I need to change the configuration of my nginx reverse proxy in EB. In my local environment I have all configured fine and working, but when I try to change the proxy_cache_path and other stuff, it's not working.
This is my local configuration (nginx.conf), the important thing here is proxy_cache_path and configure cache section :
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
gzip on;
proxy_cache_path /cache/nginx levels=1:2 keys_zone=cache_zone_name:10m;
server {
listen 80;
server_name mydomain.app, www.mydomain.app;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
#root html;
#index index.html index.htm;
#Config proxy inverse cache
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
# Add cache debugging header
add_header X-Cache-Status $upstream_cache_status;
# Configure cache
proxy_cache cache_zone_name;
proxy_cache_valid any 1m;
proxy_cache_key $scheme$host$request_uri;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
include servers/*;
}
I have take from the official documentation and compare with my instances the .ebextensions/proxy.config:
files:
/etc/nginx/conf.d/proxy.conf:
mode: "000644"
owner: root
group: root
content: |
upstream nodejs {
server 127.0.0.1:8081;
keepalive 256;
}
server {
listen 8080;
# proxy_cache_path /home levels=1:2 keys_zone=cache_zone_name:10m;
if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
set $year $1;
set $month $2;
set $day $3;
set $hour $4;
}
access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;
access_log /var/log/nginx/access.log main;
location / {
proxy_pass http://nodejs;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Add cache debugging header
add_header X-Cache-Status $upstream_cache_status;
# Configure cache
# proxy_cache cache_zone_name;
# proxy_cache_valid any 1m;
# proxy_cache_key $scheme$host$request_uri;
}
gzip on;
gzip_comp_level 4;
gzip_types text/html text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
location /public {
alias /var/app/current/public;
}
}
container_commands:
removeconfig:
command: "rm -f /tmp/deployment/config/#etc#nginx#conf.d#00_elastic_beanstalk_proxy.conf /etc/nginx/conf.d/00_elastic_beanstalk_proxy.conf"
I have configured the folder /home for caching, and if I uncomment the lines of proxy_cache_path and Configure Cache section, the deploy is failed.
Any ideas? I have spent more than 2 hours with that with no results... Thanks!!
Ok, I solved just moving the line out of server:
proxy_cache_path /home levels=1:2 keys_zone=cache_zone_name:10m;
server { ... other code }
I hope someone help my question and answer. Thanks!
Related
Im trying to set up a reverse wss proxy with nginx to an amazon api gateaway websocket api but I have had no luck with the configuration of nginx so i would be glad if you helped me sort this out.
Let me give you some details:
I have an EC2 instance running nginx that has attached to it an elastic ip address.
I also have dns records to point traffic from connect.example.com to that ip address.
I have set up nginx as a reverse proxy to proxy the traffic from connect.example.com to app.example.com on port 443 with ssl(I have generated the relevant certificates).
On app.example.com lies a websockets api on amazon's api gateaway service.
I can see from nginx's access logs that my requests reach the ec2 instance but I always get error responses no matter how i change the nginx config file(400,403,500,502 etc).
I dont seem to understand where the problem lies even though I have searched around and tried various configurations.
Im attaching my config files below for reference:
nginx.conf
# Based on https://www.nginx.com/resources/wiki/start/topics/examples/full/#nginx-conf
user daemon daemon;
worker_processes auto;
error_log "/opt/bitnami/nginx/logs/error.log";
pid "/opt/bitnami/nginx/tmp/nginx.pid";
events {
worker_connections 1024;
}
http {
#include mime.types;
#default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log "/opt/bitnami/nginx/logs/access.log";
#add_header X-Frame-Options SAMEORIGIN;
client_body_temp_path "/opt/bitnami/nginx/tmp/client_body" 1 2;
proxy_temp_path "/opt/bitnami/nginx/tmp/proxy" 1 2;
fastcgi_temp_path "/opt/bitnami/nginx/tmp/fastcgi" 1 2;
scgi_temp_path "/opt/bitnami/nginx/tmp/scgi" 1 2;
uwsgi_temp_path "/opt/bitnami/nginx/tmp/uwsgi" 1 2;
#connection_pool_size 112;
#sendfile on;
#tcp_nopush on;
#tcp_nodelay on;
#gzip on;
#gzip_http_version 1.0;
#gzip_comp_level 2;
#gzip_proxied any;
#gzip_types text/plain text/css application/javascript text/xml application/xml+rss;
#keepalive_timeout 65;
#ssl_protocols TLSv1.2 TLSv1.3;
#ssl_ciphers HIGH:!aNULL:!MD5;
client_max_body_size 80M;
#server_tokens on;
#include "/opt/bitnami/nginx/conf/server_blocks/*.conf";
# HTTP Server
#server {
# Port to listen on, can also be set in IP:PORT format
# listen 80;
# include "/opt/bitnami/nginx/conf/bitnami/*.conf";
# include "/opt/bitnami/nginx/conf/ssl/ssl-redirect.conf";
# location /status {
# stub_status on;
# access_log off;
# allow 127.0.0.1;
# deny all;
# }
# }
include "/opt/bitnami/nginx/conf/ssl/ssl.conf";
}
ssl.conf
resolver app.example.com;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 443 ssl;
#listen [::]:443 ssl;
server_name connect.example.com;
#ssl on;
ssl_certificate /opt/bitnami/nginx/conf/bitnami/certs/server.crt;
ssl_certificate_key /opt/bitnami/nginx/conf/bitnami/certs/server.key;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
root /usr/share/nginx/html;
underscores_in_headers on;
location / {
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_pass https://ws-backend$uri$is_args$args;
proxy_read_timeout 9000;
proxy_pass_request_headers on;
#Websocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol;
proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
proxy_set_header Sec-WebSocket-Accept $http_sec_websocket_accept;
}
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
upstream ws-backend {
server app.example.com:443;
}
When i connect directly to app.example.com i have no problem and the response is the following:
expected response
But when i connect though connect.example.com i get the following response:
actual response
Hi I deployed my website. Everything worked find. Then I changed from http to https and now I get a blank white page or 502 502 Bad Gateway. I think the problem is in my nginx.conf.
I deploy my frontend and backend in the same task in the same service on AWS ESC.
Here are my ports:
Http->80
Https->443
Client Port 8080
Backend Port 4000
This is my nginx.conf originally before I changed to https (which worked):
worker_processes auto;
events {
worker_connections 60000;
multi_accept on;
use epoll;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay off;
gzip on;
gzip_http_version 1.0;
gzip_comp_level 5;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/svg+xml
image/x-icon
text/css
text/plain
text/x-component;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format compression '$remote_addr - $remote_user [$time_local] '
'"$request" $status $upstream_addr '
'"$http_referer" "$http_user_agent" "$gzip_ratio"';
server {
listen 8080;
server_name mydomain.com;
access_log /var/log/nginx/access.log compression;
root /usr/share/nginx/html;
index index.html index.htm;
location ~* \.(?:manifest|appcache|html?|xml|json)$ {
expires -1;
}
location / {
try_files $uri $uri/ /index.html;
}
location /graphql {
proxy_pass http://localhost:4000/graphql;
}
location /subscriptions {
proxy_pass http://localhost:4000/subscriptions;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /refresh_token {
proxy_pass http://localhost:4000/refresh_token;
proxy_set_header Authorization $http_authorization;
proxy_pass_header Authorization;
}
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
expires 1M;
access_log off;
add_header Cache-Control "public";
}
location ~* \.(?:css|js)$ {
try_files $uri =404;
expires 1y;
access_log off;
add_header Cache-Control "public";
}
location ~ ^.+\..+$ {
try_files $uri =404;
}
location /static/ {
root /var/www;
}
}
}
I made many changed to my nginx.conf and nothing worked. I verified my domain with AWS.
Here some changes I made:
server {
listen 80;
listen [::]:80;
server_name mydomian.com
return 301 https://$server_name$request_uri;
}
server {
listen 443;
listen [::]:443;
server_name mydomian.com
access_log /var/log/nginx/access.log compression;
root /usr/share/nginx/html;
index index.html index.htm;
location / {
proxy_pass http://localhost:8080;
try_files $uri $uri/ /index.html;
}
}
I'm using a load-balencer to terminate SSL.
I focused on the nginx.conf but the conf is fine. I'm using websocket which caused the problem:
const host = window.location.host;
`ws://${host}/subscriptions`
so I added a s:
`wss://${host}/subscriptions`
For 2 days I tried everything in the nginx.conf and I just had to add a s.
I'm super stupid because I did't checked the console for errors.
My website is running in a Docker Image using Nginx with reverse proxy.
Site is working prefectly for many hours under heavy traffic, but eventually it stops working and giving no response with 5** time out error.
In AWS Elastic Beanstalks Nginx-log I found this error-message:
[alert] 18037#0: 1024 worker_connections are not enough
I am afraid something is wrong with my custom Nginx-config,
but I do not understand what it is.
Code from https-redirect-docker-sc.config is attached.
I have tried to debug code to find any memory leaks or loops, but I can not find any solution.
files:
"/etc/nginx/sites-available/elasticbeanstalk-nginx-docker-proxy.conf":
owner: root
group: root
mode: "000755"
content: |
map $http_upgrade $connection_upgrade {
default "upgrade";
"" "";
}
server {
listen 80;
server_name mydomain.no;
return 301 https://www.mydomain.no$request_uri;
}
server {
listen 80 default_server;
gzip on;
gzip_comp_level 4;
gzip_types text/html text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
set $year $1;
set $month $2;
set $day $3;
set $hour $4;
}
access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;
access_log /var/log/nginx/access.log;
location / {
set $redirect 0;
if ($http_x_forwarded_proto != "https") {
set $redirect 1;
}
if ($http_user_agent ~* "ELB-HealthChecker") {
set $redirect 0;
}
if ($redirect = 1) {
return 301 https://$host$request_uri;
}
proxy_pass http://docker;
proxy_http_version 1.1;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Default value for Nginx worker_connections is 1024, which is not enough for you.
Add events block before http in your nginx.conf, so it looks like this:
events {
worker_connections 4096; ## Default: 1024
}
http {
include conf/mime.types;
.....
}
You can also increase number of worker_processes(default = 1), so the total amount of connections your server can handle would be worker_processes * worker_connections
Please check here the full example configuration
I have a Django Gunicorn Nginx setup that is working without errors but the nginx access logs contains the following line every 5 seconds:
10.112.113.1 - - [09/Jan/2019:05:02:21 +0100] "HEAD / HTTP/1.1" 302 0 "-" "-"
The amount of information in this logging event is quite scarce, but a 302 every 5 seconds has to be something related to the nginx configuration right?
My nginx configuration is as follows:
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/.conf;
upstream app_server {
server unix:/path_to/gunicorn.sock fail_timeout=0;
}
server {
server_name example.com;
listen 80;
return 301 https://example.com$request_uri;
}
server {
listen 443;
listen [::]:443;
server_name example.com;
ssl on;
ssl_certificate /path/cert.crt;
ssl_certificate_key /path/cert.key;
keepalive_timeout 5;
client_max_body_size 4G;
access_log /var/log/nginx/nginx-access.log;
error_log /var/log/nginx/nginx-error.log;
location /static/ {
alias /path_to/static/;
}
location /media/ {
alias /path_to/media/;
}
include /etc/nginx/mime.types;
# checks for static file, if not found proxy to app
location / {
try_files $uri #proxy_to_app;
}
location #proxy_to_app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $host;
proxy_redirect off;
proxy_pass http://app_server;
}
}
}
I'm currently trying to deploy a Django app on a REHL 7.4 server using Nginx. I've followed these tutorials :
https://simpleisbetterthancomplex.com/tutorial/2017/05/23/how-to-deploy-a-django-application-on-rhel.html
https://www.digitalocean.com/community/tutorials/how-to-set-up-django-with-postgres-nginx-and-gunicorn-on-ubuntu-16-04
The virtualenv and the nginx server seems to be allright. However I'm struggling with two errors:
Either I got a 500 error because of worker_connections parameter value (below are logs):
13494#0: *1021 1024 worker_connections are not enough while connecting to upstream, client: 192.168.1.33, server: 192.168.1.33, request: "GET /Syc/login HTTP/1.0", upstream: "http://192.168.1.33:80/Syc/login", host: "192.168.1.33"
Either I increase worker_connections value to > 4096 and I get a 400 error like in this thread 400 Bad Request - request header or cookie too large
Below are my nginx.conf and app.conf, please let me know if there are configuration mistakes and thanks in advance for any help.
nginx.conf:
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
# set open fd limit to 30000
worker_rlimit_nofile 30000;
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
large_client_header_buffers 4 32k;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
app.conf
upstream app_server {
server unix:/opt/sycoma/gunicorn.sock fail_timeout=0;
}
server {
listen 80;
server_name 192.168.1.33; # <- insert here the ip address/domain name
large_client_header_buffers 4 16k;
keepalive_timeout 5;
client_max_body_size 4G;
access_log /opt/sycoma/logs/nginx-access.log;
error_log /opt/sycoma/logs/nginx-error.log;
location /static/ {
alias /opt/sycoma/venv/Sycoma/Syc/static/;
}
location /media/ {
alias /opt/sycoma/venv/Sycoma/media/;
}
location / {
try_files $uri #proxy_to_app;
}
location #proxy_to_app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://192.168.1.33;
}
}
Try to remove/comment the line:
proxy_set_header Host $http_host;
or increase large_client_header_buffers.