What is '_' in Nginx listen option? - nginx-config

What is _ in nginx listen option?
I read listen 80 _; in nginx cookbook.
I found server_name _; mean just invalid server_name.
Then what is in listen?
ref https://nginx.org/en/docs/http/ngx_http_core_module.html#server

listen 443 ssl : makes nginx listen on all ipv4 address on the server, on port 443 (0.0.0.0:443)
while
listen [::]:443 ssl : makes nginx listen on all ipv6 address on the server, on port 443 (:::443)
[::]:443 will not make nginx respond on ipv4 by default, unless you specify parameter ipv6only=off :
listen [::]:443 ipv6only=off;
ssl :
The ssl parameter (0.7.14) allows specifying that all connections accepted on this port should work in SSL mode.
http2 :
The http2 parameter (1.9.5) configures the port to accept HTTP/2 connections.
This doesn't mean it accepts only HTTP/2 connections.

Related

How can I close haproxy frontend connections coming from unknown hosts?

Now I am using nginx to close connections from unknown hosts and return 444 "no response"
How do I achieve the same with haproxy which is in front of nginx (saving the extra step between haproxy and nginx)
current nginx config:
server {
# Close connection for unrecognized hosts (444 no response)
listen 80 default_server;
listen [::]:80 default_server;
return 444;
}
This can be achieved using "silent-drop"
acl host_example req.hdr(host) -i example.com
http-request silent-drop if not host_example
https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#4.2-http-request%20silent-drop
https://www.haproxy.com/blog/introduction-to-haproxy-acls/#using-acls-to-block-requests
Ejez you can either accept connections coming from known ip's are block connections of particular ip's in frontend of haproxy.
ref code:
allowed known ip's
acl network_allowed src 20.30.40.50 20.30.40.40
use_backend allowed_backend if network_allowed
or
block certain ip's only
acl is-blocked-ip src 192.0.2.11 192.0.2.12 192.0.2.18
http-request deny if is-blocked-ip
ref:
1.https://blog.sleeplessbeastie.eu/2018/03/26/how-to-block-particular-ip-addresses-on-haproxy/
2.https://raymii.org/s/snippets/haproxy_restrict_specific_urls_to_specific_ip_addresses.html

HAProxy not redirecting http to https (ssl)

I'm using HAProxy for load balancing and only want my site to support https. Thus, I'd like to redirect all requests on port 80 to port 443.
How would I do this?
Edit: We'd like to redirect to the same url on https, preserving query params. Thus, http://foo.com/bar would redirect to https://foo.com/bar
frontend httpfront
mode http
bind *:80
redirect scheme https code 301 if !{ ssl_fc }
You need configure frontend for 443 port.
frontend (port 80) -> frontend (port 443) -> backend
Check my example:
frontend httpfront
mode http
bind *:80
redirect scheme https code 301 if !{ ssl_fc }
frontend httpsfront
mode tcp
bind *:443
default_backend app
backend app
mode tcp
balance roundrobin
server server01 10.10.10.11:443 check
server server02 10.10.10.12:443 check

Nginx redirect http to custom https AND https to custom https

I have a server on a restricted vps. I only have access to port 80, and some higher ports - no 443.
I was able to redirect all http to https on port 11111 [with return 301], OR redirect https request made on port 443 to 11111 [with error_page 497].
I would like to redirect http to https on custom port, and 'redirect' https to https custom port. I cannot listen on 443.
This is what I have so far:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name example.org;
return 301 https://$server_name:11111$request_uri;
#error_page 497 https://$server_name:11111$request_uri;
}
server{
# SSL configuration
#
listen 11111 ssl default_server;
listen [::]:11111 ssl default_server;
}
Thanks in advance!

nginx 301 drops port forwarded by vagrant

I have a vagrant vm running nginx on port 80. My host machine forwards port 8080 to the vagrant vm's port 80.
I need to rewrite a url with a 301 redirect, which works, but the port I use to access nginx through the tunnel (8080) is dropped and the redirect fails.
http://server.com:8080/blog/two
-becomes-
http://server.com/blog.php?article=two
- it should be -
http://server.com:8080/blog.php?article=two
example:
rewrite ^/blog/(.*)$ /blog.php?article=$1 last;
Thanks!
Extract the original port number from the Host header field:
set $port '';
if ($http_host ~ :(\d+)$) {
set $port :$1;
}
rewrite ^/blog/(.*)$ http://example.com$port/blog.php?article=$1;

Redirecting requests over 8443 to 443

One of our applications was previously configured to serve SSL from tomcat over port 8443. We're migrating this application to a new environment and switching to using nginx to handle SSL termination rather than tomcat (which will operate over 8080). I would like the ability for folks to be able to connect to the new environment over 8443 but get redirected to 443 (to support anyone's old bookmarks or links).
Currently have rulesets to redirect 80 to 443, and a full ssl_certificate set defined for listening on 443, but no luck trying a variety of methods to listen on 8443 and redirect to itself over 443.
Any suggestions?
Just define a separate server for port 8443, and do a redirect from there. You'd obviously still have to have a proper certificate for your 8443 server, too.
server {
listen 8443 ssl;
server_name example.com;
ssl_...;
return 301 https://example.com$request_uri;
}