I would like to pipe all traffic through an NGINX proxy and make sure that the node server won't be accessible directly from the outside.
Node's http module has the ability to listen on a given port on localhost only, is there an option to enable sails.js to do the same?
Simply add this line:
config/local.js
explicitHost: process.env.HOST || 'localhost'
Or you could add a policy:
config/policies.js
module.exports.policies = {
'*': 'isLocal'
}
api/policies/isLocal.coffee
# sessionAuth
#
# #module :: Policy
# #description :: Accept only local connections
# #docs :: http://sailsjs.org/#!documentation/policies
module.exports = (req, res, cb) ->
if req.ip is '127.0.0.1' then cb()
else res.forbidden new Error 'Accept only local connections'
Not sure why you want to use Sails to restrict access to only localhost when you're using nginx as a proxy server (nginx is designed to do what you want). You can use an nginx configuration file to restrict local access to your Sails app.
server {
listen 80;
server_name www.yourSailsApp.com;
...
location / {
allow 127.0.0.1;
deny all;
}
}
You may need to add your site to your HOSTS file /etc/hosts:
127.0.0.1 yourSailsApp.com
Alternatively, you can just find the public IP of your server and use that in the nginx configuration instead, in the allow field.
Related
Currently I'm able to do required redirrects from server A to server B, both listening port 80 default / location.
What I need is additional forward of all requests sent to server A port 8080 non-default location /loc1 to Server B port 80 (the same) location /loc1
server {
listen 80;
server_name 1.1.1.1;
return 301 $scheme://1.1.1.2$request_uri;
}
Is this only doable by adding additional server section like below?
Edit:
server {
listen 8080;
server_name 1.1.1.1;
location /loc1 {
return 301 $scheme://1.1.1.2:80$request_uri;
}
}
Any help is appreciated.
Edit: Having two above "server" sections in config worked flawlessly.
Yes, you'll need an additional server block to listen on 8080. In the second config you've provided, I think there's a typo. 8080 shouldn't be in server_name. Also, having the return statement there means that all requests to 1.1.1.1:8080 will get redirected to 1.1.1.2:80. If you only want to redirect if /loc1 is in the URI, then add a location block as seen below:
server{
listen 8080;
server_name 1.1.1.1;
#rest of your config
location /loc1 {
return 301 $scheme://1.1.1.2:80$request_uri;
}
}
I have a main domain (example.com) and multiple domains (example.net, example1.info, example2.info) pointing to one location in NGINX configuration like so:
server {
server_name example.com *.com *.net *.info;
root /home/example.com/public;
}
And I want to redirect a specific path /login to example.com/login, how do I accomplish it? If I do
server {
server_name example.com *.com *.net *.info;
root /home/example.com/public;
location = /login {
return 301 https://example.com/login;
}
this work for all domains, except example.com/login because it keeps redirecting to itself.
What is the correct way of creating a redirections from a specific path on all sites to my chosen path?
The simplest logic to redirect from one site to another is to isolate the target site with its own server block. Common configuration can be imported into both server blocks by using an include statement.
I would use a default server block rather than a long list of wild cards.
Something like this:
server {
listen 80 default_server;
listen 443 ssl default_server;
include /path/to/common/config;
location = /login {
return 301 https://example.com/login;
}
}
server {
listen 443 ssl;
server_name example.com;
include /path/to/common/config;
}
See this document for details.
Hello I have this config
server {
listen 82;
server_name myapp.mydomain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name myapp.mydomain.com
# ... remain of the stuff here
}
Before that I had other websites running in ports: 80, 3000 etc... now when I access http://myapp.mydomain.com automatically redirects me to my app (as is I were invoking port 82) and if I try to access another app running on 3000 port it tries to rewrite the https://myapp.mydomain.com:3000 as well... if I use the ip it works as expected (not the ssl part).
Full config can be found at:
https://gist.github.com/angvp/363f50ff8b8d345126adaf1595cd2523
Any ideas?
Ok after I start digging I had this on my nginx conf:
add_header Strict-Transport-Security max-age=15768000;
This is a security measure but that was causing all the subdomains even on different ports will try always https .. the correct way should be to have different subdomains per vhost per port..
There is one strange domain that is pointing to the IP address of my server.
Sometimes DNS gets confused and it says that I am connected to that domain instead of my own.
I tried contacting the domain owner and domain registrar to remove the DNS A record that points to my machine but they weren't helpful at all
Now I am trying to redirect:
www.foreigndomain.com
to
www.myowndomain.com
so when someone types or opens www.foreigndomain.com it redirects to the my original domain instead serving my content under the www.foreigndomain.com.
I tried to add this to nginx.conf:
server {
server_name .foreigndomain.com;
rewrite ^ http://www.myowndomain.com$request_uri? permanent;
}
but this creates a redirect loop, I'm not quite sure why.
How do I do this right?
The redirect loop happens because www.myowndomain.com matches the same server that does the redirection, to fix this create another server to capture that server name
server {
server_name .foreigndomain.com;
return 301 http://www.myowndomain.com$request_uri;
}
server {
server_name www.myowndomain.com;
location / {
#config here
}
}
If you already have a server with server name myowndomain.com then you need to add the www variant to it.
server {
server_name myowndomain.com www.myowndomain.com;
location / {
# config here
}
}
Try this rewrite variant:
server {
server_name .foreigndomain.com;
return 301 http://www.myowndomain.com$request_uri;
}
I want to redirect undefined subdomains to my main domain.
So I have a site domain.com and i have 2 subdomains: sub1.domain.com and sub2.domain.com.
And what I want is that when someone tries to go to sub4.domain.com that it mismatches in nginx and redirects it to domian.com. Can this be achieved?
This will redirect any subdomain request.
For all existing subdomains you have to add server entry.
# this will catch all subdomains and redirect to main domain.
server {
server_name *.domain.com;
return 301 http://domain.com$request_uri;
}
# this block will be used for sub1.domain.com;
server {
server_name sub1.domain.com;
...
}
# this is for sub2.domain.com;
server {
server_name sub2.domain.com;
...
}
# and so on...
nginx has no idea of which subdomains exists and which are not. So you have to explicitly name all of them.