We are currently switching from Pound to Nginx for our reverse proxy, I have everything working except for one site.
We have a split DNS setup. All of our webservers are behind our firewall. If you are on our network our internal DNS points directly to our webservers. If you are outside our network our external DNS points to our reverse proxy, which forwards traffic through our firewall to the webservers.
We have one site which is of course vendor software (horray!) basically if our users go to http://abc.foo.com the server sends a 302 redirect code and point them to https://login.vendorsite.com
This redirect works on the inside, but if you connect from the outside the 302 redirect never makes it thorugh nginx. They stay on abc.foo.com and instead a 200 status is returned by Nginx.
We never had this issue with Pound, pound allows the redirect through with no issue.
Here is my current config for nginx:
server {
listen 80;
server_name abc.foo.com;
location / {
proxy_set_header Host &host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://webserveripaddress;
}
}
I guess you're missing something, but if it really that simple you just can use return
location / {
return 301 http://webserveripaddress;
}
Apparently we are no longer using the internal server for abc.foo.com
They changed the DNS entry on the external DNS and never removed the information from the old reverse proxy since "it didn't go there anymore anyway".
So Nginx is working as it should.
Related
I want to configure Access-Control-Allow-Origin of a server machine running maptiler-server
but cannot find any documentation how to do it. I also want to know if there is any way to provide the maptiler-serve with access tokens generated by another web server to implement some sort of access control. I don't want the map server to be accessible by everyone. I want to restrict it to the users of a particular web application.
I found the solution on maptiler's page. Basicly I had to install a reverse proxy that did redirect to the maptiler-server. The example on their page uses Nginx as reverse-proxy server. To configure it in order to add Access-Control-Allow-Origin header on each responses, I had to extend the example with two more lines. So my location block inside configuration file looks like this:
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_pass http://127.0.0.1:3650;
proxy_hide_header 'Access-Control-Allow-Origin';
add_header 'Access-Control-Allow-Origin' '*' always;
}
The default configuration is located here /etc/nginx/sites-available/ or here /etc/nginx/conf.d/
I have a nextjs app hosted on Heroku. The app doesn't have a custom server, and visiting the https URL directly works fine.
However, if users visit the http URL directly, I'd like to redirect them to the https page.
What's the best way to achieve this these days?
There is a very hacky solution mentioned here, but I have the feeling that there is a better solution.
Any ideas?
You can use the Edge addon in Heroku which places a CloudFront CDN in front of your app which can handles the redirection. This enforces HTTPS i.e. Edge automatically redirects HTTP requests to HTTPS.
Source:
https://elements.heroku.com/addons/edge
If you do not need an addon, you can use heroku-community/nginx buildpack with a custom nginx configuration that forces HTTPS with:
http {
server {
listen <%= ENV["PORT"] %>;
server_name _;
keepalive_timeout 5;
location / {
<% if ENV['NGINX_SKIP_HTTPS_PROXY'] == 'true' %>
if ($http_x_forwarded_proto != "https") {
return 301 https://$host$request_uri;
}
<% end %>
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://localhost:3000; #next serve listens here and receives nginx requests
}
}
}
You can find the full configuration details in this post.
I have a fairly simple task, but it doesn't seem to be working and I can't figure out the reason for it. I have a digitalocean droplet and a domain that points to the digitalocean dns. I have set up an "A Record" with "#" and "www" for the domain that both point to my droplet. In my nginx config I have set up one server block for the redirect which contains:
server {
server_name www.example.com;
return 301 $scheme://example.com$request_uri;
}
Now when I do:
curl -I http://www.example.com
I get a http response saying "301 permanently moved" with the correct location. (When I use https I don't get the "permanently moved" but that's a different story).
However when I open the URL in my browser nothing happens and I just get the default nginx website.
What could be the reason for this behavior?
Its correct, you just need a nginx server listening on example.com :
server {
server_name example.com;
location / {
# do something
}
}
I want to redirect each IP address of my web site to the host name of that web site using rewrite directive and than access the web site using proxy_pass directive in NGINX like this
proxy_pass http://host/name ;
Using NGINX as a proxy works for but i couldn't change my script to rewrite addresses and proxy my request at the same time. I tried to use Rewrite directive but i can't find the right syntax for that.
Using rewrite directive to change host will cause a redirection. It means client needs to post another request with new host, and then, you can proxy_pass this request. In this case, the URL in client (for example, browser) will change, like 'http://*.*.*.*:port/uri?request_string' -> 'http://host/uri?request_string'.
Usually, we use rewrite directive to change the URI of the request which will be proxy_passed. If you want to change the host, using proxy_set_header. An example:
location ~* "^/maishenme/(knowse|knowdetail|iget|ilist|initem|i?compare)(.*)?$" {
rewrite "^/maishenme/(.*)?$" /$1 break;
proxy_pass http://***.xxx.com;
proxy_set_header Host "internal.xxx.com";
break;
}
And in this case, from the client side, the url do not change, but for the backend server, you can print the host field and see it changed to "internal.xxx.com"
How to serve static files (images, javascript, stylesheets) for a PSGI / Plack based web app?
The answer would probably depend on what web server one uses, be it CGI, FastCGI, mod_psgi, or pure-Perl like Starman. I have heard that using Plack::Middleware::Static or Plack::App::File (together with Plack::App::URLMap) is to be used only for development...
As far as live deployment goes, a very uncomplicated (and fast) setup is if you let the web server deal with the static content and let the Plack app deal with the dynamic content. That would generally require at least 2 proxies in your web server config. Proxy A to your static files (assuming they're all generally in the same place) and proxy B to the port which your Plack app is deployed on.
For example, part of an nginx config might look like the following. Assume that the Plack app is running on port 5001 locally and that your static files are available under the url http://mydomainname.com/static
server {
listen 80;
server_name mydomainname.com;
location / {
proxy_pass http://localhost:5001/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
}
location /static {
root /path/to/static/files;
}
}