I have a simple static website that I'd like to serve with Nginx. I'd like to authenticate users via SSO with a simple Flask authenticator served with uwsgi. The usual nginx auth methods seem to not fit this kind of workflow.
My current location config is as follows:
location / {
root nginx-app;
index index.html index.htm;
try_files $uri #flask;
}
location #flask{
include uwsgi_params;
uwsgi_pass unix:/var/socket/app.socket;
}
location #staticapp{
auth_request /authorized;
root static-app;
}
'/' serves a few static assets, then sends users to #flask to make sure they're logged in.
#flask/ redirects to a third party SSO login site, which redirects to #flask/sso. The flask app gets some info from this, then redirects to '/', where I my static app to be mounted. #flask/authorized returns 200 if a user is logged in and a 400 otherwise.
try_files has a limitation of only allowing one named location. Using X-Sendfile or the like, I can't seem to mount the static app at '/', only at different locations. How can I 'redirect' to #staticapp and have it mounted at '/'?
Is there a workaround to mount my static app at '/' and only allow it to be accessed after an authentication call? Is there a better way to organize this config?
Sometimes it's not worth the time to fix 'annoyances'! Mounting the static app at /app as follows works fine. Would be nice to mount at /, but that's ok.
location / {
root nginx-app;
index index.html index.htm;
try_files $uri #flask;
}
location #flask{
include uwsgi_params;
uwsgi_pass unix:/var/socket/app.socket;
}
location /app{
auth_request /authorized;
alias static-app;
}
Related
I have an angular application hosted in docker container. Few of the static contents are read from some other server so that the reverse proxy configuration has been put at path /etc/nginx/conf.d/
but the proxy config is not working.
Below is the proxy config
server {
location /static/configs/ {
proxy_pass http://somewebsite.com/static-data/configs
}
}
Lets assume my application url is "http://angularapp.com/"
Now if I access http://angularapp.com/static/configs/json/config.json
then it is giving me HTTP 404 error.
I don't have rights to amend any other files on path /etc/nginx. I can only put conf file at conf.d and configuration in sites-enabled is already including the /etc/nginx/conf.d/*.conf files.
My application is installed on /opt/app/Web/ path and local resources on the path are accessible.
I'm trying to redirect all urls without www to www, i have the following rules in my netlify.toml file
[[redirects]]
from = "/"
to = "/es"
status = 302
force = false
conditions = {Country = ["es"], Language = ["es","EU-es"]}
[[redirects]]
from = "https://example.com/*"
to = "https://www.example.com/:splat"
status = 301
force = true
The first rule works, but the second rule which is general rule to redirect all requests without www to www is not working. I'm using gatsby v1 with typescript.
Netlify does this redirect automatically if you set your site's primary custom domain to www.example.com and you have a valid SSL certificate for the hostname. In case example.com and www.example.com are secondary hostnames (called domain aliases: https://www.netlify.com/docs/custom-domains/#domain-aliases) then you would likely want/need this redirect.
Usually people put those kinds of redirects above the other ones like your 302/language redirect so that it happens first, but that is probably not the (only) problem with it if it is not working.
Note: That will ONLY catch requests to literally https://example.com(/*) and not requests to http://example.com in case you do not have your site forcing ssl (which should never be the case - Netlify tries to force automatically for all sites).
If you're finding that not to work and you've met the prerequisites:
- netlify site configured with those hostnames
- SSL certificate on the netlify site with support for those hostnames
...then it is possible we either didn't process it correctly and so it is not in place, or something else in the system is wrong and you should contact Netlify's helpdesk for a hand in investigating, since the redirects that were processed are not shown anywhere and trying to understand what was processed by trial and error is not a very awesome process :)
For a rails application that keeps on crashing for some redis issues that I am still trying to solve, I am trying to temporarly solve the problem with full page caching.
The page caching works fine, but for the root url, the cached page is not served without parameters.
http://www.example.com goes straight to the app, but http://www.example.com/index.html serve the cached page
To avoid the ugly 500 errors, I would like to redirect requests to /index.html
I tried a few combinaisons, such as
location = / {
rewrite / /index.html;
}
It worked for the root url, but blocked other urls such as /blog/, who then also was redirected to the root /index.html
I am not sure if I should resolve that with a redirect, or maybe is there something wrong with my caching parameters ?
here is my current nginx config:
https://pastebin.com/m9rj0Axt
Using omnibus gitlab 9.2.
Action: As a non-logged-in user, attempt a request for a public project that doesn't exist (at least not publicly).
Result: Receive a 302 redirect to /users/sign_in from nginx.
What I'd like to see: Receive a 302 redirect to /public (or wherever, for that matter)
What I've tried without success: Adding this to gitlab.rb:
nginx['custom_gitlab_server_config'] = "try_files $uri $uri/ /public;\n\nfastcgi_intercept_errors on;\n\n"
I couldn't find the explicit redirect in any nginx conf, so I guess it's in Rails. I'll peruse that code.
This is actually a custom HA configuration with the gitlab nodes behind haproxy fronts. I thought about possibly doing something on the fronts, but couldn't come up with anything.
Thanks!
Edit:
I see now that replacing the unmatched_route line in routes.rb with:
get '*unmatched_route', to: redirect('/public'), via: :all
does what I need, but I'd of course want to make that change persistent. Is that possible?
yesterday i switched my sites to a new server. now i have a problem, because one domain i now run as a subdomain, was previously accessed as a subfolder and a few sites, which I have no access to, are still using that domain.com/subfolder/?some=parameters
so, long story short:
i need to update my nginx config file, to redirect my users from domain.com/subfolder/?some=parameters to subfolder.domain.com/?some=parameters
i searched for a solution for that problem yesterday, but couldn't fix the problem.
currently i have this in my conf file:
location /subfolder/ {
rewrite ^/subfolder(/.*)$ http://subfolder.domain.com$1 permanent;
}
which obviously redirects all requests from domain.com/subfolder/?some=parameters to subfolder.domain.com/?some=parameters, but requests to domain.com/subfolder/styles.css aren't redirected.
I think this is due to a conflicting location directive for specific static file extensions in your nginx config. I was able to get your rule to work by making it use a regular expression which influences the priority.
location ~ /subfolder/.* {
rewrite ^/subfolder(/.*)$ http://subfolder.domain.com$1 permanent;
}
See the details about the location directive, especially the rules and examples there about precedence.