Firstly, I'm sorry about my poor english and also I warn you that i'm a newbie still learning those technologies that I'm going to talk about.
So, I work on a companie and they needed some simple pages apps. I choose to use the React.js technologie with an Node.js API running with Express. (Sorry if I am wrong about the terms but I'm not english and still student).
I've done my 2 react apps and my api that are actually working correctly. I must deploy them on a CentOs. SO I've "daemonized" my 2 react apps and my API. The first react app with the port :8080, the other one with the port :3000 and the api, with the port :8081.
Then I installed Nginx, with a simple conf. It worked well. After that I've been trying to use https. So I did. But I'm now facing a problem.
When I try to reach one of my apps, I got a blank page with those messages :
GET https://domain_name/src/index.js net::ERR_ABORTED 404 (index):19
GET https://domain_name/static/js/2.3d1c602b.chunk.js net::ERR_ABORTED 404 (index):20
GET https://domain_name/static/js/main.95db8d0e.chunk.js net::ERR_ABORTED 404 manifest.json:1
GET https://domain_name/manifest.json 404 manifest.json:1
Manifest: Line: 1, column: 1, Syntax error.
And if I try to reach one of my api routes I get this :
Cannot GET /api/oneThing
and :
GET https://patt_www_ppd/api/ 404 patt_www_ppd/:1
I couldn't figure out with the problem in the net. I've found some possible solutions but I didn't understood them or it didn't worked. Can somebody help me?
Here is my nginx.conf :
pid /run/nginx.pid;
worker_processes auto;
worker_rlimit_nofile 65535;
events {
multi_accept on;
worker_connections 65535;
}
http {
charset utf-8;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
log_not_found off;
types_hash_max_size 2048;
client_max_body_size 16M;
# MIME
include mime.types;
default_type application/octet-stream;
# logging
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log warn;
# SSL
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
# Diffie-Hellman parameter for DHE ciphersuites
ssl_dhparam /etc/nginx/dhparam.pem;
# Mozilla Intermediate configuration
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
resolver_timeout 2s;
# load configs
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
And here is my domain_name.conf under the /sites-available/ directory :
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name domain_name;
# SSL
ssl_certificate /etc/certifs/domain_name.pem;
ssl_certificate_key /etc/certifs/domain_name.key;
# security
include nginxconfig.io/security.conf;
# logging
access_log /var/log/nginx/domain_name.access.log;
error_log /var/log/nginx/domain_name.error.log warn;
# reverse proxy
location /inventaire/ {
proxy_pass http://127.0.0.1:8080;
include nginxconfig.io/proxy.conf;
}
location /api/ {
proxy_pass http://127.0.0.1:8081;
include nginxconfig.io/proxy.conf;
}
location /ticket/ {
proxy_pass http://127.0.0.1:3000;
include nginxconfig.io/proxy.conf;
}
# additional config
include nginxconfig.io/general.conf;
}
# subdomains redirect
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name *.domain_name;
# SSL
ssl_certificate /etc/certifs/domain_name.pem;
ssl_certificate_key /etc/certifs/domain_name.key;
return 301 https://domain_name$request_uri;
}
# HTTP redirect
server {
listen 80;
listen [::]:80;
server_name .domain_name;
return 301 https://domain_name$request_uri;
}
I really thank anyone that can bring me some answers... And again, sorry for my english and my poor abilities in this domain, but I'm still learning.
Related
I'm running Docker Containers with a Vue.js front and a Node.js+Express.js backend and managing the routes using Nginx.
When I access the route https://equilibrista.app/ and click the link inside the page to go to https://equilibrista.app/exams it works fine, but I got an error when I directly goes to this page (and a Express error shows up Cannot GET /exams).
Why is this happening? It looks like an Nginx redirect error, but I couldn't find anything wrong on nginx.conf
server {
listen 80;
listen [::]:80;
server_name equilibrista.app www.equilibrista.app;
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/html;
}
location / {
rewrite ^ https://$host$request_uri? permanent;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name equilibrista.app www.equilibrista.app;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/equilibrista.app/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/equilibrista.app/privkey.pem;
ssl_buffer_size 8k;
ssl_dhparam /etc/ssl/certs/dhparam-2048.pem;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
ssl_ecdh_curve secp384r1;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8;
location /api/ {
proxy_pass http://api:3000/;
proxy_redirect off;
}
location / {
proxy_pass http://front:8888;
}
}
The way we got it to work with a Vue app was following.
1) First you have a location that capture all the physical files and paths that exists.
2) Secondly you redirect any other request to the main application file, for Vue it is index.html.
So your location configuration should look like this:
location /api/ {
proxy_pass http://api:3000/;
}
location ~* \/(index\.html|favicon\.ico|styles\.css|styles\.min\.css|css\/.*|js\/.*|images\/.*) {
proxy_pass http://front:8888;
}
location / {
rewrite / /index.html;
proxy_pass http://front:8888;
}
(updated to match question)
we have the static files on the nginx server, but it should work the same way with proxy_pass.
I'm trying to exclude the API route "https://example.com/api/" from the Nginx HTTP Basic Authentication.
Here is my Nginx Conf:
server {
listen 80;
listen [::]:80;
server_name example.com;
return 302 https://$server_name$request_uri;
}
server {
# SSL configuration
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/nginx/ssl/cert.crt;
ssl_certificate_key /etc/nginx/ssl/key.pem;
ssl_client_certificate /etc/nginx/ssl/cloudflare.crt;
ssl_verify_client on;
server_name example.com;
root /var/www/mysite;
index app.php index.php;
location / {
try_files $uri $uri/ /app.php$is_args$args;
# Restricting Access
auth_basic 'Administrator Area';
auth_basic_user_file /etc/apache2/.htpasswd;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
# Restriction off for api
location ^~ /api/ {
auth_basic off;
allow all;
}
}
But when I try to hit "https://example.com/api/" on the browser, it's still asking for basic authentication. Usually, without basic authentication, it should provide a JSON response on the browser.
Does anyone know how to solve this issue? Any kind of help would be greatly appreciated. Thanks.
When I am trying to restart my nginx, I get:
nginx: [emerg] invalid number of arguments in "ssl_ciphers" directive in /etc/nginx/conf.d/todoproject.conf:42
nginx: configuration file /etc/nginx/nginx.conf test failed
what I did so far...
/etc/nginx/conf.d/todoproject.conf
server {
listen 80;
listen [::]:80;
server_name react-todo.cf;
location / {
proxy_pass http://3.18.184.211:5001/;
}
return 301 https://react-todo.cf;
}
# generated 2019-11-19, https://ssl-config.mozilla.org/#server=nginx&server-version=1.14.0&config=intermediate
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name react-todo.cf;
server_name react-todo.cf;
location / {
proxy_pass http://3.18.184.211:5001/;
}
# root /React-Redux-Todo-App/build;
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /etc/letsencrypt/live/jagan.cf/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/jagan.cf/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam.pem
# ssl_dhparam /path/to/dhparam.pem;
# intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305$
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
# OCSP stapling
# ssl_stapling on;
# ssl_stapling_verify on;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
# ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
# replace with the IP address of your resolver
resolver 8.8.8.8;
}
I am getting the error while running command
sudo nginx -t
or trying to restart nginx with command
sudo service nginx restart
This was my second app in same instance for which I was going to use ssl certificate.
first one was successfuly done but here in second one I'm getting this error.
my file is in directory
/etc/nginx/conf.d/todoproject.conf
I am trying to setup a nginx server. I can access the content on 127.0.0.1:80 and localhost:80 but not on my public IP (xxxx.xxxx.xxxx.xxxx). Here are my configs:
/etc/nginx.conf:
user rud;
worker_processes auto;
include /etc/nginx/modules-enabled/*.conf;
daemon off;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
charset utf-8;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
types_hash_max_size 4096;
gzip on;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
/etc/nginx/sites-enabled/default:
server {
listen *:80;
listen [::]:80;
server_name _;
root /usr/share/nginx/html;
location / {
try_files $uri $uri/ =403;
}
}
I have applied several tips found from web like adding my public ip (xxxx.xxxx.xxxx.xxxx) to default file at server_name ip but it still doesn't work.
Answer for duplicate question https://superuser.com/q/841255/733877 and https://serverfault.com/q/361499/476613 didn't work.
I am struggling with NGINX and setting up my v-hosts. I'm trying to setup a vhost that redirects HTTP requests to HTTPS and then to my application (when it is 443)
My OS is Ubuntu 16.04 and I am using NGINX 1.10.3.
The nginx.conf looks like that (its mostly the default):
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
server_tokens off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
My ServerBlocks / VHosts look like that:
server {
listen 443 ssl;
server_name xxx.com;
# Prevent MITM
add_header Strict-Transport-Security "max-age=31536000";
ssl_certificate "/etc/nginx/ssl/xxx.com.pem";
ssl_certificate_key "/etc/nginx/ssl/xxx.com.key";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_pass http://localhost:2237;
}
}
server {
listen 80;
server_name xxx.com;
return 301 https://$server_name$request_uri;
}
Now the problem is, that either if I am using HTTP or HTTPS it tries to redirect me to HTTPS so I am stucked in an endless Loop of redirects.
I have absolutely no idea where my mistake is.
Every VHost is in a single File. The Application on Port 2237 is a nodeJS Express Server. I am also using Cloudflare (I got my SSL Certificate from them)
Edit:
Output from curl -I is:
$ curl -I https://example.com
HTTP/1.1 301 Moved Permanently
Date: Fri, 06 Oct 2017 19:42:19 GMT
Content-Type: text/html
Connection: keep-alive
Set-Cookie: __cfduid=d827df762e20a4e321b92b34bd15546621507318939; expires=Sat, 06-Oct-18 19:42:19 GMT; path=/; domain=.example.com; HttpOnly
Location: https://example.com/
Server: cloudflare-nginx
CF-RAY: 3a9b1a6a4e4564d5-FRA
You need to use below config
server {
listen 80;
server_name example.com;
add_header Strict-Transport-Security "max-age=31536000";
location / {
proxy_pass http://localhost:2237;
proxy_redirect http://localhost:2237/ https://$host/;
}
}
Your are using cloudflare SSL and terminating SSL at cloudflare. So you should just be listening on port 80. Your earlier config was redirecting port 80 back to HTTPS and sending the request to Cloudflare which then send to your nginx port 80 and hence creating infinite loop