I have a nodejs server and SSL enabled nginx on 2 separate machines. Request/response all work properly, however I have some problems getting nginx to cache stuff. My server configuration is below. Initially, I had the proxy cache statement in the 'location /' block, and at the time it was caching only my index page. I read that nginx won't cache requests with set-cookie headers, so I ignored them as well (although it didn't stop my index page from getting cached earlier). I tried fiddling with this for a whole day, but couldn't get nginx to cache my js and css files. All such requests are getting routed back to my node server. Access logs and error logs don't have any unusual entries. What am I doing wrong?
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /webserver/nginx/credentials/cert;
ssl_certificate_key /webserver/nginx/credentials/key;
ssl_session_cache shared:SSL:10m;
location ~ .*\.(ico|css|js|gif|jpe?g|png)$ {
proxy_pass http://somewhere:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect http:// https://;
proxy_ignore_headers "Set-Cookie";
proxy_cache one;
proxy_cache_valid 200 1d;
proxy_cache_valid any 1m;
expires 7d;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
}
location / {
proxy_pass http://somewhere:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect http:// https://;
}
}
This is what I'm using (I don't have SSL enabled but I don't think that is the problem). You're missing the try_files line that tells nginx to look for the files in the root before passing off to the proxy. Also, it's not really a caching problem - none of the static file requests should ever be hitting your node.js backend with this configuration.
server {
root /public;
listen 80;
server_name _;
index index.html index.htm;
charset utf-8;
# proxy request to node
location #proxy {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:3010;
proxy_redirect off;
break;
}
location / {
try_files $uri.html $uri $uri/ #proxy;
}
# static content
location ~ \.(?:ico|jpg|css|png|js|swf|woff|eot|svg|ttf|html|gif)$ {
access_log off;
log_not_found off;
add_header Pragma "public";
add_header Cache-Control "public";
expires 30d;
}
location ~ /\. {
access_log off;
log_not_found off;
deny all;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
error_page 404 /404.html;
location = /404.html {
}
}
Related
I have setup nginx with wordpress and it is working fine. now i have created a react application, which is running in port 3000. i want my nginx server to pass the request to react server if certain location match.
below is the nginx configuration with wordpress and react app.
listen 80;
server_name aaroogya.org;
return 301 https://aaroogya.org$request_uri;
}
server {
# listen 80;
root /var/www/wordpress;
index index.php index.html index.htm index.nginx-debian.html;
server_name aaroogya.org www.aaroogya.org;
#location = /favicon.ico { log_not_found off; access_log off; }
#location = /robots.txt { log_not_found off; access_log off; allow all; }
#server_name testbed2.covidhelp.in;
location /covidhelp{
#root /var/www/;
# index index.html;
add_header Access-Control-Allow-Origin http://127.0.0.1:3000/;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:3000/ ;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
location / {
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/aaroogya.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/aaroogya.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
when i visit https://www.aaroogya.org/covidhelp/
it redirect the request to react server but when i tried to load all the static file like bundle.js then it's not working.
for e.g
https://www.aaroogya.org/covidhelp/static/js/main.chunk.js -- not working example
https://www.aaroogya.org/covidhelp/static/js/main.chunk.js/ -- added a trailing slash and its working fine.
I've resolved the issue with 2 steps.
Check /var/log/nginx/error.log
connect() failed(111: Connection refused) while connecting to upstream, client: * .*.*.*, server: * .*.*.*, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8000/", host: "*.*.*.*"
Upstream was still 127.0.0.1:8000 even if I set upstream to 127.0.0.1:3000 in nginx conf file.
Replace server 127.0.0.1:8000 with server 127.0.0.1:3000 in /etc/nginx/conf.d/virtual.conf and restart nginx.
Below:
server {
listen 80;
server_name SERVER_IP_ADDRESS;
location / {
proxy_pass http://127.0.0.1:3000;
}
}
Then:
sudo /etc/init.d/nginx restart
Finally, it works with no 502 error.
I'm trying to setup a node server for wiki.js with a NGINX reverse proxy. I followed the wiki.js installation instructions and have the files extracted into /var/www/site/main/wiki so the file structure looks as follows:
var
- www
- site
- main
- wiki
-assets
-config.yml
-LICENSE
-node_modules
-package.json
-server
I can run the node server command in that directory and it instructed me to continue the setup by going to http://localhost:3000. I then tried to visit the site by it's domain, and the page title is being set to wiki.js Setup so something is passing through the Nginx proxy, but all css/js files are returning a 404 error causing the page to fail to render.
I used a setup from https://nginxconfig.io to configure the Nginx proxy, and the server block is as follows:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
# SSL
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
# security
include nginxconfig.io/security.conf;
# reverse proxy
location / {
proxy_pass http://127.0.0.1:3000;
# This next block is actually include with a include
# nginxconfig.io/proxy.conf call but this is the contents of that file
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
# additional config
include nginxconfig.io/general.conf;
}
# subdomains redirect
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name *.example.com;
# SSL
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
return 301 https://example.com$request_uri;
}
# HTTP redirect
server {
listen 80;
listen [::]:80;
server_name .example.com;
include nginxconfig.io/letsencrypt.conf;
location / {
return 301 https://example.com$request_uri;
}
}
I just ran into this issue myself. After poking and prodding, I found there are multiple issues with the nginxconfig.io setup; it seems to want to configure too many things and this gets in the way of wiki.js actually being able to do its own thing.
Content-Security-Policy needs to be unset
Removed all includes in an effort to debug faster
As of right now (2020-05-16_14-11) these are valid working server blocks:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name wiki.domain.invalid;
# SSL
ssl_certificate /etc/letsencrypt/live/wiki.domain.invalid/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/wiki.domain.invalid/privkey.pem; #managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/wiki.domain.invalid/chain.pem;
# security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
#add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
add_header Strict-Transport-Security "max-age=0" always;
# . files
location ~ /\.(?!well-known) {
deny all;
}
# logging
access_log /var/log/nginx/wiki.domain.invalid.access.log;
error_log /var/log/nginx/wiki.domain.invalid.error.log warn;
# reverse proxy
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
#proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Proto $scheme;
#proxy_set_header X-Forwarded-Host $host;
#proxy_set_header X-Forwarded-Port $server_port;
proxy_next_upstream error timeout http_502 http_503 http_504;
}
# gzip
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
}
# HTTP redirect
server {
listen 80;
listen [::]:80;
server_name wiki.domain.invalid;
# ACME-challenge
location ^~ /.well-known/acme-challenge/ {
root /var/www/_letsencrypt;
}
location / {
return 301 https://wiki.domain.invalid$request_uri;
}
}
I am trying to run multiple socketio endpoints behind a nginx proxy. My first socket site is at the endpoint '/'. This one works fine. The second socketio endpoint is at '/red/'. This appears to work. The socketio client in my html
var socket = io.connect('http://www.vagrantdevhost.com:8080', {path:'/red/'});
socket.on('connect', function() {
socket.emit('connectevent', {data: 'I\'m connected!'});
});
appears to connect properly. My connect event is called. However, I get the following errors in my console.
POST http://www.vagrantdevhost.com:8080/red/?EIO=3&transport=polling&t=MKUdom- 405 (METHOD NOT ALLOWED) index.js:83
Any explanations? I'm on day three of this and would appreciate any advice. I have included my nginx config.
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 8080 default_server;
listen [::]:8080 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location /socket.io {
proxy_pass http://127.0.0.1:8092/socket.io;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location / {
proxy_pass http://127.0.0.1:8092;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /red/ {
proxy_pass http://127.0.0.1:8093/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
Usually these error messaged are caused by the limitation that Nginx can't serve static content on POST request. So, there is a hack in this post where you redirect 405 to 200.
check here: POST request not allowed - 405 Not Allowed - nginx, even with headers included
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
error_page 404 /404.html;
error_page 403 /403.html;
# To allow POST on static pages
error_page 405 =200 $uri;
# ...
}
I have an issue where pages from two distinct websites are being indexed by Google as one site.
So, we have two websites; let's call them siteone.com and sitetwo.com. When I do a search like "site:sitetwo.com" I get a few SERP pages of results, all appearing as from the www.sitetwo.com domain.
However, some of the results are actually content from siteone.com. These pages exist on siteone.com, but do not on sitetwo.com. If requested, they return a 404. As an example, there may be a page in the results such as "http://www.sitetwo.com/foo/bar" but that page doesn't exist and never has. The page "http://www.siteone.com/foo/bar does exist.
The websites are on the same server, at the same IP address. Sitetwo.com has been up for about a week.
Stack is: CentOS, NGINX, Node.js, MySQL. The sites are in separate directories, running separate instances of Node, and while both DBs are on the same MySQL server, they are separate DBs. The only thing they share is the server and the IP. I've included a portion of my nginx.conf file as this is, IMO, the most likely place I could've messed up.
server {
listen 80;
server_name siteone.com;
return 301 http://www.siteone.com$request_uri;
}
server {
listen 80;
server_name sitetwo.com;
return 301 http://www.sitetwo.com$request_uri;
}
server {
listen 80;
listen [::]:80;
server_name sitetwo.com www.sitetwo.com;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/\*.conf;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Real-IP $remote_addr;
proxy_buffering off;
proxy_pass http://127.0.0.1:9002;
proxy_pass_header X-CSRF-TOKEN;
proxy_redirect off;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
server {
listen 80 default_server;
listen 443 ssl;
listen [::]:80 default_server;
server_name siteone.com www.siteone.com;
root /usr/share/nginx/html;
ssl_certificate /etc/ssl/nginx/www.siteone.com.crt;
ssl_certificate_key /etc/ssl/nginx/www.siteone.com.key;
# Load configuration files for the default server block.
include /etc/nginx/default.d/\*.conf;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Real-IP $remote_addr;
proxy_buffering off;
proxy_pass http://127.0.0.1:9001;
proxy_pass_header X-CSRF-TOKEN;
proxy_redirect off;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
The "\" in "include /etc/nginx/default.d/*.conf;" is not really there, but it was affecting StackOverflow's formatting.
I've set up an Nginx server which does a proxy_pass to a Node server if no html files are found. I can access my static html file just fine but when I hit the Node server I get a 403: Forbidden. Here is my Nginx conf if that helps:
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=one:8m max_size=3000m inactive=600m;
upstream mysite_upstream {
server 127.0.0.1:8000;
keepalive 64;
}
server {
listen 80;
server_name staging.mysite.org;
root /var/www/staging.mysite.org/public;
access_log /var/logs/staging.mysite.org.access.log;
error_log /var/logs/staging.mysite.org.error.log;
error_page 404 /404.html;
error_page 500 503 /500.html;
location ~ ^/(images/|javascript/|js/|css/|style/|flash/|robots.txt|sitemap.xml|humans.txt|favicon.ico) {
access_log off;
expires max;
}
location #node {
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_cache one;
proxy_cache_key sfs$request_uri$scheme;
proxy_pass http://mysite_upstream;
}
location / {
try_files $uri $uri/ $uri.html #node;
}
}
I should mention that if I take out try_files and just proxy_pass directly from / the Node app is served up but I get a 404 for all my static html files. Also, this is working fine on my local machine (osx).