Hmm I have a problem...
Browser redirects my 3 virtual sites www.site1.com www.site2.com www.site3.com to www.site1.com, only when I use http://site3.com / http://site2.com it works and redirects correctly.
More simply put my problem is that http:// redirects to my virtual entities correctly, www does NOT.
www.site2.com -> www.site1.com (redirects to wrong vhost)
http://site2.com -> www.site2.com works!
My setup is Nginx + Gunicorn + Django, however I strongly believe this is a problem within my Nginx configuration.
Nginx.conf
user www-data;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
My Vhosts:
MYSITE (/etc/nginx/sites-enabled/site)
upstream mysite_app_server {
# fail_timeout=0 means we always retry an upstream even if it failed
# to return a good HTTP response (in case the Unicorn master nukes a
# single worker for timing out).
server unix:/webapps/mysite/run/gunicorn.sock fail_timeout=0;
}
server {
listen 80;
server_name mysite.com;
client_max_body_size 4G;
access_log /webapps/mysite/logs/nginx-access.log;
error_log /webapps/mysite/logs/nginx-error.log;
location /static/ {
alias /webapps/mysite/static/;
}
location /media/ {
alias /webapps/mysite/mysite/media/;
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
if (!-f $request_filename) {
proxy_pass http://mysite_app_server;
break;
}
include includes/botblock;
}
# Error pages
error_page 500 502 503 504 /500.html;
location = /500.html {
root /webapps/mysite/static/;
}
}
MYSITE2 (/etc/nginx/sites-enabled/site2)
upstream mysite2_app_server {
# fail_timeout=0 means we always retry an upstream even if it failed
# to return a good HTTP response (in case the Unicorn master nukes a
# single worker for timing out).
server unix:/webapps/mysite2/run/gunicorn.sock fail_timeout=0;
}
server {
listen 80;
server_name mysite2.com;
client_max_body_size 4G;
access_log /webapps/mysite2/logs/nginx-access.log;
error_log /webapps/mysite2/logs/nginx-error.log;
location /static/ {
alias /webapps/mysite2/static/;
}
location /media/ {
alias /webapps/mysite2/mysite2/media/;
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
if (!-f $request_filename) {
proxy_pass http://mysite2_app_server;
break;
}
include includes/botblock;
}
# Error pages
error_page 500 502 503 504 /500.html;
location = /500.html {
root /webapps/mysite2/static/;
}
}
MYSITE3 (/etc/nginx/sites-enabled/site3)
upstream mysite3_app_server {
# fail_timeout=0 means we always retry an upstream even if it failed
# to return a good HTTP response (in case the Unicorn master nukes a
# single worker for timing out).
server unix:/webapps/mysite3/run/gunicorn.sock fail_timeout=0;
}
server {
listen 80;
server_name mysite3.com;
client_max_body_size 4G;
access_log /webapps/mysite3/logs/nginx-access.log;
error_log /webapps/mysite3/logs/nginx-error.log;
location /static/ {
alias /webapps/mysite3/static/;
}
location /media/ {
alias /webapps/mysite3//media/;
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
if (!-f $request_filename) {
proxy_pass http://mysite3_app_server;
break;
}
include includes/botblock;
}
# Error pages
error_page 500 502 503 504 /500.html;
location = /500.html {
root /webapps/mysite3/static/;
}
}
I’m not going to sanitize and validate your configuration files, but they contain several problems and you should DRY them out.
Regarding your actual question.
You haven’t configured any redirects and nginx is therefore happily redirecting those subdomains to your default server.
You haven’t configured a default server and nginx is simply using the very first defined server as default server (in your case site since site2 and site3 come after that one; simple sort).
The actual solution is to configure the redirects you want to happen for each of your servers. This snippet is taken from another answer of mine on a similar question.
server {
#listen 80 is default
server_name www.example.com;
return 301 $scheme://example.com$request_uri;
}
server {
#listen 80 is default
server_name example.com;
## here goes the rest of your conf...
}
you need
server {
listen 80;
server_name mysite1.com;
return 301 http://www.mysite1.com$request_uri;
}
server {
listen 80;
server_name www.mysite1.com;
# other stuff...
}
this redirects non-www to www and www to www. you need this config for each of those 3 domains..
Related
I have a csrf token error when trying to log in to the django admin in production after adding SSL.
So if I use the configuration below without ssl everything works fine:
upstream app_server {
server unix:/home/app/run/gunicorn.sock fail_timeout=0;
}
server {
listen 80;
# add here the ip address of your server
# or a domain pointing to that ip (like example.com or www.example.com)
server_name 107.***.28.***;
keepalive_timeout 5;
client_max_body_size 4G;
access_log /home/app/logs/nginx-access.log;
error_log /home/app/logs/nginx-error.log;
location /static/ {
alias /home/app/static/;
}
# checks for static file, if not found proxy to app
location / {
try_files $uri #proxy_to_app;
}
location #proxy_to_app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_server;
}
}
But if I change to configuration do listen SSL when filling in any form on the page I get the csrf_token error. My configuration nginx using SSL:
upstream app_server {
server unix:/home/app/run/gunicorn.sock fail_timeout=0;
}
server {
#listen 80;
# add here the ip address of your server
# or a domain pointing to that ip (like example.com or www.example.com)
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
keepalive_timeout 5;
client_max_body_size 4G;
access_log /home/app/logs/nginx-access.log;
error_log /home/app/logs/nginx-error.log;
# Compression config
gzip on;
gzip_min_length 1000;
gzip_buffers 4 32k;
gzip_proxied any;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/xml text/css;
gzip_vary on;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
location /static/ {
alias /home/app/static/;
}
# checks for static file, if not found proxy to app
location / {
try_files $uri #proxy_to_app;
}
location #proxy_to_app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_server;
}
}
server {
listen 80;
server_name example.com;
return 301 https://$host$request_uri;
}
server {
listen 80;
server_name www.example.com;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
server_name www.example.com;
return 301 https://example.com$request_uri;
}
How can I fix the error or where to find the bug. I tried to clear cookies, use different browsers, reset the server and server configuration without result.
In Django ≥ 4 it is now necessary to specify CSRF_TRUSTED_ORIGINS in settings.py
CSRF_TRUSTED_ORIGINS = [
'https://your-domain.com'',
'https://www.your-domain.com'
]
See documentation
I am hosting a Django application on digitalocean. I follow this tutorial to finish its SSL certification. Following that tutorial I don't know where to add this line of code:
return 301 https://$server_name$request_uri;
I tried adding it in /etc/nginx/sites-enabled/leptitox_pro
server {
listen 80;
server_name 68.183.203.33 yahkut.com www.yahkut.com;
return 301 https://$server_name$request_uri;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/leptitoxadmin/pyapps/Leptitox;
}
location /media/ {
root /home/leptitoxadmin/pyapps/Leptitox;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
}
when it didn't work I added it in /etc/nginx/sites-available/leptitox_pro
server {
listen 80;
server_name 68.183.203.33 yahkut.com www.yahkut.com;
return 301 https://$server_name$request_uri;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/leptitoxadmin/pyapps/Leptitox;
}
location /media/ {
root /home/leptitoxadmin/pyapps/Leptitox;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
}
it didn't work there as well, so I added below the server block of code in /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
server { # new
listen 80; # new
server_name yahkut.com; # new
return 301 https://$server_name$request_uri; # new
}
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
}
I then restarted ngnix and run nginx -t and got a success message, and when I ran the website I get either 404 not found or Not secure version of the website.
Please help me with this. Thank you
You have to seperate the server block running port 80 and the server block running port 443 (SSL). Just like this:
server {
listen 80;
server_name 68.183.203.33 yahkut.com www.yahkut.com;
return 301 https://$server_name$request_uri;
# Stop here, it's will be redirect to HTTPS. There's no left to execute
}
server {
listen 443 ssl;
server_name yahkut.com www.yahkut.com;
ssl_certificate /path/to/certificate/your_domain_chain.crt;
ssl_certificate_key /path/to/your_private.key;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/leptitoxadmin/pyapps/Leptitox;
}
location /media/ {
root /home/leptitoxadmin/pyapps/Leptitox;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
}
Add these server blocks.
This is to redirect http to https
server {
listen 80;
server_name example.com;
location / {
return 301 https://$host$request_uri;
}
}
Your main block with ssl
server {
listen 443 ssl ;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
index index.html index.htm index.nginx-debian.html;
server_name example.com;
location / {
proxy_pass http://localhost:5003; // Your port goes here
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
This goes under /nginx/sites-enabled/default or you can create different files for it in this folder
I am setting up a production server with nginx and gunicorn. I used the nginx.conf from the gunicorn examples pages and modified it:
worker_processes 1;
user mypolls webapps;
# 'user nobody nobody;' for systems with 'nobody' as a group instead
pid /var/run/nginx.pid;
error_log /webapps/mypolls/logs/nginx.error.log;
events {
worker_connections 1024; # increase if you have lots of clients
accept_mutex off; # set to 'on' if nginx worker_processes > 1
# 'use epoll;' to enable for Linux 2.6+
# 'use kqueue;' to enable for FreeBSD, OSX
}
http {
# fallback in case we can't determine a type
default_type application/octet-stream;
access_log /webapps/mypolls/logs/nginx.access.log combined;
sendfile on;
upstream app_server {
# fail_timeout=0 means we always retry an upstream even if it failed
# to return a good HTTP response
# for UNIX domain socket setups
server unix:/webapps/mypolls/run/gunicorn.sock fail_timeout=0;
# for a TCP configuration
# server 192.168.0.7:8000 fail_timeout=0;
}
server {
# if no Host match, close the connection to prevent host spoofing
listen 80 default_server;
return 444;
}
server {
# use 'listen 80 deferred;' for Linux
# use 'listen 80 deferred;' for Linux
# use 'listen 80 accept_filter=httpready;' for FreeBSD
listen 80;
client_max_body_size 4G;
# set the correct host(s) for your site
server_name 192.168.1.17;
keepalive_timeout 5;
# path for static files
root /webapps/mypolls/app/static/;
location / {
include /etc/nginx/mime.types;
# checks for static file, if not found proxy to app
try_files $uri #proxy_to_app;
}
location / {
include /etc/nginx/mime.types;
# checks for static file, if not found proxy to app
try_files $uri #proxy_to_app;
}
location #proxy_to_app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# enable this if and only if you use HTTPS
# proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
# we don't want nginx trying to do something clever with
# redirects, we set the Host: header above already.
proxy_redirect off;
proxy_pass http://app_server;
}
error_page 500 502 503 504 /500.html;
location = /500.html {
root /webapps/mypolls/app/static/;
}
}
}
For some reason the request for static files is still passed to gunicorn:
[2017-02-08 15:54:33 +0100] [2207] [DEBUG] GET /static/polls/style.css
The feels seem to be found but empty files are served. Is something wrong with the configuration?
I am trying to deploy a django instance to ec2 . I am using a combination of nginx and gunicorn to achieve that. I got the nginx isntance and gunicorn to start correctly and I am able to get my instance running. But when i try to upload an image to the database on my application I run into this error in my gunicorn error.log :
connect-failed-111-connection-refused-while-connecting-to-upstream
Also all my api calls from the front end to the database return a 500 internal server in the console.
My nginx.conf looks like
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
include /etc/nginx/sites-available/*;
index index.html index.htm;
server {
listen 127.0.0.1:80;
listen [::]:80 default_server;
server_name 127.0.0.1;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
# redir
And my sites-enabled/default file as
upstream app_server_djangoapp {
server 127.0.0.1:8000 fail_timeout=0;
}
server {
#EC2 instance security group must be configured to accept http connections over Port 80
listen 80;
server_name myec2isntance.com;
access_log /var/log/nginx/guni-access.log;
error_log /var/log/nginx/guni-error.log info;
keepalive_timeout 5;
# path for static files
location /static {
alias xxxxxx;
}
location /media {
alias xxxxxx;
}
location / {
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
if (!-f $request_filename) {
proxy_pass http://app_server_djangoapp;
break;
}
}
}
I tried most of the things people talked about - adding right permissisons to the folders. Changing localhost to 127.0.0.1 etc. I am relatively new to this topic so any help would be much appreciated!
Thank you
I would suggest to change default to this :
upstream app_server_djangoapp {
server 127.0.0.1:8000 max_fails=3 fail_timeout=50;
keepalive 512;
}
- remove
keepalive_timeout 5;
- why do u have two location / blocks ?
location / {
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
if (!-f $request_filename) {
proxy_pass http://app_server_djangoapp;
break;
}
}
Pardon me if this is not the right place to ask.
I have a django app served by Gunicorn, which is reversed by NginX and this one is being reversed by an ISA server, so I have the following:
ISA --> Nginx --> Gunicorn
ISA reverses www.mydomain.com/some/path/here to Nginx, and this one reverses /myapp to Gunicorn (nginx and gunicorn are on the same server).
The problem is with the url, for instance the base url to access this apps is
www.mydomain.com/some/path/here/myapp/
When there's an action in a django view like redirect e.g: redirect(reverse('start')),
the url should be
www.mydomain.com/some/path/here/myapp/start/
but I get
www.mydomain.com/some/path/here/some/path/here/myapp/start/
As you can see some/path/here/ is being repeated, I'm assuming this is done by the ISA server, but I'm not sure about this. What am I doing wrong here?
In my settings.py I have:
BASE_PATH = '/some/path/here'
FORCE_SCRIPT_NAME = BASE_PATH + '/myapp'
LOGIN_URL = FORCE_SCRIPT_NAME + '/loginhere/'
urls.py:
...
url(r'^start/', 'testapp.views.start', name='start'),
...
My nginx.conf:
user www-data;
worker_processes 1;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
access_log /var/log/nginx/access.log;
sendfile on;
keepalive_timeout 65;
tcp_nodelay on;
gzip on;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
upstream wawared {
server 127.0.0.1:8000;
}
server {
listen 80;
server_name localhost;
access_log /var/log/nginx/wawared.access.log;
error_log /var/log/nginx/wawared.error.log;
location /static {
root /path/to/static/files;
expires 1d;
gzip on;
}
location /myapp/ {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:8000/;
proxy_redirect off;
}
}
}