I'm using AWS kibana to search and view the logs that Logstash has indexed. Right now i'm using the default URL from AWS and is only restricted to my IP address. I need to proxy_pass it through nginx, i tried to follow this doc: https://sysadmins.co.za/aws-access-kibana-5-behind-elb-via-nginx-reverse-proxy-on-custom-dns/
But kibana is not loading. I'm getting the following error:
Kibana: Not Found
Error: Not Found
at respond (http://IP/index.js?_b=7562:85344:15)
at checkRespForFailure (http://IP/index.js?_b=7562:85312:7)
at http://IP/index.js?_b=7562:83950:7
at wrappedErrback (http://IP/index.js?_b=7562:20902:78)
at wrappedErrback (http://IP/index.js?_b=7562:20902:78)
at wrappedErrback (http://IP/index.js?_b=7562:20902:78)
at http://IP/index.js?_b=7562:21035:76
at Scope.$eval (http://IP/index.js?_b=7562:22022:28)
at Scope.$digest (http://IP/index.js?_b=7562:21834:31)
at Scope.$apply (http://IP/index.js?_b=7562:22126:24)
Adding Nignx conf:
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name kibana.mydomain.com;
# for elb health checks
location /status {
root /usr/share/nginx/html/ ;
}
location / {
proxy_set_header Host search-aws-es.eu-west-1.es.amazonaws.com;
proxy_set_header X-Real-IP <public-ip-for-instance>;
proxy_http_version 1.1;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Proxy-Connection "Keep-Alive";
proxy_set_header Authorization "";
proxy_pass https://search-aws-es.eu-west-1.es.amazonaws.com/_plugin/kibana/;
proxy_redirect https://search-aws-es.eu-west-1.es.amazonaws.com/_plugin/kibana/ http://<public-ip-for-instance>/kibana/;
}
location ~ (/app/kibana|/app/timelion|/bundles|/es_admin|/plugins|/api|/ui|/elasticsearch) {
proxy_pass http://search-aws-es.eu-west-1.es.amazonaws.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
}
}
On your last location block, add /_plugin/kibana, that fixed it for me.
My working setup (with a VPC based ES but that shouldn't change much as long as you authorize the IP of your proxy within the ES access policy):
server {
listen 80;
server_name kibana.mydomain.com
location / {
proxy_http_version 1.1;
# proxy_set_header Host https://asdfadsfasdfasdf.regionxxx.es.amazonaws.com;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Proxy-Connection "Keep-Alive";
proxy_set_header Authorization "";
proxy_pass https://asdfadsfasdfasdf.regionxxx.es.amazonaws.com/_plugin/kibana/;
}
location ~ (/_plugin/kibana|/app/kibana|/app/timelion|/bundles|/es_admin|/plugins|/api|/ui|/elasticsearch) {
proxy_pass https://asdfadsfasdfasdf.regionxxx.es.amazonaws.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header Authorization "";
}
}
Related
I'm having trouble exposing Zipkin UI (running in a container) behind Nginx.
I have a spring microservices that I have deployed on an ec2 instance on AWS, and I used Nginx as a load balancer to map locations to upstream using proxy_pass, and I've configured a location mapped to Zipkin upstream just like this:
location /tracing/ {
return 302 /tracing/;
}
location /tracing {
proxy_pass http://localhost:9411/;
}
but when I enter this location in the browser it redirects me to another location / which is binded to another upstream
location / {
proxy_pass http://localhost:4200/;
}
I think this may help you
location /zipkin {
proxy_pass http://localhost:9411;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
}
I have a problem with connecting my fronted(react/Axios) to backend(Django) data hosted on VPS using Nginx and docker. The problem is weird because I can connect to API by Postman. The issue appears when I try to get data from my frontend(localhost:3000) or from netlify app.
There is Nginx code:
upstream 127.0.0.1 {
server django_gunicorn:8000;
}
server {
listen 80;
location / {
proxy_pass http://127.0.0.1;
}
location /ws {
proxy_pass http://127.0.0.1;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
location /static/ {
alias /static/;
}
location /media/ {
alias /code/media/;
}
}
EDIT:
I changed my server name to django_api and i added three more lines in location /, afterwards everything works.
upstream django_api {
server django_gunicorn:8000;
}
server {
listen 80;
location / {
proxy_pass http://django_api;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
}
location /ws {
proxy_pass http://django_api;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
Is there a way to access AWS web console via nginx reverse proxy through my subdomain?
Here is the nginx configuration is have been using :
server {
listen localhost:443 ssl;
server_name aws1.subdomain.com;
include snippets/proxy_ssl.conf;
location / {
proxy_pass https://console.aws.amazon.com/;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_read_timeout 86400;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_hide_header X-Frame-Options;
}
}
The above configuration throws:
NetworkError: 400 Bad Request
And shows amazon's default 400 bad request page when i try to access https://aws1.subdomain.com in my browser.
I have this working using the following lines in nginx.conf. You can also add lines for http auth as required depending on your config.
location = / { rewrite ^ /_plugin/kibana/ redirect; }
location / {
proxy_pass https://<es-domain-url>.es.amazonaws.com;
proxy_http_version 1.1;
proxy_set_header Authorization "";
proxy_hide_header Authorization;
proxy_set_header X-Forwarded-Proto $scheme;
}
I've an Nginx 1.6.2, working as proxy. The backend HTTP server is an Apache.
I'ld like to control the number of connections certain URL, in some vhosts. The exact "location" form is works, but if I pass a regex to "location", it doesn't.
server {
listen 80;
server_name www.myhost.com;
location ~* ^/.*ABCD_promo.*$ {
limit_req zone=one burst=5;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://vm-apache4;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://vm-apache4;
}
}
In nginx.conf, I've this directive:
limit_conn_zone $binary_remote_addr zone=addr:10m;
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
before the config part(s) above.
When I change the "location ~* ^/.*ABCD..." to "location /ABCD_promo", then it works. What em I misses?
I have my frontend server running nginx. The backend is on another machine on the same VPN. This is its config:
server {
listen 80;
server_name *.vpn.domain.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://10.8.25.102:8100/;
proxy_redirect http://10.8.25.102:8100/ http://$server_name/;
}
}
I would like to pass a different host to the backend... I'd like the backend to receive, for requests done tosubdomain.vpn.domain.com the host subdomain.local.domain.com
Is there any way to do this? I'm looking for a regexp substitution (or even a substring substitution) but I'm having surprisingly little success... I thought it would be a piece of cake. I think the solution would be in the lines of
server {
listen 80;
server_name *.vpn.domain.com;
set $my_host $http_host;
replace $my_host .vpn. .local.
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $my_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://10.8.25.102:8100/;
proxy_redirect http://10.8.25.102:8100/ http://$server_name/;
}
}
It's just that I haven't found yet the proper syntax for replace $my_host .vpn. .local. I don't really care about multiple substitutions... I won't have a.vpn.a.vpn.domain.com
I finally figured it out, I can do
if ($http_host ~ ^(.*)\.vpn\.(.*)$) {
set $my_host $1.local.$2;
}
And then, as there're CSRF validations in place, I also need to rewrite the Referer... so this is how it ended up looking
server {
listen 80;
server_name *.vpn.domain.com;
set $my_host $http_host;
if ($http_host ~ ^(.*)\.vpn\.(.*)$) {
set $my_host $1.local.$2;
}
set $referer $http_referer;
set $referer_host no;
if ($http_referer ~ ^(https?://)([^/]+)(/.*)$) {
set $referer_host $2;
set $rewritten_referer $1$my_host$3;
}
if ($referer_host = $http_host) {
set $referer $rewritten_referer;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $my_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Referer $referer;
proxy_set_header IS_SECURE no;
proxy_pass http://10.8.25.102:8100/;
proxy_redirect https://$my_host/ https://$http_host/;
proxy_redirect http://$my_host/ http://$http_host/;
}
}