I had successfully got the cert of my SSL and now I was trying to implement it into my AWS server with NGINX reserve proxy setup, here is the config file:
server {
listen 80;
server_name example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/cert_chain.crt;
ssl_certificate_key /etc/nginx/ssl/website.key;
server_name ~^(?<subdomain>.+)\.example\.com$;
location / {
proxy_pass http://www.example.com:8888;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $subdomain.example.com;
proxy_cache_bypass $http_upgrade;
}
}
If I change the setting to listen to port 80 then it's working fine. I had enabled port 443 in AWS security group and here is the result of netstat -tulpn | grep 443:
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN -
So it means it's listening to port 443 already right? I also ensured that the nginx was run as root using ps aux|grep nginx|grep -v grep:
root 11567 0.0 0.3 177080 3060 ? Ss 09:36 0:00 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
www-data 11568 0.0 0.7 177344 7568 ? S 09:36 0:00 nginx: worker process
I had checked the Nginx error log and it got nothing inside, but when I access my url with https it just showing that it took too long to respond. Anyone able to help? Thank you.
UPDATE
Here is the result of lsof -i:443:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
ruby 1067 root 8u IPv4 2613507 0t0 TCP ip-xxx-xx-xx-xx.us-west-2.compute.internal:49112->xxx-xx-xx-xx:https (ESTABLISHED)
ruby 1067 root 10u IPv4 2552314 0t0 TCP ip-xxx-xx-xx-xx.us-west-2.compute.internal:43384->s3-us-west-2-r-w.amazonaws.com:https (CLOSE_WAIT)
nginx 12571 root 7u IPv4 2592465 0t0 TCP *:https (LISTEN)
nginx 12572 www-data 7u IPv4 2592465 0t0 TCP *:https (LISTEN)
aws 26403 root 14u IPv4 1903428 0t0 TCP ip-xxx-xx-xx-xx.us-west-2.compute.internal:39960->xxx-xx-xx-xx:https (CLOSE_WAIT)
aws 26403 root 15u IPv4 2613578 0t0 TCP ip-xxx-xx-xx-xx.us-west-2.compute.internal:55192->xxx-xx-xx-xx:https (CLOSE_WAIT)
Related
Ever since rebooting my Ubuntu EC2 instance, I have an issue with nginx giving a 502 error for my site. I didn't change any settings before the reboot and the site was working fine before then.
Error from /var/log/nginx/error.log:
2022/12/06 21:10:54 [error] 1503#1503: *4 connect() failed (111: Unknown error) while connecting to upstream, client: ###.##.##.###, server: ##.#.###.###, request: "GET /favicon.ico HTTP/1.1", upstream: "http://127.0.0.1:8000/favicon.ico", host: "##.#.###.###", referrer: "http://##.#.###.###/"
Here is my config in /etc/nginx/sites-available/:
server_tokens off;
access_log /var/log/nginx/esms.access.log;
error_log /var/log/nginx/esms.error.log;
# This configuration will be changed to redirect to HTTPS later
server {
server_name .##.#.###.###;
listen 80;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
}
location /static {
autoindex on;
alias /home/ubuntu/ESMS/esms/static/;
}
}
And the output of netstat -plnt:
sudo netstat -plnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 664/sshd: /usr/sbin
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1567/nginx: master
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 420/systemd-resolve
tcp6 0 0 :::22 :::* LISTEN 664/sshd: /usr/sbin
tcp6 0 0 :::80 :::* LISTEN 1567/nginx: master
The django server wasn't running after reboot because it is not set up to autostart after reboot. Running the command nohup python manage.py runserver 0.0.0.0:8000 & fixes it
I'm using Nginx in my EC2 instance to attach my domain from route 53 with my Django app which is running in a docker container, it was working totally fine but as I move my database to the RDS and after moving it my application is not working there, Nginx is throwing me the error attached below:
2022/04/07 21:15:40 [error] 9#9: *3 connect() failed (111: Connection refused) while connecting to upstream, client: 202.47.34.198, server: , request: "GET /favicon.ico HTTP/1.1", upstream: "uwsgi://172.20.0.3:9000", host: "sub.domain.com", referrer: "http://sub.domain.com/"
/etc/nginx/sites-available/default
server {
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name sub.domain.com;
location / {
proxy_pass http://localhost:80;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 100M;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/sub.domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/sub.domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = sub.domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 8080 default_server;
listen [::]:8080 default_server;
server_name sub.domain.com;
return 404; # managed by Certbot
}
netstat -tulpn | grep LISTEN
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 127.0.0.1:40743 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN -
tcp6 0 0 :::8080 :::* LISTEN -
tcp6 0 0 :::80 :::* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 :::443 :::* LISTEN -
I have a Python/Flask backend with several Rest APIs. I deployed the program in the AWS EC2 instance. APIs were worked just fine previously and for a moment, I stopped the instance and started it again (without doing a single bit of a change). The problem is, now all the APIs are throwing 502 Bad Gateway Error. How can I fix this?
Now APIs are working when I manually run the python file using
python3 main.py
and it is running on http://127.0.0.1:5000/ on the instance console.
So it seems like the Nginx is not listening to the Flask server, but not sure!
/etc/nginx/sites-available/default
server {
listen 80;
listen [::]:80;
location / {
proxy_pass http://127.0.0.1:5000;
proxy_set_header X-Real-IP $remote_addr;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
location / {
proxy_pass https://127.0.0.1:5000;
proxy_set_header X-Real-IP $remote_addr;
}
}
*I tried copying the above default file to the sites-enabled as well. Still not working
netstat -tunlp
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp6 0 0 :::443 :::* LISTEN -
tcp6 0 0 :::80 :::* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
udp 0 0 127.0.0.53:53 0.0.0.0:* -
udp 0 0 172.31.37.30:68 0.0.0.0:* -
/var/log/nginx/access.log
43.250.243.234 - - [26/Mar/2022:21:07:20 +0000] "GET /islive?videoUrl=https://smart-cap.obs.ap-southeast-3.myhuaweicloud.com/1648198646232_1648198646232.webm HTTP/1.1" 502 584 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.83 Safari/537.36"
The issue was with the service file I created to auto-run the Application. I accidentally added the wrong username for the username field. If anyone got this issue, please check if you have put the correct username in all the relevant places.
I have had a lot of trouble setting up Nginx for Django on Debian.
I tried probably every nginx django conf file I could find on the internet but none of them worked, I assume I cant see the forrest for the trees...
So I am running Django 2.0.4 and daphne 2.1.1.
For Daphne I am using this command:
daphne -b 0.0.0.0 -e ssl:8080:privateKey=privkey.pem:certKey=fullchain.pem share_game.asgi:application -v2
And this is my Nginx Conf file, I have added a redirect to google so I can actually see that it is running:
upstream tsg-backend {
server 127.0.0.1:8080;
}
server {
listen 159.69.13.156:80;
server_name thesharegame.com www.thesharegame.com;
if ($host ~* ^thesharegame\.com$) {
rewrite ^(.*)$ https://www.thesharegame.com$1 permanent;
}
}
server{
listen 159.69.13.156:443 ssl http2;
server_name thesharegame.com www.thesharegame.com;
access_log /var/log/nginx/tsg.log;
error_log /var/log/nginx/tsg.log;
return 301 https://google.com$request_uri;
ssl on;
ssl_certificate /home/tsg/fullchain.pem; # managed by Certbot
ssl_certificate_key /home/tsg/privkey.pem; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
client_max_body_size 20M;
if ($host ~* ^thesharegame\.com$) {
rewrite ^(.*)$ https://www.thesharegame.com$1 permanent;
}
location / {
## If you use HTTPS make sure you disable gzip compression
## to be safe against BREACH attack.
proxy_read_timeout 3600;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://tsg-backend;
}
}
Running netstat -nlp | grep 80
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 14925/python3
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 14603/nginx: master
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 14925/python3
tcp6 0 0 :::80 :::* LISTEN 14603/nginx: master
Also, /etc/init.d/nginx status says Nginx is running.
nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; disabled; vendor preset: enabled)
Active: active (running) since Mon 2018-06-04 23:10:05 CEST; 12min ago
Docs: man:nginx(8)
Process: 13551 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=0/SUCCESS)
Process: 14601 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 14599 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Main PID: 14603 (nginx)
Tasks: 9 (limit: 4915)
CGroup: /system.slice/nginx.service
├─14603 nginx: master process /usr/sbin/nginx -g daemon on; master…n;
├─14604 nginx: worker process
├─14605 nginx: worker process
├─14606 nginx: worker process
├─14607 nginx: worker process
├─14610 nginx: worker process
├─14613 nginx: worker process
├─14614 nginx: worker process
└─14616 nginx: worker process
Jun 04 23:10:05 debian-share-game systemd[1]: Starting A high performance we…...
Jun 04 23:10:05 debian-share-game systemd[1]: Started A high performance web…er.
Hint: Some lines were ellipsized, use -l to show in full.
Sites-available and sites-enabled are both linked.
What am I missing? Anyone has an idea or needs more information?
My problem is that I can not add another port to my existing nginx config.
I have disabled the firewall on the ubuntu server with this command:
sudo service ufw stop
in sites-available I have this file named file.conf:
server {
listen 80;
server_name example.com example.com;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/user/project;
}
location /files/ {
root /home/user/download/;
}
}
server{
listen 8080;
server_name example.com www.example.com;
location / {
include uwsgi_params;
uwsgi_pass unix:/run/uwsgi/project.sock;
}
}
server{
listen 8001;
server_name example.com www.example.com;
location / {
include uwsgi_params;
uwsgi_pass unix:/run/uwsgi/project.sock;
}
}
I had the 8080 part earlier and this worked in past and now, but 8001 is not working. I disabled the firewall so I think the problem lies elsewhere.
I also ran this command:
sudo netstat -napl | grep 8001
which returned this:
tcp 0 0 0.0.0.0:8001 0.0.0.0:* LISTEN 3475/nginx -g daemo
thanks for your help and support
I've solved the issue!
the issue problem was that I used cloudflare for dns and cloudflare only let me use some ports listed here:
For requests made via HTTP:
80
8080
8880
2052
2082
2086
2095
For requests made via HTTPS:
443
2053
2083
2087
2096
8443
hope it helps some other people facing this problem!