I am using nginx to mask my port of my node.js application on my Windows machine. I am doing this to call my application as https://localhost instead of https://localhost:3005. The following is my nginx configuration.
server {
listen 443;
server_name localhost;
#access_log logs/access.log
#error_log logs/error.log
ssl_certificate example-com.cert.pem;
ssl_certificate_key example-com.key.pem;
root C:\Work\Code\OptimumTrunk;
charset utf-8;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:3005/;
}
}
I would like to change my application's port here from 3005 to 8080. But when I change and restart the nginx server, it doesn't consider the change I did. What am I missing?
Thanks in advance!
Related
I have a server where a node.js app is running
Now I want to run another app on the same server
I don't know what changes I should make to my nginx file
Please guide me
this is my nginx file
server {
listen 80;
server_name beranggrup.com , www.beranggrup.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:3445;
proxy_redirect off;
proxy_buffering off;
}
location /images/ {
alias /opt/public/images/;
}
}
server {
listen 443 http2 ssl;
listen [::]:443 http2 ssl;
server_name beranggrup.com;
}
I have a digital ocean droplet running Ubuntu 18.04 and inside is is an lxc container. I have two applications in that container.
The first application (a client) lives at /var/www/html and the second one is the NodeJS application that lives at /var/www/my-site/. The Node application inside the container is managed by pm2 and everything seems to be working fine thus far because when I type in curl http://localhost:3000 at the container terminal, I get back the desired output.
Inside the main droplet (not the container) under /etc/nginx/sites-available, I have the following two server blocks - default and my-site.
The first app works fine when I try to access it through the browser via my domain but the NodeJS application returns a 502 Bad Gateway when I try to access it through sub.mydomain.com. pm2 start inside the container tells me that the node application status is online.
Here is my default server block file. This works. When I visit mydomain.com, my site shows up fine.
# HTTP — redirect all traffic to HTTPS
server {
listen 80;
listen [::]:80 default_server ipv6only=on;
return 301 https://$host$request_uri;
}
server {
# Enable HTTP/2
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mydomain.com;
# Use the Let’s Encrypt certificates
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
# Include the SSL configuration from cipherli.st
include snippets/ssl-params.conf;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://container_ip_address /;
}
}
Now here is the other server block - my-site.
# Upstream config
upstream site_upstream {
server 127.0.0.1:3000;
keepalive 64;
}
server {
# Enable HTTP/2
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name sub.mydomain.com www.sub.mydomain.com;
root /var/www/my-site;
# Use the Let’s Encrypt certificates
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
# Include the SSL configuration from cipherli.st
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://site_upstream;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
I have set the A Record for my subdomain on my domain's DNS settings, to my droplet's IP address and I have also created a symbolic link to /etc/nginx/sites-enabled for the my-site server block.
I have scoured the internet for a solution to this problem but nothing seems to be working. What am I missing?
Your help would be greatly appreciated. Thanks.
The problem here was that requests to the sub domain were not being directed to the lxc container.
I solved this by adding the following inside the my-site server block.
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://container_ip/;
}
After that I added an asterisk to the next location block.
location /* {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://site_upstream;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
Another way of getting around this issue was by including the sub-domain in the server_name directive for the default server block. This worked but the only problem was that nginx would complain that it had to ignore the server I had set up in the my-site server block when you ran nginx -t, otherwise, it worked just fine.
I'm trying to deploy an NGINX server that hosts two node.js Express apps over https.
My main site (the one to be served on port 80) is an Express app running on port 8001. (i.e. https://example.com loads this app)
I'm also running another Express app on port 8002 that I want to be available publicly on port 8080. (i.e. https://example.com:8080 loads this app)
Here is my /etc/nginx/sites-available/default file:
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
return 301 https://$server_name$request_uri;
}
server {
# SSL configuration
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com www.example.com;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
# Pass requests for / to localhost:8001:
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:8001/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
location ~ /.well-known {
allow all;
}
}
server {
listen 8080 ssl;
server_name example.com www.example.com;
return 301 https://$server_name$request_uri;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
# pass requests to port 8002 where our other node server is running
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:8002/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
If it's of any additional assistance, I've been following the DigitalOcean guides for configuring https and NGINX
here
and
here.
Remove return 301 https://$server_name$request_uri; from 3rd server block.
I have a node js application running on AWS linux server with ssl. I wanted to implement nginx to the same. I googled it and read that if I implement ssl in nginx then the node application runs on http. So I configured the nginx conf as follows and ran the node js application with normal http server:
listen 443 ssl;
server_name myserver.com;
ssl_certificate myserver.chained.crt;
ssl_certificate_key myserver.key;
ssl_client_certificate myserver.crt;
ssl_verify_client optional;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header VERIFIED $ssl_client_verify;
proxy_set_header DN $ssl_client_s_dn;
proxy_pass http://127.0.0.1:3000;
}
Now the application is running on http as well as https. I want the nginx to be implemented and through ssl and the application to run only on https.
Is my approach right and what am I missing?
I see you have the application running on port 3000, what you will want to do so that it only runs on https is to block all requests on port 3000 to the server (using a firewall or security group rules in aws), and for every request on port 80 you will want to redirect them to the https version (port 443). Something like this:
server {
listen 80;
server_name my.domain.com;
return 301 https://$server_name$request_uri;
}
I found the above rule in this answer on serverfault.
upstream app
{
server 127.0.0.1:3000;
}
server
{
listen 80;
listen 443 ssl;
server_name www.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
client_header_buffer_size 64k;
large_client_header_buffers 4 64k;
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
location ~ ^/(assets/|images/|img/|javascript/|js/|css/|stylesheets/|flash/|media/|static/|robots.txt|humans.txt|favicon.ico) {
root /var/www/example.com/public/;
access_log off;
expires 24h;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://app$uri$is_args$args;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
I know there are many such questions on stack exchange. But nothing could help to the scenario that I have.
Here is my situation.
I have a webserver running on apache2 listening to the port numbers 7080 and 7081. I have used reverse-proxy method on my server and installed nginx which is listening to the port 80. So now nginx is the front end. I have my wordpress website running on http://www.example.com.
Now I am trying to install node.js app on my server which I could not. It makes sense because port 80 is being used by nginx.
I referred to the following posts on SO
Node.js + Nginx - What now?
Apache and Node.js on the Same Server
I tried the following
upstream example.com/my-app {
server 1**.*.**.**:3010;
}
# the nginx server instance
server {
listen 1**.*.**.**:80;
server_name example.com/my-app;
server_name www.example.com/my-app;
server_name ipv4.example.com/my-app;
access_log off;
# pass the request to the node.js server with the correct headers and much more can be added, see nginx config options
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Internal /internal-nginx-static-location;
proxy_pass http://example.com/my-app;
proxy_redirect off;
}
location /internal-nginx-static-location/ {
alias /var/www/vhosts/example.com/httpdocs/node;
access_log /var/www/vhosts/example.com/httpdocs/node/statistics/logs/proxy_access_ssl_log;
add_header X-Powered-By PleskLin;
internal;
}
}
I wrote the above conf in a file and included it in /etc/nginx/conf.d/xzzeaweae_nginx.conf.
It is not working. but the app is running properly on 1++.+.++.++:3010 though.
My directory structure.
/var/www/vhosts/example.com/httpdocs/
my wordpress website root directory : /var/www/vhosts/example.com/httpdocs/
my nodejs app directory: /var/www/vhosts/example.com/httpdocs/my-nodejsapp-folder/
UPDATE
Here is my reverse proxy config for my apache application
server {
listen +++.+.++.++:80 ;
listen ++.+.+++.++:80 ;
location / {
proxy_pass http://127.0.0.1:7080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Since I have more than one website running on my server,
I have reverse proxy config for every website.
Here it is for one of my website
server {
listen +++.+.++.++:443 ssl;
server_name example.com;
server_name www.example.com;
server_name ipv4.example.com;
ssl_certificate /opt/psa/var/certificates/certaqnxHd2;
ssl_certificate_key /opt/psa/var/certificates/certaqnxHd2;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 128m;
location / { # IPv6 isn't supported in proxy_pass yet.
proxy_pass https://+++.+.++.++:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Internal /internal-nginx-static-location;
access_log off;
}
location /internal-nginx-static-location/ {
alias /var/www/vhosts/example.com/httpdocs/;
access_log /var/www/vhosts/example.com/statistics/logs/proxy_access_ssl_log;
add_header X-Powered-By PleskLin;
internal;
}
}
server {
listen +++.+.++.++:443 ssl;
server_name webmail.example.com;
ssl_certificate /opt/psa/var/certificates/certaqnxHd2;
ssl_certificate_key /opt/psa/var/certificates/certaqnxHd2;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 128m;
location / { # IPv6 isn't supported in proxy_pass yet.
proxy_pass https://+++.+.++.++:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log /var/www/vhosts/example.com/statistics/logs/webmail_access_ssl_log;
}
}
server {
listen +++.+.++.++:80;
server_name example.com;
server_name www.example.com;
server_name ipv4.example.com;
client_max_body_size 128m;
location / { # IPv6 isn't supported in proxy_pass yet.
proxy_pass http://+++.+.++.++:7080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Internal /internal-nginx-static-location;
access_log off;
}
location /internal-nginx-static-location/ {
alias /var/www/vhosts/example.com/httpdocs/;
access_log /var/www/vhosts/example.com/statistics/logs/proxy_access_log;
add_header X-Powered-By PleskLin;
internal;
}
}
server {
listen +++.+.++.++:80;
server_name webmail.example.com;
client_max_body_size 128m;
location / { # IPv6 isn't supported in proxy_pass yet.
proxy_pass http://+++.+.++.++:7080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log /var/www/vhosts/example.com/statistics/logs/webmail_access_log;
}
}
Note: sites-available and sites-enabled files are present inside apache2. Not in nginx.
I want my nodejs app to run on example.com/my-nodejsapp-folder/ without any port number.
Any help would be highly appreciated.
http://nginx.org/en/docs/http/ngx_http_upstream_module.html#upstream
I haven't seen where it says you can use dots and slashes in the upstream name
upstream mynodeapp {
server 1**.*.**.**:3010;
}
then
server {
listen 1**.*.**.**:80;
server_name example.com/my-app;
#...etc.
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# not this.
# proxy_set_header X-Accel-Internal /internal-nginx-static-location;
proxy_pass http://mynodeapp/my-app;
proxy_redirect off;
}
}
Then your node app needs to write a header containing:
X-Accel-Redirect: /internal-nginx-static-location/somefile
There are restrictions, as in, it may not work if you start returning content (e.g. print statements) before returning all headers. It's simpler to first test with only the interesting header.
Example:
# /etc/nginx/conf.d/default.conf
upstream mynodeapp {
server 127.0.0.1:8000;
}
server {
listen 127.0.0.1:80;
location /secret {
alias /tmp/secret;
internal;
}
location /my-app {
proxy_pass http://mynodeapp/my-app;
}
}
And let's try the following:
// /tmp/index.js
var http = require('http');
http.createServer(function (req, res) {
res.writeHead(200, {'X-Accel-Redirect': '/secret/foo'});
res.end('Hello World\n');
}).listen(8000, '127.0.0.1');
And now the command line:
[root#localhost secret]# pwd
/tmp/secret
[root#localhost secret]# echo bar > foo
[root#localhost secret]# curl http://127.0.0.1:80/my-app
bar
[root#localhost secret]# curl http://127.0.0.1:80/secret/foo
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.0.15</center>
</body>
</html>
[root#localhost secret]#
You can take a look into my Nginx config https://github.com/zoonman/ruliq/blob/master/etc/nginx/www.linuxquestions.ru.conf