NGINX Reverse-Proxy Forbidden 403 - node.js

I have the problem, that I have a express-js webserver and im hosting it with an nginx reverse proxy. I want a basic authentication with an .htpasswd file. I copied an configuration of my other subdomain, where i have it actually and it works there, but at this subdomain it wont work. After I login i get Error 403. The configs are absolutely identical, except of the path's.
Here is my config. I have replaced the path and Domain-Names.
upstream subdomain-domain-com{
server 127.0.0.1:3003;
}
server {
include cloudflare.domain.com.ssl;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name subdomain.domain.com;
location ~ ^/(assets/|images/|img/|javascript/|js/|css/|stylesheets/|flash/|media/|static/|robots.txt|humans.txt|favicon.$
root /srv/www/subdomain.domain.com/www/public/;
access_log off;
expires 24h;
}
location / {
auth_basic "Kennwort eingeben";
auth_basic_user_file /srv/www/subdomain.domain.com/.htpasswd;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:3003/;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header x-Forwarded-Proto $scheme;
}
}
Edit: chmod = 777 and user = root
Edit²: If I put the chown of the .htpasswd to nginx:nginx nothing is happening

I just read the logs and it said it could not find the .htpasswd. I changed the path and now its working..

Related

nginx reverse proxy nodejs subdomain

I am having a problem.
I have a node application running on :3000 on a subdomain inside of Plesk.
I have the subdomain https://xxx.flamingocams.co.uk ;
when I navigate to the subdomain it displays the default plesk page and this is the problem;
I have tried to change the port of the node application to 80 and 443 however this conflicts with plesk.
I have no issues when accessing the node application on https://xxx.flamingocams.co.uk:3000.
Now the only other thing I've seen other people attempt is a reverse proxy;
I found this example;
server {
listen 0.0.0.0:80;
server_name xxx.flamingocams.co.uk;
access_log "/var/log/nginx/xxxflam.log";
location / {
proxy_pass http://127.0.0.1:3000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_cache_bypass $http_upgrade;
}
}
I am running Plesk Obsidian v18.0.34_build1800210325.10 os_Ubuntu 16.04 so my question is, Where would I place this config to get the subdomain to point only to the nodejs application?
And is this config correct for what I'm trying to achieve?
I have little to no knowledge on nginx configuration my apologies
I have checked out this post and the answer says I need to add a config /etc/nginx/sites-available/yourdomain.com however I do not have the directory sites-available
response to comments // xxx.flamingocams.co.uk.conf
server {
listen 0.0.0.0:80;
server_name xxx.flamingocams.co.uk;
access_log "/var/log/nginx/xxxflam.log";
location / {
proxy_pass http://127.0.0.1:3000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_cache_bypass $http_upgrade;
}
}
server {
listen 0.0.0.0:443;
server_name xxx.flamingocams.co.uk;
ssl_certificate /opt/psa/var/certificates/scfZc0CwJ;
ssl_certificate_key /opt/psa/var/certificates/scfZc0CwJ;
server_name xxx.flamingocams.co.uk;
access_log "/var/log/nginx/xxxflam.log";
location / {
proxy_pass http://127.0.0.1:3000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_cache_bypass $http_upgrade;
}
}
In your config, the server is running only on port 80
listen 0.0.0.0:80;
With this config, the page : http://xxx.flamingocams.co.uk will display your application (the request come to the NginX proxy then is forwarded to NodeJS application on port 3000). Because there aren't any server block listen on port 443, the default Plesk screen is displayed.
In order to have your app running on https, you need to listen on port 443 on NginX, you also need to configure the SSL certificate
The config would be :
server {
listen 0.0.0.0:443;
server_name xxx.flamingocams.co.uk;
ssl_certificate path_to_your_ssl_certificate;
ssl_certificate_key path_to_your_ssl_key;
# The rest of your config is ok :)
}

Socket.io connection from ReactJS is not being redirected by nginx as any other

I have a React web App which uses axios to communicate with the backend API. Backend receives all requests from suffix /api address. And after that, those are redirected by nginx to localhost:1337 where my backend listens to requests. Everything works okay but the socket connection. The console says it can not find domain/socket.io/... but it should be domain/api/socket.io/.... My connection in the client code:
const ENDPOINT = "https://sinavhukuk.com/api";
const socket = io(ENDPOINT);
Would mention that Strapi is used as a backend service (NodeJS).
Here is /etc/nginx/sites-available/default file configuration.
server {
# Listen HTTP
listen 80;
server_name sinavhukuk.com www.sinavhukuk.com;
# Redirect HTTP to HTTPS
return 301 https://$host$request_uri;
}
server {
# Listen HTTPS
listen 443 ssl;
server_name sinavhukuk.com www.sinavhukuk.com;
# SSL config
ssl_certificate /etc/letsencrypt/live/sinavhukuk.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sinavhukuk.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
# Static Root
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass_request_headers on;
}
# Strapi API and Admin
location /api/ {
rewrite ^/api/(.*)$ /$1 break;
proxy_pass http://localhost:1337;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass_request_headers on;
}
}
It is responsible for redirecting /api/...s to localhost:1337. But on socket it is not completely redirected. The error I get is:
https://sinavhukuk.com/socket.io/..... is not found
As I said, if the nginx worked here as always, it should be
https://sinavhukuk.com/api/socket.io/.....
What am I doing wrong?
EDIT: Added redirection from /socket.io/ to /api/socket.io/ manually, but still redirection happens to /socket.io/ instead of /api/socket.io/
# Socket.io
location /socket.io/ {
proxy_pass http://localhost:3000/api/socket.io/;
}

502 Bad Gateway for NodeJS server managed by PM2 inside a lxc container

I have a digital ocean droplet running Ubuntu 18.04 and inside is is an lxc container. I have two applications in that container.
The first application (a client) lives at /var/www/html and the second one is the NodeJS application that lives at /var/www/my-site/. The Node application inside the container is managed by pm2 and everything seems to be working fine thus far because when I type in curl http://localhost:3000 at the container terminal, I get back the desired output.
Inside the main droplet (not the container) under /etc/nginx/sites-available, I have the following two server blocks - default and my-site.
The first app works fine when I try to access it through the browser via my domain but the NodeJS application returns a 502 Bad Gateway when I try to access it through sub.mydomain.com. pm2 start inside the container tells me that the node application status is online.
Here is my default server block file. This works. When I visit mydomain.com, my site shows up fine.
# HTTP — redirect all traffic to HTTPS
server {
listen 80;
listen [::]:80 default_server ipv6only=on;
return 301 https://$host$request_uri;
}
server {
# Enable HTTP/2
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mydomain.com;
# Use the Let’s Encrypt certificates
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
# Include the SSL configuration from cipherli.st
include snippets/ssl-params.conf;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://container_ip_address /;
}
}
Now here is the other server block - my-site.
# Upstream config
upstream site_upstream {
server 127.0.0.1:3000;
keepalive 64;
}
server {
# Enable HTTP/2
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name sub.mydomain.com www.sub.mydomain.com;
root /var/www/my-site;
# Use the Let’s Encrypt certificates
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
# Include the SSL configuration from cipherli.st
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://site_upstream;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
I have set the A Record for my subdomain on my domain's DNS settings, to my droplet's IP address and I have also created a symbolic link to /etc/nginx/sites-enabled for the my-site server block.
I have scoured the internet for a solution to this problem but nothing seems to be working. What am I missing?
Your help would be greatly appreciated. Thanks.
The problem here was that requests to the sub domain were not being directed to the lxc container.
I solved this by adding the following inside the my-site server block.
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://container_ip/;
}
After that I added an asterisk to the next location block.
location /* {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://site_upstream;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
Another way of getting around this issue was by including the sub-domain in the server_name directive for the default server block. This worked but the only problem was that nginx would complain that it had to ignore the server I had set up in the my-site server block when you ran nginx -t, otherwise, it worked just fine.

Multiple meteor applications using the same domain in digitalocean using nginx?

I'm trying to host 2 applications in the same droplet in digitalocean by using nginx
But so far I've only been able to get the root application running (the one without example.com/secondapp)
I want to be able to not use a subdomain and just use example.com/secondmeteorapp to be able to access it.
My sites-enabled/default looks like this:
server {
listen 80;
#listen 443 ssl;
server_name example.com/;
#ssl_certificate /etc/nginx/ssl/ssl-bundle-myApp-domain-com.crt;
#ssl_certificate_key /etc/nginx/ssl/myApp_domain_com.key;
location /dragonfire {
proxy_pass http://localhost:4000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
location /images {
alias /home/dragonfire-build/bundle/programs/web.browser/assets/images;
access_log off;
expires max;
}
location /fonts {
alias /home/dragonfire-build/bundle/programs/web.browser/assets/images;
access_log off;
expires max;
}
location "^/[a-z0-9]{40}\.(css|js)$" {
root /home/dragonfire-build/bundle/programs/web.browser;
access_log off;
expires max;
}
}
however, when I access http://serverIpAddress/dragonfire it can't find the css or javascript giving me this error:
GET http://myipaddress/1f3848edee9e199050b9b1965b9e697aa714b9f3.css?meteor_css_resource=true
GET http://myipaddress/6e48198c6b584ff79c86e0c624a65b4853faaf50.js?meteor_js_resource=true 404 (Not Found)
I can access the app if I go directly through the IP address and port but not via the nginx way
QUESTION
How can I access a second app using the same domain but with a /mysecondapp (in this case /dragonfire at the end?

Serving multiple node apps with nginx on same domain

I would like to host 2 different node applications with nginx from the same domain and am having some trouble. I would like to have:
mydomain.com point to node app firstApp and otherapp.mydomain.com point to node app otherapp
Right now, I can access firstApp just fine, but I cannot access otherapp via otherapp.mydomain.com.
My config for firstApp looks like this:
upstream firstApp{
server 127.0.0.1:8123;
}
server{
server_name mydomain.com;
access_log /var/log/nginx/me.log;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://firstApp/;
proxy_redirect off;
}
}
My config for otherapp looks like this:
upstream otherapp{
server 127.0.0.1:8124;
}
server{
server_name otherapp.mydomain.com;
access_log /var/log/nginx/me.log;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://otherapp/;
proxy_redirect off;
}
}
I have created both configurations in the nginx sites-available directory, they are both linked in the sites-enabled directory, and I have restarted nginx. Can someone tell me what I'm doing wrong?
Thanks,
Swaraj
Just found out what the problem was. Though my nginx configs were correct, I had not added my desired subdomain to my domain name provider (namecheap). I added my subdomain on namecheap, and everything is working correctly now.
you should config your nginx file like this
server {
listen 80;
server_name biger.yourdomain.cn;
access_log /data/log/nginx/access_ab.log;
error_log /data/log/nginx/error_ab.log;
location /firstApp {
proxy_store off;
proxy_redirect off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://localhost:8001/;
}
}
maeby you need add this code to your project
app.enable('trust proxy');
I was facing the same problem, after spending time on research I wrote a blogpost where I explained with details how I solved it, I hope it helps. Here it is: http://blog.donaldderek.com/2013/08/cf-i-configure-your-staging-machine-with-node-js-and-nginx/

Resources