I am configuring aws elasticbeanstalk Amazon linux 2 with docker-compose.
I want to configure nginx like this.
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
#try_files $uri $uri/ =404;
}
location /admin {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080;
}
}
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/platforms-linux-extend.html
So i just followed above docs. And my source code package directory architecture is as below.
.ebextensions
.platform
nginx
conf.d
myconf.conf
docker-compose.yml
After deployment, when i access my elastic beanstalk url, there were 502 gateway error.
When i checked elastic beanstalk(ec2), my docker container was running successfully. And i could access localhost:3000 in my ec2 container.
I want to adopt my custom nginx configuration on elasticbeanstalk Amazon Linux 2 enviornment, and i followed the settings in the documentation[https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/platforms-linux-extend.html], but it didn't work.
How can i adopt my custom nginx configuration on elasticbeanstlak Amazon Linux 2? Is there any process i was missing?
Related
I created an HTTP API with ec2 instance integration. Two python applications are running on the ec2 instance on ports 8002 and 5005. There is an nginx reverse proxy running on ec2 instance that should direct requests from API gateway to the correct port based on the server name. But it always end up directing traffic to the default server. Any idea whats the issue?
This is how my nginx config looks like:
server {
listen 80 default_server;
server_name example1.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:8002;
}
}
server {
listen 80;
server_name example2.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:5005;
}
}
I tried changing the nginx config couple of times but nothing worked.
I am trying to test Istio 1.9 on Kubernetes 1.20.2 (on premise)
First of all, when Nginx proxy_pass has fqdn of service for tomcat deployment
location / {
proxy_pass http://tomcat.default.svc.cluster.local:8080;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
while showing 404 error, It doesn't work and I couldn't find any tcp packet towards tomcat from tcpdump in Nginx pod.
Secondly, If I change the fqdn in proxy_pass into clusterIP or pod IP of tomcat pod, It works very well.
Finally, If I remove istio sidecar(envoy) injected into nginx, it works with fqdn in proxy_pass.
In this case, when the fqdn is used with envoy, why proxy_pass is not working? is there any required configurationn for Nginx with envoy?
I can expect the fqdn is used commonly in the light of the fact clusterIP could be changed.
I installed Ghost on my EC2 instance running Ubuntu 18 by following the official guide.
I didn't opt-in for a LetsEncrypt certificate though. I wanted to roll my own with the Amazon Certificate Manager and load-balance requests to the website via Route53 and a CloudFront distribution.
The issue is that the blog doesn't load - instead I am presented the default nginx homepage.
This is my website config in /etc/nginx/sites-enabled:
server {
listen 80;
listen [::]:80;
server_name paulrberg.com;
root /var/www/ghost/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:2368;
}
location ~ /.well-known {
allow all;
}
client_max_body_size 50m;
}
I suspect that the issue is the nginx configuration. The way Ghost provides may not be compatible with an Amazon certificate coupled with Route53 and CloudFront.
Is this even doable or do I have to use the LetsEncrypt certificate and give up on my infrastructure of choice?
This is what I have setup on AWS in a nutshell:
I have an ec2 (windows server) lets call it my WebAppInstance which hosts a .Net based web api application.
Then I have another ec2 instance (windows server) which has another instance of the same web app, lets call it WebAppInstanceStaging.
Now, in order to achieve canary deployment, I created another ec2 (ubuntu) to host nginx to redirect the request to either WebAppInstance OR WebAppInstanceStaging based on the request header.
I have put my nginx behind an elb to make use of the ssl cert I have in AWS Certificate Manager (ACM) since it cannot be directly used with an ec2. And then I created a Route 53 record set in the domain registered with AWS (*.mydomain.com).
In Route 53 I created a record set as myapp.mydomain.com.
Now when I access the http://myapp.mydomain.com I am able to access it but when I try to access https://myapp.mydomain.com I am seeing error saying This site can't be reached (ERR_CONNECTION_REFUSED).
Below is the configuration of my nginx:
upstream staging {
server myappstaging.somedomain.com:443;
}
upstream prod {
server myapp.somedomain.com:443;
}
# map to different upstream backends based on header
map $http_x_server_select $pool {
default "prod";
staging "staging";
}
server {
listen 80;
server_name <publicIPOfMyNginxEC2> <myapp.mydomain.com>;
location / {
proxy_pass https://$pool;
#standard proxy settings
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
}
}
Been more than a day trying to figure it out. What am I missing?
I have spent hours trying to come up with a solution and read a lot of web socket solution with a nginx, still no luck
I have a websocket application containerised with docker and running on ec2 instances using ecs. my websocket need to be able to autoscale when needed.
I have tested connectivity with Classic elb and all works well but it doesn't support websocket protocol.
Down to ALB and NLB
ALB only allows HTTP and HTTPS protocol and support websockets and i am unsure of how to implement that to achieve accessing my websocket over the WSS protocol also target group heath checks fails.
NLB works well as it allows TCP protocol but the only issue is that it doesn't terminate SSL.
The only solution was to install the SSL cert on the EC2 and setup nginx reverse proxy to the docker container. but i have had no joys with that as i have had no experience with Nginx i might not have the right config. but i am still not able to connect to websocket over wss. Any assistance welcomed
My main objective is connecting to websocket over wss.
worker_processes 1;
events { worker_connections 1024; }
http {
sendfile on;
upstream docker-nginx {
server nginx:443;
ssl_certificate /etc/ssl/private/example.chained.crt;
ssl_certificate_key /etc/ssl/private/example.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
}
upstream localhost {
server apache:443;
}
server {
listen 443;
location / {
proxy_pass http://localhost;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
server {
listen 443;
location / {
proxy_pass http://example.com;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
}
This was resolved by using ALB.