So I have an internal API server namespaced under /api/, and I want to pass all other requests to an Amazon S3 static site using proxy_pass. This all works fine, it's just since Amazon is serving a single page app, I want to always return the same HTML file. They way I did this with the S3 server, was to set the index and error page as the same file. It all looks fine on the surface, but for all other requests besides /, the S3 instance returns a 404. Can I use NGINX to change this to a 200 before returning it to the client?
server {
listen 80;
server_name example.com;
location /api/ {
# serve internal app
}
location / {
proxy_pass http://example.amazonaws.com/;
# ALWAYS RETURN A 200
}
}
You should be able to use the error_page and proxy_intercept_errors directives to achieve this. Something like this should do the trick.
location / {
proxy_pass http://example.amazonaws.com/;
proxy_intercept_errors on;
error_page 404 =302 /your_html_file
}
error_page
proxy_intercept_errors
You can internally rewrite all URLs to the document you want served. This avoids the error handling cycle and problematic redirects.
It would be something like (untested):
location / {
proxy_pass http://example.amazonaws.com/;
rewrite ^.* /index.html
}
Note that you will want to only use full or root-relative URLs in your doc, because you don't know if the docs is served from a subdirectory.
You'd also be wise to have JS code validate the URL and optionally redirect to one you consider valid. Otherwise 3rd party sites could link to offensive URLs and get them in search indexes!
Related
Little stuck but I'm trying to redirect an old domain name to a new domain, which is working to a point. However, we have a long list of URLs from our old website (using the old domain). Which have /en/ appended at the end.
So the issue is when I link olddomain.com/en/old-url to newdomain.com/new-url it throws a 404 as it's not picking up the '/en/'. I've compiled a long list of 301 redirects inside the Django admin, but they don't include the '/en/'. Which is where the issue is. Ideally, I want to add something to my nginx config that tells the domain to redirect even if the /en/ is included.
So Far I have something like this:
server {
listen 80;
server_name olddomain.co.uk www.olddomain.co.uk olddomain.co.uk/en/
return 301 https://www.newdomain.co.uk$request_uri;
}
server {
HTTPS
server_name olddomain.co.uk www.olddomain.co.uk olddomain.co.uk/en/;
#return 301 https://www.newdomain.co.uk$request_uri;
listen 443;
}
Thanks in advance.
I've a SPA (Single Page Application) site, let's say under https://example.com and an API for it under https://api.example.com
I want to serve server rendered content for specific useragents like googlebot, facebookexternalhit, etc.
So, if user goes to https://example.com/brandon/things it will get served SPA, but if bot goes to the same URL it will get served server rendered page with all proper meta and open graph tags.
My server rendered pages with proper matching are under https://api.example.com/ssr/
So for example if bot hits https://example.com/brandon/things it should get content from https://api.example.com/ssr/brandon/things
I almost got it working with nginx proxy_pass if statement to the Django application (which returns server rendered output) but unfortunately there's one edge case that makes it behave weirdly.
My implementation:
server {
listen 80;
server_name example.com; # url of SPA
index index.html;
root /srv/example_spa/public/dist; # directory of SPA index.html
# $ssr variable that tells if we should use server side rendered page
set $ssr 0;
if ($http_user_agent ~* "googlebot|yahoo|bingbot|baiduspider|yandex|yeti|yodaobot|gigabot|ia_archiver|facebookexternalhit|facebot|twitterbot|developers\.google\.com|rogerbot|linkedinbot|embedly|quora link preview|showyoubot|outbrain|pinterest|slackbot|vkShare|W3C_Validator|redditbot") {
set $ssr 1;
}
# location block that serves proxy_pass when the $ssr matches
# or if the $ssr doesn't match it serves SPA application index.html
location / {
if ($ssr = 1) {
proxy_pass http://127.0.0.1:9505/ssr$uri$is_args$args;
}
try_files $uri /index.html;
}
}
But there's the problem:
Everything works dandy and sweet, except one case.
User hits https://example.com/brandon/things/ and he gets SPA index.html - perfect.
User hits https://example.com/brandon/things and he gets SPA index.html - perfect.
Bot hits https://example.com/brandon/things/ and he gets server rendered page - perfect.
Bot hits https://example.com/brandon/things (without appended slash) and he gets redirected (301) to https://example.com/ssr/brandon/things - BAD BAD BAD
I've tried to make it work for couple of hours now without luck.
What would you suggest? I know if in nginx is evil, but I don't know how to make it work without it...
Any help is appreciated
You need to alter the redirects for proxy_pass
location / {
proxy_redirect http://127.0.0.1/ssr/ http://$host/ssr/;
proxy_redirect /ssr/ /;
if ($ssr = 1) {
proxy_pass http://127.0.0.1:9505/ssr$uri$is_args$args;
}
try_files $uri /index.html;
}
It turns out this was issue with my Django application redirect. I thought I had "APPEND_SLASH" option disabled, but it was enabled and made redirect when there was no slash. And it redirected without changing the host to https://api.example.com, but only URI part. Hence my confusion.
And I actually found two ways to fix that.
First, just use rewrite to append slash when there isn't one.
location / {
if ($ssr = 1) {
rewrite ^([^.]*[^/])$ $1/ permanent;
proxy_pass http://127.0.0.1:9505/ssr$uri$is_args$args;
}
try_files $uri /index.html;
}
Second, modify proxy_pass to always add / slash after $uri part and server side render application url config to accept two slashes at the end //'. It's a little hacky but has no side effects and works as it should.
Nginx config:
location / {
if ($ssr = 1) {
proxy_pass http://127.0.0.1:9505/ssr$uri/$is_args$args;
}
try_files $uri /index.html;
}
Django URL regex:
r'^ssr/(?P<username>[\w-]+)/(?P<slug>[\w-]+)(/|//)$'
I have two versions of site with urls: http://example.com and https://example.com.
I want to redirect all requests to static content (files that is ended with .html, .htm, .js) to https version of my site.
So, I created the rule:
location ~ "\.(htm|html|js|css|svg|png)$" {
return 307 https://example.com$request_uri;
}
With this rule browser changes address of my site to https://example.com.
But I don't want to change address, I want that all requests to static files but not to index.html (main html of my site) will be redirected to https version.
How can I add something like AND NOT index.html to regex ~ "\.(htm|html|js|css|svg|png)$"?
Try:
root /path/to/root;
location = /index.html {
}
location ~ "\.(htm|html|js|css|svg|png)$" {
return 307 https://example.com$request_uri;
}
The location = block has highest precedence (the order is not important).
Because of an explicit or implicit index index.html statement, the URI / causes nginx to look for /index.html. The empty location block will cause the static file to be served, and the return 307 avoided.
See this document for more.
New to nginx and still trying to figure out its methods.
I'm trying to do a redirect to an external URL based on the referring URL. For example, in the code below that I have for the hosted domain, if the referring URL comes from Facebook, I want to redirect the user to a specific URL:
location / {
index index.php;
if ($http_referer ~* ^(.*?(\bfacebook\b)[^$]*)$ ) {
rewrite http://www.othersite.com break;
}
try_files $uri $uri/ #handler;
expires 30d;
}
Nginx doesn't throw any errors once it's restarted, but despite testing this from a Facebook link, it's not executing.
Any nginx / regular expression gurus who can point me in the right direction?
Thanks in advance.
Although it may pass the syntax test, your rewrite statement is incorrect. To redirect any URI to a new URL you would use:
rewrite ^ http://www.example.com/? permanent;
But the preferred solution would be the more efficient:
return 301 http://www.example.com/;
See this page for details of both directives.
If you want to torment someone until the end of time, just get them to configure Django and Nginx X-Accel-Redirect. This is literally impossible, I have been trying for days.
I am trying to only allow certain files to be downloaded from logged in views in django using Nginx on webfaction. Here is what I have:
Custom Nginx app listening on port 27796 under /static. Here is the conf.
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 27796;
server_name myurl.com;
root /home/ucwsri/webapps/static_media_ucwsri_nginx;
location / {
autoindex on;
}
location ^.*/protected-files {
internal;
alias /home/ucwsri/webapps/static_media_ucwsri_nginx/protected;
}
All static content is in /home/ucwsri/webapps/static_media_ucwsri_nginx, and is being correctly served by this Nginx app.
The files I want protected are here:
/home/ucwsri/webapps/static_media_ucwsri_nginx/protected
Which is the alias listed under the location ^.*/protected-files block in Nginx.
The view simply makes an Http Response thus:
response = HttpResponse()
url = "/static/protected-files/some-file.pdf"
response['X-Accel-Redirect'] = url
return response
Where the 'some-file.pdf' file exists in
/home/ucwsri/webapps/static_media_ucwsri_nginx/protected
Whatever I try I get a 404 from Nginx when trying to get that file as a POST request that goes to that view. I have tried everything I can think of, every location combination block, nothing works. Always a 404.
Someone please put me out of my misery and tell me what I have done wrong. This is truly brutal for something seemingly so simple.
First, your location ^.*/protected-files is nonsense. I guess, you've missed ~ modifier, but even in that case it would be useless.
Second, you have not protected /protected/ folder. Direct request to /protected/some-file.pdf will download that file without any protection.
Third, you have /static/protected-files/some-file.pdf in X-Accel-Redirect, but you didn't mention any static folder before.
So, I would suggest following config:
server {
listen 27796;
server_name myurl.com;
root /home/ucwsri/webapps/static_media_ucwsri_nginx;
location / {
autoindex on;
}
location ^~ /protected/ {
internal;
}
And django should be:
response = HttpResponse()
url = "/protected/some-file.pdf"
response['X-Accel-Redirect'] = url
return response
Summary:
Protect real folder.
X-Accel-Redirect is URI, just think about it as if user put that URI in browser address bar. The only difference is that internal will allow access with X-Accel-Redirect while forbid direct user access from browser.