I want certain IP addresses to be able to watch my HLS stream. How can I restrict it?
The simplest way to do this is to set up a reverse proxy. A sample configuration file is as follows.
location / {
location ~* \.(m3u8)$ {
proxy_pass http://127.0.0.1:5080;
allow 1.1.1.1/32; # IP addresses that you will allow
deny all;
}
proxy_pass http://127.0.0.1:5080;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
Related
I have 2 machines: One holds the Minio running in a Docker container on port 9001 and the other holds the Nginx. I want to access\serve Minio on a path prefix /media i.e. www.mydomain.com/media: I can see that proxy_pass is working fine but I'm getting 404 on static files:
I can see that the main page is getting loaded by checking the favicon and the page title.
Below is my nginx config file:
...
upstream minio {
ip_hash;
server <hostname\IP>:9001;
}
server {
server_name mydomain.com;
...
location /media {
rewrite ^/media(/.*)$ $1 break;
proxy_pass http://minio/;
client_max_body_size 0;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
chunked_transfer_encoding off;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_connect_timeout 300;
}
...
}
Any help would be highly appreciated. :)
Unfortunately it seems like this isn't possible and the MinIO team isn't interested in supporting it natively:
https://github.com/minio/minio-js/issues/737
This comment suggests some workarounds, however: https://github.com/minio/minio-js/issues/737#issuecomment-809373153
reverse proxy via nginx - rewrite prefix and added option proxy_set_header Host '127.0.0.1:9000'
use traefik with stripPrefix and sets static header Host
I've nginx config that route frontend app to specific port, and backend to specific route
here's my configs
server {
listen 80;
server_name test.com www.test.com;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
location /api {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://127.0.0.1:3000;
proxy_set_header X-Real-IP $remote_addr;
}
}
when trying to access test.com directly it works, but when trying to access test.com/api , it doesn't work, then if return to main path test.com it also doesn't work, it seems like nginx stopped working after accessing the /api
I am trying to set up a Nginx as a reverse proxy to access multiple NodeJS apps running on the same server.
I have my nodeJS apps running with PM2 and it all seems fine:
My nodeJS app is the simple nodeJS app generated with express-generator, so it is supposed to be running on port 3000.
I have also set up my Nginx with the following config
server {
listen 1004;
server_name pumadashboard.com;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
However when I curl 127.0.0.1:1004 I get a badGateway error from Nginx. I am also not able to access pumadashboard.com from anywhere on my local network, it just loads until timeout.
What do you get if you do:
curl http://locahost:3000
This should give back a response and like that you will understand if the application started properly.
This nginx configuration works for me
upstream pumadashboard.com {
server 127.0.0.1:3010;
}
server {
listen 80;
server_name pumadashboard.com;
root <path to your node application>;
access_log /var/log/nginx/your-access.access.log;
error_log /var/log/nginx/your-error.error.log;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_max_temp_file_size 0;
proxy_pass http://pumadashboard.com/;
proxy_redirect off;
proxy_read_timeout 240s;
}
}
Try adding
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port 80;
to your location / block
I'm trying to use nginx to redirect to ports (running nodeJS apps) based on the domain prefix. So far, I can redirect
example.com:80 --> port 8502
5555.example.com:80 --> port 5555
6666.example.com:80 --> port 6666
Is there a way to do this kind of redirection without having to copy-paste this over and over??
server {
listen 80;
server_name 5555.example.com;
location / {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_pass http://example.com:5555;
}
}
I figured I should do this with regular expressions, so I tried the following, but without any success :
~^(?<theport>.+)\.example\.com$ #then changed proxy_pass to http://example.com:$theport
~^([0-9]+)\.example\.com$ #then changed proxy_pass to http://example.com:$1
server_name "~^([0-9]{4})\.example\.com$";
set $theport $1; #then changed proxy_pass to http://example.com:$theport
In all cases, I'm getting a "502 Bad Gateway" error.
I found the solution! The regular expression works, but you need to add a resolver in order to have a variable in the proxy_pass (at least, that's how I understand it).
server {
listen 80;
server_name ~^(?<port_subdomain>[0-9]*).example.com$;
location / {
resolver 10.33.1.1; #/etc/resolv.conf
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_pass http://example.com:$port_subdomain;
}
}
following is my nginx configuration,
server { //PART-1
listen 80;
server_name _;
location / {
proxy_pass http://127.0.0.1:8090;
proxy_redirect off;
proxy_pass_request_headers on;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection Upgrade;
}
}
server { //PART-2
listen 80;
server_name service;
root /usr/local/tomcat7/webapps/service-snapshot;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080/ServiceUI/;
}
}
first part of config works fine for websockets, which I am already using.
Second part of config is for webapp running on Apache tomcat 7.0.56, which is not working.
Is there something wrong with config? assuming server_name in both parts might be causing issue!
Any suggestions!
While having multiple services on one IP and port is working perfectly fine, the server_name directive is using the HOST header submitted by the client/browser. In this case, you're not supplying the header but instead asking for a specific location on the same server (you're not asking for http://_ or http://service but for http://yourserver/services from what I see in the comments).
To make it work, you have to specify the different services via locations like this:
server {
listen 80;
server_name THIS_IS_WHERE_YOUR_DOMAIN_OR_MAYBE_LOCALHOST_GOES;
location / {
proxy_pass http://127.0.0.1:8090;
proxy_redirect off;
proxy_pass_request_headers on;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection Upgrade;
}
location /Service {
root /usr/local/tomcat7/webapps/service-snapshot;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080/ServiceUI/;
}
}