uWSGI behind AWS application load balancer - django

I'm having trouble getting an ALB -> uWSGI container setup working in AWS. I want to leave nginx out of the stack if possible.
Assume security groups aren't an issue - I have confirmed ELB can reach the containers on the dynamically-allocated host ports.
From the uWSGI docs, --http is the way to go to make this work, but I must be missing something. Relevant ini:
[uwsgi]
socket = /tmp/uwsgi.sock
http-to = /tmp/uwsgi.sock
http = 0.0.0.0:8000
Is this correct? How should I configure uWSGI to receive http traffic from ALB?

Figured it out. Its actually http-socket that I needed. Uwsgi was indeed receiving traffic, but I was seeing this strange issue where the subdomain was being stripped off and the resulting site getting a 404.
For example, http://www.example.com was being immediately redirected to http://example.com and failing.
This was happening because of django, not uwsgi. Our subdomain.middleware was configured in such a way that a wildcard subdomain caused it to bail, and in doing so chop off that subdomain and redirect to http://example.com.
This was specific to our app, not uwsgi + django, but I thought I'd leave it here if it might move someone in the right direction.

Related

Plausible analytics on a server with a webapp

I have Django hosted with Nginx on DigitalOcean. Now I want to install Plausible Analytics. How do I do this? How do I change the Nginx config to get to the Plausible dashboard with mydomain/plausible for example?
Setup plausible by either running the software directly or in a docker container - let's say it runs on port 8080
Then in your nginx.conf - you should have a server block for your domain
Within that add a location block with the path you want plausible on and add a proxy pass directive to forward the requests to localhost:8080
Monitor access.log and error.log to debug any issues that may happen

Hosts file working for custom subdomains but not custom domains

I am developing a multi tenant app and need to modify my etc/hosts file to test the different URLs tenants might use. Some will use a sub domain like tenant1.mysite.com and others will use entirely their own URL like tenant2.com (to mask the fact it's a whitelabel site and pretend its their own).
In my hosts file I have:
127.0.0.1 mytenantsdomain.com
127.0.0.1 localhost
127.0.0.1 thor.localhost
127.0.0.1 potter.localhost
127.0.0.1 testtenant.com
localhost, thor.localhost, potter.localhost all work as expected when adding :8000 to them. i.e. they connect to the local development server and show expected tenant-specific content. But, mytenantsdomain.com and testtenant.com both give ERR_CONNECTION_REFUSED - I'm guessing its for the lack of the port :8000 tbh.
I have tried a few fixes like flushing the cache with the below but nothing has worked.
sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder
Anybody know what else I can try to get them all working?
For anyone coming to this later - after a bit more digging (on serverfault.com), the following lessons:
etc/hosts isn't the place for this. It just resolves a text domain
name to an IP. It's nothing to do with ports.
The solution was just to add :8000 after the .com - http://mytenantsdomain.com:8000/ resolves to the local dev server.
To make this permanent (i.e. not have to add :8000 to it), port forwarding would be the way to go. So you need a solution something like this: https://serverfault.com/questions/791181/redirecting-traffic-to-a-specific-address-and-port-using-pf-on-macos

NGINX Docker on Server with pre-existing NGINX on Ubuntu Server

I am currently running into an issue with one of my projects that will be running in Docker on my Ubuntu Server with a NGINX docker container to manage the reverse proxy for the Django Project. My issue I am running into is I already have previous Django projects running on that particular Ubuntu server so port 80 is already being used by a NGINX block running on the actual server.
Is there a workaround to running my Docker NGINX as well as the Ubuntu NGINX and have my docker image run as a "add on" site because the Django sites hosted there are clients websites, so I would prefer to not interfere with them if I dont have to.
My project needs HTTPS because it is serving data to a React-Native app running on Android APK 28 which for some reason has a security rule that blocks non HTTPS connections from happening in the app. If anyone else has run into an issue like this I would gladly appreciate the advice on how to tackle this issue.
I have tried running NGINX in Docker with port 81 instead of port 80 and that works perfectly, but I dont think there is a way to make a secure connection to port 81 is there?
Thanks in advance.
You can't just mess with default HTTP ports for endpoints - user browsers use 80 and 443 by default. If you change those, your users would have to connect to your.server.com:81 or something similar. Nobody would do that for a public server, but this can be an option for a private one.
I think a reasonable way out of this will be to use host's NGINX to proxy requests into Docker's NGINX (if there is sense in keeping it at all). You can handle HTTPS termination on host's NGINX and pass plain HTTP into Docker's one.
Another adequate option is to use another server, so that everything works with no dirty hacking involved.

Stuck on Nginx index page

I have configured my subdomain on route53 to point to my ec2 public IP, right after I did this I got a welcome to nginx page. It was good this far. Now I add a custom cofig file in nginx/sites-available(also did link it to sites-enabled and also reloaded nginx). I don't see anything new. I still see the same welcome page. I wonder why this happened.I also have proxy_pass to :3000 which doesn't seem to work.
Here are the few things I tried and the result I got.
changed index.html file as mentioned in the root(/usr/share/nginx/html) - Still welcome page
tried server_name with both default_server and my subdomain(http://management.teampapercloud.in) - Still welcome page
stopped nginx service with service nginx stop - Surprisingly it still shows welcome page.
tried sudo lsof -i :80 (when nginx is running it has 2 diff nginx processed running one with root as user and the other www-data), when nginx is not running sudo lsof -i :80 gives nothing.
at this point i wondered if the domain hitting the server at all or not. I tried to ping, got my ec2 ip. tried DNS checker got my ec2 ip.
Now I am so frustrated stopped my ec2 instance. Now the welcome page is gone. which means I believe my ec2 instance is doing something to show the page, But I don't know which service.
checked top and service --status-all | grep + I don't see any strange services running nor services like Apache. as apache is not installed at all.
As a final try, I even uninstalled nginx. - I still see the same welcome page.
Updated all the index.html files I could find - Still same welcome page.
At this point, I am left with no ideas, and don't understand what is happening. Help is much appreciated.
Thanks
You have written, you reloaded nginx, try again (sometimes we forget to check common things):
sudo service nginx -t # check if configuration syntax is ok
sudo service nginx reload #reload configuration
sudo service nginx restart # restart server
Another important thing, check realtime log in terminal
error log: tail -f /var/log/nginx/error.log
access log: tail -f /var/log/nginx/access.log
and visit the page from browser and check the log in terminal.
Note: Log files can be in different directory in your server.
check log files with this: ls /var/log/nginx/
May be restart the os, if you have access to restart.
ec2 can have any page cache settings.
Are you using something cloudflare name server that can cache a
page, or, Any proxy server or something, that can cache the page.
You can even try browser incognito window, force reload in browser
(ctrl + shift + R).
The changes are not being applied because you're not making any changes to root directory which is
/var/www/html$
as this is a default public folder for your web server. Also if you wish you can change this default path to the one you want.
As you can see I have "index.nginx-debian.html" which on changing takes effect immediately.

Setting up a Django server with Gunicorn and Nginx

I've followed this tutorial and i'm running into an ERR_SSL_PROTOCOL_ERROR that i just can't figure out.
I must mention that i have set inside settings.py:
DEBUG = FAlSE
SECURE_SSL_REDIRECT = False
And my Allowed_hosts is ['*'].
I have a number of questions which reading alot of blog posts hasn't answered:
In the nginx configuration, if i'm running the server from a laptop connected to a router, and the external IP is 12.34.56.78 and the port is 50000, what am i supposed to put at server_name?
In the gunicorn configuration, everyone states that this is the config command: gunicorn --bind 0.0.0.0:8800 AWESOME.wsgi:application what IP should i put there in my case? 12.34.56.78:50000 or just leave it like it is?
As i understand the situation, given the setting in django settings.py my server is not serving HTTPS so the error does not come from that. I've also read about certbot but since i don't have even those 2 above questions figured out i cannot understand how to configure certbot..
EDIT
In fact i've tried to:
gunicorn --bind 12.34.56.78:50000 KYng.wsgi:application but i'm getting invalid address error
1.) You actually don't need to put anything in there, as it will default to an empty string.
2.) You should put localhost (127.0.0.1) if you want it to run locally, or 0.0.0.0 if you want it to run publicly.
Concerning the ssl error, check your nginx configuration more closely...that you didn't reference https instead of http somewhere...