I'm still new to nginx and I want to accomplish this.
I have two servers (server1 and server2), with an sftp server (bitvise) on server1.
And on server2 I have an nginx docker container running.
I want to configure nginx so when trafic comes to server2 (the one with nginx) on port 22 , it get redirected to server1, where my sftp sever is present.
I have an dns "transfer.test.com" mapped to my server2 public IP (tested).
This is the configuration I have added to nginx conf file.
server {
listen 22;
server_name transfer.test.com;
return 301 https://google.com;
location / {
set $sftp server1-private-ip:22;
proxy_pass $sftp;
}
}
server1-private-ip is the private IP of server1 (the one with sftp).
but till now its not working.
I can connect to sftp using filezile using the private IP of server1 BUT
I can't connect to sftp using filezila using the private IP of server2, means the trafic is not getting redirected.
Thank you for the help.
If you want to use nginx as a proxy to non-HTTP protocols like SSH or SFTP, you should define your server in a stream context rather than http one. Typical main configuration file (usually /etc/nginx/nginx.conf) looks like
user <username>;
worker_processes <number>;
...
events {
worker_connections <number>;
}
http {
include /etc/nginx/mime.types;
... # other global http directives here
include /etc/nginx/conf.d/*.conf;
}
As you can see, configuration files for individual servers (or server groups) are being included within the http context. You should add stream block to your main configuration file:
user <username>;
worker_processes <number>;
...
events {
worker_connections <number>;
}
http {
...
}
stream {
server {
listen 22;
proxy_pass <server1_private_ip>:22;
}
}
Directives like server_name or location are meaningless in the server blocks defined under the stream context. Please note that for using above configuration nginx should be compliled with ngx_stream_core_module and ngx_stream_proxy_module modules.
Related
I have a small app written with NodeJS and it is hosted in Google Cloud. I reserved a IP and I can access the front of app with IP.
The problem is, I have an admin panel witch it is a different Node instance. This has his own port and I want to access it via url, like: http://admin.11.111.11.11
I've using NGINX with Ubuntu 20.4
Config for admin it looks like:
server {
listen 80;
listen [::]:80;
#server_name admin.11.111.11.111/ www.admin.11.111.11.111/;
location / {
#proxy_pass http://127.0.0.1:2222;
}
}
and for front:
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name mydomain.com www.mydomain.com;
location / {
proxy_pass http://127.0.0.1:1111;
}
}
At this moment I can't transfer the domain. I must wait client to finish writing his content. The mydomain.com use an old CMS so we must wait to finish to transfer the content, so the new app it is accessible just through new IP.
Thank you for any hint!
This has his own port and I want to access it via url, like: http://admin.11.111.11.11
No, this isn't possible admin.11.111.11.11 is not a valid hostname. You can't mix hostnames and IP addresses as the host like that. This whole premise is flawed... this isn't an Nginx problem.
But It's working fine with public IP as below
And I have created a subdomain with route 53 and then assigned A record with instance public IP
But when I ping the domain and IP it's getting request time out and all packets were lost. My application is node express app.So please it's a huge favor if anyone can solve this issue.
From your screenshot, I found that you're using Nginx as a Reverse proxy. So it might be because of your Nginx config
example your Nginx config may look like this,
server {
listen 80;
server_name 192.168.1.21;
...
}
you've to update it to:
server {
listen 80;
server_name subdomain.domain.com;
...
}
We have a Prometheus Pushgateway running and listening to metrics push from our AWS Lambda function. However, the URL to the Pushgateway is accessible by the public, which might impose some security issues. We were wondering if there is any way we could add a layer of protection to the Pushgateway so that it is not publicly accessible?
I found this Github thread that may answered this question:
https://github.com/prometheus/pushgateway/issues/281
It proposed to set up a reverse proxy in front of the pushgateway. However, I am still confused on how that may actually work? We are currently using Kubernetes to deploy the Prometheus.
You can include authentication in your ingress controller by using a TLS secret as an ingress rule.
Here's an example that shows how to generate basic auth for your ingress:
https://kubernetes.github.io/ingress-nginx/examples/auth/basic/
Also, don't forget to include the Python handler function in your client to set the auth header as pointed out here:
https://github.com/prometheus/client_python#handlers-for-authentication
A suggestion here will be to make the URL of the Pushgateway Internal by using an AWS Internal Load Balancer, create an AWS Private Hosted Zone attach your VPC to this zone after this the next step will be to deploy the lambda in the same VPC.
This should solve the security issue.
You are right, you need reverse proxy here. I also faced with the same issue, so you need nginx in front of your prometheus/pushgateway.
First, install nginx using this article (you can start from Step 8 — Securing Prometheus if you already configured prometheus):
My nginx config :
events { }
http {
upstream prometheus {
server 127.0.0.1:9090;
keepalive 64;
}
upstream pushgateway {
server 127.0.0.1:9091;
keepalive 64;
}
server {
root /var/www/example;
listen 0.0.0.0:80;
server_name __;
location / {
auth_basic "Prometheus server authentication2";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_pass http://prometheus;
}
}
server {
root /var/www/example;
listen 0.0.0.0:3001;
server_name __;
location / {
auth_basic "Pushgateway server authentication";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_pass http://pushgateway;
}
}
}
my pushgateway.service file :
[Unit]
Description=Pushgateway
Wants=network-online.target
After=network-online.target
[Service]
User=pushgateway
Group=pushgateway
Type=simple
ExecStart=/usr/local/bin/pushgateway --web.listen-address="127.0.0.1:9091" --web.telemetry-path="/metrics" --persistence.file="/tmp/metric.store" --persistence.interval=5m --log.level="info" --log.format="logger:stdout?json=true"
[Install]
WantedBy=multi-user.target
It is important to set : --web.listen-address="127.0.0.1:9091", not ":9091" - so it will be exposed only to localhost.
Through the nginx pushgateway will be accessible on port 3001, port 9091 will be not public. Base authentication will be required to have access or push metrics.
About how to test it using Postman you can find here
Lets say I have corporatewebsite.com listening on port 80. Which is an appache / WordPress site.
I have a node application that I'd like to respond to sub.corporatewebsite.com
The node application is running Express currently. I can get it to listen to a separate port at the moment, but my service won't start if it's pointed to port 80 since it's already in use.
How can I have both apache and node listening to port 80, but having node responding to the subdomain?
You could use a reverse proxy like Nginx to route your subdomains.
Here is an example of nginx configuration, you might probaly have to complete according to your project and server :
server {
listen 80;
server_name corporatewebsite.com;
location / {
[ ... some parameters ... ]
include proxy_params; // Import global configuration for your routes
proxy_pass http://localhost:1234/; // One of your server that listens to 1234
}
}
server {
listen 80;
server_name sub.corporatewebsite.com;
location / {
[ ... some parameters ... ]
include proxy_params;
proxy_pass http://localhost:4567/; // The other server that listens to 4567
}
}
You have to configure, for example, apache2 listening to port 1234 while nodejs is listening to port 4567.
If you do like this, a good practice is to block direct access from the outside to your ports 1234 and 4567 (using iptables for example).
I think this post could be useful to you : Node.js + Nginx - What now?
I am running two instances of node.js servers serving same code on two different port numbers on same machine. For example, one node.js process is running on port 8080 and other on port 1337.
I need to put nginx proxy in front of both these servers and route any request coming to to these servers.
The reason I want to do this is because lets say I have only one server. I need to change the code and restart the server and it takes nearly 1 minute for the server to restart. During this time, any requests coming to the server will return 502 Bad Gateway Error. I want to avoid this situation by running a replica of the same server.
Now I want to setup nginx in such a way that whenever either one of them is down (restarting while doing git pull), requests should be routed to the other one.
How can I accomplish this setting and where should I start reading about this ?
Requirement: suppose you have 2 application both running on different port at same machine.You have purchased only one domain and want to use it for multiple application.suppose below is the requirement.
purchased domain: example.com
app1_name/app1_port: app1/8081
app2_name/app2_port: app2/8082
You have two option here, you can choose any one you like
1st way: http://example.com/app1, http://example.com/app2
2nd way: http://app1.example.com, http://app2.example.com
Below are final configuration for both type
1st type using url resource indicator and multiple location
server{
listen 80;
server_name example.com;
location /app1{
proxy_pass http://localhost:8081;
}
location /app2{
proxy_pass http://localhost:8082;
}
}
2nd type using subdomain and multiple server block
server{
listen 80;
server_name example.com;
}
server{
server_name app1.example.com;
location /{
proxy_pass http://localhost:8081;
}
}
server{
server_name app2.example.com;
location /{
proxy_pass http://localhost:8082;
}
}
Note: Ideally nginx should run on port 80 and should mapped to main domain. So that you dont have to type port in browser as 80 is default port for http request. You might have to add additional configuration parameter, above is just for demo purpose.