I have one IP address on my Linux box, and would like to serve HTTPS websites in this form:
https://landing.example.com
https://site-01.example.com/index.html
https://site-01.example.com/files/index.html
https://site-01.example.com/store/index.html
https://site-02.example.com/index.html
https://site-02.example.com/files/index.html
https://site-02.example.com/store/index.html
Each of these websites is a Docker container on the same host, so my idea were setting up an NginX reverse proxy Docker container.
There are many howto's about NginX as reverse proxy, but what I want to do is different from the text book example, as I have HTTPS, multiple sub-domains and multiple URL's.
Questions
Does anyone know of howto's that deal with this type of setup, or perhaps can tell me what the technical key words I should search for are?
At this point I don't know where to start, so any help will be much appreciated.
You need to add A-records to you DNS manager that will redirect all your subdomains to the IP address of the host machine.
Then in your NGINX config you can do something like this.
server {
listen 80;
server_name landing.example.com;
location /static {
alias /home/example-dir/staticfiles;
}
access_log /home/example-dir/nginx-access.log;
error_log /home/example-dir/nginx-error.log info;
}
server {
listen 80;
server_name site-01.example.com;
location /static {
alias /home/example-dir2/staticfiles;
}
}
Related
I'm trying to enforce the SSL protocol in a Jelastic Enviroment.
My setup is:
one node, with a Nginx Load balancer (+ public ip + custom ssl certificate) and a NodeJS application server.
The SSL setup is working, but i want to enforce the use of HTTPS no HTTP (a redirect).
I've tried to modify the nginx.conf but no success.
Any ideas how should I do that?
Create the config file /etc/nginx/conf.d/nginx_force_https.conf and add the lines below:
server {
listen 80;
server_name _;
return 301 https://$host$request_uri;
}
It will redirect all configured sites to https.
If you want only exact site example.com:
server {
listen 80;
server_name example.com;
return 301 https://example.com$request_uri;
}
Make sure that you have these includes enabled in /etc/nginx/nginx.conf
include /etc/nginx/nginx-jelastic.conf;
in /etc/nginx/nginx-jelastic.conf:
include /etc/nginx/conf.d/*.conf;
Check for errors in the configuration:
sudo service nginx configtest
Reload configuration (this would be enough to make changes "work"):
sudo service nginx reload
Check if all works as expected. Restart the whole webserver (if needed):
sudo service nginx restart
The detailed answer can be found in this post Force www. and https in nginx.conf (SSL)
So, I set up a Nginx server on a Ubuntu system, I can access directly from my LAN.
I then bought a domain and linked it with my public ip address.
I port forwarded port 80 on my router.
So, this is the weird part, I can access my server by typing my domain in my home network.
But, i've been trying to access it outside my network (my phone's lte) and it does not work.
I know i can connect, because my FTP server works directly fine.
I temporarily disable my local firewall to make sure it wasn't an exceptrion problem, but it was not that.
I don't know what else to try?
my server config file
listen 80;
listen [::]:80;
root /var/www/ahtpo.host/html;
index index.html index.htm index.nginx-debain.html;
server_name ahtpo.host www.ahtpo.host;
access_log /var/log/nginx/ahtpo.host.access.log;
error_log /var/log/nginx/ahtpo.host.error.log;
location / {
try_files $uri $uri/ =404;
}
my access.log shows access only from my home's public ip and nothing else. all other attempts fail. My error.log is empty
OpenPortCheckTool says that port 80 is closed, even though i've allowed on my firewall and my router
I figured it out. My ISP (Cox) does not allow port 80 traffic on a residential address, so I just changed the port number. Thanks for the help. I know it wasn't a programming question, sorry.
I have below nginx conf file
upstream entry {
server 127.0.0.1:3001;
}
server {
listen 80;
server_name 127.0.0.1;
location / {
proxy_pass http://entry/;
}
Whenever I hit http://127.0.0.1:80/, it will be redirected to 127.0.0.1:3001. In the same way if I hit http://127.0.0.1:3001/ it should be redirected to nginx server.
Any help on this will be really helpful.
If I am getting it correct you want http://127.0.0.1:3001/ (node http server) to redirect to http://127.0.0.1:80/ (nginx), which in turn will redirect to http://127.0.0.1:3001/ (node http server). Why on earth you want to do that? You can use node proxy module to do that if you want to fall inside a infinite for loop.
But generally, sane people will will use nginx as reverse proxy (80->3001). And block port 3001 for any outside communication through firewall.
I inherited a node.js project and I am very new to the platform/language.
The application I inherited is in development so it is a work in progress. In its current state it runs off port 7576 so you access it this way: server_ip:7576
I've been tasked with putting this "prototype" on a live server so my boss can show it to investors etc. But I have to password protect it.
So what I did is I got it running on the live server. And then I made it use a nginx vhost like this:
server {
listen 80;
auth_basic "Restricted";
auth_basic_user_file /usr/ssl/htpasswd;
access_log /etc/nginx/logs/access/wip.mydomain.com.access.log;
error_log /etc/nginx/logs/error/wip.mydomain.com.error.log;
server_name wip.mydomain.com;
location / {
proxy_pass http://127.0.0.1:7576;
root /var/app;
expires 30d;
#uncomment this is you want to name an index file:
#index index.php index.html;
access_log off;
}
location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|pdf|txt|tar|wav|bmp|rtf|js|flv|swf|html|htm)$ {
root /var/app/public;
}
}
`
This got the job done, I can now access my app by going to wip.mydomain.com
And I can easily password protect it via nginx.
My problem is the app is still accessible via the ip:port and I don't know how to prevent that.
Any help is appreciated.
Thanks
In your node javascript code, you need to explicitly bind to the loopback IP:
server.listen(7576, '127.0.0.1');
(You are looking for a call to .listen(<port>) to fix. The variable may be called app or something else though).
Any IP address starting with 127. is a loopback address that can only be accessed within a single machine (doesn't actually use the network).
There are several questions on SO about nginx subdomain configuration but didn't find one that exactly the same as mine.
Say I got a virtual host some.example.com from higher-level net admin example.com at our organization. I want to use some.example.com as my primary site and use foo.some.example.com and bar.some.example.com for auxiliary usage (proxy, etc). I tried this simple configuration and put it under sites-enabled but didn't work:
server {
listen 80;
server_name some.example.com;
root /home/me/public_html/some;
index index.html index.htm;
}
server {
listen 80;
server_name foo.some.example.com;
root /home/me/public_html/foo;
index index.html index.htm;
}
server {
listen 80;
server_name bar.some.example.com;
root /home/me/public_html/bar;
index index.html index.htm;
}
In this setting some.example.com works fine, but for the other two browser return that could not find foo.some.example.com. I'm running it on a ubuntu server.
Is there something wrong with this configuration? Or is it something I should talk to higher level net admin (make foo.some.example.com and bar.some.example.com to be registered)?
Sub-domain configuration starts with an entry in the DNS server of the parent domain and the lookup resolves the sub-domain to an IP address of the web server. The web server in turn delegates the requests based on its configuration for the sub-domain.
If you don't have a DNS setup in your sub-domain, then the admin at example.com needs to set up a CNAME alias. The alias points the subdomain to the same web server, which hosts the website for the parent domain. The canonical names (CNAMES) are added for each of the subdomains. Once the subdomain is resolved to the IP address of the web server, the web server can route the request to a different website.
CNAME is just a way to get the web traffic to your IP address. The
request will still include the original name in the Host: header.