I have docker container created from "quay.io/mongodb/charts:19.12.1" for mongodb chart.
Here my container url is http://intenal.nosql.chart//, This url is accessible inside my docker network and it is working perfectly.
Now I want to expose this url to public domain via nginx at http://mypublicdomain.com/mongo/chart.
I have below configuration in nginx
location /mongo/chart/ {
proxy_pass "http://intenal.nosql.chart/";
}
Now if i access my chart from http://mypublicdomain.com/mongo/chart, it is not working. it seems there is error related to baseurl.
So what should i do in mongodb chart to take difference base url
I have to add following header in ngnix
location / {
proxy_pass http://intenal.nosql.chart/;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
Related
Used docker compose for metabase and postgres images.
Managed to build successfully. Went through the Metabase setup, no hitches.
However, I can't seem to get past the sign in page. Each time I enter the correct username and password I used at the setup stage, it still returns me to the sign in page.
Checking the docker logs, I keep seeing this error on sign in attempts:
2022-09-24 23:24:31,502 DEBUG middleware.log :: GET /api/user/current 401 320.3 µs (0 DB calls)
"Unauthenticated"
Not sure what could be wrong?
Turns out the answer had nothing at all to do with Metabase or Docker, but with my Nginx configuration
Problem was in my location block. Initial settings were:
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://localhost:<some_port>; # <- put correct port
}
Changed them to
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme; # <- *changed to this*
proxy_pass http://localhost:<some_port>; # <- put correct port
proxy_http_version 1.1; # <- *add this*
}
...and the error was gone: can log in now.
Unable to load admin console. I have setup Nginx confif
As described in the documentation
nginx needs to provide X-Fordward-For and X-Forwarded-Proto Header when acting as ssl proxy for keycloak
e.g like that
location /
{
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Access-Control-Allow-Origin *;
proxy_pass http://keycloak;
}
And you need to configure proxy adress forwarding in keycloak. Either by adding proxy-address-forwarding="true" to http-listener in the standalone.xml or by setting the environment variable PROXY_ADDRESS_FORWARDING: "true" when using docker.
And finally, in case I'm allowed to give you an avdice: If you ask more specific/detailed questions you will get better answers. A screenshot with an error message and the info you "have a nginx" is normally not enough. Posting your full configuration is essential to provide you useful help.
So I have a Swift server-side app running on my Ubuntu box, it's using the Perfect Framework and runs on port 8080.
I want NGINX to forward requests on port 80 to port 8080 (behind the scenes)
My config is
server {
listen 80;
server_name burf.co;
location / {
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 90;
} }
I have done similar things with VueJS, Node etc but for what am I missing here?
Is it a Perfect issue?
When I go to 127.0.0.1:8080 the page renders fine
I am having some troubles with my application. During redirects my flask application lose the https and redirect to http instead.
I've been trying to find the solution but nothing works.
My nginx configuration for the application (location /) is as follows:
proxy_pass http://localhost:5400;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-port 443;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
(Some examples on the internet says to use "X-Forwarded-Proto". I've tried that without success. And also to use "ssl" or "https" as value on that parameters.
A simple print in the flask application (before_request:) shows that it is still http-requests made event though i use https between client and nginx.
print(request.environ["wsgi.url_scheme"])
What am I doing wrong?
If your application ignores the X-Forwarded headers for setting the scheme in http 3xx responses, you could try setting one or more proxy_redirect rules:
proxy_redirect http:// $scheme://;
See this document for details.
Warning. Making unwanted HTTP redirects is a security flaw as in those requests the connection is not encrypted!!
The only solution here is to correctly configure NGINX and GUNICORN to allow Flask to use the correct headers.
NGINX config should contain at least following directives:
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_pass http://appserver:5000;
And, this is the real solution here, GUnicorn must be started with the --forwarded-allow-ips parameter.
Following is how I start it in production, fixing also the real IP address in logs (beware to complain to the GDPR :P ):
PYTHONUNBUFFERED=FALSE gunicorn \
--access-logfile '-' \
--access-logformat '%(h)s %(l)s %(u)s %(t)s "%(r)s" %(s)s %(b)s "%(f)s" "%(a)s" "%({X-Real-IP}i)s"' \
-b :5000 \
--forwarded-allow-ips="*" \
app:app
You should NEVER send a request in HTTP. The first and only redirect should be the /.
I have a very annoying problem, i use nginx to proxy a apache server(http://internalip.com:18080), the config is like this:
location /svn {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://internalip.com:18080;
}
It is ok most-timely, but sometimes nginx just redirect user to internal address, so the user will be prompt error.
I don't know what's wrong, it just is being happening.
The nginx version is 1.4.4-4~precise0.
Could anybody know this?
Thanks in advance!
I have found out the problem. The key point is the Apache DirectorySlash, if I visit https://outipaddress.com/theurl, apache will redirect to http://internalip.com:18080/theurl/ even if the X-Forword-* headers are set. I think it is a bug of apache httpd.
The workaround is to perform the redirect on nginx side.
`location /svn/ {
if ($request_uri ~ "/[a-zA-Z0-9-_]+$") {
rewrite ^ https://$server_name$request_uri/;
}
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://internalip.com:18080;
}`
Now nginx will redirect all urls that are not ended with slash and seem like a directory(contain only symbol characters).