How can set the request of expressjs to properly identify a TLS connection with https nginx server so that I can perform authentication through getPeerCertificate?
this is my nginx config to transfer request to expressjs api
location /api {
proxy_pass http://10.88.132.14:4337/api;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
You need to pass the SSL-token and then manually decode it. You pass it through adding X-SSL-CERT with the $ssl_client_escaped_cert. Make sure you are using Nginx 1.13 or later as the $ssl_client_escaped_cert didn't exist in 1.12.
location /api {
proxy_pass http://10.88.132.14:4337/api;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-SSL-CERT $ssl_client_escaped_cert;
}
Now you can't use getPeerCertifice() as this requires the full SSL-connection. Instead you decode the x-ssl-cert header from above using the x509 package:
let cert = req.headers['x-ssl-cert'];
try {
cert = decodeURIComponent(cert);
console.log(x509.getSubject(cert));
} catch (error) {
console.log('Bad SSL-certificate?', error);
}
Related
I installed react app on nginx server and build it (it's ok, i followed the instructions),
but i have this problem=>
https://xx.xxx.xx.xxx/static/css/main.6094b2de.css net::ERR_CONNECTION_REFUSED
https://xx.xxx.xx.xxx/static/js/main.524d9c99.js net::ERR_CONNECTION_REFUSED
etc...
I guess the problem is that the request is sent to https ,because if a follow this link in browser
< https://xx.xxx.xx.xxx/static/css/main.6094b2de.css > and change https to http i get some data
`
server {
listen 80;
location / {
root /var/www/myWebsite/client/;
index index.html index.htm;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
try_files $uri $uri/ /index.html;
}
location /api {
proxy_pass http://xx.xxx.xx.xxx:8800;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
`
any ideas?
for HTTPS you need to add an SSL certificate using let's encrypt
please check this blog
I have two applications, app1 is developed in reactJS and app2 in angularJS sharing same login session,
- Application 1
http://application-1:1234/
- APplication 2
http://application-2:2345/
My needs is to have a seemless navigation between both apps, as they share the same login credentials.
I have created NGINX reverse proxy configuration,
server {
listen 8080;
server_name http://global-ip:8080;
location / {
proxy_pass http://application-1:1234;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /application-2 {
proxy_pass http://application-2:2345;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
As the above configuration is working for only, First default root path. The other /application-2 is not able to redirect to specified path.
Any help will be appreciated.
Thanks
Praveen T
As a quick hack, try either
location /application-2/ {
proxy_pass http://application-2:2345/;
...
}
or
location /application-2/ {
rewrite ^/application-2(.*) $1 break;
proxy_pass http://application-2:2345;
...
}
but you'd better build you angular app according to your URI prefix, see instructions here. Then your original config should work as expected.
I'm trying to set up a reverse proxy using nginx for a nodejs application. My node application currently runs on port 8005 of the example.com server. Running the application and going to example.com:8005 the application works perfect. But When I tried to set up nginx my application seems to work at first by going to example.com/test/ but when I try and post or get requests the request wants to use the example.com:8005 url and I end up with a cross origin error, CORS. I would like to have the request url reflect the nginx url but I'm having no luck getting there. Below is my nginx default.conf file.
server {
listen 80;
server_name example;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location /test/ {
proxy_pass http://localhost:8005/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
There got to be some way to tell nginx about whichever app you are using.
So for that, either you can prefix all the apis with say test(location /test/api_uri), and then catch all the urls with prefix /test and proxy_pass them to node, or if there is some specific pattern in your urk, you can catch that pattern with regex, like suppose, all the app1 apis contain app1 somewhere in it, then catch those urls using location ~ /.*app1.* {} location ~ /.*app2.*, make sure that you maintain the order of location.
Demo Code :
server {
...
location /test {
proxy_pass http://localhost:8005/; #app1
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /test2 {
proxy_pass http://localhost:8006/; #app2
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
...
}
Other Demo for regex,
server {
...
location ~ /.*app1.* {
proxy_pass http://localhost:8005/; #app1
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location ~ /.*app2.* {
proxy_pass http://localhost:8006/; #app2
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
...
}
I've been trying to host my website (a Node app) and my Ghost blog on the same Digital Ocean droplet. I've got Nginx all set up so that requests to '/' are sent to port 8080 where my site is being served and requests at '/blog' are sent to 2368, Ghost's default port number.
The problem is that the Ghost installation doesn't seem to be able to find the assets folder in its directory. The base HTML content shows up, but devoid of styling. I've tried configuring the root to point to the subdirectory Ghost resides in to no avail.
This is an error I'm getting (404s throughout):
GET http://MYURL/assets/css/screen.css?v=59384a3875
MYURL/:126
404 (Not Found)
Picture: HTML content appears, but no styling
Nginx Config:
server {
listen 80;
server_name MYURL;
location / {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /blog {
rewrite ^/blog(.*) /$1 break;
proxy_pass http://localhost:2368;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
Ghost Production Config:
var path = require('path'),
config;
config = {
// ### Production
// When running Ghost in the wild, use the production environment.
// Configure your URL and mail settings here
production: {
url: 'http://MYURL',
mail: {},
database: {
client: 'sqlite3',
connection: {
filename: path.join(__dirname, '/content/data/ghost.db')
},
debug: false
},
server: {
host: '127.0.0.1',
port: '2368'
}
},
Any help is greatly appreciated.
You are using /assets/css/screen.css?v=59384a3875 which is not proxied I mean you did not yet added location /assets but still using. You need to add another location directive for assets like your nginx config would be
server {
listen 80;
server_name MYURL;
location / {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /assets {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /blog {
rewrite ^/blog(.*) /$1 break;
proxy_pass http://localhost:2368;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
another solution
You may like to remove / from all static content like use assets/css/screen.css?v=59384a3875 rather than /assets/css/screen.css?v=59384a3875 but you have remove from everywhere in html, js, css, etc.
I installed nginx to serve multiple nodejs apps
On my server I have 2 apps myapp and pm2-web
the nginx config look like this
http {
# .... logs, gzip ... etc
server {
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /pm2 {
proxy_pass http://localhost:9000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
my app runs fine but when I try to access /pm2
I get the following error
Cannot GET /pm2
when pm2-web is not running I get 502 Bad Gateway
But I can still access pm2 from http://IP:9000
The /pm2 part of the URL is being passed through to your Node application, where it does not match any paths.
ie, your pm2 app is running on 9000, but you are trying to access http://localhost:9000/pm2 which doesn't exist.
Include a trailing slash in your proxy pass URL to ensure /pm2 is not being included:
location /pm2 {
proxy_pass http://localhost:9000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}