx.com/resources/wiki/start/topics/examples/initscripts/
linux init.d or upstart or systemd
and what i need to edit in those scripts

First time i have compiled nginx from source , so dont know much. earlier was using installing using apt-get

stream based on hostname (no replies)

March 9, 2018, 1:54 pm
$
0
0
Hello!
here is my example of not working config

stream {
map $hostname $stream_destination {
hostname.com ip_address_1;
hostname2.com ip_address_2;
}
server {
listen 8080;
proxy_pass $stream_destination:8080;

}
}



i need to route tcp traffic based on hostname, help me to find out this please.

Nginx as reverse web proxy changes all to apache default page. (no replies)

March 12, 2018, 11:11 am
$
0
0
I'm very confused. I am using Nginx as a reverse web proxy in VM environment with 4 VM web servers. I have 4 conf files directing to each site. The last 2 mornings I have found that all 4 sites are defaulted to an apache start page. There is no apache on the Nginx machine so I assume it's showing the apache page from one of the 4 servers, I'm assuming it's the one listed as default in the conf files.

I have to reboot my router and the Nginx machine to get it to come back. I am using an IPCOP open source router.

Any ideas why this is happening?

Nginx phpmyadmin redirecting to homepage (no replies)

March 12, 2018, 12:32 pm
$
0
0
Hello, I have been struggling to find a solution to this and could uses some help please. I created a webserver using wordpress and added phpmyadmin. I am able to login to phpmyadmin and created a symbolic link however, it redirects me to the main page. This is a website that I made to try and learn about web development. (If you see anything else wrong with the config file, please point it out.)

The address bar displays: https://example.com/?token=a token is here.

The address I need to access is https://example.com/newsymboliclink or
https://example.com/newsymboliclink/?token=a token is here. or
https://example.com/newsymboliclink/index.php?token=a token is here.
(Im not sure which one is the best one to use).

Ive been trying to due try_files and returns but can figure that out. Hoping someone can help.


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
The nginx configuration is:

# HTTP SERVER

server {
listen 80;
server_name example.com www.example.com;
return 301 https://$host$request;
}

server {
listen 443 ssl http2;
server_name example.com www.example.com;
root /var/www/example.com/html;
index index.php;

access_log /var/log/nginx/example.com.access.log;
error_log /var/log/nginx/example.com.error.log;

ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

# enable session resumption to improve https performance
# http://vincent.bernat.im/en/blog/2011-ssl-session-reuse-rfc5077.html
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets off;

# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

# enables server-side protection from BEAST attacks
# http://blog.ivanristic.com/2013/09/is-beast-still-a-threat.html
ssl_prefer_server_ciphers on;

# disable SSLv3(enabled by default since nginx 0.8.19) since it's less secure then $
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

# ciphers chosen for forward secrecy and compatibility
# http://blog.ivanristic.com/2013/08/configuring-apache-nginx-and-openssl-for-forwar$
ssl_ciphers 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESG$

# config to enable HSTS(HTTP Strict Transport Security) https://developer.mozilla.or$
# to avoid ssl stripping https://en.wikipedia.org/wiki/SSL_stripping#SSL_stripping
# also https://hstspreload.org/
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as$
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}

# WORDPRESS PERMALINKS
location / {
try_files $uri $uri/ /index.php?$args;
}

location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.0-fpm-giga.sock;
}

# HTACCESS DENY ALL RULE

location ~/\.ht {
deny all;
}
}

nginx: [emerg] could not build test_types_hash (no replies)

March 13, 2018, 2:34 am
$
0
0
Hi,

I am using nginx on CentOs7. When I am using gzip with "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" MIME type, it is giving me below error:

Mar 13 14:57:47 localhost.localdomain nginx[17289]: nginx: [emerg] could not build test_types_hash, you should increase test_types_hash_bucket_size: 64
Mar 13 14:57:47 localhost.localdomain nginx[17289]: nginx: configuration file /etc/nginx/nginx.conf test failed

Attached is my nginx conf:
Viewing all 2931 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>