Previously, I have hosted my NodeJS application with Apache proxy with following configuration in virtual-host.
<VirtualHost *:80>
ServerName api.mydomain.com
ProxyPreserveHost On
ProxyPass / http://localhost:8090/
ProxyPassReverse / http://localhost:8090/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Now I have moved to NGINX because of GitLab dependency.
Now the virtual-host under /etc/nginx/sites-available/api.mydomain.com
server {
listen 80;
server_name api.mydomain.com;
location / {
proxy_pass http://localhost:8090;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
But the domain loads the main host content, not the nodejs app.
nginx version nginx/1.10.1, ubuntu version 16.04
Below is the only another virtual-host which I have for gitlab,
upstream gitlab-workhorse {
server unix:/var/opt/gitlab/gitlab-workhorse/socket;
}
## Normal HTTP host
server {
## Either remove "default_server" from the listen line below,
## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab
## to be served if you visit any address that your server responds to, eg.
## the ip address of the server (http://x.x.x.x/)n 0.0.0.0:80 default_server;
listen 0.0.0.0:80 default_server;
listen [::]:80 default_server;
server_name gitlab.mydomain.com
server_tokens off; ## Don't show the nginx version number, a security best practice
root /opt/gitlab/embedded/service/gitlab-rails/public;
## See app/controllers/application_controller.rb for headers set
## Individual nginx logs for this GitLab vhost
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
location / {
client_max_body_size 0;
gzip off;
## https://github.com/gitlabhq/gitlabhq/issues/694
## Some requests take more than 30 seconds.
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://gitlab-workhorse;
}
}
You may have not created a symlink in sites-enabled pointing to the config in sites-available, so the configuration is not actually read.
Related
I am using nginx first time so need help.
My app is running in /root/project1/tools (this directory is having server.js)
How i can connect nginx to this directory. I searched lot and do not find direct ans. Think nginx will find my server.js by port number not by path. is that true?
I am using linux ubuntu 18
More over nginx is throwing error
2018/10/23 06:14:51 [alert] 3822#3822: *2025 socket() failed (24: Too
many open files) while connecting to upstream, client: 127.0.0.1,
server: nativeiconba$
/etc/nginx/sites-available/nativeiconbase.com
upstream app_yourdomain {
server 127.0.0.1:8080;
keepalive 8;
}
# the nginx server instance
server {
listen 80;
listen [::]:80;
server_name nativeiconbase.com www.nativeiconbase.com;
access_log /var/log/nginx/nativeiconbase.com.log;
# pass the request to the node.js server with the correct headers
# and much more can be added, see nginx config options
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://nativeiconbase/;
proxy_redirect off;
}
}
root /root/project1/src/;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name localhost;
/etc/nginx/sites-available/default
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /root/project1/src/;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
location / {
# First attempt to serve request as file, then
proxy_pass http://10.139.32.25:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
And my node app is running on port 8080. Any idea what can i do to setup nginx. any reference to resource will be helpful.
All you have to do is setup a Reverse Proxy Server in Nginx
Start your NodeJS Server on whatever port
node server.js
If you are using any process management tool like pm2 then
pm2 server.js
Now in nginx config what you have to do is proxying all request to local nodejs server so
upstream app_yourdomain {
server 127.0.0.1:8080;
keepalive 8;
}
# the nginx server instance
server {
listen 80;
listen [::]:80;
server_name nativeiconbase.com www.nativeiconbase.com;
access_log /var/log/nginx/nativeiconbase.com.log;
# pass the request to the node.js server with the correct headers
# and much more can be added, see nginx config options
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:8080;
proxy_redirect off;
}
}
I have just changed the line proxy_pass http://localhost:8080 in your code
I'm trying to deploy an NGINX server that hosts two node.js Express apps over https.
My main site (the one to be served on port 80) is an Express app running on port 8001. (i.e. https://example.com loads this app)
I'm also running another Express app on port 8002 that I want to be available publicly on port 8080. (i.e. https://example.com:8080 loads this app)
Here is my /etc/nginx/sites-available/default file:
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
return 301 https://$server_name$request_uri;
}
server {
# SSL configuration
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com www.example.com;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
# Pass requests for / to localhost:8001:
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:8001/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
location ~ /.well-known {
allow all;
}
}
server {
listen 8080 ssl;
server_name example.com www.example.com;
return 301 https://$server_name$request_uri;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
# pass requests to port 8002 where our other node server is running
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:8002/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
If it's of any additional assistance, I've been following the DigitalOcean guides for configuring https and NGINX
here
and
here.
Remove return 301 https://$server_name$request_uri; from 3rd server block.
I have a node js application running on AWS linux server with ssl. I wanted to implement nginx to the same. I googled it and read that if I implement ssl in nginx then the node application runs on http. So I configured the nginx conf as follows and ran the node js application with normal http server:
listen 443 ssl;
server_name myserver.com;
ssl_certificate myserver.chained.crt;
ssl_certificate_key myserver.key;
ssl_client_certificate myserver.crt;
ssl_verify_client optional;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header VERIFIED $ssl_client_verify;
proxy_set_header DN $ssl_client_s_dn;
proxy_pass http://127.0.0.1:3000;
}
Now the application is running on http as well as https. I want the nginx to be implemented and through ssl and the application to run only on https.
Is my approach right and what am I missing?
I see you have the application running on port 3000, what you will want to do so that it only runs on https is to block all requests on port 3000 to the server (using a firewall or security group rules in aws), and for every request on port 80 you will want to redirect them to the https version (port 443). Something like this:
server {
listen 80;
server_name my.domain.com;
return 301 https://$server_name$request_uri;
}
I found the above rule in this answer on serverfault.
upstream app
{
server 127.0.0.1:3000;
}
server
{
listen 80;
listen 443 ssl;
server_name www.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
client_header_buffer_size 64k;
large_client_header_buffers 4 64k;
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
location ~ ^/(assets/|images/|img/|javascript/|js/|css/|stylesheets/|flash/|media/|static/|robots.txt|humans.txt|favicon.ico) {
root /var/www/example.com/public/;
access_log off;
expires 24h;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://app$uri$is_args$args;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
I know there are many such questions on stack exchange. But nothing could help to the scenario that I have.
Here is my situation.
I have a webserver running on apache2 listening to the port numbers 7080 and 7081. I have used reverse-proxy method on my server and installed nginx which is listening to the port 80. So now nginx is the front end. I have my wordpress website running on http://www.example.com.
Now I am trying to install node.js app on my server which I could not. It makes sense because port 80 is being used by nginx.
I referred to the following posts on SO
Node.js + Nginx - What now?
Apache and Node.js on the Same Server
I tried the following
upstream example.com/my-app {
server 1**.*.**.**:3010;
}
# the nginx server instance
server {
listen 1**.*.**.**:80;
server_name example.com/my-app;
server_name www.example.com/my-app;
server_name ipv4.example.com/my-app;
access_log off;
# pass the request to the node.js server with the correct headers and much more can be added, see nginx config options
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Internal /internal-nginx-static-location;
proxy_pass http://example.com/my-app;
proxy_redirect off;
}
location /internal-nginx-static-location/ {
alias /var/www/vhosts/example.com/httpdocs/node;
access_log /var/www/vhosts/example.com/httpdocs/node/statistics/logs/proxy_access_ssl_log;
add_header X-Powered-By PleskLin;
internal;
}
}
I wrote the above conf in a file and included it in /etc/nginx/conf.d/xzzeaweae_nginx.conf.
It is not working. but the app is running properly on 1++.+.++.++:3010 though.
My directory structure.
/var/www/vhosts/example.com/httpdocs/
my wordpress website root directory : /var/www/vhosts/example.com/httpdocs/
my nodejs app directory: /var/www/vhosts/example.com/httpdocs/my-nodejsapp-folder/
UPDATE
Here is my reverse proxy config for my apache application
server {
listen +++.+.++.++:80 ;
listen ++.+.+++.++:80 ;
location / {
proxy_pass http://127.0.0.1:7080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Since I have more than one website running on my server,
I have reverse proxy config for every website.
Here it is for one of my website
server {
listen +++.+.++.++:443 ssl;
server_name example.com;
server_name www.example.com;
server_name ipv4.example.com;
ssl_certificate /opt/psa/var/certificates/certaqnxHd2;
ssl_certificate_key /opt/psa/var/certificates/certaqnxHd2;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 128m;
location / { # IPv6 isn't supported in proxy_pass yet.
proxy_pass https://+++.+.++.++:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Internal /internal-nginx-static-location;
access_log off;
}
location /internal-nginx-static-location/ {
alias /var/www/vhosts/example.com/httpdocs/;
access_log /var/www/vhosts/example.com/statistics/logs/proxy_access_ssl_log;
add_header X-Powered-By PleskLin;
internal;
}
}
server {
listen +++.+.++.++:443 ssl;
server_name webmail.example.com;
ssl_certificate /opt/psa/var/certificates/certaqnxHd2;
ssl_certificate_key /opt/psa/var/certificates/certaqnxHd2;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 128m;
location / { # IPv6 isn't supported in proxy_pass yet.
proxy_pass https://+++.+.++.++:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log /var/www/vhosts/example.com/statistics/logs/webmail_access_ssl_log;
}
}
server {
listen +++.+.++.++:80;
server_name example.com;
server_name www.example.com;
server_name ipv4.example.com;
client_max_body_size 128m;
location / { # IPv6 isn't supported in proxy_pass yet.
proxy_pass http://+++.+.++.++:7080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Internal /internal-nginx-static-location;
access_log off;
}
location /internal-nginx-static-location/ {
alias /var/www/vhosts/example.com/httpdocs/;
access_log /var/www/vhosts/example.com/statistics/logs/proxy_access_log;
add_header X-Powered-By PleskLin;
internal;
}
}
server {
listen +++.+.++.++:80;
server_name webmail.example.com;
client_max_body_size 128m;
location / { # IPv6 isn't supported in proxy_pass yet.
proxy_pass http://+++.+.++.++:7080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log /var/www/vhosts/example.com/statistics/logs/webmail_access_log;
}
}
Note: sites-available and sites-enabled files are present inside apache2. Not in nginx.
I want my nodejs app to run on example.com/my-nodejsapp-folder/ without any port number.
Any help would be highly appreciated.
http://nginx.org/en/docs/http/ngx_http_upstream_module.html#upstream
I haven't seen where it says you can use dots and slashes in the upstream name
upstream mynodeapp {
server 1**.*.**.**:3010;
}
then
server {
listen 1**.*.**.**:80;
server_name example.com/my-app;
#...etc.
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# not this.
# proxy_set_header X-Accel-Internal /internal-nginx-static-location;
proxy_pass http://mynodeapp/my-app;
proxy_redirect off;
}
}
Then your node app needs to write a header containing:
X-Accel-Redirect: /internal-nginx-static-location/somefile
There are restrictions, as in, it may not work if you start returning content (e.g. print statements) before returning all headers. It's simpler to first test with only the interesting header.
Example:
# /etc/nginx/conf.d/default.conf
upstream mynodeapp {
server 127.0.0.1:8000;
}
server {
listen 127.0.0.1:80;
location /secret {
alias /tmp/secret;
internal;
}
location /my-app {
proxy_pass http://mynodeapp/my-app;
}
}
And let's try the following:
// /tmp/index.js
var http = require('http');
http.createServer(function (req, res) {
res.writeHead(200, {'X-Accel-Redirect': '/secret/foo'});
res.end('Hello World\n');
}).listen(8000, '127.0.0.1');
And now the command line:
[root#localhost secret]# pwd
/tmp/secret
[root#localhost secret]# echo bar > foo
[root#localhost secret]# curl http://127.0.0.1:80/my-app
bar
[root#localhost secret]# curl http://127.0.0.1:80/secret/foo
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.0.15</center>
</body>
</html>
[root#localhost secret]#
You can take a look into my Nginx config https://github.com/zoonman/ruliq/blob/master/etc/nginx/www.linuxquestions.ru.conf
I am trying to forward all /socket.io requests to /broadcaster. Here is my nginx config:
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
access_log /home/ubuntu/logs/broadcaster/access.log;
error_log /home/ubuntu/logs/broadcaster/error.log;
root /usr/share/nginx/html;
index index.html index.htm;
# Make site accessible from http://localhost/
server_name localhost;
# Enable WS
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
location /broadcaster {
rewrite ^/broadcaster/(.*) /$1 break;
proxy_pass http://127.0.0.1:1337;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
# simply forward socket.io requests.
# only one site can run socket.io on this server now
location /socket.io {
proxy_pass http://127.0.0.1:1337;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection $connection_upgrade;
}
}
When I (socket.io) makes a request like GET http://my-ec2-public-dns/socket.io/1/?t=1408981904508 I get the error 400 (Bad Request).
How can I nginx forward the /socket.io requests?