I'm trying to use nginx to proxy websocket requests using a regularexpression as follows:
server {
listen 9092;
server_name ~^(?<pc_name>.*)\.(.*)$;
location / {
include proxy_params;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://$pc_name:9092;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
and it's not working like that, i'm getting errors about not being able to resolve the host if i try to access pc-addr.localhost:9092 i get the error:
2017/08/07 08:42:37 [error] 22021#22021: *2 no resolver defined to resolve pc-addr, client: 127.0.0.1, server: ~^(?<pc_name>.*)\.(.*)$, request: "GET / HTTP/1.1", host: "pc-addr.localhost:9092"
However, if I replace the variable name with with pc-addr directly (i.e. all requests will be forwarded to pc-add:9092) it works fine and the requests are proxied as expected
server {
listen 9092;
server_name ~^(?<pc_name>.*)\.(.*)$;
location / {
include proxy_params;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://pc-addr:9092;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
Related
I have a problem with connecting my fronted(react/Axios) to backend(Django) data hosted on VPS using Nginx and docker. The problem is weird because I can connect to API by Postman. The issue appears when I try to get data from my frontend(localhost:3000) or from netlify app.
There is Nginx code:
upstream 127.0.0.1 {
server django_gunicorn:8000;
}
server {
listen 80;
location / {
proxy_pass http://127.0.0.1;
}
location /ws {
proxy_pass http://127.0.0.1;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
location /static/ {
alias /static/;
}
location /media/ {
alias /code/media/;
}
}
EDIT:
I changed my server name to django_api and i added three more lines in location /, afterwards everything works.
upstream django_api {
server django_gunicorn:8000;
}
server {
listen 80;
location / {
proxy_pass http://django_api;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
}
location /ws {
proxy_pass http://django_api;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
I'm trying to use WSO2 Identity Server behind a reverse proxy to not expose ip and port when I use wso2 custom pages like "Create Password" and "Reset Password", but I'm getting an error.
When I try to log in on carbon it redirect to login_action.jsp and it shows:
login_action.jsp - 403 Forbidden.
The steps that I did to configure were:
deployment.toml
[server]
offset = "1"
hostname = "example.com"
node_ip = "xxx.xxx.xx.xxx"
base_path = "https://$ref{server.hostname}:${carbon.management.port}"
proxy_context_path = "/is"
[transport.https.properties]
proxyPort = 443
nginx.conf
server {
server_name example.com;
access_log /var/log/nginx/dev_mtz_access.log;
error_log /var/log/nginx/example.com.error_log debug;
proxy_cache one;
proxy_cache_key $request_method$request_uri;
proxy_cache_min_uses 1;
proxy_cache_methods GET;
proxy_cache_valid 200 1y;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
listen 80;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/certs/cup.crt;
ssl_certificate_key /etc/letsencrypt/private/cup.key;
rewrite \w*(carbon|admin)$ $1/ permanent;
location /is/ {
proxy_pass https://csm-wso2-is:9444/;
proxy_redirect https://example.com/authenticationendpoint/ https://example.com/is/authenticationendpoint/;
proxy_redirect https://example.com/accountrecoveryendpoint/ https://example.com/is/accountrecoveryendpoint/;
proxy_redirect https://example.com/oauth2/ https://example.com/is/oauth2/;
proxy_redirect https://example.com/carbon/ https://example.com/is/carbon/;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
# Proxy headers
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Host $host;
# Proxy timeouts
proxy_connect_timeout 3600s;
proxy_send_timeout 3600s;
proxy_read_timeout 3600s;
}
location /carbon/admin/js/csrfPrevention.js {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_read_timeout 5m;
proxy_send_timeout 5m;
proxy_pass https://example.com/is/carbon/admin/js/csrfPrevention.js;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
I didn't find any documentation explaining how to achieve, only on WSO2-APIM
If you don't need a subcontext the easiest way is to route everything coming to the root context (/) to port 9443. Here is a sample Nginx config block.
upstream ssl.wso2.is.com {
server xxx.xxx.xxx.xx3:9443;
server xxx.xxx.xxx.xx4:9443;
ip_hash;
}
server {
listen 443;
server_name is.wso2.com;
ssl on;
ssl_certificate /etc/nginx/ssl/wrk.crt;
ssl_certificate_key /etc/nginx/ssl/wrk.key;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_read_timeout 5m;
proxy_send_timeout 5m;
proxy_pass https://ssl.wso2.is.com;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
The documentation is here.
I'm using AWS kibana to search and view the logs that Logstash has indexed. Right now i'm using the default URL from AWS and is only restricted to my IP address. I need to proxy_pass it through nginx, i tried to follow this doc: https://sysadmins.co.za/aws-access-kibana-5-behind-elb-via-nginx-reverse-proxy-on-custom-dns/
But kibana is not loading. I'm getting the following error:
Kibana: Not Found
Error: Not Found
at respond (http://IP/index.js?_b=7562:85344:15)
at checkRespForFailure (http://IP/index.js?_b=7562:85312:7)
at http://IP/index.js?_b=7562:83950:7
at wrappedErrback (http://IP/index.js?_b=7562:20902:78)
at wrappedErrback (http://IP/index.js?_b=7562:20902:78)
at wrappedErrback (http://IP/index.js?_b=7562:20902:78)
at http://IP/index.js?_b=7562:21035:76
at Scope.$eval (http://IP/index.js?_b=7562:22022:28)
at Scope.$digest (http://IP/index.js?_b=7562:21834:31)
at Scope.$apply (http://IP/index.js?_b=7562:22126:24)
Adding Nignx conf:
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name kibana.mydomain.com;
# for elb health checks
location /status {
root /usr/share/nginx/html/ ;
}
location / {
proxy_set_header Host search-aws-es.eu-west-1.es.amazonaws.com;
proxy_set_header X-Real-IP <public-ip-for-instance>;
proxy_http_version 1.1;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Proxy-Connection "Keep-Alive";
proxy_set_header Authorization "";
proxy_pass https://search-aws-es.eu-west-1.es.amazonaws.com/_plugin/kibana/;
proxy_redirect https://search-aws-es.eu-west-1.es.amazonaws.com/_plugin/kibana/ http://<public-ip-for-instance>/kibana/;
}
location ~ (/app/kibana|/app/timelion|/bundles|/es_admin|/plugins|/api|/ui|/elasticsearch) {
proxy_pass http://search-aws-es.eu-west-1.es.amazonaws.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
}
}
On your last location block, add /_plugin/kibana, that fixed it for me.
My working setup (with a VPC based ES but that shouldn't change much as long as you authorize the IP of your proxy within the ES access policy):
server {
listen 80;
server_name kibana.mydomain.com
location / {
proxy_http_version 1.1;
# proxy_set_header Host https://asdfadsfasdfasdf.regionxxx.es.amazonaws.com;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Proxy-Connection "Keep-Alive";
proxy_set_header Authorization "";
proxy_pass https://asdfadsfasdfasdf.regionxxx.es.amazonaws.com/_plugin/kibana/;
}
location ~ (/_plugin/kibana|/app/kibana|/app/timelion|/bundles|/es_admin|/plugins|/api|/ui|/elasticsearch) {
proxy_pass https://asdfadsfasdfasdf.regionxxx.es.amazonaws.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header Authorization "";
}
}
So im trying to check my http_response code from my upstream server, and pass a default response code when the upstream is down; and when the upstream is up proxy all requests to it.
my nginx (NOT WORKING) config looks like this
server {
listen 80;
server_name auth.example.com;
set $upstream 123.456.789.123:8080;
location #active{
proxy_pass_header Authorization;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 10M;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_pass http://$upstream;
}
location #outage {
return 200 "yass!";
}
location / {
error_page 500 = #outage;
set $200 #active;
if ($http_status != 404){
return 500;
}
if ($http_status = 200) {
return 200;
}
}
What i want to achieve is simple, if my upstream server is down return a default 200 response.
if my upstream server is available, proxy all requests to it.
how can i achieve this (a code example would be cool :-)) with nginx.
So I figured where i was going wrong, the following config worked for me.
server {
listen 80;
server_name auth.example.com;
set $upstream 123.456.789.123:8080;
location / {
proxy_pass_header Authorization;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_intercept_errors on;
proxy_buffering off;
client_max_body_size 10M;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_pass http://$upstream;
error_page 500 502 503 504 = #outage;
}
location #outage {
return 200 "yas";
}
}
Is there a way to access AWS web console via nginx reverse proxy through my subdomain?
Here is the nginx configuration is have been using :
server {
listen localhost:443 ssl;
server_name aws1.subdomain.com;
include snippets/proxy_ssl.conf;
location / {
proxy_pass https://console.aws.amazon.com/;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_read_timeout 86400;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_hide_header X-Frame-Options;
}
}
The above configuration throws:
NetworkError: 400 Bad Request
And shows amazon's default 400 bad request page when i try to access https://aws1.subdomain.com in my browser.
I have this working using the following lines in nginx.conf. You can also add lines for http auth as required depending on your config.
location = / { rewrite ^ /_plugin/kibana/ redirect; }
location / {
proxy_pass https://<es-domain-url>.es.amazonaws.com;
proxy_http_version 1.1;
proxy_set_header Authorization "";
proxy_hide_header Authorization;
proxy_set_header X-Forwarded-Proto $scheme;
}