I'm trying to deploy a web application to my server. I have put the html files in one folder and I have a django server running on the same server. I am using nginx to set up reverse proxy for the backend but for some reason I'm not able to route to backend urls.
Here is my nginx configuration:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://example.com$request_uri;
}
server {
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
server_name example.com example.com;
root /var/www/html/;
index index.html;
# Let's Encrypt parameters
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
try_files $uri $uri/ = index.html;
}
location /api {
proxy_pass http://unix:/run/gunicorn.sock;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}
In the first block..I'm setting fallbacks to index.html because it is an angular app.
The angular app runs fine.
But I'm not able to access the routes of the reverse proxy server, whenever I hit a route with /api/something it takes me back to the angular app i.e index.html
It was very simple, I had to modify the path block like this
location ~^/(admin|api) {
proxy_pass http://unix:/run/gunicorn.sock;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
Related
It's my first time deploying an application on a deployment environment so I am a complete beginner at this, I have an nginx proxy server (call it server1) on an instance with an exposed IP to the internet & it routes requests to another server on a different instance (call it server2) that hosts my Django application, the conf file for server1 goes like this :
`server{
server_name _;
location / {
proxy_pass_header Authorization;
proxy_pass http://10.156.0.4:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection “”;
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
}
listen 443 ssl;
listen [::]:443 ssl;
include snippets/self-signed.conf;
include snippets/ssl-params.conf; }
server{
listen 80;
listen [::]:80;
server_name _;
return 302 https://35.246.244.220;}
and the second server:
server{
listen 80;
listen [::]:80;
server_name _;
location / {
proxy_pass_header Authorization;
proxy_pass http://10.156.0.4:8880;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection “”;
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
}
location /static/ {
alias /opt/app/mydjangoapp/staticfiles/;
autoindex off; }
}
I am running my django application using this command python manage.py runserver 0.0.0.0:8880 & I also did collectstatic before running the application.
Everything works fine when i edit proxy_pass in server1 to http://10.156.0.4:8880 directly but i needed the second nginx server so i can serve the static files for my application.
I feel like I am doing something obviously wrong here, but for the life of me i can't figure it out.
I figured out the problem, there was a firewall rule between those two instances that didn't allow ingress or egress from port 80, only port 8880. Didn't think of this at all!
I configured API cluster with Nginx Load Balancer by manuals :
https://docs.wso2.com/display/AM250/Configuring+the+Proxy+Server+and+the+Load+Balancer
https://docs.wso2.com/display/CLUSTER44x/Setting+up+a+Cluster
I tried to use a self-signed certficate or commercial cert for LB, but when i open LB web-page on 443 port i have the same errors in logs:
SSL_do_handshake() failed (SSL: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:SSL alert number 42) while SSL handshaking to upstream.
What is the problem?
Nginx config:
upstream server1 {
server x.x.x.x:9443;
}
upstream server2 {
server x.x.x.x:8243;
}
server {
listen 80;
server_name server1.com;
rewrite ^/(.*) https://server1.com/$1 permanent;
}
server {
listen 443;
server_name server1.com;
proxy_set_header X-Forwarded-Port 443;
ssl on;
ssl_certificate /etc/nginx/ssl/server1.cer;
ssl_certificate_key /etc/nginx/ssl/server1.key;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_read_timeout 5m;
proxy_send_timeout 5m;
proxy_pass https://server1.com;
}
}
server {
listen 443;
server_name server1.com;
proxy_set_header X-Forwarded-Port 443;
ssl on;
ssl_certificate /etc/nginx/ssl/server1.cer;
ssl_certificate_key /etc/nginx/ssl/server1.key;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_read_timeout 5m;
proxy_send_timeout 5m;
proxy_pass https://server1.com;
}}
I tried to make run the tutorial from the channels docs on my production server, using ssl.
After a few hours i managed to get a connection but it instantly disconnects :
None - - [12/Mar/2018:17:42:22] "WSCONNECTING /ws/chat/bibou/" - -
None - - [12/Mar/2018:17:42:22] "WSCONNECT /ws/chat/bibou/" - -
None - - [12/Mar/2018:17:42:23] "WSDISCONNECT /ws/chat/bibou/" - -
my stack is
ubuntu 16.04
nginx 1.10.3
channels==2.0.2
daphne==2.1.0
channels-redis==2.1.0
Twisted==17.9.0
I have the exact copy paste of the code from the tutorial, except for this part in room.html
var chatSocket = new WebSocket(
'wss://' + window.location.host +
':8443/ws/chat/' + roomName + '/');
and here is my nginx conf
server {
#http
listen 80;
server_name domain.com;
root /usr/share/nginx/html;
include /etc/nginx/default.d/*.conf;
location / {
return 301 https://$server_name$request_uri;
}
}
server {
#https
listen 443 ssl;
listen 8443 ssl;
server_name domain.com;
root /usr/share/nginx/html;
ssl_certificate "/etc/letsencrypt/live/domain.com/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/domain.com/privkey.pem";
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
add_header Strict-Transport-Security "max-age=31536000";
include /etc/nginx/default.d/*.conf;
location /static/ {
root /home/ubuntu;
}
location /media/ {
root /home/ubuntu;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://unix:/home/ubuntu/tlebrize/Project.sock;
}
location /ws/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://unix:/home/ubuntu/tlebrize/Daphne.sock;
}
}
I run daphne with daphne -u Daphne.sock Project.asgi:application -v 3
I also tried bypassing nginx and using sudo daphne -e ssl:8443:privateKey=/etc/letsencrypt/live/domain.co/privkey.pem:certKey=/etc/letsencrypt/live/domain.co/fullchain.pem Project.settings:CHANNEL_LAYERS
but i had the same results.
The front break with the message Chat socket closed unexpectedly with the error code 1011 (Internal Error) and no reason.
I managed to make it work, it was an issue with nginx and/or using ReconnectingWebSocket. here's my whole working conf:
nginx
server {
#http
listen 80;
server_name domain.co;
root /usr/share/nginx/html;
include /etc/nginx/default.d/*.conf;
location / {
return 301 https://$server_name$request_uri;
}
}
server {
#https
listen 443 ssl;
server_name domain.com;
root /usr/share/nginx/html;
ssl_certificate "/etc/letsencrypt/live/domain.com/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/domain.com/privkey.pem";
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
add_header Strict-Transport-Security "max-age=31536000";
include /etc/nginx/default.d/*.conf;
location /static/ {
root /home/ubuntu;
}
location /media/ {
root /home/ubuntu;
}
location /ws/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:8443;
}
location / {...}
}
daphne
sudo /home/ubuntu/venv/bin/daphne -e ssl:8443:privateKey=/etc/letsencrypt/live/domain.com/privkey.pem:certKey=/etc/letsencrypt/live/domain.com/fullchain.pem Project.asgi:application -v 3
js
var chatSocket = new ReconnectingWebSocket(
'wss://' + window.location.host +
':8443/ws/chat/' + roomName + '/');
I had this problem because I've forgot to include CHANNEL_LAYERS to settings.py.
Server was even able to send 1-2 messages before disconnecting.
This was resulting in error 1011 when connecting through nginx and 1006 when connecting directly without https/wss. I tried both uvicorn and daphne.
https://mydomainName.com --> AWS-ELB [ingress 443 --> egress 80]) --> OmnibusGitlab
Now Omnibus redirects to the following and times out
http://mydomainName.com/users/sign_in
Any way to debug this issue.
Full path has to be in https because if you are going forward via reverse proxy that accepts https and the you have to come back as as https.
Separate the Nginx configuration because Omnibus solution have to constrains that block the flexibility we have on standard nginx.
Do the following to make this change:
edit /etc/gitlab/gitlab.rb
and add
nginx['enable'] = false
web_server['external_users'] = ['www-data'] #for ubuntu nginx user
web_server['external_users'] = ['nginx'] # for centos 6-7
Add the following configuration to enable gitlab via simple nginx
/etc/nginx/site-availabe/server
server {
listen *:443 default_server ssl;
ssl_certificate /etc/ssl/certs/myserver.crt;
ssl_certificate_key /etc/ssl/private/myserver.key;
server_name myhostname.com
server_tokens off;
root /opt/gitlab/embedded/service/gitlab-rails/public;
client_max_body_size 50m; #or 5000
access_log /var/log/gitlab/nginx_access.log;
error_log /var/log/gitlab/nginx_error.log;
location / {
try_files $uri $uri/index.html $uri.html #gitlab;
}
location #gitlab {
proxy_read_timeout 300; # Some requests take more than 30 seconds.
proxy_connect_timeout 300; # Some requests take more than 30 seconds.
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://gitlab;
}
error_page 502 /502.html;
}
gitlab-redirect
/etc/nginx/sites-available/gitlab-redirect
server {
listen 80;
server_name myhostname.com;
return 301 https://myhostname.com;
}
I have following problem, i'm trying to put a Django app with an gunicorn server on my VPS running Nginx. My nginx config looks like this:
upstream app_name {
server unix:/path/to/socket/file.sock fail_timeout=10;
}
server {
listen 80 default_server;
listen[::]:80 default_server ipv6only=on;
root /webapps/;
server_name my_hostname.com;
location / {
proxy_set_header Host $http_host;
}
location /appname/ {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_name;
}
}
However when i navigate to my_server.com/appname/ i constantly get 404 error. I'm still new to Nginx, could someone point me in the right direction on how to set the proxy_pass for /appname/ path? I should point out that when location for /appname/ is replaced with / the django app is running fine.
You just need a trailing slash for proxy_pass:
proxy_pass http://app_name/;
it helps you to cut the "appname" prefix so the config looks like:
upstream app_name {
server unix:/path/to/socket/file.sock fail_timeout=10;
}
server {
listen 80 default_server;
listen[::]:80 default_server ipv6only=on;
root /webapps/;
server_name my_hostname.com;
location /appname/ {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_name/;
}