I tried to configure nginx as image server as below
create myapp.conf and put it at /etc/nginx/conf.d
server {
listen 80;
listen [::]:80;
#here you could also use subdomain
server_name image.mydomain.com ;
#here you could also use context,e.g. location /<context>
location / {
root /myapp/imageServer/;
autoindex on;
}
}
The file exists at /myapp/imageServer/card/3cdad37c5a394567b53283321f6af9e9.png
But when i browse this file via https://image.mydomain.com/card/3cdad37c5a394567b53283321f6af9e9.png. I got 403 forbidden from nginx. There is any mistake of my nginx config?
i found the reason
go to /etc/nginx/nginx.conf
edit line as below
#user www-data;
user root;
Related
What I want is to restrict access to files for unauthorized user.
PocketBase documentation says I can retrieve the file URL and access files through it. The example URL for a file would be like this:
http://127.0.0.1:8090/api/files/example/kfzjt5oy8r34hvn/test_52iWbGinWd.png
I can prevent unauthorized users to get this URL, but authorized users can share URL with other one.
Any ideas?
I found a good way to secure files with nginx, by adding an extra location for my PocketBase server block and using an extra backend with one endpoint.
So, my nginx looks like this:
server {
listen 80;
server_name example.com;
location /api/files {
proxy_intercept_errors on;
error_page 404 = #fallback;
proxy_pass http://127.0.0.1:5000;
}
location / {
proxy_pass http://127.0.0.1:8090;
}
location #fallback {
proxy_pass http://127.0.0.1:8090;
}
}
Where my expressjs backend working on port :5000 checks JWT and responds with 404 if it is valid. Nginx will redirect to :8090 (PocketBase) if 404 returned on :5000.
I have a test server with docker compose + nginx + certbot (get certificates from let's encript).
Nginx config:
server {
listen [::]:80;
listen 80;
server_name testdomain.com www.testdomain.com;
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/certbot;
}
server_tokens off;
# redirect http to https www
return 301 https://www.testdomain.com$request_uri;
}
#other server configs
certbot says in logs:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: testdomain.com
Type: connection
Detail: Fetching http://testdomain.com/.well-known/acme-challenge/vXDwOBgMA9DEq2IvxqUxxxxxxxxxx: Connection refused
Domain: www.testdomain.com
Type: connection
Detail: Fetching http://www.testdomain.com/.well-known/acme-challenge/shRZla5V7iFXB6D__xxxxx: Connection refused
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
I've put a temporary file to the /.well-known/acme-challenge/(http) but it can't be downloaded (if I try to open mydomain.com/index.html - works fine, but redirects to https version).
I think that problem is in the fact, my config tryes to redirect certbot requests to https, too. Do you have any idea how to get /.well-known/acme-challenge/ out of https rules?
I've found solution:
server {
listen [::]:80;
listen 80;
server_name testdomain.com www.testdomain.com;
location ^~ /.well-known/acme-challenge {
allow all;
root /var/www/certbot;
}
location / {
# redirect http to https www
return 301 https://www.testdomain.com$request_uri;
}
server_tokens off;
}
Now everithing is redirecting to https excluding content of this folder /.well-known/acme-challenge
I have a node app that is running on port 8989 and it is being port-proxied to 80.
server {
listen 80;
server_name example.com www.example.com;
access_log /var/log/nginx/example.access.log;
location / {
proxy_pass http://127.0.0.1:8989/;
}
}
That works beautifully. But for some reason, the web address automatically goes to www when I type http://example.com into the browser bar. I didn't tell it to do that! haha
I checked the domain settings in my registrar to make sure I didn't stupidly set a www redirect over there. Nothing.
Finally, I looked at the console logs of requests to http://example.com and the response is a 302 moved temporarily. Not sure how that happened, or why.
Where else can I look?
Try rewriting the server name for permanent
server {
server_name www.domain.com;
rewrite ^(.*) http://domain.com$1 permanent;
}
server {
server_name domain.com;
#The rest of your configuration goes here#
}
I would suggest that your 8989 service is issuing the 302 redirect, which is then being relayed by nginx. You should be looking at your 8989 service configuration to determine why it thinks it lives at www.example.com.
I'm new to nginx configs and have spent a lot of time googling so far. I'm trying to create a very basic nginx config file to be used in a "redirect" server.
Users will be required to point naked domains (example.com) by A-record to my redirect server IP address, and the 'www' record by CNAME to another server.
The purpose of the redirect server is to then perform a 301 redirect any/wildcard naked domains back to to the 'www' version of the domain so it can be properly handled by my other server.
But I also want to catch any misconfigured 'www' domains that are pointing to my server IP by A-record, and simply direct them to a custom error page on the redirect server with further instructions on how to set up their account correctly for my service.
Here's what I have. It works, but since I am new to writing configs I was wondering if there is a better way to handle the redirect to the custom error page in the first server block. TIA!
#redirect to error page if begins with 'www.'
server {
listen 80;
server_name ~^www.; #only matches if starts with 'www.'. Is this good enough?
rewrite ^(.*)$ /404.html; #is this the correct way to direct to a custom error page?
error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html;
}
}
#no match, so redirect to www.example.com
server {
listen 80 default_server;
rewrite ^(.*)$ $scheme://www.$host$1 permanent;
}
Prefix/suffix server name matching is faster and easier than regexp.
Also, there is no reason to use rewrite. You want to return 404, so do it and nginx will do all the rest. BTW, with rewrite you will return 200 OK with content of /404.html instead of 404 Not Found.
So here it is:
server {
listen 80;
server_name www.*;
root /usr/share/nginx/html;
error_page 404 /404.html;
location / {
return 404;
}
location = /404.html {
internal;
}
}
Hey we changed the domain name from domain1.ourapp.com to domain2.ourapp.com
I would like to redirect requests to domain1.ourapp.com to domain2.ourapp.com using nginx conf. I want the browser url also to change.
In the nginx conf I have the following
server {
listen 80;
rewrite ^ https://$host$request_uri? permanent;
}
server {
server_name domain1.ourapp.com;
rewrite ^ $scheme://domain2.ourapp.com$request_uri permanent;
}
server {
listen 443 ssl;
server_name domain2.ourapp.com
# rest of the stuff
}
The trouble is that urls with domain1.ourapp.com return the right response but there is browser redirection happening. I would like some help in this regard.