So im trying to check my http_response code from my upstream server, and pass a default response code when the upstream is down; and when the upstream is up proxy all requests to it.
my nginx (NOT WORKING) config looks like this
server {
listen 80;
server_name auth.example.com;
set $upstream 123.456.789.123:8080;
location #active{
proxy_pass_header Authorization;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 10M;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_pass http://$upstream;
}
location #outage {
return 200 "yass!";
}
location / {
error_page 500 = #outage;
set $200 #active;
if ($http_status != 404){
return 500;
}
if ($http_status = 200) {
return 200;
}
}
What i want to achieve is simple, if my upstream server is down return a default 200 response.
if my upstream server is available, proxy all requests to it.
how can i achieve this (a code example would be cool :-)) with nginx.
So I figured where i was going wrong, the following config worked for me.
server {
listen 80;
server_name auth.example.com;
set $upstream 123.456.789.123:8080;
location / {
proxy_pass_header Authorization;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_intercept_errors on;
proxy_buffering off;
client_max_body_size 10M;
proxy_read_timeout 36000s;
proxy_redirect off;
proxy_pass http://$upstream;
error_page 500 502 503 504 = #outage;
}
location #outage {
return 200 "yas";
}
}
Related
The application is on Django configured with Docker. GET requests are working fine. But the POST requests are not working. I am adding the nginx.conf file below for the reference.
The POST request is necessary for authentication.
upstream app_server {
server djangoapp:8000 fail_timeout=0;
}
server {
listen 80;
server_name samplewebsite.com;
root /opt/djangoapp/src/samplewebsite/samplewebsite;
index index.html;
server_tokens off;
location / {
try_files $uri $uri/ /index.html;
}
location /media {
alias /opt/djangoapp/src/media/;
}
location /static {
alias /opt/djangoapp/src/static/;
}
location /api/ {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_pass http://app_server/;
}
location /admin/ {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_pass http://app_server/admin/;
}
client_max_body_size 128m;
}
The response of the POST request is Error code 405.
Let me know if I need to add more information to the question.
Current nginx config:
server {
listen 443 ssl http2;
server_name NAME www.NAME;
charset utf-8;
ssl on;
ssl_certificate /etc/nginx/ssl/NAME-cert.pem;
ssl_certificate_key /etc/nginx/ssl/NAME-key.pem;
location /static/ {
alias /home/ubuntu/NAME/static_collection/;
}
location /media/ {
alias /home/ubuntu/NAME/media_collection/;
}
location / {
proxy_pass http://localhost:8002;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Everything works, apart from the websockets. I suppose this is because it doesn't deal with the http upgrade header... I've looked at the docs, but I can't figure out how to modify this config without breaking anything else.
Try this. Let me know if it works.
server {
listen 443 ssl http2;
server_name NAME www.NAME;
charset utf-8;
ssl on;
ssl_certificate /etc/nginx/ssl/NAME-cert.pem;
ssl_certificate_key /etc/nginx/ssl/NAME-key.pem;
location /static/ {
alias /home/ubuntu/NAME/static_collection/;
}
location /media/ {
alias /home/ubuntu/NAME/media_collection/;
}
location / {
proxy_pass http://localhost:8002;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_read_timeout 86400;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
Is there a way to access AWS web console via nginx reverse proxy through my subdomain?
Here is the nginx configuration is have been using :
server {
listen localhost:443 ssl;
server_name aws1.subdomain.com;
include snippets/proxy_ssl.conf;
location / {
proxy_pass https://console.aws.amazon.com/;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_read_timeout 86400;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_hide_header X-Frame-Options;
}
}
The above configuration throws:
NetworkError: 400 Bad Request
And shows amazon's default 400 bad request page when i try to access https://aws1.subdomain.com in my browser.
I have this working using the following lines in nginx.conf. You can also add lines for http auth as required depending on your config.
location = / { rewrite ^ /_plugin/kibana/ redirect; }
location / {
proxy_pass https://<es-domain-url>.es.amazonaws.com;
proxy_http_version 1.1;
proxy_set_header Authorization "";
proxy_hide_header Authorization;
proxy_set_header X-Forwarded-Proto $scheme;
}
I deploying my Django project in AWS (nginx, gunicorn)
I can access my project through url and looking great. But problem is that I can not send any POST request because of csrf_token error.
I just googled it and find looks-good solution : http://www.regisblog.fr/2014/08/31/passing-django-csrf-cookie-nginx/
But it doesn't work after I edited nginx.conf.
Here is my nginx.conf (ssl not applying yet and conceal IP address)
worker_processes 1;
events {
worker_connections 1024;
accept_mutex off;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
server {
listen 80;
server_name MY_IP;
client_max_body_size 4G;
keepalive_timeout 5;
#return 301 https://$server_name$request_uri;
location / {
proxy_pass_header X-CSRFToken;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HOST $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:4349;
proxy_redirect off;
}
}
}
Advice me please, thanks.
I've been trying to debug this for several hours and I'm not sure what else to check. My problem is that Nginx doesn't server Django static files. Accessing static files results in the error 403 Forbidden.
The exact error from nginx error log is:
2013/02/11 05:42:13 [error] 22526#0: *29 open() "/home/mydomain/public_html/test2/src/bootstrap.css" failed (13: Permission denied), client: XXX.XXX.XX.XX, server: mydomain.com, request: "GET /src/bootstrap.css HTTP/1.1", host: "www.mydomain.com"
Here is my nginx config file:
server {
listen XX.XX.X.XXX:80;
server_name mydomain.com;
root /home/mydomain/public_html/test2/app;
# serve directly - analogous for static/staticfiles
location /media/ {
# if asset versioning is used
if ($query_string) {
expires max;
}
}
location /admin/media/ {
# this changes depending on your python version
root /home/mydomain/public_html/test2/lib/python2.7/site-packages/django/contrib;
}
location /src/ {
autoindex on;
root /home/mydomain/public_html/test2;
}
location / {
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_connect_timeout 10;
proxy_read_timeout 10;
proxy_pass http://localhost:8000/;
}
# what to serve if upstream is not available or crashes
error_page 500 502 503 504 /media/50x.html;
}
Static files are stored in /home/mydomain/public_html/test2/src.
I've tried chown mydomain.mydomain -R * and chmod 755 /home/mydomain -R * without any effect.
use this
btw. IfIsEvil
server {
listen 80;
server_name mydomain.com;
#access_log /var/log/nginx/x_access.log;
#error_log /var/log/nginx/x_error.log;
location /static {
alias /path/to/your/static;
}
location /media {
alias /path/to/your/media;
}
location / {
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_connect_timeout 10;
proxy_read_timeout 10;
proxy_pass http://localhost:8000/;
}
}
Here is a working solution to my initial problem:
server {
listen XX.XX.X.XXX:80;
server_name mydomain.com;
root /home/mydomain/public_html/test2/app;
location /admin/media/ {
# this changes depending on your python version
root /home/mydomain/public_html/test2/lib/python2.7/site-packages/django/contrib;
}
location /src {
root /home/mydomain/public_html/test2;
}
location / {
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_connect_timeout 10;
proxy_read_timeout 10;
proxy_pass http://localhost:8000/;
}
# what to serve if upstream is not available or crashes
error_page 500 502 503 504 /media/50x.html;
}
Another way to do this is to use try_files. The advantage of this is that Nginx will first look for a real file to serve, and if it fails to find one it passes execution to your django app. This is perfect for serving a dynamic sitemap.xml for example since you do not need to special-case the file in nginx.conf.
# Set default expires headers (used for static assets)
expires 30d;
server {
listen 80;
server_name mydomain.com;
root /some/path/assets/;
try_files $uri #django;
location #django {
expires -1d;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_pass http://unix:/some/path/server.sock;
}
location /static/admin/ {
alias /some/path/lib/python2.7/site-packages/django/contrib/admin/static/admin/;
}
}