How to enable CORS in a self-hosted maptiler-server? - openmaptiles

I want to configure Access-Control-Allow-Origin of a server machine running maptiler-server
but cannot find any documentation how to do it. I also want to know if there is any way to provide the maptiler-serve with access tokens generated by another web server to implement some sort of access control. I don't want the map server to be accessible by everyone. I want to restrict it to the users of a particular web application.

I found the solution on maptiler's page. Basicly I had to install a reverse proxy that did redirect to the maptiler-server. The example on their page uses Nginx as reverse-proxy server. To configure it in order to add Access-Control-Allow-Origin header on each responses, I had to extend the example with two more lines. So my location block inside configuration file looks like this:
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_pass http://127.0.0.1:3650;
proxy_hide_header 'Access-Control-Allow-Origin';
add_header 'Access-Control-Allow-Origin' '*' always;
}
The default configuration is located here /etc/nginx/sites-available/ or here /etc/nginx/conf.d/

Related

How to redirect a nextjs app hosted on Heroku from http to https?

I have a nextjs app hosted on Heroku. The app doesn't have a custom server, and visiting the https URL directly works fine.
However, if users visit the http URL directly, I'd like to redirect them to the https page.
What's the best way to achieve this these days?
There is a very hacky solution mentioned here, but I have the feeling that there is a better solution.
Any ideas?
You can use the Edge addon in Heroku which places a CloudFront CDN in front of your app which can handles the redirection. This enforces HTTPS i.e. Edge automatically redirects HTTP requests to HTTPS.
Source:
https://elements.heroku.com/addons/edge
If you do not need an addon, you can use heroku-community/nginx buildpack with a custom nginx configuration that forces HTTPS with:
http {
server {
listen <%= ENV["PORT"] %>;
server_name _;
keepalive_timeout 5;
location / {
<% if ENV['NGINX_SKIP_HTTPS_PROXY'] == 'true' %>
if ($http_x_forwarded_proto != "https") {
return 301 https://$host$request_uri;
}
<% end %>
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://localhost:3000; #next serve listens here and receives nginx requests
}
}
}
You can find the full configuration details in this post.

302 redirect doesn't work behind nginx reverse proxy

We are currently switching from Pound to Nginx for our reverse proxy, I have everything working except for one site.
We have a split DNS setup. All of our webservers are behind our firewall. If you are on our network our internal DNS points directly to our webservers. If you are outside our network our external DNS points to our reverse proxy, which forwards traffic through our firewall to the webservers.
We have one site which is of course vendor software (horray!) basically if our users go to http://abc.foo.com the server sends a 302 redirect code and point them to https://login.vendorsite.com
This redirect works on the inside, but if you connect from the outside the 302 redirect never makes it thorugh nginx. They stay on abc.foo.com and instead a 200 status is returned by Nginx.
We never had this issue with Pound, pound allows the redirect through with no issue.
Here is my current config for nginx:
server {
listen 80;
server_name abc.foo.com;
location / {
proxy_set_header Host &host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://webserveripaddress;
}
}
I guess you're missing something, but if it really that simple you just can use return
location / {
return 301 http://webserveripaddress;
}
Apparently we are no longer using the internal server for abc.foo.com
They changed the DNS entry on the external DNS and never removed the information from the old reverse proxy since "it didn't go there anymore anyway".
So Nginx is working as it should.

Logged into database 'yadi', but dbfilter rejects it; logging session out

Good morning,
I'm working on odoo 8, I created a new database 'yadi' but nothing happens, I always get database manager web page, and this is error on open-server.log:
Logged into database 'yadi', but dbfilter rejects it; logging session out.
Thank you for your help.
I am ODOO expert, It seems issue with nginx or apache2 configuration.
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
This header required in all proxy location. only / for this location not enough. All location with proxy_pass entry you need to add.
Even do for /web/static/ or website/static/ etc...
As ODOO multi host configured with dbfileter ^%h$, indicate all database based on host, so right header to forward.
In case you test without dbfilter, all works well but with dbfilter this may arise an issue.
Now follow my instruction, sure it will resolve ODOO bugs concerns.
You need to remove db-filter from openerp-server.conf
For search mention, you need to use following command.
locate openerp-server.conf
Go to path and remove db-filter parameter.
Generally, that file located under /etc/ folder.
Afterwards, reboot your system.

How to serve static files (images etc.) for a PSGI / Plack web app (in Perl)?

How to serve static files (images, javascript, stylesheets) for a PSGI / Plack based web app?
The answer would probably depend on what web server one uses, be it CGI, FastCGI, mod_psgi, or pure-Perl like Starman. I have heard that using Plack::Middleware::Static or Plack::App::File (together with Plack::App::URLMap) is to be used only for development...
As far as live deployment goes, a very uncomplicated (and fast) setup is if you let the web server deal with the static content and let the Plack app deal with the dynamic content. That would generally require at least 2 proxies in your web server config. Proxy A to your static files (assuming they're all generally in the same place) and proxy B to the port which your Plack app is deployed on.
For example, part of an nginx config might look like the following. Assume that the Plack app is running on port 5001 locally and that your static files are available under the url http://mydomainname.com/static
server {
listen 80;
server_name mydomainname.com;
location / {
proxy_pass http://localhost:5001/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
}
location /static {
root /path/to/static/files;
}
}

Deploying two different Play! applications on the same hostname

I have developed 2 applications with Play Framework, accessing different information, so it does not make sense to merge then as a single app.
Now I need to deploy both apps on the same hostname, each one in a separate sub-folder (URI), for example:
example.com/payment/
example.com/cms/
And I am having problems with routes. I configured a nginx webserver to work as reverse proxy. It deliveries first page as expected.
But once I click anything, instead of going to /cms/Application/index it links back to /Application/index (without /cms/).
IMHO I believe I need change my routes file, hardcoding /cms/ on all paths, but it seems a bad approach because if I need to deploy the APP on another URI I will need to change routes again.
What is the best way to deploy two apps on the same hostname?
----- nginx.conf -----
...
...
...
location /cms {
proxy_pass http://localhost:9001/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /payment {
proxy_pass http://localhost:9002/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
...
...
...
----- nginx.conf -----
If you take a look at this thread on the Google Groups, you will see that the preferred approach is to the the context path.
The recommendation is to use a bootstrap job to set the context per application in the following way
Play.ctxPath="/project1";
Router.detectChanges(Play.ctxPath);
So your code would be
Play.ctxPath="/cms";
Router.detectChanges(Play.ctxPath);
etc.