Im trying to setup nginx as a proxy server for my django server and here is my configuration.
For some reason when I send a request to the server http://ipaddress it automatically redirects me to https://ipaddress even though I have included anything to redirect.
I want to disable the redirect to https as its a dev server
upstream app_server {
# For a TCP configuration:
server 127.0.0.1:8000 fail_timeout=0;
}
# configuration of the server
server {
#add_header HTTP_X_FORWARDED_PROTO https;
# the port your site will be served on
listen 80 default_server;
# the domain name it will serve for
charset utf-8;
#server_name localhost;
# max upload size
client_max_body_size 75M; # adjust to taste
location / {
# checks for static file, if not found proxy to app
try_files $uri #proxy_to_app;
}
location #proxy_to_app {
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_server;
}
}
Related
I have a AWS EC2 instance running Linux with docker containers running gunicorn/django and an nginx reverse proxy.
I don't want it to redirect to https at the moment.
When I try to reach the url by typing out http://url.com in the browser it seems to automatically change to https://url.com and gives me ERR_CONNECTION_REFUSED. The request doesn't show up at all in the nginx access_log.
But when I try to reach it with curl I get a normal response and it does show up in the nginx access_log.
I have ascertained that the django security middleware is not the cause as the HSTS options are disabled.
I've tried clearing the browser cache and deleting the domain from the chrome security policies.
nginx config:
upstream django_server {
server app:8001 fail_timeout=0;
}
server {
listen 80;
server_name url.com www.url.com;
client_max_body_size 4G;
charset utf-8;
keepalive_timeout 5;
location /static/ {
root /usr/share/nginx/sdev/;
expires 30d;
}
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_pass http://django_server;
}
}
}
What am I overlooking?
I have a Ruby on Rails application, using Nginx webserver with HTTPS running with success in a specific domain (e.g. https://testing.com).
Now, I purchased a landing page template (HTML and JS only) and I need to set it up in the same domain.
Being more specific, what I need is:
https://testing.com/ -> renders landing page template
https://testing.com/* -> renders RoR application
As far as I do not have much knowledge on Nginx configuration, here it's my nginx current configuration:
upstream app {
# Path to Puma SOCK file, as defined previously
server unix:/var/www/poseidon/tmp/sockets/puma.sock fail_timeout=0;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name testing.com www.testing.com;
return 301 https://$server_name$request_uri;
}
server {
# SSL configuration
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
include snippets/ssl-testing.com.conf;
include snippets/ssl-params.conf;
server_name testing.com;
root /var/www/poseidon/public;
try_files $uri/index.html $uri #app;
location #app {
proxy_pass http://app;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on; # Optional
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
location ~ /.well-known {
allow all;
}
}
I uploaded the landing page nginx configuration and I tried something like, but I had no success:
location /* {
root /var/www/landingtesting.com;
}
Any help will be really appreciated!
I have:
a Django web app
a separate static HTML site (blog)
The static site is a separate directory tree.
I want the static site to be served as a sub-section of the web app.
For example, the app is at http://app.com/ and the static is site served from http://app.com/blog
Here's my /etc/nginx/sites-available/app:
upstream app_server {
server 127.0.0.1:9000 fail_timeout=0;
}
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
...
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://app_server;
}
}
server {
server_name yourdomain.com;
location /blog{
root /path/to/static/html;
}
location /{
# your django app configuration
proxy_pass http://localhost:8000$request_uri;
# other configurations
}
}
I'm planning to deploy my django application in 2 ports of nginx server. Port 80 is working but port 99 is not working.
Here are my configs.
Port 99 config
upstream app_server_1 {
# For a TCP configuration:
server 127.0.0.1:8888 fail_timeout=0;
}
# configuration of the server
server {
#add_header HTTP_X_FORWARDED_PROTO https;
# the port your site will be served on
listen 99 default_server;
charset utf-8;
server_name 52.23.184.237;
# SSL configs
#listen 443 default ssl;
#ssl_certificate /etc/ssl/tmatch.crt;
#ssl_certificate_key /etc/ssl/tmatch.key;
# max upload size
client_max_body_size 75M; # adjust to taste
# Django media
location /media {
alias /var/www/tmatch/media; # your Django project's media files - amend as required
}
location /static {
alias /var/www/tmatch/static; # your Django project's static files - amend as required
}
location / {
# checks for static file, if not found proxy to app
try_files $uri #proxy_to_app;
}
location #proxy_to_app {
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_server_1;
}
port 80 config
upstream app_server {
# For a TCP configuration:
server 127.0.0.1:8000 fail_timeout=0;
}
# configuration of the server
server {
#add_header HTTP_X_FORWARDED_PROTO https;
# the port your site will be served on
listen 80 default_server;
charset utf-8;
server_name 52.23.184.237;
# SSL configs
#listen 443 default ssl;
#ssl_certificate /etc/ssl/tmatch.crt;
#ssl_certificate_key /etc/ssl/tmatch.key;
# max upload size
client_max_body_size 75M; # adjust to taste
# Django media
location /media {
alias /var/www/tmatch/media; # your Django project's media files - amend as required
}
location /static {
alias /var/www/tmatch/static; # your Django project's static files - amend as required
}
location / {
# checks for static file, if not found proxy to app
try_files $uri #proxy_to_app;
}
location #proxy_to_app {
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_server;
}
Any errors?
I've had issues with multiple default_server
Try taking one of them out, worked for me
https://mydomainName.com --> AWS-ELB [ingress 443 --> egress 80]) --> OmnibusGitlab
Now Omnibus redirects to the following and times out
http://mydomainName.com/users/sign_in
Any way to debug this issue.
Full path has to be in https because if you are going forward via reverse proxy that accepts https and the you have to come back as as https.
Separate the Nginx configuration because Omnibus solution have to constrains that block the flexibility we have on standard nginx.
Do the following to make this change:
edit /etc/gitlab/gitlab.rb
and add
nginx['enable'] = false
web_server['external_users'] = ['www-data'] #for ubuntu nginx user
web_server['external_users'] = ['nginx'] # for centos 6-7
Add the following configuration to enable gitlab via simple nginx
/etc/nginx/site-availabe/server
server {
listen *:443 default_server ssl;
ssl_certificate /etc/ssl/certs/myserver.crt;
ssl_certificate_key /etc/ssl/private/myserver.key;
server_name myhostname.com
server_tokens off;
root /opt/gitlab/embedded/service/gitlab-rails/public;
client_max_body_size 50m; #or 5000
access_log /var/log/gitlab/nginx_access.log;
error_log /var/log/gitlab/nginx_error.log;
location / {
try_files $uri $uri/index.html $uri.html #gitlab;
}
location #gitlab {
proxy_read_timeout 300; # Some requests take more than 30 seconds.
proxy_connect_timeout 300; # Some requests take more than 30 seconds.
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://gitlab;
}
error_page 502 /502.html;
}
gitlab-redirect
/etc/nginx/sites-available/gitlab-redirect
server {
listen 80;
server_name myhostname.com;
return 301 https://myhostname.com;
}