Hello I am definitely new to HTTPS so please bear with me. In order to run the nodejs application, http-server, I use this command on my webserver:
http-server -p 80 -S
The -p flag specifies the port and then the -S flag specifies that I will be using the https protocol. I am able to access the website just fine by physically going to the web server's address like:
https://123.456.78.90:80
However when I try to access the site from my domain:
example.com
or even:
https://example.com
I get a connection refused error in the browser. This perplexes me as I have created A records to redirect the domain to the ip address with digital ocean, along with using their nameservers. This whole process works flawlessly when I start up an instance of http-server in normal http mode like this:
http-server -p 80
Any help is MUCH appreciated as I haven't been able to find much on the topic. Thanks internet people.
Try to use a free ports. The port 80 is currently used for http connections.
http-server -p 9090
Wow figured it out. I needed to specify the port 443 when starting the http-server for https to work properly.
Ubuntu 16.04.2
varnish-4.1.1
I stuck here:
https://varnish-cache.org/docs/4.1/tutorial/starting_varnish.html
The very first change in configuration in the whole book. It said: change host to www.varnish-cache.org and reload.
/etc/varnish/default.vcl
vcl 4.0;
backend default {
.host = "www.varnish-cache.org";
.port = "80";
}
I executed:
sudo service varnish restart
sudo service varnish reload
But anyway I constantly have "Error 503 Backend fetch failed".
I have tried:
$ sudo varnishd -d -f default.vcl
Error:
Failed to create vcl_boot/vgc.so: Permission deniedVCL compilation failed
It seems that compilation fails. Could you help me here?
It's a somewhat broken tutorial for a few reasons:
They ask you to point backend to a DNS name. The proper way is to specify IP in backend definitions
Whatever you specify (DNS or IP) it will end up passing Host header of the site you access Varnish with and ask backend server to deliver site with that hostname.
So why you're getting an error as per tutorial:
You access, e.g. http://localhost/ (or whatever hostname you access your Varnish with)
Then Varnish talks to HTTP server at varnish-cache.org and asks for http://localhost.
Obviously the varnish-cache.org server has no idea about that one and most likely (as per their configuration will issue a redirect / error / etc.) thus the error that you see.
It is best to point it to your own web server instead and do it like this:
vcl 4.0;
backend default {
.host = "127.0.0.1";
.port = "8080";
}
The above assumes that you run a web server (nginx or Apache, etc.) at the same machine with Varnish and you made it run at port 8080.
I'm trying to run a node web app (built with meteor) on a Centos7 server running EasyApache4 with WHM cPanel. I'm trying to run it on a subdomain off of one of our main websites on port 8080.
When going to the subdomain on port 8080, the connection just times out, but can see the html when using curl to access it.
Does anyone have any ideas why it won't work through the browser, and also how I can get it to look like it's running straight from the subdomain instead of having to go directly to the port.
EDIT
Below is the curl we are using to view the html
curl http://subdomain.site.com:8080
Doing that brings back the html no problems
Had the same problem today. I am using Memset Centos7 server with WHM/CPanel, running EasyApache 4.
After trying everything I could think of, I realised that I had a basic firewall setup, which closed all ports that were not listed. After adding port 8080, it worked.
Used this:
sudo iptables -I INPUT 1 -i + -p tcp --dport 8080 -j ACCEPT
I am not 100% certain how secure this is, as I am still researching.
I have only one public ip address so use Varnish as a reverse proxy for multiple servers. Here is the configuration.
1st physical server Varnish/Apache - port 80, port 8080, ip address 10.0.0.40
2nd physical server 3 Drupal Vhosts - port 80, ip address 10.0.0.30
3rd physical server 2 Non Drupal Vhosts - port 80, ip address 10.0.0.31
In /etc/sysconfig/varnish,
DAEMON_OPTS="-a :80 \ -T localhost:6082 \ -f /etc/varnish/default.vcl \ -u varnish -g varnish \ -S /etc/varnish/secret \ -s file,/var/lib/varnish/varnish_storage.bin,1G"
In default vcl,
backend default { .host = "127.0.0.1"; .port = "8080"; }
Reverse proxy is working ok and I can see Varnish cache working by checking http header. However I am not sure above configuration is correct or optimal, especially only one backend definition on default vcl file. Any advice?
I suggest the following approach:
NGINX > VARNISH > APACHE
Nginx: to handle SSL termination easily and also you can use it to cache the static content. As far as I know that Nginx is better than Varnish in caching the static content also Varnish is not supposed to cache the static content.
Varnish: will receive requests from Nginx and pass it to Apache.
Apache: will act as a load balancer which will send the requests to the backend servers (Drupal/Non-drupal)
Check the following resources:
1- HTTPS Everywhere With Nginx, Varnish And Apache
2- Simple load balancing with Apache
If my answer is not clear enough let me know.
I've just installed a Ubuntu 12.04 server and nginx 1.2.7, removed default from sites-enabled and added my own file into sites-available and symlink at sites-enabled. Then restarted nginx.
Problem: However going to the URL does not load the site. netstat -nlp | grep nginx and netstat -nlp | grep 80 both returns no results! lsof -i :80 also returns nothing. A dig from another server returns the correct ip address so it shouldn't be a DNS problem. I was able to connect to apache which I have now stopped its service. nginx logs also show nothing.
How should I troubleshoot this problem?
/etc/nginx/site-available/mysite.com
server {
listen 80;
server_name www.mysite.com mysite.com *.mysite.com;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
root /var/www/mysite/public;
index index.php index.html;
location / {
try_files $uri $uri/ /index.php?$args ;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_read_timeout 300;
}
}
I had this same problem, the solution was that I had not symlinked my siteconf file correctly. Try running vim /etc/nginx/sites-enabled/mysite.com—can you get to it? I was getting "Permission Denied."
If not run:
rm /etc/nginx/sites-enabled/mysite.com
ln -s /etc/nginx/sites-available/mysite.com /etc/nginx/sites-enabled/mysite.com
If your logs are silent on the issue, you may not be including the sites-enabled directory. One simple way to tell that the site is being loaded is to set the error/access log path within your server block to a unique path, reload nginx, and check if the files are created.
Ensure the following include directive exists within the http context in /etc/nginx/nginx.conf.
http {
...
include /etc/nginx/sites-enabled/*;
}
I've found it helpful to approach debugging nginx with the following steps:
1... Make sure nginx is running.
ps aux | grep nginx
2... Check for processes already bound to the port in question.
lsof -n -i:80
3... Make sure nginx has been reloaded.
sudo nginx -t
sudo nginx -s reload
On Mac, brew services restart nginx is not sufficient to reload nginx.
4... Try creating simple responses manually to make sure your location path isn't messed up. This is especially helpful when problems arise while using proxy_pass to forward requests to other running apps.
location / {
add_header Content-Type text/html;
return 200 'Here I am!';
}
I ran into the same problem, I got a Failed to load resource: net::ERR_CONNECTION_REFUSED error when connecting over HTTP, but fine over HTTPS. Ran netstat -tulpn and saw nginx not binding to port 80 for IPv4. Done everything described here. Turned out to be something very stupid:
Make sure the sites-available file with the default_server is actually enabled.
Hope this saved some other poor idiot out there some time.
You are probably binding nginx to port 80 twice. Is that your full config file? Don't you have another statement listening to port 80?
A semi-colon ; missing in /etc/nginx/nginx.conf for exemple on the line before include /etc/nginx/servers-enabled/*; can just bypass this intruction and nginx -t check will be successful anyway.
So just check that all instructions in /etc/nginx/nginx.conf are ended with a semi-colon ;.
I had faced the same problem over the server, here I am listing the how I had solved it :
Step 1 :: Installing the Ngnix
sudo apt update
sudo apt install nginx
Step 2 – Adjusting the Firewall
sudo ufw app list
You should get a listing of the application profiles:
Output
Available applications:
Nginx Full
Nginx HTTP
Nginx HTTPS
OpenSSH
As you can see, there are three profiles available for Nginx:
Nginx Full: This profile opens both port 80 (normal, unencrypted web traffic) and port 443 (TLS/SSL encrypted traffic)
Nginx HTTP: This profile opens only port 80 (normal, unencrypted web traffic)
Nginx HTTPS: This profile opens only port 443 (TLS/SSL encrypted traffic)
Since I haven’t configured SSL for our server yet in this guide, we will only need to allow traffic on port 80.You can enable this by typing:
sudo ufw allow 'Nginx HTTP'
You can verify the change by typing:
sudo ufw status
Step 3 – Checking your Web Server
systemctl status nginx
Now Check port 80 , It worked for me hope will work for you as well.
Have you checked if your nginx binary really exists? please check if
#whereis nginx
outputs the binary path and check this path with your init script from /etc/init.d/nginx. e.g.
DAEMON=/usr/sbin/nginx
(In my init script "test -x $DAEMON || exit 0" is invoked and in any case this script returned nothing - my binary was completely missing)
While we all think we don't make silly mistakes, we do.
So, if you are looking into NGINX issues and all signs are showing it should work then you should take a step away from the files and look downstream.
System Firewall, Hardware Firewall, Nat router/firewall.
For myself this issue was my router, I run a home lab and so I can access services behind my router from afar I use NGINX to reverse proxy as my router only handles incoming based on IP and doesn't do any handling of hostnames, I'm sure this is all fairly normal.
In any case my issue cropped up as I was securing my network a few days ago, removing some port forwarding that isnt needed any longer and I accidentally removed port 80.
Yes it was as simple as forwarding that port again to NGINX and all was fixed.
I will now walk away with my head hung in extreme shame though I leave this answer to show my gratitude to the people in this thread that lead me to find my own error.
So thank you.
In my case those network command's outputs showed nginx was correctly binding to port 80, yet the ports weren't externally accessible or visible with nmap.
While I suspected a firewall, it turns out that old iptables rules on the machine were redirecting traffic from those ports and conflicting with nginx. Use sudo iptables-save to view all currently applicable rules.
I am facing the same issue. Just reload the nginx help me
sudo nginx -t
If you got error then just delete the log.txt file
then,
sudo nginx -s reload