I'm using Nginx in my EC2 instance to attach my domain from route 53 with my Django app which is running in a docker container, it was working totally fine but as I move my database to the RDS and after moving it my application is not working there, Nginx is throwing me the error attached below:
2022/04/07 21:15:40 [error] 9#9: *3 connect() failed (111: Connection refused) while connecting to upstream, client: 202.47.34.198, server: , request: "GET /favicon.ico HTTP/1.1", upstream: "uwsgi://172.20.0.3:9000", host: "sub.domain.com", referrer: "http://sub.domain.com/"
/etc/nginx/sites-available/default
server {
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name sub.domain.com;
location / {
proxy_pass http://localhost:80;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 100M;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/sub.domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/sub.domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = sub.domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 8080 default_server;
listen [::]:8080 default_server;
server_name sub.domain.com;
return 404; # managed by Certbot
}
netstat -tulpn | grep LISTEN
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 127.0.0.1:40743 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN -
tcp6 0 0 :::8080 :::* LISTEN -
tcp6 0 0 :::80 :::* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 :::443 :::* LISTEN -
Related
Ever since rebooting my Ubuntu EC2 instance, I have an issue with nginx giving a 502 error for my site. I didn't change any settings before the reboot and the site was working fine before then.
Error from /var/log/nginx/error.log:
2022/12/06 21:10:54 [error] 1503#1503: *4 connect() failed (111: Unknown error) while connecting to upstream, client: ###.##.##.###, server: ##.#.###.###, request: "GET /favicon.ico HTTP/1.1", upstream: "http://127.0.0.1:8000/favicon.ico", host: "##.#.###.###", referrer: "http://##.#.###.###/"
Here is my config in /etc/nginx/sites-available/:
server_tokens off;
access_log /var/log/nginx/esms.access.log;
error_log /var/log/nginx/esms.error.log;
# This configuration will be changed to redirect to HTTPS later
server {
server_name .##.#.###.###;
listen 80;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
}
location /static {
autoindex on;
alias /home/ubuntu/ESMS/esms/static/;
}
}
And the output of netstat -plnt:
sudo netstat -plnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 664/sshd: /usr/sbin
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1567/nginx: master
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 420/systemd-resolve
tcp6 0 0 :::22 :::* LISTEN 664/sshd: /usr/sbin
tcp6 0 0 :::80 :::* LISTEN 1567/nginx: master
The django server wasn't running after reboot because it is not set up to autostart after reboot. Running the command nohup python manage.py runserver 0.0.0.0:8000 & fixes it
I have a Python/Flask backend with several Rest APIs. I deployed the program in the AWS EC2 instance. APIs were worked just fine previously and for a moment, I stopped the instance and started it again (without doing a single bit of a change). The problem is, now all the APIs are throwing 502 Bad Gateway Error. How can I fix this?
Now APIs are working when I manually run the python file using
python3 main.py
and it is running on http://127.0.0.1:5000/ on the instance console.
So it seems like the Nginx is not listening to the Flask server, but not sure!
/etc/nginx/sites-available/default
server {
listen 80;
listen [::]:80;
location / {
proxy_pass http://127.0.0.1:5000;
proxy_set_header X-Real-IP $remote_addr;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
location / {
proxy_pass https://127.0.0.1:5000;
proxy_set_header X-Real-IP $remote_addr;
}
}
*I tried copying the above default file to the sites-enabled as well. Still not working
netstat -tunlp
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp6 0 0 :::443 :::* LISTEN -
tcp6 0 0 :::80 :::* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
udp 0 0 127.0.0.53:53 0.0.0.0:* -
udp 0 0 172.31.37.30:68 0.0.0.0:* -
/var/log/nginx/access.log
43.250.243.234 - - [26/Mar/2022:21:07:20 +0000] "GET /islive?videoUrl=https://smart-cap.obs.ap-southeast-3.myhuaweicloud.com/1648198646232_1648198646232.webm HTTP/1.1" 502 584 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.83 Safari/537.36"
The issue was with the service file I created to auto-run the Application. I accidentally added the wrong username for the username field. If anyone got this issue, please check if you have put the correct username in all the relevant places.
I am trying to navigate through the weeds of nginx and reverse proxy passing and one area that I am getting confused on is the port mappings. Here is an example nginx configuration file:
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name www.domain.com;
passenger_enabled on;
root /home/ubuntu/app/public;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
}
What I am specifying here is that my app should listen to port 443 because it has a self signed certificate on it. It won't accept port 80 http but only 443. Here is an example I found about proxy_passing to localhost. Which is what I want to do. Here is the example:
server {
listen 443;
server_name localhost;
ssl on;
ssl_certificate server.crt;
ssl_certificate_key server.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify SUCCESS;
proxy_set_header X-Client-DN $ssl_client_s_dn;
proxy_set_header X-SSL-Subject $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
proxy_read_timeout 1800;
proxy_connect_timeout 1800;
}
}
Here is what I don't understand and could use some clarification. What port/url am I listening to in the second example? In the server block I see this:
listen 443;
server_name localhost;
That means we are listening to localhost on 443 through https. That is simple enough to understand so far. Now we get to the location block.
location / {
proxy_pass http://localhost:3000;
What is going on here? If I started nginx and typed in the address bar http:localhost:3000 what is going to happen? Will it fail because I typed in http? Shouldn't it have been https:localhost:3000? Am I listening on port 80, 443, or 3000?
Also, on a small side question. What would happen if I opened up my Postman application and typed a get request to http://localhost:3000 or https://localhost with the second configuration? Would it hit the nginx server or try to reach my laptop's localhost?
Your desired reference uses the ssl on directive which has been depreciated
Take a look at http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl
When you specify which ports to listen on you need to group them by scheme (HTTP|HTTPS)
Example server block would look like
server {
listen 80 http2 default_server;
listen [::]:80 http2 default_server;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name www.domain.com;
passenger_enabled on;
root /home/ubuntu/app/public;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
}
I have had a lot of trouble setting up Nginx for Django on Debian.
I tried probably every nginx django conf file I could find on the internet but none of them worked, I assume I cant see the forrest for the trees...
So I am running Django 2.0.4 and daphne 2.1.1.
For Daphne I am using this command:
daphne -b 0.0.0.0 -e ssl:8080:privateKey=privkey.pem:certKey=fullchain.pem share_game.asgi:application -v2
And this is my Nginx Conf file, I have added a redirect to google so I can actually see that it is running:
upstream tsg-backend {
server 127.0.0.1:8080;
}
server {
listen 159.69.13.156:80;
server_name thesharegame.com www.thesharegame.com;
if ($host ~* ^thesharegame\.com$) {
rewrite ^(.*)$ https://www.thesharegame.com$1 permanent;
}
}
server{
listen 159.69.13.156:443 ssl http2;
server_name thesharegame.com www.thesharegame.com;
access_log /var/log/nginx/tsg.log;
error_log /var/log/nginx/tsg.log;
return 301 https://google.com$request_uri;
ssl on;
ssl_certificate /home/tsg/fullchain.pem; # managed by Certbot
ssl_certificate_key /home/tsg/privkey.pem; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
client_max_body_size 20M;
if ($host ~* ^thesharegame\.com$) {
rewrite ^(.*)$ https://www.thesharegame.com$1 permanent;
}
location / {
## If you use HTTPS make sure you disable gzip compression
## to be safe against BREACH attack.
proxy_read_timeout 3600;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://tsg-backend;
}
}
Running netstat -nlp | grep 80
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 14925/python3
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 14603/nginx: master
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 14925/python3
tcp6 0 0 :::80 :::* LISTEN 14603/nginx: master
Also, /etc/init.d/nginx status says Nginx is running.
nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; disabled; vendor preset: enabled)
Active: active (running) since Mon 2018-06-04 23:10:05 CEST; 12min ago
Docs: man:nginx(8)
Process: 13551 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=0/SUCCESS)
Process: 14601 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 14599 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Main PID: 14603 (nginx)
Tasks: 9 (limit: 4915)
CGroup: /system.slice/nginx.service
├─14603 nginx: master process /usr/sbin/nginx -g daemon on; master…n;
├─14604 nginx: worker process
├─14605 nginx: worker process
├─14606 nginx: worker process
├─14607 nginx: worker process
├─14610 nginx: worker process
├─14613 nginx: worker process
├─14614 nginx: worker process
└─14616 nginx: worker process
Jun 04 23:10:05 debian-share-game systemd[1]: Starting A high performance we…...
Jun 04 23:10:05 debian-share-game systemd[1]: Started A high performance web…er.
Hint: Some lines were ellipsized, use -l to show in full.
Sites-available and sites-enabled are both linked.
What am I missing? Anyone has an idea or needs more information?
I had successfully got the cert of my SSL and now I was trying to implement it into my AWS server with NGINX reserve proxy setup, here is the config file:
server {
listen 80;
server_name example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/cert_chain.crt;
ssl_certificate_key /etc/nginx/ssl/website.key;
server_name ~^(?<subdomain>.+)\.example\.com$;
location / {
proxy_pass http://www.example.com:8888;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $subdomain.example.com;
proxy_cache_bypass $http_upgrade;
}
}
If I change the setting to listen to port 80 then it's working fine. I had enabled port 443 in AWS security group and here is the result of netstat -tulpn | grep 443:
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN -
So it means it's listening to port 443 already right? I also ensured that the nginx was run as root using ps aux|grep nginx|grep -v grep:
root 11567 0.0 0.3 177080 3060 ? Ss 09:36 0:00 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
www-data 11568 0.0 0.7 177344 7568 ? S 09:36 0:00 nginx: worker process
I had checked the Nginx error log and it got nothing inside, but when I access my url with https it just showing that it took too long to respond. Anyone able to help? Thank you.
UPDATE
Here is the result of lsof -i:443:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
ruby 1067 root 8u IPv4 2613507 0t0 TCP ip-xxx-xx-xx-xx.us-west-2.compute.internal:49112->xxx-xx-xx-xx:https (ESTABLISHED)
ruby 1067 root 10u IPv4 2552314 0t0 TCP ip-xxx-xx-xx-xx.us-west-2.compute.internal:43384->s3-us-west-2-r-w.amazonaws.com:https (CLOSE_WAIT)
nginx 12571 root 7u IPv4 2592465 0t0 TCP *:https (LISTEN)
nginx 12572 www-data 7u IPv4 2592465 0t0 TCP *:https (LISTEN)
aws 26403 root 14u IPv4 1903428 0t0 TCP ip-xxx-xx-xx-xx.us-west-2.compute.internal:39960->xxx-xx-xx-xx:https (CLOSE_WAIT)
aws 26403 root 15u IPv4 2613578 0t0 TCP ip-xxx-xx-xx-xx.us-west-2.compute.internal:55192->xxx-xx-xx-xx:https (CLOSE_WAIT)