502 Bad Gateway when redirecting on nginx - redirect

I have a problem with nginx redirection. I work on nginx 1.4.4 and i have two seperate redirects. It should work two ways:
First redirect: Address address1.com redirects to address address2.com ->
Address address2.com redirects to addres2.com:1234 where the application resides.
Second redirect is directly from ddress2.com:
- address2.com redirects to address2.com:1234
Now the problem:
- Redirect from address1.com to address2.com works, but address2.com to address2.com:port doesn't. It ends with 502 Bad Gateway error. Configs and
errors from log are presented below:
Information from error.log:
[error] : *386 connect() failed (111: Connection refused) while connecting to upstream, client: {client ip addr}, server:{server name}, request:
"GET / HTTP/1.1", upstream: "https://127.0.0.1:{port}", host: "{server name}"
Nginx uses many .conf files stored in conf.d location.
address1.conf (This works):
server {
### server port and name ###
listen {ip_addr}:443;
ssl on;
server_name address1.com;
access_log /var/log/nginx/address1.log;
error_log /var/log/nginx/address1-error.log;
ssl_certificate /etc/httpd/ssl/servercert.crt;
ssl_certificate_key /etc/httpd/ssl/private/serverkey.key;
location / {
rewrite ^ $scheme://address2.com redirect;
}}
address2.com conf file (This doesn't):
server {
### server port and name ###
listen {ip_addr}:443;
ssl on;
server_name address2.com;
access_log /var/log/nginx/address2.log;
error_log /var/log/nginx/address2-error.log;
ssl_certificate /etc/httpd/ssl/servercert.crt;
ssl_certificate_key /etc/httpd/ssl/private/serverkey.key;
proxy_read_timeout 180;
location / {
proxy_pass https://127.0.0.1:{port};
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-HTTPS on;
}}
Funny thing is that I have another application working on the scheme addr3.com -> addr3.com:port and redirection works just perfect. The only
difference between address2.conf and address3.conf is port on which applications work. Each address uses https, Port 443 is open on the firewall.
Hope my description is detailed enough, if not just let me know.
I've been struggling with this problem for couple of days and haven't found any tips or solutions suitable for me.
I'd appreciate any help.

The problem might be with SELinux. Check to see if it running with sestatus. Since some forwarding is working for you, this command might be redundant, but others might require it:
sudo setsebool -P httpd_can_network_connect 1
To enable forwaring for specific ports, which might be your problem, run this command:
sudo semanage port -a -t http_port_t -p tcp 8088
Replace 8088 with the port in question.
The command semanage might not be found. How you install it is distro dependent, but you can most likely google for a solution to that.

Related

URL requested a HTTP redirect, but it could not be followed. - Facebook/Nginx issue

I have used Facebooks sharing debugger to highlight an issue on the website
URL requested a HTTP redirect, but it could not be followed.
https://developers.facebook.com/tools/debug/sharing/?q=https%3A%2F%2Fwww.badgerbookings.com
This is also stopping it accepting the url in the privacy policy when creating an app.
I have researched and made sure to add all OG meta tags. I also "reduced" down the redirects on my nginx to only support a http > https redirect which to me seems pretty standard.
It still produces the error on both the debugger and the Privacy Policy URL.
My Nginx config:
server_tokens off; #Enables or disables emitting nginx version on error pages and in the “Server” response header field
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
server_name _;
return 301 https://www.badgerbookings.com$request_uri;
}
server {
server_name www.badgerbookings.com badgerbookings.com *.badgerbookings.com;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; # allow websockets
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Forwarded-For $remote_addr; # preserve client IP
proxy_set_header Host $http_host;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/badgerbookings.com-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/badgerbookings.com-0001/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
Go to Facebook Developer's policy page.
Scroll down to this bit:
Privacy Policy
a. Provide a publicly available and easily accessible privacy policy
that explains what data you are collecting and how you will use that
data.
Now run
curl https://badgerbookings.com/terms
Are you looking at an easily accessible privacy policy which is publicly available at that url?
You maybe having IPv6 issues which can be resolved as simple as adding a listen [::]:443 ssl directive in you SSL server block.
If that doesn't fix it, try redirecting with a matching if directive
if ($scheme != "https") {
return 301 https://www.badgerbookings.com$request_uri
}
This is best if you unite both server blocks in one, to avoid more code. Just delete the non-https one and insert port 80 listen directives on the other one as well, with that conditional redirect, this way your code will be even slimmer.

Nginx reverse proxy for HTTPS traffic (through uWSGI socket) and websockets

I have Nginx set up as a reverse proxy for a Flask Application running on uWSGI. The configuration looks like:
server {
listen 80;
server_name subdomain.app.org;
location / {
include uwsgi_params;
uwsgi_pass unix:/home/ubuntu/app/myapp.sock;
}
}
Additionally, I want to access a websocket running on the same machine on port 3232. So I changed the config to:
server {
listen 80;
server_name subdomain.app.org;
location /ws/ {
proxy_pass http://127.0.0.1:3232;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_read_timeout 86400;
}
location / {
include uwsgi_params;
uwsgi_pass unix:/home/ubuntu/app/myapp.sock;
}
}
When I try to access the socket from remote using wscat -c ws://subdomain.app.org/ws I receive error: Error: unexpected server response (301).
Everything works fine when I set the location of the websocket as well as the Flask app to /, but then I cannot access my Flask application anymore.
Any ideas? I undestand that many people before me have asked this but not in connection with a uWSGI socket running. I have spent hours reading stackoverflow posts on this but didn't find anything suitable. Thanks for your help.

Botpress - Verifying facebook bot messenger webhook

I'm new to the botpress community and just finished developing my first bot. Now I'm trying to get it to work on my server. The problem is that while trying to verify the webhook.
Trying from facebook I received this error: "The URL couldn't be validated. Callback verification failed with the following errors: HTTP Status Code = 403; HTTP Message = Forbidden"
My url: https://b.mysite.com/api/botpress-messenger/webhook
Trying directly from botpress:
An error occured during communication with Facebook
Details: An error has been returned by Facebook API. Status: 400 (Bad Request) (#194) Requires all or none of the params: callback_url, verify_token
Trying to use ngrok the error is the same as above.
That's my current nginx config:
server {
server_name b.mysite.com www.b.mysite.com;
access_log /var/log/nginx/b.mysite.com.access.log rt_cache;
error_log /var/log/nginx/b.mysite.com.error.log;
root /var/www/b.mysite.com/htdocs;
listen 80; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/b.mysite.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/b.mysite.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
# Redirect non-https traffic to https
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:3000;
proxy_redirect off;
autoindex on;
}
}
Server was configured using easyengine and the SSL was issued by letsencrypt and installed using certbot.
Could you please help me solve this issue?
Thank you in advance!
You should create a botpress-messenger.config.yml on root directory of the app. And make sure enabled: true
applicationID: ''
accessToken: ''
appSecret: ''
verifyToken: ''
hostname: ''
enabled: true
One more thing, for debugging you can use chatbotproxy.com to proxy your request and capture incoming/outgoing requests.
After several tries I ended up setting up a new server without easyengine and worked just fine. Probably some ee default configs conflicted with botpress.

Nginx Reverse proxy to different server

We're trying to setup a reverse proxy to redirect traffic to an internal network from a DMZ webserver, using nginx.
The traffic comes in on 443, hits an apache page user logs in against an ldap server, then we are redirecting the traffic from apache to nginx (which is listening on 8089). Nginx is then to proxy that traffic back to the internal network.
The apache redirect works, and at least some of the nginx proxy is working. The page on the internal server loads, but all of the resources on the page are double appending the URL. For example:
https ://webserver.us.com ==redirects==> http ://webserver.us.com:8089 ==Nginx Proxy==> http ://internal.server.com:8080/page
http: //internal.server.com/page loads, but all of the resources on the page are trying to load as:
http: //internal.server.com/page/page/resource.
when hitting the internal page directly, they are of course http: //internal.server.com:8080/page/resource
I am sure that there is an error in our setup of the proxy_pass, proxy_redirect and root / location, but I can't figure it out...
Our Nginx.conf is as follows: (FYI this is a solaris server)
worker_processes 1;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 8089;
server_name <internal.server.com>;
access_log /var/opt/csw/nginx/logs/access.log;
error_log /var/opt/csw/nginx/logs/error.log;
root http://<internal.server.com>:8080;
index index.html index.htm;
location / {
proxy_pass http://<internal.server.com>:8080/<page>/;
proxy_redirect http://<internal.server.com>:8080/<page> http://<internal.server.com>:8080/<page>;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
Whenever we set anything in the "location" parameter other than "/" it returns an nginx 404, and the error log shows:
"/var/opt/csw/nginx//RES_NOT_FOUND"
The client requests webserver.us.com/ which is translated to internal.server.com:8080/page/ through the reverse proxy.
The document specifies resource URIs like /page/resource, so the client requests these as webserver.us.com/page/resource which is translated to internal.server.com:8080/page/page/resource through the reverse proxy.
The simplest solution is to make the reverse proxy transparent. You can add an exact match location to map / to your application's entry point:
location = / {
rewrite ^ /page/ last;
}

Nginx site configuration disabling 301 rewrite for another site

I currently have two enabled site configurations in nginx, let us call them old-site.example and new-site.example. There is no other site configuration active.
old-site.example should 301-redirect to new-site.example. This currently works well as long as the old-site.example configuration is alone. After adding the new-site.example configuration file, it does not redirect anymore.
oldsite.conf:
server {
listen 80;
server_name *.old-site.example;
rewrite_log on;
location / {
return 301 http://www.new-site.example$request_uri;
}
}
newsite.conf:
server {
listen 80;
server_name www.new-site.example;
charset utf-8;
location / {
#forward to application server
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080;
}
}
other configuration details:
JBoss AS7 as application server running behind Nginx 1.5.1
This was a DNS related error, sorry everyone.
Background: The ISP of the client managed to "smart redirect" the domain instead of using DNS. They basically scraped the new site on their servers and returned it via the old domain. I'm speechless.
If you ever have a problem like this, check DNS resolution before second-guessing your config.