I've seen similar questions around and tried different solutions but none seems to work for me, so I guess I have something wrong in my nginx configurations file.
I have configured nginx to redirect all request to port 8080 except for some locations as I have a nodejs app running on 8080 besides a php application running on port 80 (and another nodejs app service running on 8090) all on the same server (I know it's a weird configuration but I have to live with it for the moment). In my nodejs application I'm tryin to detect if the connection is over http or https but it doesn't work.
I alway get the following regardless I connect over http or https:
console.log(req.headers["x-forwarded-proto"]); // => undefined
console.log(req.secure); // => false
here is my nginx config file:
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/server.chained.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_protocols TLSv1.2;
root /var/www/html;
index index.html index.htm index.php index.cgi;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
client_max_body_size 100M;
client_body_buffer_size 128k;
server_name factory.quiddis.com;
location / {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache_bypass $http_upgrade;
}
location /bugzilla {
try_files $uri $uri/ /index.cgi$is_args$args;
}
location /bugzilla/rest {
rewrite ^/bugzilla/rest/(.*)$ /bugzilla/rest.cgi/$1 last;
}
...
Note:
Although I know I could redirect http to https via nginx, I cannot do it here as the second nodejs app has to stay over http for the moment.
Related
I am jumping in on a project with some socket issues over SSL and Cloudflare... I know.. I have read about 50 different stack overflow posts and 200 blog posts to try to figure this out. The project works on my local dev server/computer just fine...
I think I am on the right track - But could use some help/pointers if ya'll can.
First, I thought it was weird that the /socket-io/ proxy_pass was at port 6379, the same as redis... Maybe it should be? When this was set at 6379, the socket connection will not connect - With or Without Cloudflare enabled ( I paused cloudflare to test this out).
I read through the express server and saw that the socket server seems like it's linked to the express server at port 4000... so I changed the proxy_pass for /socket-io/ to port 4000 and it reconnects. This works with Cloudflare paused/running... so maybe it's not cloudflare after all. Still, even though it says the socket has reconnected in the browser, nothing is working.
I'll start by sharing my NGINX config - Let me know what else ya'll need to see, please. Thanks for taking your time to help me out/pointing me in the right direction! I really appreciate learning about this stuff.
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name dev-app.myapp.com;
location / {
root /var/www/myapp_frontend/build/;
try_files $uri $uri/ /index.html;
#proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
location /api/ {
proxy_pass http://localhost:4000/;
include /etc/nginx/proxy_params;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /socket.io/ {
proxy_pass http://localhost:6379;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_read_timeout 86400;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
ssl_certificate /etc/letsencrypt/live/dev-app.myapp.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/dev-app.myapp.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = dev-app.myapp.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name dev-app.myapp.com;
listen 80 default_server;
listen [::]:80 default_server;
return 404; # managed by Certbot
}
Edit-1
I did see that cloudflare requires certain ports... Am I wrong to think that these ports only refer to the initial listening port, for example 443 above, since the proxy_pass ports are all using localhost?
The project was very OK when I worked locally under development. Because the ports of backend 1337 and frontend 3000 were manually changed by me. After we deployed the project to the cloud server, we made OpenSSL work for the frontend. It meant to make nginx redirect requests from port 80 to safe 443, which expected to load the SSL certification. All is well until we tried to log in with our 1337 port to Strapi admin panel, which is part of a backend directory.
To be clear:
backend runs on 1337
frontend runs on 5000.
Both server processes run in pm2 in the background with no problem. nginx file seems to not have any syntax errors. But I can not reach any of the backend operations even through Postman.
What I expect it to do is: run all requests started with domain.com/api/ through localhost:1337. As it made happen with main directory, run through 'localhost:5000'. This is nginx config file:
server {
listen 80;
listen [::]:80;
server_name sinavhukuk.com www.sinavhukuk.com;
access_log /var/log/nginx/site80port.com.access.log;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name sinavhukuk.com www.sinavhukuk.com;
ssl_certificate /etc/letsencrypt/live/sinavhukuk.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sinavhukuk.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'XXXXXXXXXX';
location /{
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
error_log /var/log/nginx/main-dir-error.log debug;
}
location /api{
proxy_pass http://localhost:1337;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
error_log /var/log/nginx/admin-error.log debug;
}
access_log /var/log/nginx/siteSSL.com.access.log;
error_log /var/log/nginx/siteSSL.com.error.log;
}
I am using nginx first time so need help.
My app is running in /root/project1/tools (this directory is having server.js)
How i can connect nginx to this directory. I searched lot and do not find direct ans. Think nginx will find my server.js by port number not by path. is that true?
I am using linux ubuntu 18
More over nginx is throwing error
2018/10/23 06:14:51 [alert] 3822#3822: *2025 socket() failed (24: Too
many open files) while connecting to upstream, client: 127.0.0.1,
server: nativeiconba$
/etc/nginx/sites-available/nativeiconbase.com
upstream app_yourdomain {
server 127.0.0.1:8080;
keepalive 8;
}
# the nginx server instance
server {
listen 80;
listen [::]:80;
server_name nativeiconbase.com www.nativeiconbase.com;
access_log /var/log/nginx/nativeiconbase.com.log;
# pass the request to the node.js server with the correct headers
# and much more can be added, see nginx config options
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://nativeiconbase/;
proxy_redirect off;
}
}
root /root/project1/src/;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name localhost;
/etc/nginx/sites-available/default
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /root/project1/src/;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
location / {
# First attempt to serve request as file, then
proxy_pass http://10.139.32.25:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
And my node app is running on port 8080. Any idea what can i do to setup nginx. any reference to resource will be helpful.
All you have to do is setup a Reverse Proxy Server in Nginx
Start your NodeJS Server on whatever port
node server.js
If you are using any process management tool like pm2 then
pm2 server.js
Now in nginx config what you have to do is proxying all request to local nodejs server so
upstream app_yourdomain {
server 127.0.0.1:8080;
keepalive 8;
}
# the nginx server instance
server {
listen 80;
listen [::]:80;
server_name nativeiconbase.com www.nativeiconbase.com;
access_log /var/log/nginx/nativeiconbase.com.log;
# pass the request to the node.js server with the correct headers
# and much more can be added, see nginx config options
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:8080;
proxy_redirect off;
}
}
I have just changed the line proxy_pass http://localhost:8080 in your code
I am having trouble accessing my node server externally. Internally, I can access it fine, but I am unable to do so otherwise.
Here is my nginx configuration. I simply want to access my website using only my external IP (for example, 133.21.29.21)
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 2500;
location / {
proxy_pass http://127.0.0.1:3005;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
server code
app.server.listen(3003, "0.0.0.0", () => {
console.log(app.server.address());
});
I am running on port 3003 at the moment. I have tried sever nginx configurations and changing my server code as well (changing port, omitting "0.0.0.0", using "127.0.0.1") but I have not had any luck.
I've been trying to access my server by going to my-external-ip:2500, but i've tried accessing through other ports as well.
I've disable the ufw firewall and still have not had any luck. Curling locally works fine.
What am I doing incorrectly?
I think you are missing a proxy redirect
Take a look at the following example NGINX configuration file, the location / { } is pointing to a Node server on port 9080 and it works by navigating to https:// ... .com
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl on;
ssl_certificate /etc/letsencrypt/live/thedomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/thedomain.com/privkey.pem;
access_log /var/log/nginx/thedomain.access.log;
error_log /var/log/nginx/thedomain.error.log;
server_name _;
root /var/www/html;
index index.html;
gzip on;
gzip_proxied any;
gzip_types text/css text/javascript text/xml text/plain application/javascript application/x-javascript application/json;
location /.well-known/ {
try_files $uri $uri/ =404;
}
location /jenkins {
include /etc/nginx/proxy_params;
proxy_pass http://localhost:8080;
proxy_read_timeout 90s;
proxy_redirect http://localhost:8080 https://www.thedomain.com/jenkins;
}
location /wss/pforex {
include /etc/nginx/proxy_params;
proxy_pass http://localhost:9190;
proxy_http_version 1.1;
proxy_read_timeout 90s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_redirect http://localhost:9190 https://www.thedomain.com/wss/pforex;
}
location / {
include /etc/nginx/proxy_params;
proxy_pass http://localhost:9080;
proxy_read_timeout 90s;
proxy_redirect http://localhost:9080 https://www.thedomain.com;
}
}
Nginx works as a front-end server, which in this case proxies the requests to a node.js server. Therefore you need to set up a Nginx config file for the node.
Create the file yourdomain.com at /etc/nginx/sites-available/:
# the IP(s) on which your node server is running. I chose port 3003.
upstream app_yourdomain {
server 127.0.0.1:3003; # can use localhost as well
keepalive 8;
}
# the Nginx server instance
server {
listen 80;
listen [::]:80;
server_name yourdomain.com www.yourdomain.com;
access_log /var/log/nginx/yourdomain.com.log;
# pass the request to the node.js server with the correct headers
# and much more can be added, see Nginx config options
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://app_yourdomain/;
proxy_redirect off;
}
}
Besides you can even omit giving ip to listen method and it will take localhost by default
const app = express();
app.listen(3003, () => {
console.log(app.server.address());
});
If you are accessing the server directly with IP then you need to change
server_name yourdomain.com www.yourdomain.com;
with
server_name _;
I have a node js application running on AWS linux server with ssl. I wanted to implement nginx to the same. I googled it and read that if I implement ssl in nginx then the node application runs on http. So I configured the nginx conf as follows and ran the node js application with normal http server:
listen 443 ssl;
server_name myserver.com;
ssl_certificate myserver.chained.crt;
ssl_certificate_key myserver.key;
ssl_client_certificate myserver.crt;
ssl_verify_client optional;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header VERIFIED $ssl_client_verify;
proxy_set_header DN $ssl_client_s_dn;
proxy_pass http://127.0.0.1:3000;
}
Now the application is running on http as well as https. I want the nginx to be implemented and through ssl and the application to run only on https.
Is my approach right and what am I missing?
I see you have the application running on port 3000, what you will want to do so that it only runs on https is to block all requests on port 3000 to the server (using a firewall or security group rules in aws), and for every request on port 80 you will want to redirect them to the https version (port 443). Something like this:
server {
listen 80;
server_name my.domain.com;
return 301 https://$server_name$request_uri;
}
I found the above rule in this answer on serverfault.
upstream app
{
server 127.0.0.1:3000;
}
server
{
listen 80;
listen 443 ssl;
server_name www.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
client_header_buffer_size 64k;
large_client_header_buffers 4 64k;
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
location ~ ^/(assets/|images/|img/|javascript/|js/|css/|stylesheets/|flash/|media/|static/|robots.txt|humans.txt|favicon.ico) {
root /var/www/example.com/public/;
access_log off;
expires 24h;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://app$uri$is_args$args;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}