I need to run multiple https urls on single domain
Here is my nginx file. I ran front-end with the below settings on https. Now my dashboard is running on https and my api are on http.
server {
listen 443;
ssl on;
ssl_certificate bundle_chained.crt;
ssl_certificate_key mykey.key;
server_name my_domin.com;
location / {
proxy_pass my_host:port;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_redirect off;
}
}
Now obviously it cannot hit on https to http. So I want to run api's on https by changing the above configuration.(I don't have wild-card ssl)
How can I do that. Thank you in advance
Related
Been struggling with an Nginx(1.18.0) configuration for a forward proxy. We use specific EC2 boxes as forward proxies and that allows us to send their EIP for whitelisting purpose. So Nginx has been used for several cases including mtls and that had always worked fine. But this time the partner is using AWS API Gateway and this seems not to work. When I used curl and openssl with the client cert and key it works fine but as long as I am using nginx it still throws an http error 400.
Below is the configuration I am currently using.
server {
listen 11013;
server_name localhost;
access_log /var/log/nginx/forward_partner_x_nginx_proxy_access.log;
error_log /var/log/nginx/forward_partner_x_nginx_proxy_error.log warn;
proxy_ssl_certificate /root/partner_x_ssl/uat_chain.crt;
proxy_ssl_certificate_key /root/partner_x_ssl/uat.key;
resolver 8.8.8.8;
set $partner_x_upstream https://api.partner_x.app;
location /test {
access_log off;
return 200;
}
location / {
proxy_set_header Host $proxy_host;
proxy_pass $partner_x_upstream;
#proxy_pass_request_headers on;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_ssl_protocols TLSv1.2;
proxy_ssl_server_name on;
proxy_buffering off;
proxy_ssl_name xx.xx.xx.xx;
#add_header Content-Type application/json;
}
}
I have tried several iteration of this config and it still didn't work. Because of the client certificate, i am not able to see anything significant over a captured tcpdump.
has anyone able to have a similar config working ? Grateful if you could share some lights on what I am doing wrong here. Thanks in advance.
Best Regards,
I have been trying to get my app to run on https. It is a single instance, single container docker app, that runs dart code and serves on 8080. So far, the app runs on http perfectly. I do not have, nor want, a load balancer.
I have followed the directions here: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/https-singleinstance-docker.html and here: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https-httpredirect.html. I also have it configured to connect to my site at "server.mysite.com". I am getting the refused to connect error. I am sort of a noob to this, so if you need more information let me know.
The issue is that the instance is not listening on 443. So it turns out that since I deployed on AWS Linux 2, there is a different way of configuring the location of the https.conf file that the docs make you make.
Here is a ref https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/platforms-linux-extend.html. Essentially, I made a folder in the root (next to .ebextensions) and added a file with the following path .platform/nginx/conf.d/https.conf with the contents of the file the wanted in the docs, eg.
server {
listen 443;
server_name localhost;
ssl on;
ssl_certificate /etc/pki/tls/certs/server.crt;
ssl_certificate_key /etc/pki/tls/certs/server.key;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
I am having some challenges trying to get a reverse proxy working with the API gateway. I have configured all the UI components and things are working well with the reverse proxy. I have configured the API locally and it works...but I can't find any documentation on setting up a gateway proxy. I've tried creating several gateway environments using a number of configuration and the best I can get is
Message dispatched to the main sequence. Invalid URL.
Anybody successfully implemented this? I want the proxy endpoint to be on 443 to avoid any port modifications. Whenever I publish the API it wants to use 8280 on the backend...just not sure what to do and there are no examples or docs anywhere I can find.
Thanks for your help.
What are you using as a reverse proxy? is it NGINX?
If you are using NGINX, you have to configure Nginx.conf as follows to expose API gateway.
upstream sslgw.am.wso2.com {
server 127.0.0.1:8243;
server 127.0.0.1:8244;
#ip_hash;
}
server {
listen 443;
server_name gw.am.wso2.com;
proxy_set_header X-Forwarded-Port 443;
ssl on;
ssl_certificate /usr/local/Cellar/nginx/1.17.7/ssl/nginxLab.crt;
ssl_certificate_key /usr/local/Cellar/nginx/1.17.7/ssl/nginxLb.key;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_read_timeout 5m;
proxy_send_timeout 5m;
proxy_pass https://sslgw.am.wso2.com;
}
#access_log /usr/local/Cellar/nginx/1.17.7/log/gw/https/access.log;
#error_log /usr/local/Cellar/nginx/1.17.7/log/gw/https/error.log;
}
I'm trying to configure my app to run on ec2 with some difficulty.
It's a multi container app built with docker-compose consisting of django, drf, channels, redis gunicorn, celery and nuxt for frontend.
I've an instance running and can SSH to the instance and install the relevant packages, docker nginx docker-compose etc.
What I can't do is edit my app.conf nginx file to use the public ip 33.455.234.23 (example ip)
To route the backend, rest and frontend.
I've created and app.conf nginx file which works fine local but when I try edit the nginx files
after install to configure my app to the public ip's I run into errors.
The error I have when writing my config is
2020/11/13 01:59:17 [emerg] 13935#0: "http" directive is not allowed here in /etc/nginx/default.d/app.conf:3
nginx: configuration file /etc/nginx/nginx.conf test failed
This is my nginx config
worker_processes 1;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
client_max_body_size 100m;
upstream asgiserver {
server asgiserver:8000;
}
upstream nuxt {
ip_hash;
server nuxt:3000;
}
server {
listen 80 default_server;
server_name localhost;
location ~ /(api|admin|static)/ {
proxy_pass http://asgiserver;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
}
location /ws/ {
proxy_pass http://asgiserver;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# proxy_redirect off;
}
location / {
proxy_pass http://nuxt;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
}
}
}
What am I doing wrong here? What to I need to do in order to have my app running via reverse proxy on my ec2 public address?
It looks like this configuration file isn't treated as the main configuration file by nginx but being included from the main main configuration file /etc/nginx/nginx.conf which in turn already contains the http block with the include directive within, something like
include /default.d/*.conf;
Check this, if it is true, remove everything except upstream and server configuration blocks from the /etc/nginx/default.d/app.conf file. Move the client_max_body_size directive inside the server block.
I am trying to launch my web app with Django, Angular, and Nginx. During the development phase I made services within Angular that send requests to 127.0.0.1:8000 I was able to get my Angular project to display over my domain name. However, when I try to log into my app over another network it won't work. Is this because I am pointing at 127.0.0.1:8000? Do I need to configure a web server gateway or api gateway for Django? Do I need to point the services in Angular to a different address? Or did I configure something wrong within Nginx? if anyone can help me I would greatly appreciate it.
upstream django_server{
server 127.0.0.1:8000;
}
server{
listen 80;
listen 443 ssl;
server_name example.com www.example.com;
ssl_certificate C:/Certbot/live/example.com/fullchain.pem;
ssl_certificate_key C:/Certbot/live/example.com/privkey.pem;
root /nginx_test/www1/example.com;
index index.html;
location = /favicon.ico {
return 204;
access_log off;
log_not_found off;
}
location /api-token/ {
proxy_pass http://django_server/api-token/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
I think the reason is in your Angular service configuration. Instead of 127.0.0.1 try to change it to your REST API server IP address.
As I understand in your case when you open your app in the browser you load all static files into your pc/laptop browser. Because of that every time when you trigger frontend service you try to get response from your laptop/pc instead of your backed server.