I have created a Spring Boot project. I have to cache one Rest API call:
GET localhost:8080/parts
For that I have used nginx. But it is not working : every time I call the API, that call is going to backend. My configuration file is given below.
/usr/local/etc/nginx/nginx.conf
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
error_page 500 502 503 504 /50x.html;
proxy_cache_path /var/log/oms levels=1:2 keys_zone=webcache:10m inactive=1d max_size=2000m;
proxy_cache_min_uses 1;
#upstream backend_server {
# server localhost:8080;
#}
server {
listen 80;
server_name localhost;
location /parts {
proxy_pass http://localhost:8080/parts;
proxy_cache webcache;
}
#location /{
# proxy_pass http://localhost:8080;
# proxy_cache webcache;
#}
}
include servers/*;
}
Related
I have this nginx config.. i want it to accept all domains that have the word competitions in it and end with .com.au.. I have tested with a domain name that should NOT be accepted but it reaches the application.. is the server_name being ignore because I'm using a proxy?
server {
listen 80 default_server;
server_name ~^(.+)competitions?(.+)\.com\.au;
access_log /var/log/nginx/$host.access.log;
error_log /var/log/nginx/error.log;
if ($host !~* ^www){
rewrite ^/(.*)$ https://www.$host/$1 permanent;
}
location / {
proxy_no_cache 1;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8888;
try_files $uri $uri/ #proxy;
}
location #proxy {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8888;
proxy_intercept_errors on;
recursive_error_pages on;
error_page 404 = #rewrite_proxy;
}
location #rewrite_proxy {
rewrite /(.*) /index.cfm?path=$1;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8888;
}
}
You'd have to remove the default_server from there, because this is a catch-all directive.And you still could setup another one server with the default_server directive, if required.
See How nginx processes a request for a more detailed explanation:
If its value does not match any server name, or the request does not contain this header field at all, then nginx will route the request to the default server for this port.
I am trying to create a facebook messenger bot. every thing work woth heroku. then i transfer it to my own server. then i got the error "curl errno =35" i tried it with ngrok work fine on the server but not work with my server.
using debian with nginx x and letsencrypt.
the url is preetombot.bddevwork.net
my setting
server {
listen 80;
server_name preetombot.bddevwork.net www.preetombot.bddevwork.net;
#root /usr/share/nginx/www/preetombot.bddevwork.net;
#return 301 https://$server_name$request_uri;
}
server {
listen 443 default_server ssl http2;
server_name preetombot.bddevwork.net
www.preetombot.bddevwork.net;
ssl_stapling on;
ssl_stapling_verify on;
ssl_certificate /etc/letsencrypt/live/preetombot.bddevwork.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/preetombot.bddevwork.net/privkey.pem;
ssl_trusted_certificate /test/ca-certs.pem;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM$
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_dhparam /test/dhparam.pem;
root /usr/share/nginx/www/preetombot.bddevwork.net;
index index.php index.html index.htm;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://localhost:5000$request_uri;
proxy_redirect off;
proxy_http_version 1.1;
}
location ~ /.well-known{
allow all;
}
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 365d;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/www;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
include fastcgi_params;
}
}
I have multiple secure ports listening within a single server, in this case for FB bot I'm using port 8083.
upstream botd {
server application_1:8083 max_fails=3 fail_timeout=30s;
keepalive 64;
}
server {
listen 443 default_server;
listen [::]:443 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
rewrite_log on;
ssl on;
server_name _;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log debug;
ssl_certificate /etc/ssl/techie8.io/api.techie8.io.bundle;
ssl_certificate_key /etc/ssl/techie8.io/api.techie8.io.key;
# Botd skill.
location /botd {
proxy_redirect off;
if (!-f $request_filename) {
proxy_pass http://botd;
break;
}
}
# Techie8 API.
location / {
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
#Timeout after 8 hours
proxy_read_timeout 43200000;
proxy_connect_timeout 43200000;
proxy_redirect off;
if (!-f $request_filename) {
proxy_pass http://application;
break;
}
}
}
In Flask App:
#app.route('/botd', methods=['GET'])
def handle_verification():
"""Handle Token verification."""
print "Handling Verification."
if request.args.get('hub.verify_token') == VERIFY_TOKEN:
print "Verification successful!"
return request.args.get('hub.challenge')
else:
print "Verification failed!"
return 'Error, wrong validation token'
#app.route('/botd', methods=['POST'])
def handle_messages():
print "Handling Incoming Messages\n"
payload = request.get_data()
print payload
for sender, message in messaging_events(payload):
print "Incoming Message from %s: %s" % (sender, message)
print ("Access Token: %s" % ACCESS_TOKEN)
send_message(ACCESS_TOKEN, sender, message)
return "ok"
In Facebook WebHook Callback URL I have my host configured:
https://api.mycompany.io/botd
I am a newbie to nginx. I am trying to implement a basic hello-world program for remote logging in GWT. I am able to successfully log using Tomcat.
Similarly, I am trying to run a RPC (again Hello World) program on the two servers, works perfectly fine in tomcat however fails in nginx.
Following is my nginx.conf:
user www-data;
worker_processes 1;
error_log logs/error.log error;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
#charset koi8-r;
location / {
root D:/nginx-1.9.12/nginx-1.9.12/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
error_page 405 =200 $uri;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
#
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
#
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
This is the log from error_logs:
2016/03/15 11:42:55 [warn] 5676#2408: "user" is not supported, ignored in D:\nginx-1.9.12\nginx-1.9.12/conf/nginx.conf:1
2016/03/15 11:43:08 [error] 5676#896: *1 CreateFile() "D:/nginx-1.9.12/nginx-1.9.12/html/war/helloworld/greet" failed (2: The system cannot find the file specified), client: 127.0.0.1, server: localhost, request: "POST /war/helloworld/greet HTTP/1.1", host: "localhost", referrer: "http://localhost/war/HelloWorld.html"
After a lot of searching around, I am of the opinion that this is a permission issue. My user does not have a write permission. But I am unable to solve this problem.
Any help is appreciated.
Thanking you in advance.
I am trying to make my domain name only work with a https:// and www in front of it. It's important that domain.com without the www. redirects to the www, and it's also important that https:// is always enabled. I am having a lot of trouble achieving this. I've removed all the redirects from the config because they all just give me errors.
server {
listen 80;
default_type text/html;
server_name epicmc.us;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
root /usr/share/nginx/html;
index index.php index.html index.htm;
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# pass the PHP scripts to FastCGI server listening on the php-fpm socket
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 443;
default_type text/html;
server_name www.epicmc.us;
root /usr/share/nginx/html;
index index.php index.html index.htm;
ssl on;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:5m;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH:!aNULL;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
ssl_certificate /etc/nginx/ssl/cert.crt;
ssl_certificate_key /etc/nginx/ssl/private.key;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
# Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests
#location /RequestDenied {
# proxy_pass http://127.0.0.1:8080;
#}
error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root /usr/share/nginx/html;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
#
# # With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
}
EDIT: I am now using a PHP redirect, but there has to be a better option...
You should define additional virtualhost, and there redirect all clients to desired method+host.
Add to your config (tune to your taste, of course) :
# redirection vhost
server {
listen 10.1.2.3:80;
server_name www.epicmc.us epicmc.us;
access_log /logs/access.log full;
error_log /logs/error.log notice;
location / {
rewrite ^/(.*)$ https://www.epicmc.us/$1 permanent;
}
}
There are two ways of doing this, simple redirect return 301
server {
server_name www.example.com;
listen 80;
return 301 https://$host$request_uri;
}
or using rewrite rules, check the answer for this question it might be helpful
server {
listen 80;
server_name www.example.com ;
location{
rewrite ^(.*)$ https://www.example.com/$1 permanent;
}
}
check answers for this question it might be helpful
Hey guys I'm using Cloudflare's flexible SSL, so my problem was that I had to do the page rules on their site and not in my config. That's why I was getting redirect errors.
Im trying to display the error page in /temp/www/error403.html whenever a 403 error occurs.
This should be whenever a user tries to access the site via https (ssl) and it's IP is in the blovkips.conf file, but at the moment it still shows nginx's default error page.
I have the same code for my other server (without any blocking) and it works.
Is it blocking the IP from accessing the custom 403 page?
If so how do I get it to work?
server {
# ssl
listen 443;
ssl on;
ssl_certificate /etc/nginx/ssl/site.in.crt;
ssl_certificate_key /etc/nginx/ssl/site.in.key;
keepalive_timeout 70;
server_name localhost;
location / {
root /temp/www;
index index.html index.htm;
}
# redirect server error pages to the static page
error_page 403 /error403.html;
# location = /error403.html {
# root /temp/www;
# }
# add trailing slash if missing
if (-f $document_root/$host$uri) {
rewrite ^(.*[^/])$ $1/ permanent;
}
# list of IPs to block
include blockips.conf;
}
Edit:
Corrected error_page code from 504 to 403 but I still have the same issue
I did heaps of googling before coming here but did some more just now, within 5 minutes I had my answer :P
Seems I'm not the only person to have this issue:
error_page 403 /e403.html;
location = /e403.html {
root html;
allow all;
}
http://www.cyberciti.biz/faq/unix-linux-nginx-custom-error-403-page-configuration/
Seems that I was right in thinking that access to my error page was getting blocked.
The problem might be that you're trying to server a 403 "Forbidden" error from a webserver that they are forbidden from accessing. Nginx treats the error_page directive as an internal redirect. So it is trying to server https://example.com/error403.html which is also forbidden.
So you need to make the error page not served out of https like this:
error_page 403 http://example.com/error403.html
or add the necessary "access allowed" options to the location for the error page path. The way to test this is to access the /error403.html page directly. If you can't accesses that way, it isn't going to work when someone gets an actual 403 error.
I had the same issue... The point is that i've implemented ip whitelist at server context level (or vhost level if you prefer), so every locations will have this as well (basicaly /403.html won't be accessible) :
server {
listen *:443 ssl;
server_name mydomain.com ;
error_page 403 /403.html;
.....
if ($exclusion = 0) { return 403; } #implemented in another conf.d files (see below)
location ~ \.php$ {
root /var/www/vhosts/mydomain.com/httpdocs;
include /etc/nginx/fastcgi_par
fastcgi_pass 127.0.0.1:9000;
fastcgi_connect_timeout 3m;
fastcgi_read_timeout 3m;
fastcgi_send_timeout 3m;
}
location /403.html {
root /usr/share/nginx/html;
allow all;
}
...
}
Exclusion conf.d file sample:
geo $exclusion {
default 0;
10.0.0.0/8 Local network
80.23.120.23 Some_ip
...
}
To fix that simply do your return 403 at location level (context):
server {
listen *:443 ssl;
server_name mydomain.com ;
error_page 403 /403.html;
.....
location ~ \.php$ {
if ($exclusion = 0) { return 403; }
root /var/www/vhosts/mydomain.com/httpdocs;
include /etc/nginx/fastcgi_par
fastcgi_pass 127.0.0.1:9000;
fastcgi_connect_timeout 3m;
fastcgi_read_timeout 3m;
fastcgi_send_timeout 3m;
}
location /403.html {
root /usr/share/nginx/html;
allow all;
}
...
}
Works for me.
It looks like there's a boo-boo in the listed configuration, as it is only sending error code 503 ("service unavailable") to the custom page, so for 403 ("forbidden") you probably want to use:
error_page 403 /error403.html