I have a nextjs app hosted on Heroku. The app doesn't have a custom server, and visiting the https URL directly works fine.
However, if users visit the http URL directly, I'd like to redirect them to the https page.
What's the best way to achieve this these days?
There is a very hacky solution mentioned here, but I have the feeling that there is a better solution.
Any ideas?
You can use the Edge addon in Heroku which places a CloudFront CDN in front of your app which can handles the redirection. This enforces HTTPS i.e. Edge automatically redirects HTTP requests to HTTPS.
Source:
https://elements.heroku.com/addons/edge
If you do not need an addon, you can use heroku-community/nginx buildpack with a custom nginx configuration that forces HTTPS with:
http {
server {
listen <%= ENV["PORT"] %>;
server_name _;
keepalive_timeout 5;
location / {
<% if ENV['NGINX_SKIP_HTTPS_PROXY'] == 'true' %>
if ($http_x_forwarded_proto != "https") {
return 301 https://$host$request_uri;
}
<% end %>
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://localhost:3000; #next serve listens here and receives nginx requests
}
}
}
You can find the full configuration details in this post.
Related
I want to configure Access-Control-Allow-Origin of a server machine running maptiler-server
but cannot find any documentation how to do it. I also want to know if there is any way to provide the maptiler-serve with access tokens generated by another web server to implement some sort of access control. I don't want the map server to be accessible by everyone. I want to restrict it to the users of a particular web application.
I found the solution on maptiler's page. Basicly I had to install a reverse proxy that did redirect to the maptiler-server. The example on their page uses Nginx as reverse-proxy server. To configure it in order to add Access-Control-Allow-Origin header on each responses, I had to extend the example with two more lines. So my location block inside configuration file looks like this:
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_pass http://127.0.0.1:3650;
proxy_hide_header 'Access-Control-Allow-Origin';
add_header 'Access-Control-Allow-Origin' '*' always;
}
The default configuration is located here /etc/nginx/sites-available/ or here /etc/nginx/conf.d/
We are currently switching from Pound to Nginx for our reverse proxy, I have everything working except for one site.
We have a split DNS setup. All of our webservers are behind our firewall. If you are on our network our internal DNS points directly to our webservers. If you are outside our network our external DNS points to our reverse proxy, which forwards traffic through our firewall to the webservers.
We have one site which is of course vendor software (horray!) basically if our users go to http://abc.foo.com the server sends a 302 redirect code and point them to https://login.vendorsite.com
This redirect works on the inside, but if you connect from the outside the 302 redirect never makes it thorugh nginx. They stay on abc.foo.com and instead a 200 status is returned by Nginx.
We never had this issue with Pound, pound allows the redirect through with no issue.
Here is my current config for nginx:
server {
listen 80;
server_name abc.foo.com;
location / {
proxy_set_header Host &host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://webserveripaddress;
}
}
I guess you're missing something, but if it really that simple you just can use return
location / {
return 301 http://webserveripaddress;
}
Apparently we are no longer using the internal server for abc.foo.com
They changed the DNS entry on the external DNS and never removed the information from the old reverse proxy since "it didn't go there anymore anyway".
So Nginx is working as it should.
I would like to use Nginx as the HTTP proxy server.
On the backend, we have 3 different applications written in Java exposing a RESTful API each. Every application has their own prefix on the API.
For instance:
APP 1 - URI prefix: /api/admin/**
APP 2 - URI prefix: /api/customer/**
APP 3 - URI prefix: /api/support/**
On the frontend, we have a SPA page making requests to those URI's.
Is there a way to tell Nginx to route the HTTP request depending on the URI prefix?
Thanks in advance!
I am pretty sure you can use nginx proxy forwarding to re-route according to each of your several uri prefixes. I have used proxy forwarding with nginx. Your example I have adapted from a page that gives information specifically on uri prefixes (I have preserved the /foo entry from that page here for your comparison):
https://serverfault.com/questions/379675/nginx-reverse-proxy-url-rewrite
See also (noting difference of proxy_pass from proxy_redirect),
http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass
With your code, the locations would be something like:
server {
listen 80;
server_name www.example.com;
location /api/admin {
proxy_pass http://localhost:3200/;
}
location /api/customer {
proxy_pass http://localhost:3200/;
}
location /api/support {
proxy_pass http://localhost:3200/;
}
location /foo {
proxy_pass http://localhost:3200/;
}
}
As the link I have provided mentions, note the forward slash at the end of each location directive that enables the wild carding after the prefix. And of course the urls to which each of the paths are redirected need not all be the same--localhost:3200--as they are in this example.
I want to redirect each IP address of my web site to the host name of that web site using rewrite directive and than access the web site using proxy_pass directive in NGINX like this
proxy_pass http://host/name ;
Using NGINX as a proxy works for but i couldn't change my script to rewrite addresses and proxy my request at the same time. I tried to use Rewrite directive but i can't find the right syntax for that.
Using rewrite directive to change host will cause a redirection. It means client needs to post another request with new host, and then, you can proxy_pass this request. In this case, the URL in client (for example, browser) will change, like 'http://*.*.*.*:port/uri?request_string' -> 'http://host/uri?request_string'.
Usually, we use rewrite directive to change the URI of the request which will be proxy_passed. If you want to change the host, using proxy_set_header. An example:
location ~* "^/maishenme/(knowse|knowdetail|iget|ilist|initem|i?compare)(.*)?$" {
rewrite "^/maishenme/(.*)?$" /$1 break;
proxy_pass http://***.xxx.com;
proxy_set_header Host "internal.xxx.com";
break;
}
And in this case, from the client side, the url do not change, but for the backend server, you can print the host field and see it changed to "internal.xxx.com"
hi i have nginx server and other webserver which i want to hide from public direct access. but when i try to access that server on root i send redirect response to client to url like this: server/test/spring/main. when i try to access it from nginx server i get the server url redirect instead nginx url.
example:
my-nginx.com
my-server.com
if i want to access myserver.com/test/spring/main from nginx server i guess i have to access my-nginx.com/test/spring/main but when i do that i get redirect to url myserver.com...
my config:
upstream my-server {
server my-server.com;
}
server {
listen 80;
server_name my-nginx;
location / {
proxy_pass http://my-server/;
}
}
the other think is when i access the root page on my-server.com i redirect the client to "https://my-server.com/test/spring/main".
Why i'm redirect from my-nginx.com url to my-server.com?
This configuration seems do not have big problem, and I also use proxy_pass to access other domain in our production environment, and do not redirect.
You should be care of the last '/' in "http://my-server/", usint "http://my-server" instead, or just using "http://my-server.com" with no upstream.
The behavior with '/' or with not '/' is a little different.