So, I set up a Nginx server on a Ubuntu system, I can access directly from my LAN.
I then bought a domain and linked it with my public ip address.
I port forwarded port 80 on my router.
So, this is the weird part, I can access my server by typing my domain in my home network.
But, i've been trying to access it outside my network (my phone's lte) and it does not work.
I know i can connect, because my FTP server works directly fine.
I temporarily disable my local firewall to make sure it wasn't an exceptrion problem, but it was not that.
I don't know what else to try?
my server config file
listen 80;
listen [::]:80;
root /var/www/ahtpo.host/html;
index index.html index.htm index.nginx-debain.html;
server_name ahtpo.host www.ahtpo.host;
access_log /var/log/nginx/ahtpo.host.access.log;
error_log /var/log/nginx/ahtpo.host.error.log;
location / {
try_files $uri $uri/ =404;
}
my access.log shows access only from my home's public ip and nothing else. all other attempts fail. My error.log is empty
OpenPortCheckTool says that port 80 is closed, even though i've allowed on my firewall and my router
I figured it out. My ISP (Cox) does not allow port 80 traffic on a residential address, so I just changed the port number. Thanks for the help. I know it wasn't a programming question, sorry.
Related
I have following nginx configurations
if ($host != mydomain.com) {
return 403;
}
When I hit the url http://127.0.0.1/test/test2/index.php (from POSTMAN) I get 403. Fine. But adding a Host -> mydomain.com in Headers I get 200.
When I added add_header Host "$host"; in nginx configurations I noticed in response that nginx has mydomain.com in its host variable. I know intentionally mentioning Host header in http request overrides 127.0.0.1 according to nginx documentation.
But in this way an attacker can send requests direct to web server by bypassing Cloudflare WAF. so what's the solution to block such requests from nginx?
I have tried following solutions but didn't work for me.
https://www.digitalocean.com/community/questions/how-to-block-access-using-the-server-ip-in-nginx
https://blog.knoldus.com/nginx-disable-direct-access-via-http-and-https-to-a-website-using-ip/
When I hit the url http://127.0.0.1/test/test2/index.php (from POSTMAN) I get 403. Fine. But adding a Host -> mydomain.com in Headers I get 200.
If I understand correctly, you seem to think that "adding a Host" header in your request is somehow a bypass. And it's not ... it's how hostnames work in HTTP.
A server doesn't magically know that you typed http://domain.tld/test/ in your browser address bar. Your browser makes a DNS lookup for domain.tld and establishes a TCP connection with the resolved IP address; it then sends headers, which is where the server gets the information from:
GET /test/ HTTP/1.1
Host: domain.tld
That's the only way the server knows you requested http://domain.tld/test/.
add this block:
server {
listen 80 default_server;
server_name "";
return 444;
}
OR
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 444;
}
The “default_server” parameter cannot be present in any other server block. NGINX Block direct IP access.
I have one IP address on my Linux box, and would like to serve HTTPS websites in this form:
https://landing.example.com
https://site-01.example.com/index.html
https://site-01.example.com/files/index.html
https://site-01.example.com/store/index.html
https://site-02.example.com/index.html
https://site-02.example.com/files/index.html
https://site-02.example.com/store/index.html
Each of these websites is a Docker container on the same host, so my idea were setting up an NginX reverse proxy Docker container.
There are many howto's about NginX as reverse proxy, but what I want to do is different from the text book example, as I have HTTPS, multiple sub-domains and multiple URL's.
Questions
Does anyone know of howto's that deal with this type of setup, or perhaps can tell me what the technical key words I should search for are?
At this point I don't know where to start, so any help will be much appreciated.
You need to add A-records to you DNS manager that will redirect all your subdomains to the IP address of the host machine.
Then in your NGINX config you can do something like this.
server {
listen 80;
server_name landing.example.com;
location /static {
alias /home/example-dir/staticfiles;
}
access_log /home/example-dir/nginx-access.log;
error_log /home/example-dir/nginx-error.log info;
}
server {
listen 80;
server_name site-01.example.com;
location /static {
alias /home/example-dir2/staticfiles;
}
}
I'm trying to get my Node server up and running on Ubuntu 14.04. I followed a tutorial from DigitalOcean to set up nginx and server blocks to serve my content.
I have the server setup correctly, I believe because I can whois my-site.com and also ping my-site.com. when I visit the web address in the browser, however I get just this error that displays in the page: "Internal Error: Missing Template ERR_CONNECT_FAIL".
I thought that maybe I pointed the nginx server block to the incorrect path, because of of the "Missing Template", but it points to the right file. It is supposed to display a simple index.html file located in /var/www/my-site.com/html.
Here is my server block if this sheds some light on the error:
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=off;
root /var/www/my-site.com/html;
index index.html index.htm;
# Make site accessible from http://localhost/
server_name my-site.com www.my-site.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
}
This file is located in /etc/nginx/sites-available/my-site.com and I've copied it to the sites-enabled directory as well.
What am I missing here?
This is a pretty standard error message, and in fact as of this moment nodejs.org is displaying that exact same message. I believe it is generated by a reverse proxy: for example, https://searchcode.com/?q=ERR_CONNECT_FAIL shows that ERR_CONNECT_FAIL appears in the squid reverse proxy software. I couldn't find something similar a quick search through the nginx source code.
When I encountered this error message, I was deploying through the digitalocean one-click dokku app and I did not have a domain in /home/dokku/VHOST, so it was being assigned a random internal IP address. I accessed it using [domain]:[port]. Hope that gives you a clue.
I inherited a node.js project and I am very new to the platform/language.
The application I inherited is in development so it is a work in progress. In its current state it runs off port 7576 so you access it this way: server_ip:7576
I've been tasked with putting this "prototype" on a live server so my boss can show it to investors etc. But I have to password protect it.
So what I did is I got it running on the live server. And then I made it use a nginx vhost like this:
server {
listen 80;
auth_basic "Restricted";
auth_basic_user_file /usr/ssl/htpasswd;
access_log /etc/nginx/logs/access/wip.mydomain.com.access.log;
error_log /etc/nginx/logs/error/wip.mydomain.com.error.log;
server_name wip.mydomain.com;
location / {
proxy_pass http://127.0.0.1:7576;
root /var/app;
expires 30d;
#uncomment this is you want to name an index file:
#index index.php index.html;
access_log off;
}
location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|pdf|txt|tar|wav|bmp|rtf|js|flv|swf|html|htm)$ {
root /var/app/public;
}
}
`
This got the job done, I can now access my app by going to wip.mydomain.com
And I can easily password protect it via nginx.
My problem is the app is still accessible via the ip:port and I don't know how to prevent that.
Any help is appreciated.
Thanks
In your node javascript code, you need to explicitly bind to the loopback IP:
server.listen(7576, '127.0.0.1');
(You are looking for a call to .listen(<port>) to fix. The variable may be called app or something else though).
Any IP address starting with 127. is a loopback address that can only be accessed within a single machine (doesn't actually use the network).
There are several questions on SO about nginx subdomain configuration but didn't find one that exactly the same as mine.
Say I got a virtual host some.example.com from higher-level net admin example.com at our organization. I want to use some.example.com as my primary site and use foo.some.example.com and bar.some.example.com for auxiliary usage (proxy, etc). I tried this simple configuration and put it under sites-enabled but didn't work:
server {
listen 80;
server_name some.example.com;
root /home/me/public_html/some;
index index.html index.htm;
}
server {
listen 80;
server_name foo.some.example.com;
root /home/me/public_html/foo;
index index.html index.htm;
}
server {
listen 80;
server_name bar.some.example.com;
root /home/me/public_html/bar;
index index.html index.htm;
}
In this setting some.example.com works fine, but for the other two browser return that could not find foo.some.example.com. I'm running it on a ubuntu server.
Is there something wrong with this configuration? Or is it something I should talk to higher level net admin (make foo.some.example.com and bar.some.example.com to be registered)?
Sub-domain configuration starts with an entry in the DNS server of the parent domain and the lookup resolves the sub-domain to an IP address of the web server. The web server in turn delegates the requests based on its configuration for the sub-domain.
If you don't have a DNS setup in your sub-domain, then the admin at example.com needs to set up a CNAME alias. The alias points the subdomain to the same web server, which hosts the website for the parent domain. The canonical names (CNAMES) are added for each of the subdomains. Once the subdomain is resolved to the IP address of the web server, the web server can route the request to a different website.
CNAME is just a way to get the web traffic to your IP address. The
request will still include the original name in the Host: header.