I have application running on my AWS EC2 Instance's localhost:8080.
In order to use these Web portal, I have install nginx on EC2 and reversed proxy localhost so that I can access Web UI on my browser.
Nginx.conf file
server {
listen 80;
server_name ec2-xx-xx-xxx-xxx.eu-central-1.compute.amazonaws.com;
location / {
proxy_pass http://localhost:8080;
location /$request_uri {
proxy_pass http://localhost$request_uri;
}
}
When hitting EC2 URL on my browser,I successfully seeing homepage of application.
But when I hit any url let's say /admin, Nginx redirects to my local computer's localhost:8080/admin not Server's localhost.
All i want is that when hit any url nginx should forward the request to localhost:8080{$URL} and return me the browser.
please suggest where I'm wrong.
Thanks In Advance.
You don't need to add the second location.
location / {
proxy_pass http://localhost:8080;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
this should be enough to access anything you need.
Related
I have a AWS EC2 instance running Linux with docker containers running gunicorn/django and an nginx reverse proxy.
I don't want it to redirect to https at the moment.
When I try to reach the url by typing out http://url.com in the browser it seems to automatically change to https://url.com and gives me ERR_CONNECTION_REFUSED. The request doesn't show up at all in the nginx access_log.
But when I try to reach it with curl I get a normal response and it does show up in the nginx access_log.
I have ascertained that the django security middleware is not the cause as the HSTS options are disabled.
I've tried clearing the browser cache and deleting the domain from the chrome security policies.
nginx config:
upstream django_server {
server app:8001 fail_timeout=0;
}
server {
listen 80;
server_name url.com www.url.com;
client_max_body_size 4G;
charset utf-8;
keepalive_timeout 5;
location /static/ {
root /usr/share/nginx/sdev/;
expires 30d;
}
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_pass http://django_server;
}
}
}
What am I overlooking?
I have a django app with gunicorn running on port 2333.In nginx.conf I set
server {
listen 80;
server_name mydomain.com;
location / {
proxy_cache my_cache;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:2333;
expires 30d;
}
now I can view my django app on address http://ipaddress:2333 and mydomain.com
but I don't want users to view my site by http://ipaddress:2333 .How to allow nginx only use mydomain.com to access my site.
I have tried to use "server default".It not worked.
server {
listen 2333 default;
server_name _;
return 500;
}
Nginx has nothing to do with that. Your Gunicorn (Django) app is listening on port 2333. Therefore, you can bypass nginx by connecting to http://$SERVER:2333. It will work even if you stop nginx.
What you need to do is tell gunicorn to listen only on the localhost, e.g. with --bind=127.0.0.1:2333. Then port 2333 will be accepting connections only from the local network interface.
I have a situation here with my Nginx reverse proxy configuration. My distribution is Ubuntu 14.04
I have a domain, let's call it foo.bar.net, and I want the /grafana endpoint to redirect to my grafana server (localhost:3000), the /sentry endpoint to redirect to my sentry server (localhost:9000) and finally, the /private endpoint to redirect to my django server (localhost:8001). I am using gunicorn for the tuneling between django and nginx.
Here is what I tried :
server {
# listen on port 80
listen 80 default_server;
# for requests to these domains
server_name foo.bar.net;
location /sentry {
# keep logs in these files
access_log /var/log/nginx/sentry.access.log;
error_log /var/log/nginx/sentry.error.log;
# You need this to allow users to upload large files
# See http://wiki.nginx.org/HttpCoreModule#client_max_body_size
# I'm not sure where it goes, so I put it in twice. It works.
client_max_body_size 0;
proxy_pass http://localhost:9000;
proxy_redirect off;
proxy_read_timeout 5m;
allow 0.0.0.0;
# make sure these HTTP headers are set properly
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /grafana {
proxy_pass http://localhost:3000;
proxy_redirect off;
proxy_read_timeout 5m;
allow 0.0.0.0;
# make sure these HTTP headers are set properly
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /private {
proxy_pass http://127.0.0.1:8001;
}
location /private/static/ {
autoindex on;
alias /home/user/folder/private/static/;
}
}
The server won't even start correctly, the config is not loading.
I would also like the / path to redirect to the private endpoint if possible.
Additionally, I am not even sure where to put this configuration (sites-available/??)
Can anyone help me with that ?
Thanks a lot,
There are some missing semicolons and other syntax errors. Look at main nginx error log for details and fix them one by one.
Where to put that config file depends on your distribution. For some of them it should be sites-available directory and symlink to that file inside sites-enabled directory for quick enabling and disabling sites, if you don't have sites-available and sites enabled directory, you should put it into conf.d dir in your distribution.
I’m new to Ring (and Clojure server-side programming in general). I have a Ring-based app that works well in “development mode”, i.e. it can listen on localhost:3000 and it responds appropriately. As part of deploying this app I’d like to change the base URL for the app to something like myserver.com/analytics/v1, so that for example a request that previously went to localhost:3000/foo should now go to myserver.com/analytics/v1/foo.
I guess I have two closely-related questions here: How can I tell Ring/Jetty to listen only at a certain URL that is not the root URL of the server? And how can I set this up so that I could add another app (for example, myserver.com/analytics/v2) without downtime for the first app? Do I need to write another Ring app that will listen on myserver.com/ and route the requests to my other apps as appropriate?
The way I'm currently handling this is let each Ring app run in it's own embedded Jetty instance, each listens on their own port, like for example: 8080 en 8085.
On the server I block these ports externally, so only localhost can access them.
Then I setup Nginx to select the right app based on the subdomain:
http://twitter.michielborkent.nl
http://tictactoe.michielborkent.nl
There are more advanced setups possible, but for me this is the one with least configuration.
Here is my nginx.conf. If you want to have more configuration details, just let me know.
server { listen 80;
server_name twitter.michielborkent.nl;
access_log /var/log/twitter-service.log;
location / {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
}
server { listen 80;
server_name tictactoe.michielborkent.nl;
access_log /var/log/tictactoe.log;
location / {
proxy_pass http://localhost:8085;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
}
Here’s how I adapted #Michiel Borkent’s nginx.conf to fit my needs:
server {
listen 80;
server_name www.myserver.com;
location /analytics/v1/ {
proxy_pass http://localhost:3001/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
location /trac/ {
proxy_pass http://localhost:3002/trac/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
}
With this situation I can just set my Ring app to serve on port 3001; I have Trac serving on port 3002, or I could have another Ring app or whatever. Both of these applications are accessible from www.myserver.com (port 80), just under different paths.
I'm developing with apache2 ( mpm-worker ) + mod_wsgi behind nginx which is silly since I have to sudo apache2ctl graceful for every update I make in anything but the template files.
My nginx conf is:
server {
listen 80;
server_name site.org;
access_log /www/site.org/log/access.log;
error_log /www/site.org/log/error.log;
location / {
proxy_pass http://127.0.0.1:8080/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Magic-Header "secret";
client_max_body_size 10m;
}
}
Would it be a matter of just binding proxy_pass to 127.0.0.1:3000 if 3000 is the port used by the django server?
Ack, didn't realize it was this easy... I..
copied the server {} settings into another file
changed the port to 3001
changed the server name to dev.site.org
updated my host records in the DNS to point to my server IP
restarted nginx
did manage.py runserver 3001.
All is well :)