valid_referers nginx http and https - linux

I've a mp4 download site. Some websites are using my site's feed, that's why I am loosing my limited Bandwidth.
I've used the following code to restrict access to my mp4 files from third-party referers.
location ~* .*\.mp4 {
valid_referers sitexxx.com *.sitexxx.com;
if ($invalid_referer) {
return 403;
}
mp4;
}
This works well for HTTP sites (e.g. http://www.example.com), but doesn't work at all with HTTPS sites (e.g. https://example.blogspot.com). Why is that and how can I block those?

1: I guess it doesn't specify server port. you can try it.
references:http://nginx.org/en/docs/http/ngx_http_referer_module.html#valid_referers

server {
# error_log /var/log/nginx/vhost-error_log warn;
listen 11.111.1:80;
server_name xxxx.com www.xxxx.com;
log_not_found off;
root /home/xxxx/public_html;
location / {
# enable MP4 streaming
location ~* .*\.mp4 {
valid_referers ~xxxx ~www.xxxx.com;
if ($invalid_referer) {
return 403;
}
mp4;
}
}
}
my code is this, I tried to put the ~ but also did not work, it seems that the problem is aimed at identifying the refer in the logs, the requests are not listed reference.

Related

NGINX deny access to remnant .htaccess files for ALL server blocks globally

i'm switching from apache to nginx and i am not yet ready to remove apache files such as .htaccess
therefore i want to deny access to them.
i know this is how:
location ~ /\.ht { deny all; }
BUT how to do it GLOBALLY? that is, for ALL server blocks (vhosts) at once.
i'm hoping to have it as a single directive under the main /etc/nginx/nginx.conf like so:
http {
# STUFF
server {
listen 80;
server_name _;
# STUFF
location ~ /\.ht {
deny all;
}
}
}
i tried the configuration above and reloaded nginx, but i am still able to download .htaccess file
after researching and experimenting...
yes... the only apparent way is to have an included conf file in each and every server block.
INCLUDED CONF FILE CONTENTS (potentially located at /etc/nginx/default.d/default.conf... up to you)
location ~ /\.ht {
deny all;
}
ENABLED SITE CONF FILE (potentially located at /etc/nginx/sites-enabled/domain.com.conf)
server {
# STUFF
include /path/to/included/file.conf
# (example) include /etc/nginx/default.d/default.conf
}
it's not as desirable to me, but it is efficient and logical
all the directives in "default.conf" should be coded just like any include (as if it is inline with the content)
in other words... you wouldn't use server {...} in the content of default.conf since it's being included inside a server block already

Is there any way to return a plaintext response with React, containing no HTML at all?

I need to be able to return a valid JSON response with no HTML wrapping it all. I can accomplish this by specifying a port number pointing directly to my Express backend but need to be able to return pure JSON without having to specify a port number in production. Is there any way to do this if you're using React/React-Router and Express together?
This setup uses a proxy pass to work:
server {
listen 80;
listen [::]:80;
server_name example.com;
location / {
proxy_pass http://localhost:5000;
}
}
Current output: https://socialmaya.com/u/real (1)
Desired output: http://socialmaya.com:5000/actors/real (2)
So I need the output of 1 to be the exact same as 2, ensuring that another server can read it. If you click to View Page Source for both, you can see that the output is not the same.
Per Richard Smith, rewriting the URL before passing it upstream within Nginx solved my problem:
location / {
rewrite ^/u/(.*)$ /actors/$1 last;
proxy_pass http://localhost:5000;
}

Nginx returns 404 not found when access file on server

I have a server(Ubuntu 16.04) and a user called coxier.
I configure Nginx to Proxy Requests. I create a file etc/nginx/sites-available/myproject.
server {
listen 80;
server_name 101.200.36.xx;
location / {
include uwsgi_params;
uwsgi_pass unix:/home/coxier/iemoji/server/iemoji.sock;
}
}
In this flask project, server receive request and then generate a .gif file for this request.
At first I directly I use flask#send_file to send gif file about 1MB, however speed is very slow.
So I decide to optimize the request.
Receive http request and generate gif file.
Return url of the generated gif file to user.
User access gif file by url.
I have a question. How can I generate url of the generated gif?
I have tried like below.
server {
listen 80;
server_name 101.200.36.xx;
root /home/coxier/iemoji/server/output;
location / {
include uwsgi_params;
uwsgi_pass unix:/home/coxier/iemoji/server/iemoji.sock;
}
}
For example, I want to access /home/coxier/iemoji/server/output/a3dfa3eb21daffc7085f71630cbd169e/output.gif.
Then I return http://101.200.36.xx/a3dfa3eb21daffc7085f71630cbd169e/output.gif to user.
However nginx returns 404 Not Found.
From https://docs.nginx.com/nginx/admin-guide/web-server/serving-static-content/ , I find solution.
server {
listen 80;
server_name 101.200.36.xx;
location / {
include uwsgi_params;
uwsgi_pass unix:/home/coxier/iemoji/server/iemoji.sock;
}
location ~ \.(gif) {
root /home/coxier/iemoji/server/output;
sendfile on;
sendfile_max_chunk 1m;
}
}
You should redefine root in location block.
Then you can generate url like this:
http://101.200.36.xx/a3dfa3eb21daffc7085f71630cbd169e/output.gif.

Nginx default page and root webserver directive

I have a small embedded Linux device running Nginx. I can connect to it over the network and access the endpoints on a PC in Chrome or Firefox. My default page contains an HTML tag that points to "loading.jpeg", which is on the device at /tmp/nginx/loading.jpeg. I can type in the browser: http://192.168.0.4/loading.jpeg and see my image. I can also visit the endpoint that renders html and see my image rendered properly.
Now I want to be able to visit the root page: http://192.168.0.4/ in a browser and redirect that to my default page that should render the html and show the image. The problem is that if I set a page for the default "/" location, my webserver root directive pointing to /tmp/nginx no longer works. So I get my page displayed, but the loading.jpeg image is not found. I've tried redirecting the root request to my default page, but that also breaks the webserver root.
How can I render a default webpage for Nginx, while also having my webserver root honored? Thank you.
This does not work ( webserver root is broken - though expected default webpage is shown ):
location / {
default_type text/html;
content_by_lua_file /sbin/http/serve_stream.lua;
## The streaming endpoint
location /streaming {
default_type text/html;
content_by_lua_file /sbin/http/serve_stream.lua;
}
Here is my current nginx.conf without a redirect:
## Setup server to handle URI requests
server {
# Setup the root
root /tmp/nginx;
## Port
listen 80; ## Default HTTP
## Android phones from Ice Cream Sandwich will try and get a response from
server_name
clients3.google.com
clients.l.google.com
connectivitycheck.android.com
apple.com
captive.apple.com;
## We want to allow POSTing URI's with filenames with extensions in them
## and nginx does not have a "NOT MATCH" location rule - so we catch all
## and then selectively disable ones we don't want and proxy pass the rest
location / {
# For Android - Captive Portal
location /generate_204 {
return 204;
}
# For iOS - CaptivePortal
if ($http_user_agent ~* (CaptiveNetworkSupport) ) {
return 200;
}
## Raw WebSocket
location /ws {
lua_socket_log_errors off;
lua_check_client_abort on;
default_type text/html;
content_by_lua_file /sbin/http/websocket.lua;
}
## The streaming endpoint
location /streaming {
default_type text/html;
content_by_lua_file /sbin/http/serve_stream.lua;
}
## We can have file extensions in POSTing of /blahendpoints for filesystem
## control HTTP commands
location ~ "\.(txt|bin)$" {
...
}
}
}
There are a number of solutions. An exact match location block with a rewrite ... last is quite efficient:
location = / {
rewrite ^ /some.html last;
}
See this document for more.

Using Nginx as reverse proxy for wordpress on Apache in CentOS

I've got stuck with this problem for 3 days.
My Server is Centos, and use wordpress (WP) in Httpd service.
Its IP is '103.232.120.178'
I want to use nginx as reverse proxy for WP.
Httpd is in port 2101
Nginx is in port 80
WP is in sub directory: 'bongda69' (url: '103.232.120.178:2101/bongda69')
I want if visit mywebsite, it redirect to wordpress.
Ex: visit '103.232.120.178', it will display as WP site: '103.232.120.178:2101/bongda69'
My nginx.conf is:
user apache apache;
worker_processes 4;
error_log /var/log/nginx/error.log;
events {
worker_connections 1024;
}
http {
upstream backend {
server localhost:2101; # IP goes here.
}
server {
listen 103.232.120.178:80; # IP goes here.
location / {
proxy_pass http://backend/bongda69/;
}
} # End server
} # End http
and in General Settings in WP, I configure:
WordPress Adress(URL): http://103.232.120.178/bongda69
Site Adress(URL): http://103.232.120.178/bongda69
But, when visit 'http://103.232.120.178', error display:
Not Found
The requested URL /index.php was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
If I configure nginx like this:
location / {
proxy_pass http://backend/;
}
Everything is Okie. But I must visit site "http://103.232.120.178/bongda69", and I don't want it.
What is my mistake?
Anyone can help me?
Thanks a lott!!!
This should work
worker_processes 4;
error_log /var/log/nginx/error.log;
events {
worker_connections 1024;
}
http {
upstream backend {
server 103.232.120.178:2101; # IP goes here.
}
server {
listen 0.0.0.0:80; # IP goes here.
location / {
proxy_pass http://backend/bongda69;
}
} # End server
} # End http
added
I suggest adding
/var/log/nginx/access.log;
in order to see whats happens with your request

Resources