I have media server running on port 1935 .
and I have a subdomain: "streaming.foo.com"
I need to configure Nginx to access rtmp://streaming.foo.com
I tried the RTMP Nginx plugin with this blog :
https://www.nginx.com/blog/video-streaming-for-remote-learning-with-nginx/
and configured the /etc/nginx/nginx.conf file.
rtmp {
server {
listen 1935;
application live {
live on;
dash on;
dash_path /tmp/dash; // what is this config??
dash_fragment 15s;
}
}
}
but I get this error from nginx :
nginx[176987]: nginx: [emerg] bind() to 0.0.0.0:1935 failed (98:
Address already in use)
It is RTMP, not HTTP. Nginx is a web server, which can proxy and balance HTTP only. It is not a general proxy server.
Use a general Proxy or Load balancer, like HA Proxy.
You can't have two services listening on the same port.
The common solution is to configure the real service (your media service) on another port (let's say 19350) than configure a reverse proxy on nginix to forward requests from the exposed port (1935 in this case) to the back-end service (19350 in our example).
Sorry but I don't know nginix (I use this config with apache) so I can't help you on how to configure a reverse proxy on it.
Related
We have a Prometheus Pushgateway running and listening to metrics push from our AWS Lambda function. However, the URL to the Pushgateway is accessible by the public, which might impose some security issues. We were wondering if there is any way we could add a layer of protection to the Pushgateway so that it is not publicly accessible?
I found this Github thread that may answered this question:
https://github.com/prometheus/pushgateway/issues/281
It proposed to set up a reverse proxy in front of the pushgateway. However, I am still confused on how that may actually work? We are currently using Kubernetes to deploy the Prometheus.
You can include authentication in your ingress controller by using a TLS secret as an ingress rule.
Here's an example that shows how to generate basic auth for your ingress:
https://kubernetes.github.io/ingress-nginx/examples/auth/basic/
Also, don't forget to include the Python handler function in your client to set the auth header as pointed out here:
https://github.com/prometheus/client_python#handlers-for-authentication
A suggestion here will be to make the URL of the Pushgateway Internal by using an AWS Internal Load Balancer, create an AWS Private Hosted Zone attach your VPC to this zone after this the next step will be to deploy the lambda in the same VPC.
This should solve the security issue.
You are right, you need reverse proxy here. I also faced with the same issue, so you need nginx in front of your prometheus/pushgateway.
First, install nginx using this article (you can start from Step 8 — Securing Prometheus if you already configured prometheus):
My nginx config :
events { }
http {
upstream prometheus {
server 127.0.0.1:9090;
keepalive 64;
}
upstream pushgateway {
server 127.0.0.1:9091;
keepalive 64;
}
server {
root /var/www/example;
listen 0.0.0.0:80;
server_name __;
location / {
auth_basic "Prometheus server authentication2";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_pass http://prometheus;
}
}
server {
root /var/www/example;
listen 0.0.0.0:3001;
server_name __;
location / {
auth_basic "Pushgateway server authentication";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_pass http://pushgateway;
}
}
}
my pushgateway.service file :
[Unit]
Description=Pushgateway
Wants=network-online.target
After=network-online.target
[Service]
User=pushgateway
Group=pushgateway
Type=simple
ExecStart=/usr/local/bin/pushgateway --web.listen-address="127.0.0.1:9091" --web.telemetry-path="/metrics" --persistence.file="/tmp/metric.store" --persistence.interval=5m --log.level="info" --log.format="logger:stdout?json=true"
[Install]
WantedBy=multi-user.target
It is important to set : --web.listen-address="127.0.0.1:9091", not ":9091" - so it will be exposed only to localhost.
Through the nginx pushgateway will be accessible on port 3001, port 9091 will be not public. Base authentication will be required to have access or push metrics.
About how to test it using Postman you can find here
I'm trying to use nginx to setup a simple node.js server, I'm running the server in background on port 4000, my nginx config file is
server {
listen 80;
listen [::]:80;
server_name 52.53.196.173;
location / {
include /etc/nginx/proxy_params;
proxy_pass http://127.0.0.1:4000;
}
}
I saved it in /etc/nginx/sites-available and also symlinked it to sites-enabled, the nginx.conf file has the include line already to load files from sites-enabled, then i restarted the service using
sudo service nginx restart
I tried going to 52.53.196.173 and it refuses to connect, however going to 52.53.196.173:4000 with port 4000 it is working, but I'm trying to make it listen on port 80 with nginx, i tried putting my .ml domain as server_name and no luck, and i have the IP 52.53.196.173 as the A record in the domain dns settings, and I'm doing this on an AWS EC2 Instance Ubuntu Server 16.04, i even tried the full ec2 public dns url no luck, any ideas?
Edit: I solved it by moving the file directly in sites-enabled instead of a symlink
There is few possible things. First of all you need to verify that nginx server is running & listening on port 80. you can check the listening ports using the following command.
netstat -tunlp
Then you need to check your server firewall & also the selinux policies. ( OR disable selinux for test )
Then you need to verify that AWS security group configured to access the http/https connections on port 80.
PS : Outputs from the following command & configurations will be helpful for troubleshooting.
netstat -tunlp
sestatus
iptables -L
* AWS Security Group Rules
* Nginx configurations ( including main configuration if changed )
P.S : OP fixed the problem by moving the config file directly into site-enabled directory. maybe, reefer the comments for more info if you are having the same issue.
Most probably port 80 might not be open in your security group or nginx is not running to accept the connections. Please post the nginx status and check the security group
check belows:
in security group, add Http (80) and Https (443) in inbound section with 0.0.0.0 ip as follow:
for 80 :
for 443 :
in Network ACL, allow inbound on http and https. outbound set custom TCP role as follow:
inbound roles:
outbound roles:
assign a elastic ip on ec2 instance, listen to this ip for public.
How can I setup crossbar.io router/WAMP router behind NGiNX reverse proxy?
You need to configure Nginx to forward WebSocket on the respective port. For a default Crossbar.io node configuration, this is (non-secure) WebSocket on port 8080. Check this.
I want to run NGINX and Apache Side by Side to use Node.JS with NGINX. The problem is that NGINX is not starting. I have two IPs and at the httpd.conf of Apache I edited the "Listens" to only this:
Listen 1.1.1.1:80
And the default.conf of NGINX to:
server {
listen 2.2.2.2:80 default_server;
...
}
But I'm getting this error when I start NGINX:
Starting nginx: nginx: [warn] server name "/var/log/nginx/access.log" has suspic ious symbols in /etc/nginx/nginx.conf:41
nginx: [emerg] bind() to 2.2.2.2:80 failed (99: Cannot assign requested ad dress)
What am I doing wrong? I searched over the internet and I found how to configure both web servers side by side here: http://kbeezie.com/apache-with-nginx/ and I found this:
To do this you have to make sure Apache and Nginx are bound to their
own IP adddress, In the event of WHM/Cpanel based webserver, you can
Release an IP to be used for Nginx in WHM.
But I don't have cPanel. How can I do this manually?
OBS: 1.1.1.1 and 2.2.2.2 is just an example.
I am trying to configure HAProxy on OpenShift to achieve following URL based routing.
when I am trying to restart my app, I am getting following error in HAProxy log
Starting frontend http-in: cannot bind socket
Following are the changes I made to haproxy.cfg, in addition I have also added "user nobody" to global section. What am I doing wrong? I am new to HAProxy, so I believe it might be very basic thing I am missing.
frontend http-in
bind :80
acl is_blog url_beg /blog
use_backend blog_gear if is_blog
default_backend website_gear
backend blog_gear
mode http
balance roundrobin
option httpchk
option forwardfor
server WEB1 nodejs-realspace.rhcloud.com weight 1 maxconn 512 check
backend website_gear
mode http
balance roundrobin
option httpchk
option forwardfor
server WEB2 website-realspace.rhcloud.com weight 1 maxconn 512 check
To note a few problems with your configuration.
The first problem in your configuration is that you should listen on port 8080.
Ports 80, 443, 8000 an 8443 on the outside will be redirected to port 8080 on your gear.
Second website-realspace.rhcloud.com is probably the external name of your gear that also hosts your HAProxy. This means that you have created a loop.
To acces your nodejs app you'll need to use the 127.a.b.c address assigned to your gear.
Also your nodejs app should most likely cannot listen on the same port as your HAProxy.