I have been following several different tutorials about how to set up gunicorn and daphne in parallel so that gunicorn can serve http to my django apps and daphne to my django channels app. However, I am now stuck on the welcome to nginx homepage and I cannot figure out what the problem is.
supervisor.conf
[program:example]
directory=/home/user/example/example
command=/home/user/envs/example/bin/gunicorn example.wsgi:application
user=user
autostart=true
autorestart=true
redirect_stderr=true
stdout_logfile=/home/user/envs/example/bin/gunicorn-error.log
[program:serverinterface]
directory=/home/user/example/example
command=/home/user/envs/example/bin/daphne -b 0.0.0.0 -p 8001 example.asgi:application
autostart=true
autorestart=true
stopasgroup=true
user=user
stdout_logfile = /home/user/example/bin/gunicorn-error.log
nginx/sites-availible/example.com
upstream app_server {
server http://unix:/run/gunicorn.sock fail_timeout=0;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://example.com$request_uri;
}
server {
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
server_name example.com www.example.com;
# Let's Encrypt parameters
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location = /favicon.ico { access_log off; log_not_found off; }
location / {
try_files $uri #proxy_to_app;
}
location /ws/ {
try_files $uri #proxy_to_ws;
}
location #proxy_to_app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
}
location #proxy_to_ws {
proxy_pass http://0.0.0.0:8001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
Related
It's my first time deploying an application on a deployment environment so I am a complete beginner at this, I have an nginx proxy server (call it server1) on an instance with an exposed IP to the internet & it routes requests to another server on a different instance (call it server2) that hosts my Django application, the conf file for server1 goes like this :
`server{
server_name _;
location / {
proxy_pass_header Authorization;
proxy_pass http://10.156.0.4:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection “”;
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
}
listen 443 ssl;
listen [::]:443 ssl;
include snippets/self-signed.conf;
include snippets/ssl-params.conf; }
server{
listen 80;
listen [::]:80;
server_name _;
return 302 https://35.246.244.220;}
and the second server:
server{
listen 80;
listen [::]:80;
server_name _;
location / {
proxy_pass_header Authorization;
proxy_pass http://10.156.0.4:8880;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection “”;
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
}
location /static/ {
alias /opt/app/mydjangoapp/staticfiles/;
autoindex off; }
}
I am running my django application using this command python manage.py runserver 0.0.0.0:8880 & I also did collectstatic before running the application.
Everything works fine when i edit proxy_pass in server1 to http://10.156.0.4:8880 directly but i needed the second nginx server so i can serve the static files for my application.
I feel like I am doing something obviously wrong here, but for the life of me i can't figure it out.
I figured out the problem, there was a firewall rule between those two instances that didn't allow ingress or egress from port 80, only port 8880. Didn't think of this at all!
I'm trying to deploy a web application to my server. I have put the html files in one folder and I have a django server running on the same server. I am using nginx to set up reverse proxy for the backend but for some reason I'm not able to route to backend urls.
Here is my nginx configuration:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://example.com$request_uri;
}
server {
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
server_name example.com example.com;
root /var/www/html/;
index index.html;
# Let's Encrypt parameters
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
try_files $uri $uri/ = index.html;
}
location /api {
proxy_pass http://unix:/run/gunicorn.sock;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}
In the first block..I'm setting fallbacks to index.html because it is an angular app.
The angular app runs fine.
But I'm not able to access the routes of the reverse proxy server, whenever I hit a route with /api/something it takes me back to the angular app i.e index.html
It was very simple, I had to modify the path block like this
location ~^/(admin|api) {
proxy_pass http://unix:/run/gunicorn.sock;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
I'm using django-channels2+daphne in production.
After uncertain time passed I got this error twice (after 2 and after 6 hours correspondingly), which involved 504 answer on any HTTP request. I have no idea how should I debug the problem. Using nginx, django-channels2, daphne.
Application instance <Task pending coro=<AsgiHandler.__call__() running at /usr/local/lib/python3.7/site-packages/channels/http.py:202> wait_for=<Future pending cb=[_chain_future.<locals>._call_check_cancel() at /usr/local/lib/python3.7/asyncio/futures.py:348, <TaskWakeupMethWrapper object at 0x7ff116ef9708>()]>> for connection <WebRequest at 0x7ff116a86d30 method=GET uri=/api/v1/feed/?page_size=10&distance=-1000¬_reviewed=1 clientproto=HTTP/1.1> took too long to shut down and was killed
Here is my nginx config:
server {
server_name www.example.com example.com;
return 301 https://example.com$request_uri;
}
server {
server_name www.lvh.me lvh.me;
return 301 https://lvh.me$request_uri;
}
server {
listen 443 ssl;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;
server_name www.example.com;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;
server_name www.lvh.me;
return 301 https://lvh.me$request_uri;
}
server {
server_name example.com lvh.me;
charset UTF-8;
listen 443 ssl;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;
access_log /var/log/nginx/mini.access.log;
error_log /var/log/nginx/mini.error.log;
location /static/ {
autoindex on;
root /data/django;
}
location /media/ {
autoindex on;
root /data/django;
}
location / {
proxy_pass http://django:8000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Starting daphne.com with:
daphne -b 0.0.0.0 -p 8000 project.asgi:application
I tried to make run the tutorial from the channels docs on my production server, using ssl.
After a few hours i managed to get a connection but it instantly disconnects :
None - - [12/Mar/2018:17:42:22] "WSCONNECTING /ws/chat/bibou/" - -
None - - [12/Mar/2018:17:42:22] "WSCONNECT /ws/chat/bibou/" - -
None - - [12/Mar/2018:17:42:23] "WSDISCONNECT /ws/chat/bibou/" - -
my stack is
ubuntu 16.04
nginx 1.10.3
channels==2.0.2
daphne==2.1.0
channels-redis==2.1.0
Twisted==17.9.0
I have the exact copy paste of the code from the tutorial, except for this part in room.html
var chatSocket = new WebSocket(
'wss://' + window.location.host +
':8443/ws/chat/' + roomName + '/');
and here is my nginx conf
server {
#http
listen 80;
server_name domain.com;
root /usr/share/nginx/html;
include /etc/nginx/default.d/*.conf;
location / {
return 301 https://$server_name$request_uri;
}
}
server {
#https
listen 443 ssl;
listen 8443 ssl;
server_name domain.com;
root /usr/share/nginx/html;
ssl_certificate "/etc/letsencrypt/live/domain.com/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/domain.com/privkey.pem";
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
add_header Strict-Transport-Security "max-age=31536000";
include /etc/nginx/default.d/*.conf;
location /static/ {
root /home/ubuntu;
}
location /media/ {
root /home/ubuntu;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://unix:/home/ubuntu/tlebrize/Project.sock;
}
location /ws/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://unix:/home/ubuntu/tlebrize/Daphne.sock;
}
}
I run daphne with daphne -u Daphne.sock Project.asgi:application -v 3
I also tried bypassing nginx and using sudo daphne -e ssl:8443:privateKey=/etc/letsencrypt/live/domain.co/privkey.pem:certKey=/etc/letsencrypt/live/domain.co/fullchain.pem Project.settings:CHANNEL_LAYERS
but i had the same results.
The front break with the message Chat socket closed unexpectedly with the error code 1011 (Internal Error) and no reason.
I managed to make it work, it was an issue with nginx and/or using ReconnectingWebSocket. here's my whole working conf:
nginx
server {
#http
listen 80;
server_name domain.co;
root /usr/share/nginx/html;
include /etc/nginx/default.d/*.conf;
location / {
return 301 https://$server_name$request_uri;
}
}
server {
#https
listen 443 ssl;
server_name domain.com;
root /usr/share/nginx/html;
ssl_certificate "/etc/letsencrypt/live/domain.com/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/domain.com/privkey.pem";
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
add_header Strict-Transport-Security "max-age=31536000";
include /etc/nginx/default.d/*.conf;
location /static/ {
root /home/ubuntu;
}
location /media/ {
root /home/ubuntu;
}
location /ws/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:8443;
}
location / {...}
}
daphne
sudo /home/ubuntu/venv/bin/daphne -e ssl:8443:privateKey=/etc/letsencrypt/live/domain.com/privkey.pem:certKey=/etc/letsencrypt/live/domain.com/fullchain.pem Project.asgi:application -v 3
js
var chatSocket = new ReconnectingWebSocket(
'wss://' + window.location.host +
':8443/ws/chat/' + roomName + '/');
I had this problem because I've forgot to include CHANNEL_LAYERS to settings.py.
Server was even able to send 1-2 messages before disconnecting.
This was resulting in error 1011 when connecting through nginx and 1006 when connecting directly without https/wss. I tried both uvicorn and daphne.
Looking for this solution for a while now and think I'm pretty close, however...
So I have 5 different VMs running webpages on different ports. For brevity sake lets say 8080 to 8484. I want to have them all listen on 127.0.0.1 and their respective port. I also want nginx to serve as an https and password protected front to a landing page that will redirect the users to these internal sites.
server {
listen 443 ssl http2;
ssl_certificate /etc/nginx/ssl/home.crt;
ssl_certificate_key /etc/nginx/ssl/home.key;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
root /usr/share/nginx/html;
index index.html index.htm;
client_max_body_size 101M;
auth_basic "Login required";
auth_basic_user_file /etc/nginx/htpasswd;
location /server1 {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
}
location /server2 {
proxy_pass http://127.0.0.1:8181;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
}
....
So this will prompt me for the user, pass and redirect to the appropriate page being hosted on that port, but I get an error saying disallowed host at /server1 for an invalid HTTP_HOST header as \127.0.0.1 is not valid.
Is this even possible to do? The servers are running various frameworks, Django, Apache, Tomcat...
server {
listen 443 ssl http2;
ssl_certificate /etc/nginx/ssl/home.crt;
ssl_certificate_key /etc/nginx/ssl/home.key;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
root /usr/share/nginx/html;
index index.html index.htm;
client_max_body_size 101M;
auth_basic "Login required";
auth_basic_user_file /etc/nginx/htpasswd;
location /server1/ {
proxy_pass http://127.0.0.1:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /server2/ {
proxy_pass http://127.0.0.1:8181/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}