I have django rest framework behind nginx proxy and some frontend on vue js.
The problem is that I have urls with "http" but I need it to be "https":
"images": [
{
"id": 2,
"image": "http://localhost:8000/media/documents/2019/02/26/d59b9c8d-bb36-4461-97ad-7455f19637b8/FVbJkfww_Sk.jpg"
},
{
"id": 1,
"image": "http://localhost:8000/media/documents/2019/02/26/902e5729-f7fd-480b-bf39-bca65a83038e/%D0%B4%D0%B6%D0%B5%D0%BA%D0%B8-%D1%87%D0%B0%D0%BD-%D0%BC%D0%B5%D0%BC-%D1%88%D0%B0%D0%B1%D0%BB%D0%BE%D0%BD.jpg"
}
]
nginx is configured like that:
server {
listen 8443 ssl;
server_name backend.mysite.net;
client_max_body_size 3200m;
proxy_connect_timeout 3000;
proxy_send_timeout 3000;
proxy_read_timeout 3000;
send_timeout 3000;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE_ADDR $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8000;
}
My django config os below:
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SECURE_SSL_REDIRECT = True
USE_X_FORWARDED_HOST = True
You are missing proxy_set_header X-Forwarded-Proto https in your location
Update to
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE_ADDR $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https
proxy_pass http://localhost:8000;
}
If that doesn't work try
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https
proxy_redirect off;
proxy_pass http://localhost:8000;
}
Related
I have a problem with connecting my fronted(react/Axios) to backend(Django) data hosted on VPS using Nginx and docker. The problem is weird because I can connect to API by Postman. The issue appears when I try to get data from my frontend(localhost:3000) or from netlify app.
There is Nginx code:
upstream 127.0.0.1 {
server django_gunicorn:8000;
}
server {
listen 80;
location / {
proxy_pass http://127.0.0.1;
}
location /ws {
proxy_pass http://127.0.0.1;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
location /static/ {
alias /static/;
}
location /media/ {
alias /code/media/;
}
}
EDIT:
I changed my server name to django_api and i added three more lines in location /, afterwards everything works.
upstream django_api {
server django_gunicorn:8000;
}
server {
listen 80;
location / {
proxy_pass http://django_api;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
}
location /ws {
proxy_pass http://django_api;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
I'm trying to use WSO2 Identity Server behind a reverse proxy to not expose ip and port when I use wso2 custom pages like "Create Password" and "Reset Password", but I'm getting an error.
When I try to log in on carbon it redirect to login_action.jsp and it shows:
login_action.jsp - 403 Forbidden.
The steps that I did to configure were:
deployment.toml
[server]
offset = "1"
hostname = "example.com"
node_ip = "xxx.xxx.xx.xxx"
base_path = "https://$ref{server.hostname}:${carbon.management.port}"
proxy_context_path = "/is"
[transport.https.properties]
proxyPort = 443
nginx.conf
server {
server_name example.com;
access_log /var/log/nginx/dev_mtz_access.log;
error_log /var/log/nginx/example.com.error_log debug;
proxy_cache one;
proxy_cache_key $request_method$request_uri;
proxy_cache_min_uses 1;
proxy_cache_methods GET;
proxy_cache_valid 200 1y;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
listen 80;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/certs/cup.crt;
ssl_certificate_key /etc/letsencrypt/private/cup.key;
rewrite \w*(carbon|admin)$ $1/ permanent;
location /is/ {
proxy_pass https://csm-wso2-is:9444/;
proxy_redirect https://example.com/authenticationendpoint/ https://example.com/is/authenticationendpoint/;
proxy_redirect https://example.com/accountrecoveryendpoint/ https://example.com/is/accountrecoveryendpoint/;
proxy_redirect https://example.com/oauth2/ https://example.com/is/oauth2/;
proxy_redirect https://example.com/carbon/ https://example.com/is/carbon/;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
# Proxy headers
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Host $host;
# Proxy timeouts
proxy_connect_timeout 3600s;
proxy_send_timeout 3600s;
proxy_read_timeout 3600s;
}
location /carbon/admin/js/csrfPrevention.js {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_read_timeout 5m;
proxy_send_timeout 5m;
proxy_pass https://example.com/is/carbon/admin/js/csrfPrevention.js;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
I didn't find any documentation explaining how to achieve, only on WSO2-APIM
If you don't need a subcontext the easiest way is to route everything coming to the root context (/) to port 9443. Here is a sample Nginx config block.
upstream ssl.wso2.is.com {
server xxx.xxx.xxx.xx3:9443;
server xxx.xxx.xxx.xx4:9443;
ip_hash;
}
server {
listen 443;
server_name is.wso2.com;
ssl on;
ssl_certificate /etc/nginx/ssl/wrk.crt;
ssl_certificate_key /etc/nginx/ssl/wrk.key;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_read_timeout 5m;
proxy_send_timeout 5m;
proxy_pass https://ssl.wso2.is.com;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
The documentation is here.
I'm using AWS kibana to search and view the logs that Logstash has indexed. Right now i'm using the default URL from AWS and is only restricted to my IP address. I need to proxy_pass it through nginx, i tried to follow this doc: https://sysadmins.co.za/aws-access-kibana-5-behind-elb-via-nginx-reverse-proxy-on-custom-dns/
But kibana is not loading. I'm getting the following error:
Kibana: Not Found
Error: Not Found
at respond (http://IP/index.js?_b=7562:85344:15)
at checkRespForFailure (http://IP/index.js?_b=7562:85312:7)
at http://IP/index.js?_b=7562:83950:7
at wrappedErrback (http://IP/index.js?_b=7562:20902:78)
at wrappedErrback (http://IP/index.js?_b=7562:20902:78)
at wrappedErrback (http://IP/index.js?_b=7562:20902:78)
at http://IP/index.js?_b=7562:21035:76
at Scope.$eval (http://IP/index.js?_b=7562:22022:28)
at Scope.$digest (http://IP/index.js?_b=7562:21834:31)
at Scope.$apply (http://IP/index.js?_b=7562:22126:24)
Adding Nignx conf:
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name kibana.mydomain.com;
# for elb health checks
location /status {
root /usr/share/nginx/html/ ;
}
location / {
proxy_set_header Host search-aws-es.eu-west-1.es.amazonaws.com;
proxy_set_header X-Real-IP <public-ip-for-instance>;
proxy_http_version 1.1;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Proxy-Connection "Keep-Alive";
proxy_set_header Authorization "";
proxy_pass https://search-aws-es.eu-west-1.es.amazonaws.com/_plugin/kibana/;
proxy_redirect https://search-aws-es.eu-west-1.es.amazonaws.com/_plugin/kibana/ http://<public-ip-for-instance>/kibana/;
}
location ~ (/app/kibana|/app/timelion|/bundles|/es_admin|/plugins|/api|/ui|/elasticsearch) {
proxy_pass http://search-aws-es.eu-west-1.es.amazonaws.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
}
}
On your last location block, add /_plugin/kibana, that fixed it for me.
My working setup (with a VPC based ES but that shouldn't change much as long as you authorize the IP of your proxy within the ES access policy):
server {
listen 80;
server_name kibana.mydomain.com
location / {
proxy_http_version 1.1;
# proxy_set_header Host https://asdfadsfasdfasdf.regionxxx.es.amazonaws.com;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Proxy-Connection "Keep-Alive";
proxy_set_header Authorization "";
proxy_pass https://asdfadsfasdfasdf.regionxxx.es.amazonaws.com/_plugin/kibana/;
}
location ~ (/_plugin/kibana|/app/kibana|/app/timelion|/bundles|/es_admin|/plugins|/api|/ui|/elasticsearch) {
proxy_pass https://asdfadsfasdfasdf.regionxxx.es.amazonaws.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header Authorization "";
}
}
I've an Nginx 1.6.2, working as proxy. The backend HTTP server is an Apache.
I'ld like to control the number of connections certain URL, in some vhosts. The exact "location" form is works, but if I pass a regex to "location", it doesn't.
server {
listen 80;
server_name www.myhost.com;
location ~* ^/.*ABCD_promo.*$ {
limit_req zone=one burst=5;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://vm-apache4;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://vm-apache4;
}
}
In nginx.conf, I've this directive:
limit_conn_zone $binary_remote_addr zone=addr:10m;
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
before the config part(s) above.
When I change the "location ~* ^/.*ABCD..." to "location /ABCD_promo", then it works. What em I misses?
I have my frontend server running nginx. The backend is on another machine on the same VPN. This is its config:
server {
listen 80;
server_name *.vpn.domain.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://10.8.25.102:8100/;
proxy_redirect http://10.8.25.102:8100/ http://$server_name/;
}
}
I would like to pass a different host to the backend... I'd like the backend to receive, for requests done tosubdomain.vpn.domain.com the host subdomain.local.domain.com
Is there any way to do this? I'm looking for a regexp substitution (or even a substring substitution) but I'm having surprisingly little success... I thought it would be a piece of cake. I think the solution would be in the lines of
server {
listen 80;
server_name *.vpn.domain.com;
set $my_host $http_host;
replace $my_host .vpn. .local.
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $my_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://10.8.25.102:8100/;
proxy_redirect http://10.8.25.102:8100/ http://$server_name/;
}
}
It's just that I haven't found yet the proper syntax for replace $my_host .vpn. .local. I don't really care about multiple substitutions... I won't have a.vpn.a.vpn.domain.com
I finally figured it out, I can do
if ($http_host ~ ^(.*)\.vpn\.(.*)$) {
set $my_host $1.local.$2;
}
And then, as there're CSRF validations in place, I also need to rewrite the Referer... so this is how it ended up looking
server {
listen 80;
server_name *.vpn.domain.com;
set $my_host $http_host;
if ($http_host ~ ^(.*)\.vpn\.(.*)$) {
set $my_host $1.local.$2;
}
set $referer $http_referer;
set $referer_host no;
if ($http_referer ~ ^(https?://)([^/]+)(/.*)$) {
set $referer_host $2;
set $rewritten_referer $1$my_host$3;
}
if ($referer_host = $http_host) {
set $referer $rewritten_referer;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $my_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Referer $referer;
proxy_set_header IS_SECURE no;
proxy_pass http://10.8.25.102:8100/;
proxy_redirect https://$my_host/ https://$http_host/;
proxy_redirect http://$my_host/ http://$http_host/;
}
}