I have a nodejs application running on port 8000 and the following nginx configs to proxy my requests (8800 for http and 8443 for https):
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
gzip on;
upstream node {
server 127.0.0.1:8000;
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 8800;
access_log /usr/local/etc/nginx/access.log;
error_log /usr/local/etc/nginx/error.log;
rewrite_log on;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://node;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
server {
listen 8443;
ssl on;
ssl_certificate /usr/local/etc/nginx/server.crt;
ssl_certificate_key /usr/local/etc/nginx/server.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
access_log /usr/local/etc/nginx/access.log;
error_log /usr/local/etc/nginx/error.log;
rewrite_log on;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://node;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
}
When I try to run my application at http://localhost:8800 and check Chrome Dev Tools, the websocket request (ws://localhost) returns a successful '101 Switching protocols'. But the same request (wss://localhost) doesn't work when I run it on the https://localhost (with self certified SSL certs)
Also, when I try to debug the request on nginx with
curl -i -N -H "Connection: Upgrade" -H "Upgrade: websocket" http://localhost:8800/
or
curl -i -N -k -H "Connection: Upgrade" -H "Upgrade: websocket" https://localhost:8443/
the response is 502 Bad Gateway.
I am trying to figure out why nginx isn't proxying the request properly.
Related
I am hosting my web application on NGINX server.Till now it worked fine, but I don't know why I am getting the errors present in the image below.
I don't know why these errors occur, but as a trial and error method I thought my ssl certificated got expired so I updated it. Same errors got repeated.And also checked my conf.d file, not sure that everything is good.
Here is my conf file
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
send_timeout 100s;
keepalive_timeout 95;
#ssl_session_cache shared:SSL:10m;
#ssl_session_timeout 10m;
client_body_in_file_only clean;
client_body_buffer_size 32K;
client_max_body_size 300M;
server {
listen 80;
listen 443 ssl;
server_name sample.com;
ssl_certificate ..\ssl\mbxxxx.crt;
ssl_certificate_key ..\ssl\mbkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
proxy_http_version 1.1;
client_max_body_size 300M;
proxy_read_timeout 300s;
proxy_connect_timeout 95s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Real-IP $http_referer;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header content-type "application/json";
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header REMOTE_ADDR $remote_addr;
proxy_set_header Access-Control-Allow-Origin *;
proxy_set_header Connection 'upgrade';
proxy_pass http://127.0.0.1:xxxx;
}
location /api {
proxy_http_version 1.1;
client_max_body_size 300M;
proxy_read_timeout 300s;
proxy_connect_timeout 95s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Real-IP $http_referer;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header content-type "application/json";
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header REMOTE_ADDR $remote_addr;
proxy_set_header Access-Control-Allow-Origin *;
proxy_set_header Connection 'upgrade';
proxy_pass http://127.0.0.1:xxxx;
}
error_page 405 =200 $uri;
# error_page 500 502 503 504 /50x.html;
#location = /50x.html {
#root html;
#}
}
}
enter code here
And there are no CORS restrictions.Any suggestions and reference docs would be great help.
And I don't know that this question servers my request or not.
Thanks in Advance.
So when I am doing some research on how to solve this issue, I found an answer that I have to remove passphrase in SSL certificate.I didn't get it. So what I have done is, I updated SSL certificate then I run my application. But not succeeded. So I thought nginx should be restarted after updating SSL certificate. Shockingly after restarting nginx, it worked fine.
You can specify passphrase in text file, and connect it via ssl_password_file directive. Something like this:
listen 3001 ssl;
ssl_certificate cert.pem;
ssl_certificate_key key.pem;
ssl_password_file pass.txt
How can I silence NGINX in the terminal window while using Docker-Compose? Every single call is being echoed to the console. It is so noisy that I cannot see the other console.log() messages from Node.
Here's my nginx.conf file...
worker_processes 4;
events { worker_connections 4096; }
http {
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 30m;
proxy_temp_path /var/tmp;
include mime.types;
default_type application/octet-stream;
sendfile on;
upstream mycompany-api01 {
server mycompany-api01:3000;
}
server {
listen 80;
server_name api01.mycompany.com;
root /var/www/public;
location / {
proxy_pass http://mycompany-api01;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_cache_bypass $http_upgrade;
}
}
}
You can use access_log off; to only disable the access log and leave the error log on.
Or if you only don't want to see the logs you can use docker-compose logs -f node to only see the logs of node.
You can use logging
logging:
driver: none
I have node.js app which is served by NGINX. I can't connect socket.io and keep getting 404 for POST requests to establishing a connection.
It's working locally, so it must be an NGINX problem.
# HTTP - redirect all requests to HTTPS:
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
# HTTPS - proxy requests on to local Node.js app:
server {
listen 443 ssl http2;
server_name example.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://127.0.0.1:8080;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
Thanks for any help.
Since Websockets are using the Upgrade header introduced in HTTP 1.1, you'll need to specifically use this protocol in your route and set the Connection header to upgrade.
You'll also need to specify a proxy_pass directive with a unique name.
Your config would be something like that:
upstream sockets {
server localhost:8080;
}
# HTTP - redirect all requests to HTTPS:
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
# HTTPS - proxy requests on to local Node.js app:
server {
listen 443 ssl http2;
server_name example.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $host;
proxy_pass http://sockets;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_ssl_session_reuse off;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
Take a look a the NGINX docs.
https://www.nginx.com/blog/websocket-nginx/
enter chttp {
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream websocket {
server 192.168.100.10:8010;
}
server {
listen 8020;
location / {
proxy_pass http://websocket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
}
I am trying to use SSL on my application running socket.io with express and nginx but I can't make it work. I have done my research but none of what I found worked.
I keep having the error : ERR_CONNECTION_CLOSED with not http status code on client side.
GET https://subdomain.mywebsite.com:1339/socket.io/?EIO=3&transport=polling&t=LIgxHmz net::ERR_CONNECTION_CLOSED
Here is my nginx configuration :
server {
listen 443;
server_name subdomain.mywebsite.com;
root /usr/share/nginx/html;
index index.html index.htm;
ssl on;
# Use certificate and key provided by Let's Encrypt:
ssl_certificate /etc/letsencrypt/live/subdomain.mywebsite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/subdomain.mywebsite.com/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:1339/;
proxy_redirect off;
# Socket.IO Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
Here is the server side :
var express = require('express'),
var app = express();
var server = require('http').createServer(app);
var io = require('socket.io')(server);
server.listen(1339);
...
Here is the client side :
subdomain.mywebsite.com
var socket = io.connect("https://subdomain.mywebsite.com:1339");
The page loads nicely, no error on server side but no connection to socket.io.
Everything worked flawlessly before I tried to switch to SSL.
What am I doing wrong ?
Try this configuration. Please make sure to have a correct SSL certificate and key. If you test on local you can easily use mkcert tool to generate SSL certificate to local testing.
server {
listen 80;
server_name <your server_name>;
return 301 https://<your server_name>$request_uri;
}
server {
listen 443 ssl;
ssl_certificate <your certificate path>; # better if you put them at /etc/nginx/ssl/
ssl_certificate_key <your certificate_key path >;
server_name <your server_name>;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Client-Verify SUCCESS;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://localhost:3000;
proxy_redirect off;
proxy_buffering off;
}
}
I know there are many such questions on stack exchange. But nothing could help to the scenario that I have.
Here is my situation.
I have a webserver running on apache2 listening to the port numbers 7080 and 7081. I have used reverse-proxy method on my server and installed nginx which is listening to the port 80. So now nginx is the front end. I have my wordpress website running on http://www.example.com.
Now I am trying to install node.js app on my server which I could not. It makes sense because port 80 is being used by nginx.
I referred to the following posts on SO
Node.js + Nginx - What now?
Apache and Node.js on the Same Server
I tried the following
upstream example.com/my-app {
server 1**.*.**.**:3010;
}
# the nginx server instance
server {
listen 1**.*.**.**:80;
server_name example.com/my-app;
server_name www.example.com/my-app;
server_name ipv4.example.com/my-app;
access_log off;
# pass the request to the node.js server with the correct headers and much more can be added, see nginx config options
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Internal /internal-nginx-static-location;
proxy_pass http://example.com/my-app;
proxy_redirect off;
}
location /internal-nginx-static-location/ {
alias /var/www/vhosts/example.com/httpdocs/node;
access_log /var/www/vhosts/example.com/httpdocs/node/statistics/logs/proxy_access_ssl_log;
add_header X-Powered-By PleskLin;
internal;
}
}
I wrote the above conf in a file and included it in /etc/nginx/conf.d/xzzeaweae_nginx.conf.
It is not working. but the app is running properly on 1++.+.++.++:3010 though.
My directory structure.
/var/www/vhosts/example.com/httpdocs/
my wordpress website root directory : /var/www/vhosts/example.com/httpdocs/
my nodejs app directory: /var/www/vhosts/example.com/httpdocs/my-nodejsapp-folder/
UPDATE
Here is my reverse proxy config for my apache application
server {
listen +++.+.++.++:80 ;
listen ++.+.+++.++:80 ;
location / {
proxy_pass http://127.0.0.1:7080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Since I have more than one website running on my server,
I have reverse proxy config for every website.
Here it is for one of my website
server {
listen +++.+.++.++:443 ssl;
server_name example.com;
server_name www.example.com;
server_name ipv4.example.com;
ssl_certificate /opt/psa/var/certificates/certaqnxHd2;
ssl_certificate_key /opt/psa/var/certificates/certaqnxHd2;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 128m;
location / { # IPv6 isn't supported in proxy_pass yet.
proxy_pass https://+++.+.++.++:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Internal /internal-nginx-static-location;
access_log off;
}
location /internal-nginx-static-location/ {
alias /var/www/vhosts/example.com/httpdocs/;
access_log /var/www/vhosts/example.com/statistics/logs/proxy_access_ssl_log;
add_header X-Powered-By PleskLin;
internal;
}
}
server {
listen +++.+.++.++:443 ssl;
server_name webmail.example.com;
ssl_certificate /opt/psa/var/certificates/certaqnxHd2;
ssl_certificate_key /opt/psa/var/certificates/certaqnxHd2;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 128m;
location / { # IPv6 isn't supported in proxy_pass yet.
proxy_pass https://+++.+.++.++:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log /var/www/vhosts/example.com/statistics/logs/webmail_access_ssl_log;
}
}
server {
listen +++.+.++.++:80;
server_name example.com;
server_name www.example.com;
server_name ipv4.example.com;
client_max_body_size 128m;
location / { # IPv6 isn't supported in proxy_pass yet.
proxy_pass http://+++.+.++.++:7080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Internal /internal-nginx-static-location;
access_log off;
}
location /internal-nginx-static-location/ {
alias /var/www/vhosts/example.com/httpdocs/;
access_log /var/www/vhosts/example.com/statistics/logs/proxy_access_log;
add_header X-Powered-By PleskLin;
internal;
}
}
server {
listen +++.+.++.++:80;
server_name webmail.example.com;
client_max_body_size 128m;
location / { # IPv6 isn't supported in proxy_pass yet.
proxy_pass http://+++.+.++.++:7080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log /var/www/vhosts/example.com/statistics/logs/webmail_access_log;
}
}
Note: sites-available and sites-enabled files are present inside apache2. Not in nginx.
I want my nodejs app to run on example.com/my-nodejsapp-folder/ without any port number.
Any help would be highly appreciated.
http://nginx.org/en/docs/http/ngx_http_upstream_module.html#upstream
I haven't seen where it says you can use dots and slashes in the upstream name
upstream mynodeapp {
server 1**.*.**.**:3010;
}
then
server {
listen 1**.*.**.**:80;
server_name example.com/my-app;
#...etc.
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# not this.
# proxy_set_header X-Accel-Internal /internal-nginx-static-location;
proxy_pass http://mynodeapp/my-app;
proxy_redirect off;
}
}
Then your node app needs to write a header containing:
X-Accel-Redirect: /internal-nginx-static-location/somefile
There are restrictions, as in, it may not work if you start returning content (e.g. print statements) before returning all headers. It's simpler to first test with only the interesting header.
Example:
# /etc/nginx/conf.d/default.conf
upstream mynodeapp {
server 127.0.0.1:8000;
}
server {
listen 127.0.0.1:80;
location /secret {
alias /tmp/secret;
internal;
}
location /my-app {
proxy_pass http://mynodeapp/my-app;
}
}
And let's try the following:
// /tmp/index.js
var http = require('http');
http.createServer(function (req, res) {
res.writeHead(200, {'X-Accel-Redirect': '/secret/foo'});
res.end('Hello World\n');
}).listen(8000, '127.0.0.1');
And now the command line:
[root#localhost secret]# pwd
/tmp/secret
[root#localhost secret]# echo bar > foo
[root#localhost secret]# curl http://127.0.0.1:80/my-app
bar
[root#localhost secret]# curl http://127.0.0.1:80/secret/foo
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.0.15</center>
</body>
</html>
[root#localhost secret]#
You can take a look into my Nginx config https://github.com/zoonman/ruliq/blob/master/etc/nginx/www.linuxquestions.ru.conf