I was setting up nginx on my aws ubuntu instance. At first every time went well, but after I config nginx and try to connect django, I can't even see the welcome page from either public ip nor the localhost(which was able to access from both sides). The nginx status command shows nginx is running.
Here's my nginx config:
/nginx/sites-available/mysite.com
server{
charset utf-8;
listen 80;
server_name my_aws_ip;
location /static{
alias my_django_static_path;
}
location / {
proxy_set_header Host $host;
proxy_pass http://unix:tmp/mysite.socket;
}
}
And I made a link to /nginx/sites-enabled/
It appears that every time I restarted nginx, I will be able to see the welcome page. However, after that, nginx refuses connections.
I didn't change anything in nginx.conf. Do I need to?
server_name should be your domain name, IP address should be specified as part of the listen directive
proxy_pass http://unix:tmp/mysite.socket;
Not sure where you are hoping this will end up, but you need to decide if you are sending it via http or to a socket. Not both. Having said that if it's for django then it's not proxy_pass you want at all
I'm guessing you mean:
uwsgi_pass unix:/tmp/mysite.socket;
You'll also need to include these somewhere in your config
Related
I'm trying to set up a django app with gunicorn and ngix. I followed this tutorial. Everything seems to be working but when I edit the server_name in /etc/nginx/sites-available/project to anything other than the serevr ip address I get the default nginx index page instead of the django app. When this is the server config:
server {
listen 80;
server_name <myserverip>;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/django/project;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
everything works as expected (nginx serves the app) when I put the ip address into my browser, but if the I add a domain name to replace the ip or in addition to the ip all I get is the nginx page in either location. My ALLOWED_HOSTS in settings.py includes the server ip and the domain name. I cannot see any issue in the nginx logs either. Not sure what the issue is at this point.
You should be able to change the server_name to include your domain:
server_name <myserverip> <mydomainname>;
Feel free to drop the ip address if you only want to be able to access the site using your domain name. You'll also want to add any subdomains (i.e. www) you want to serve the same site. For example:
server_name youdomainname.com www.yourdomainname.com;
Don't forget to restart nginx after updating the config file.
In server_name you can write an IP or URL, but at the same time in your settings.py you must give it permission.
[settings.py]
ALLOWED_HOSTS = ['IP', 'URL']
Here, I uploaded something to my github that can help you:
Github/Nginx
I solved the issue. The nginx default configuration /etc/nginx/sites-available/default was shadowing mine. I commented out the server portion of the default configuration and the domain is working as expected.
Intro
I am building a web app using the latest Django version along with python3.7. The app is dockerized and I plan to deploy with docker-compose. Inside the container, I use nginx to proxy traffic to the application and not expose it directly. Also, I use apache in server level to proxy traffic to various other containers hosted on the same machine.
In the Django application, I use oauth2 to authenticate to Fitbit Web API and the issue I am facing is that the django-social-auth is passing the hostname automatically as a redirect_uri which now, after a lot of configuration with all those proxies, works perfectly in HTTP but when I use HTTPS although the app responds normally the redirect_uri is still http which obviously is not allowed by fitbit and very risky.
Although it is very hard for me to locate in which level the problem occurs I have tried various things but nothing seems to work out.
What I have tried
First
I tried to make my container listen to https request which seemed the most appropriate solution to me but ended getting 502 errors from the Apache.
I tried to find a solution on this by adding some configuration to the virtual host file like
#Solution 1
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyPass / https://localhost:83/ Keepalive=On #Solution 2 (keep alive)
ProxyPassReverse / https://localhost:83
But at last, I found out that it was not an apache issue but that the nginx inside the container was not responding although the traffic was routed to 443 port using HTTPS
Second
I tried to route traffic from the apache https to containerd nginx HTTP ( which does not make so much sense to me ) which makes the application respond normally but and results the redirect_uri error I mentioned above
As you can see I more or less confused and any kind of hint or help could be very useful
Update 1
The nginx configuration as requested in the comments
server {
listen 80;
listen 443 default_server ssl;
server_name localhost;
charset utf-8;
location /static {
alias /app/static/;
}
location /upload {
alias /app/media/;
}
location / {
proxy_pass http://web:8000;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
I was able to fix the issue by adding the following configuration on the settings.py. I also added a control conditional in order to be able to run the container in development.
# Was already present before the issue resolved but is also needed
USE_X_FORWARDED_HOST = True
# The actual solution
if eval(os.environ.get('DEPLOY', default=False)):
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
I am setting up a domain for my Django/Gunicorn/Nginx server. It works fine with IP address instead of domain name in server_name but when I add domain name it redirects to default Ubuntu Nginx page. My Nginx file looks like this (please note that I replaced my domain with example.com):
Path : /etc/nginx/sites-available/projectname
server {
listen 80;
server_name example.com;
return 301 $scheme://www.example.com$request_uri;
}
server {
listen 80;
server_name www.example.com;
client_max_body_size 4G;
location = /favicon.ico {access_log off; log_not_found off;}
location /static/ {
root /path/to/static/dir;
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://unix:/path/to/gunicorn.sock;
}
}
I have run the command sudo nginx -t and sudo service nginx restart but no effect. Please let me know if I am doing anything wrong.
1- see main nginx.conf how include all config files. if it is including site-enabled path then go to path and see is a shortcut to config file of this site under site available?
or if all sites are enabled in nginx config file include directly available
include /etc/nginx/sites-available/*;
2-mix two server define code once and with rule forward non www to with www
3-if not work check dns config problem and see result from inside of server via putty not from outside of server with browser to see it is nginx problem or dns config problem.
note: changing dns name servers taken some hours to work and effect on clients.
I have a third-party that's forwarding traffic over to me on a subdomain - let's call it subdomain.thirdparty.com
I would like to forward this traffic over to www.mysite.com/subdomain - this is where the app lives. The links in the app require the /subdomain part in the URL.
BUT I would like to maintain the third-party URL in the browser, something like subdomain.thirdparty.com or subdomain.thirdparty.com/subdomain
I'm hosted on AWS so I have Route 53 available to me, and have the following Nginx setup:
server{
server_name *.mysite.com;
listen 80;
location /subdomain/{
proxy_set_header SCRIPT_NAME /subdomain;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:9014;
}
}
I've tinkered around with Nginx settings but just can't seem to figure it out. Any guidance would be greatly appreciated.
I have an internal app server (Django+gunicorn) running behind an Nginx reverse proxy on a private port (listening on port 5000, for example.)
There are several Django apps installed in the app server, mapped to separate base paths. Example:
/app1
/app2
Where /app1 serves up content for domain1.com and /app2 serves content for domain2.com.
I'd like to silently reverse proxy incoming requests for specific hostnames to the related backend app, while preserving the path forwarded to the internal app server:
http://domain1.com/foo --> /app1/foo
http://domain1.com/bar/bletch --> /app1/bar/bletch
http://domain2.com/alpha/bravo --> /app2/alpha/bravo
I suppose you could say I'm trying to set up a simple 'virtual hosting' configuration but I want to use a shared back-end app server instance.
Key point: I don't want the visitor's browser to see the redirected URL structure. So when the client browser hits http://domain1.com/foo, the correct content is served up but the browser doesn't see a redirect.
I've done some basic work with Nginx (still learning) and I'm looking for example Nginx configurations demonstrating secure and efficient ways to accomplish this goal.
Based on this answer here's a configuration that seems to work as desired.
For app1 running on http://localhost:8000/app1_path :
upstream app1 {
server 127.0.0.1:8000 fail_timeout=0;
}
server {
listen 80;
server_name example.com
access_log /var/log/nginx/example.com.access.log;
error_log /var/log/nginx/example.com.error.log;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
rewrite ^(.*)$ /app1_path$1 break;
proxy_pass http://app1;
}
}
So, one could repeat this pattern as many times as desired for each hostname->app/path pair.