My problem is that I can not add another port to my existing nginx config.
I have disabled the firewall on the ubuntu server with this command:
sudo service ufw stop
in sites-available I have this file named file.conf:
server {
listen 80;
server_name example.com example.com;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/user/project;
}
location /files/ {
root /home/user/download/;
}
}
server{
listen 8080;
server_name example.com www.example.com;
location / {
include uwsgi_params;
uwsgi_pass unix:/run/uwsgi/project.sock;
}
}
server{
listen 8001;
server_name example.com www.example.com;
location / {
include uwsgi_params;
uwsgi_pass unix:/run/uwsgi/project.sock;
}
}
I had the 8080 part earlier and this worked in past and now, but 8001 is not working. I disabled the firewall so I think the problem lies elsewhere.
I also ran this command:
sudo netstat -napl | grep 8001
which returned this:
tcp 0 0 0.0.0.0:8001 0.0.0.0:* LISTEN 3475/nginx -g daemo
thanks for your help and support
I've solved the issue!
the issue problem was that I used cloudflare for dns and cloudflare only let me use some ports listed here:
For requests made via HTTP:
80
8080
8880
2052
2082
2086
2095
For requests made via HTTPS:
443
2053
2083
2087
2096
8443
hope it helps some other people facing this problem!
Related
As the title says I want to host two different django project in the same droplet (NGINX, Gunicorn, ubuntu) with different subdomains. One will be our main site example.com. which is up and running and working perfectly. We want to host the staging site staging.example.com in the same droplet.
We have created new sockets and service files for the staging site and activated and enabled them but the issue is nginx still points to the files in main domain directory rather than the staging directory and hence we get this error below even though these domains have been added in the allowed hosts of settings.py of the staging site
DisallowedHost at /
Invalid HTTP_HOST header: 'staging.example.com'. You may need to add 'staging.example.com' to ALLOWED_HOSTS
Here is our staging.guinicorn.service file
[Unit]
Description=staging.gunicorn daemon
Requires=staging.gunicorn.socket
After=network.target
[Service]
User=admin
Group=www-data
WorkingDirectory=/home/admin/example1staging
ExecStart=/home/admin/example1staging/venv/bin/gunicorn --access-logfile - --workers 3 --bind unix:/run/staging.gunicorn.sock djangoproject.wsgi:application
[Install]
WantedBy=multi-user.target
Here is our staging.guicorn.socket file
[Unit]
Description=staging.gunicorn socket
[Socket]
ListenStream=/run/staging.gunicorn.sock
[Install]
WantedBy=sockets.target
Lastly here is our nginx config
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
return 302 https://$server_name$request_uri;
}
server {
# SSL configuration
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/ssl/cert.pem;
ssl_certificate_key /etc/ssl/key.pem;
ssl_client_certificate /etc/ssl/cloudflare.crt;
ssl_verify_client on;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/admin/example1;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
}
server {
listen 80;
listen [::]:80;
server_name staging.example.com www.staging.example.com;
return 302 https://$server_name$request_uri;
}
server {
# SSL configuration
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/ssl/cert.pem;
ssl_certificate_key /etc/ssl/key.pem;
ssl_client_certificate /etc/ssl/cloudflare.crt;
ssl_verify_client on;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/admin/example1staging;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/staging.gunicorn.sock;
}
}
Some help here would be extremely welcome.
I installed Nginx in the Amazon Linux machine and using the config file:
http {
upstream allbackend {
#round robin private IP
server 172.31.xx.xxx:8080;
server 172.31.xx.xx:8080;
}
server {
listen 80;
listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/xxx.ddns.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xxx.ddns.net/privkey.pem;
ssl_protocols TLSv1.3;
location / {
proxy_pass http://allbackend/;
}
}
}
events { }
However, the site xxx.ddns.net only works in the HTTP and not in the HTTPS. The security groups are defined:
The cURL returns this to me:
curl https://xxx.ddns.net/
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to xxx.ddns.net:443
What's the issue here?
You need one server-block for port 80 (HTTP) and one for port 443 (HTTPS). The server-block for port 80 just redirects to the server-block for port 443. The whole configuration looks something like this:
server {
listen 80;
server_name xxx.ddns.net www.xxx.ddns.net;
return 301 https://xxx.ddns.net$request_uri;
}
server {
listen 443 ssl http2;
server_name xxx.ddns.net www.xxx.ddns.net;
ssl on;
ssl_certificate /etc/letsencrypt/live/xxx.ddns.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xxx.ddns.net/privkey.pem;
ssl_protocols TLSv1.3;
location / {
proxy_pass http://allbackend:port;
}
}
Hope this helps solving your problem :)
I have a VPS on Digital Ocean with Ubuntu 18.04, Nginx, Gunicorn, Django, and a test web application, all configured (ufw) to work with http: 80. Everything works perfectly. Tutorial
Now I modify the file /sites-available/LibrosWeb to allow SSL traffic with a self-signed certificate, since I do not have a domain. Tutorial. Result "Error 502 Bad Gateway".
This is the initial code that works well with http: 80:
server{
#Configuracion http
listen 80;
listen [::]:80;
server_name 15.15.15.15;
location = /favicon.ico { access_log off; log_not_found off; }
location /robots.txt {
alias /var/www/LibrosWeb/robots.txt ;
}
location /static/ {
root /home/gela/LibrosWeb;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
}
And this is the code to allow SSL (error 502):
server{
#Configuracion SSL
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name 15.15.15.15;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
location = /favicon.ico { access_log off; log_not_found off; }
location /robots.txt {
alias /var/www/LibrosWeb/robots.txt ;
}
location /static/ {
root /home/gela/LibrosWeb;
}
location / {
include proxy_params;
proxy_pass https://unix:/run/gunicorn.sock;
}
}
server{
#Configuracion http
listen 80;
listen [::]:80;
server_name 15.15.15.15;
return 302 https://15.15.15.15$request_uri;
}
UFW configured as:
80,443/tcp (Nginx Full) ALLOW IN Anywhere
80,443/tcp (Nginx Full (v6)) ALLOW IN Anywhere (v6)
The files /etc/nginx/snippets/self-signed.conf and /etc/nginx/snippets/ssl-params.conf are the same as those in the tutorial.
I've been testing configurations for two days and the most I could get is that I work halfway, that is, I can show the default page of django but not the one of my application, if I put the code like this:
server{
#Configuracion http
listen 80;
listen [::]:80;
server_name 15.15.15.15;
return 302 https://15.15.15.15$request_uri;
location = /favicon.ico { access_log off; log_not_found off; }
location /robots.txt {
alias /var/www/LibrosWeb/robots.txt ;
}
location /static/ {
root /home/gela/LibrosWeb;
}
}
server{
#Configuracion SSL
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name 15.15.15.15;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
location / {
include proxy_params;
proxy_pass https://unix:/run/gunicorn.sock;
}
}
What is wrong, or what is missing?
I think my days of suffering are over. After reading hundreds of logs, I found the problem. An update of Whitenoise to 4.0 where you must change the shape of the configuration, caused that with my old configuration the gunicorn service will throw errors. The rest is all right.
http://whitenoise.evans.io/en/stable/django.html#django-middleware
Thanks for the help.
Good day.
Fist of all sorry for my bad english.
I'm having a problem configuring LetsEncrypt in my webapp, i make it work now i can access using https://www.myproject.com but if i try to use www.myproject.com, myproject.com or even https://myproject.com without the www i always get the error ERR_TOO_MANY_REDIRECTS.
This is my nginx config in /etc/nginx/sites-available/myproject
server {
listen 80;
listen [::]:80;
server_name myproject.com www.myproject.com;
return 301 https://$server_name$request_uri;
}
server {
# SSL configuration
listen 443 ssl http2;
listen [::]:443 ssl http2;
include snippets/ssl-myproject.com.conf;
include snippets/ssl-params.conf;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/user;
}
location /media/ {
root /home/user;
}
location /.well-known {
alias /home/user/myproject/.well-known;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/user/myproject.sock;
}
}
I check a lot of questions like mine but in php projects try the solutions but still not found one to solve my problem.
if helps i have to say that i have cloudflare free configure for my domain
Thanks!
FIX: If you use cloudflare in your web when you install SSL certificates have to put the SSL cloudflare configuration in Full or Full(strict).
I was able to create certifications under the path /etc/letsencrypt/{{mywebdomain}}/ and set under my server where the ssl_cert and ssl_cert_key absolute pathfile locations for my nginx server.
When I run the command sudo nginx -t I receive a successful configuration output and the nginx server is running in the reverse proxy for Django without any problems. But when I access the root of my website on my chrome browser, I'm receiving the "http://website.com" instead of "https://website.com".
Please point me in the right direction if anyone was able to correctly encrypt their domain content with gunicorn-django-nginx configuration.
My website snippet conf:
upstream app_server {
unix:/home/me/Documents/masterdomain/src/portfolio_revamp.sock;
}
server {
client_max_body_size 4M;
listen 80;
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
listen www.mysite.com:80;
server_name example.com www.example.com;
http://example.com;
ssl_certificate
/etc/letsencrypt/live/mysite.com/fullchain.pem;
ssl_certificate_key
/etc/letsencrypt/live/mysite.com/privkey.pem;
root /home/akeem/Documents/SpencerMaster/src;
index templates/home.html templates/main.html;
location / {
proxy_pass
http://unix:/home/me/Documents/masterdomain/src/portfolio_revamp.sock;
alias /home/me/Documents/master/templates/home.html;
}
location ~ /.well-known {
allow all;
}
location /static {
autoindex on;
alias /home/me/Documents/masterdomain/static;
}
location /media {
autoindex on;
alias /home/me/Documents/masterdomain/media;
}
}
I'm running a xenial ubuntu 16.04 server if that makes a difference.
I believe the issue is that you aren't redirecting to HTTPS - unless you specifically enter https://example.com, you'll be directed to the standard http://example.com.
I use this guide from DigitalOcean which recommends two server blocks. In your case it will look something like:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name mysite.com www.mysite.com;
return 301 https://$server_name$request_uri;
}
server {
client_max_body_size 4M;
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
No server_name required here
... Everything else ...
}