We Keep Coding

NICE DCV behind Nginx reverse proxy, "Failed to communicate with server."

I have Nginx running on an Amazon Linux EC2 instance. It is listening for connections to https://dcv01.example.com and then using proxy_pass with a wildcard cert to serve the DCV client from an internal IP address. The page displays properly with no SSL errors. However, instead of the login prompt, I get a red message that says "Failed to communicate with server.".
I attempted to use the allowed-http-host-regex with the value ^(www\.)?dcv01\.example\.com$, but then I get a 403. I also tried allowed-ws-origin-regex, but it does nothing different (still get Failed to communicate...)
What do I need to do to get DCV working behind a reverse proxy?
Here is the server block in my Nginx config:
server {
listen 443 ssl;
server_name dcv01.example.com;
include wildcard.conf; //just has ssl_certificate and ssl_certificate_key directives
location / {
proxy_redirect off;
proxy_pass $scheme://10.0.10.131:8443;
}
}

How to provide https requests in EC2 Instances?

I have deployed a python script which works using Uvicorn. I have installed nginx on my Ubuntu ec2 instance and installed all requirements to run my script. I have created a file named as Hosting in directory /etc/nginx/sites-enabled/ . My file looks like this
server {
listen 80;
server_name 12.34.56.78 (this is an pseudo IP);
location / {
proxy_pass http://127.0.0.1:8000;
}
}
When I run my script using this command, it starts serving the application on Ip 12.34.56.78
gunicorn3 -k uvicorn.workers.UvicornWorker app:app
To access the API urls I have to use http://12.34.56.78 (not https) and it works correctely but I want it to work on https://12.34.56.78 (with https) .
I tried to change the Hosting file and change the listen 80 to listen 443
server {
listen 443 <- made changes;
server_name 12.34.56.78 (this is an pseudo IP);
location / {
proxy_pass http://127.0.0.1:8000;
}
}
But unfortunately it is not working, I changed the Inbound secrity rules in AWS to accept https and http but it's not working too.
When I try to go https://12.34.56.78 , the webpage says
This site can’t provide a secure connection 12.34.56.78 sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
Could anyone find the mistake ? Thank you in advance

Prevent Nginx from changing host

I am building an application which is right now working on localhost. I have my entire dockerized application up and running at https://localhost/.
HTTP request is being redirected to HTTPS
My nginx configuration in docker-compose.yml is handling all the requests as it should.
I want my application accessible from anywhere hence i tried using Ngrok to route the request to my localhost. Actually i have a mobile app in development so need a local server for apis.
Now, when i enter ngrok's url like abc123.ngrok.io in the browser, the nginx converts it to https://localhost/. That works for my host system's browser, as my web app is working there only, but when i open the same in my mobile emulator. It doesn't work.
I am newbie to nginx. Any suggestions will be welcomed.
Here's my nginx configuration.
nginx.conf
upstream web {
ip_hash;
server web:443;
}
# Redirect all HTTP requests to HTTPS
server {
listen 80;
server_name localhost;
return 301 https://$server_name$request_uri;
}
# for https requests
server {
# Pass request to the web container
location / {
proxy_pass https://web/;
}
location /static/ {
root /var/www/mysite/;
}
listen 443 ssl;
server_name localhost;
# SSL properties
# (http://nginx.org/en/docs/http/configuring_https_servers.html)
ssl_certificate /etc/nginx/conf.d/certs/localhost.crt;
ssl_certificate_key /etc/nginx/conf.d/certs/localhost.key;
root /usr/share/nginx/html;
add_header Strict-Transport-Security "max-age=31536000" always;
}
This configuration i got from a tutorial.

First of all, you set redirection from every HTTP request to HTTPS:
# Redirect all HTTP requests to HTTPS
server {
listen 80;
server_name localhost;
return 301 https://$server_name$request_uri;
}
You are using $server_name variable here, so every /some/path?request_string HTTP request to your app would be redirected to https://localhost/some/path?request_string. At least change the return directive to
return 301 https://$host$request_uri;
Check this question for information about difference between $host and $server_name variables.
If these are your only server blocks in your nginx config, you can safely remove the server_name localhost; directive at all, those blocks still remains the default blocks for all incoming requests on 80 and 443 TCP ports.
The second one, if you are using self-signed certificate for localhost be ready for browser complains about mismatched certificate (issued for localhost, appeared at abc123.ngrok.io). If it doesn't break your mobile app, its ok, but if it is, you can get the certificate for your abc123.ngrok.io domain from Lets Encrypt for free after you start your ngrok connection, check this page for available ACME clients and options. Or you can disable HTTPS at all if it isn't strictly requred for your debug process, just use this single server block:
server {
listen 80;
# Pass request to the web container
location / {
proxy_pass https://web/;
}
location /static/ {
root /var/www/mysite/;
}
}
Of course this should not be used in production, only for debugging.
And the last one. I don't see any sense encrypting traffic between nginx and web containers inside docker itself, especially if you already setup HTTP-to-HTTPS redirection with nginx. It gives you nothing in the terms of security but only some extra overhead. Use plain HTTP protocol on port 80 for communications between nginx and web container:
upstream web {
ip_hash;
server web:80;
}
server {
...
location / {
proxy_pass http://web;
}
}

Error while hitting DNS via Amazon Route53 to the given hosts

SETUP
R53--->ELB(Classic+SSL)--->Nginx(just one instance)
I have a application running on my Nginx server which is listening on port 80. The Nginx instance is working fine and i can hit it via its public IP.
I have now placed a ELB in front of my Nginx , ELB registers my instance as healthy and i can hit ELB(classic) public URL to reach my website. I am terminating SSL on ELB itself
Now when i place a CNAME entry on Route53 ,and point this to my ELB i reach
503 Service Unavailable : No server is available to handle this request.
I tried a lot of things but not sure why this happens.
My Nginx file looks like :
server {
listen 80 ;
listen [::]:80;
root /home/ubuntu/partner/public;
index index.html index.htm index.nginx-debian.html;
# Make site accessible from http://asw.xyz.community/
#server_name drone.xyz.community;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log debug;
#return 301 $schema://www.drone.xyz.community$request_uri;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.html;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
}

add the server_name directive to nginx config. Also see How nginx processes a request.
Server names are defined using the server_name directive and determine
which server block is used for a given request. See also “How nginx
processes a request”. They may be defined using exact names, wildcard
names, or regular expressions:
server_name <Your Route53 Domain Name>;

why nginx server_name matches example.com when it is not setup as that?

Based on my understadning of the doc, server_name decides which server block will be used.
I have an AWS EC2 instance, and my nginx setup is like the following, where I just simply want to redirect all http requests to https. However, my server_name was mistakenly setup as the following instead of example.com.
server {
listen 80;
server_name ip-xxx-xx-xx-xx.example.com;
return 301 https://example.com$request_uri;
}
However, when I go to http://example.com, I do get redirect to https://example.com, I wonder why that is happening, shouldn't nginx fail to match my http request to that server block since the server_name is not example.com?