I have a server configured with varnish on port 80 -> apache2 on port 81
if i go to a folder without a trailing slash ( http://xxx/test ) it tries to redirect to ( http://xxx:81/test/ )
is it possible to stop apache from doing that ? it breaks every single thing from phpmyadmin to svn....
maybe a rule in varnish to drop the :81 from the redirect ? but im not good in configuring advanced varnish..
sub vcl_deliver {
if(resp.http.Location){
set resp.http.Location = regsub(resp.http.Location, ":81/","/");
}
}
(eventually check if the request host matches the response Location: host )
Related
My server configuration is a TYPO3 installation Vs. 6.2.31 combined with a reverse proxy. The system is running fine with http.
When we try to switch to https we geht this Error Message in the backend:
"Connection Problem
Sorry, but an error occurred while connecting to the server. Please check your network connection."
And the page tree is not loading.
When switching back to http all is working one again.
Our settings:
[SYS][reverseProxyIP] = (IP of our reverse Proxy)
[SYS][reverseProxyHeaderMultiValue] = last
[SYS][reverseProxySSL] = *
What i tried:
deactivate all extensions apart from the system extensions
no entry in syslog (error reporting is on development)
no entries in the server logs
lockSSL in install tool 3 results in never ending 302 redirects
lockSSL with option 2 results in this error message:
Fatal error: Uncaught exception 'RuntimeException' with message 'TYPO3 Backend not accessed via SSL: TYPO3 Backend is configured to only be accessible through SSL. Change the URL in your browser and try again.' in /srv/httpd/sites/fland_ww1/typo3_src-6.2.31/typo3/sysext/core/Classes/Core/Bootstrap.php:897 Stack trace: #0 /srv/httpd/sites/fland_ww1/typo3_src-6.2.31/typo3/init.php(54): TYPO3\CMS\Core\Core\Bootstrap->checkSslBackendAndRedirectIfNeeded() #1 /srv/httpd/sites/fland_ww1/typo3_src-6.2.31/typo3/index.php(21): require('/srv/httpd/site...') #2 {main} thrown in /srv/httpd/sites/fland_ww1/typo3_src-6.2.31/typo3/sysext/core/Classes/Core/Bootstrap.php on line 897
It seems that some requests e.g. for the page tree are made without ssl - ajax calls i presume - but i dont have a clue how to debug it.
Andy ideas?
Thanks!
I have the same version at a customer and with a load balancer / proxy.
The only difference is [SYS][reverseProxyHeaderMultiValue] = first.
Also, [BE][lockSSL] = 1 is set.
Maybe it helps?
This thread is quite old, but because many people do read until now i will try an answer. We could solve the problem (and once again in a different installation) with the following settings:
[SYS][reverseProxyIP] = (IP of our reverse Proxy)
[SYS][reverseProxyHeaderMultiValue] = firt
[SYS][reverseProxySSL] = *
AND - that is important - changes in the server config too:
RequestHeader set X-Forwarded-Proto "https"
SetEnv proxy-nokeepalive 1
SetEnv proxy-initial-not-pooled 1
I assume it was the first:
RequestHeader set X-Forwarded-Proto "https"
So in the end the problem was in the server config.
Hello I have this config
server {
listen 82;
server_name myapp.mydomain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name myapp.mydomain.com
# ... remain of the stuff here
}
Before that I had other websites running in ports: 80, 3000 etc... now when I access http://myapp.mydomain.com automatically redirects me to my app (as is I were invoking port 82) and if I try to access another app running on 3000 port it tries to rewrite the https://myapp.mydomain.com:3000 as well... if I use the ip it works as expected (not the ssl part).
Full config can be found at:
https://gist.github.com/angvp/363f50ff8b8d345126adaf1595cd2523
Any ideas?
Ok after I start digging I had this on my nginx conf:
add_header Strict-Transport-Security max-age=15768000;
This is a security measure but that was causing all the subdomains even on different ports will try always https .. the correct way should be to have different subdomains per vhost per port..
I've got a website sitting behind an Nginx proxy. I've set up Nginx to redirect all traffic from HTTP to HTTPS, like so:
server {
listen 80 default_server;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl default_server;
add_header Strict-Transport-Security "max-age=31536000";
location /api {
include uwsgi_params;
uwsgi_pass api-server:80;
}
location / {
root /web;
}
}
As far as I can tell, this should work. And when I hit my server from multiple locations using curl, I see the permanent redirect I was expecting. But I'm getting reports from some users that they're not getting redirected; instead they're seeing a generic Welcome to nginx! page.
Is there a better configuration I should be using? How can I debug this?
Create separate log files for the http and the https server and see if there are other status code than 301 in the one from the http server.
https://www.nginx.com/resources/admin-guide/logging-and-monitoring/
I would like to pipe all traffic through an NGINX proxy and make sure that the node server won't be accessible directly from the outside.
Node's http module has the ability to listen on a given port on localhost only, is there an option to enable sails.js to do the same?
Simply add this line:
config/local.js
explicitHost: process.env.HOST || 'localhost'
Or you could add a policy:
config/policies.js
module.exports.policies = {
'*': 'isLocal'
}
api/policies/isLocal.coffee
# sessionAuth
#
# #module :: Policy
# #description :: Accept only local connections
# #docs :: http://sailsjs.org/#!documentation/policies
module.exports = (req, res, cb) ->
if req.ip is '127.0.0.1' then cb()
else res.forbidden new Error 'Accept only local connections'
Not sure why you want to use Sails to restrict access to only localhost when you're using nginx as a proxy server (nginx is designed to do what you want). You can use an nginx configuration file to restrict local access to your Sails app.
server {
listen 80;
server_name www.yourSailsApp.com;
...
location / {
allow 127.0.0.1;
deny all;
}
}
You may need to add your site to your HOSTS file /etc/hosts:
127.0.0.1 yourSailsApp.com
Alternatively, you can just find the public IP of your server and use that in the nginx configuration instead, in the allow field.
There is one strange domain that is pointing to the IP address of my server.
Sometimes DNS gets confused and it says that I am connected to that domain instead of my own.
I tried contacting the domain owner and domain registrar to remove the DNS A record that points to my machine but they weren't helpful at all
Now I am trying to redirect:
www.foreigndomain.com
to
www.myowndomain.com
so when someone types or opens www.foreigndomain.com it redirects to the my original domain instead serving my content under the www.foreigndomain.com.
I tried to add this to nginx.conf:
server {
server_name .foreigndomain.com;
rewrite ^ http://www.myowndomain.com$request_uri? permanent;
}
but this creates a redirect loop, I'm not quite sure why.
How do I do this right?
The redirect loop happens because www.myowndomain.com matches the same server that does the redirection, to fix this create another server to capture that server name
server {
server_name .foreigndomain.com;
return 301 http://www.myowndomain.com$request_uri;
}
server {
server_name www.myowndomain.com;
location / {
#config here
}
}
If you already have a server with server name myowndomain.com then you need to add the www variant to it.
server {
server_name myowndomain.com www.myowndomain.com;
location / {
# config here
}
}
Try this rewrite variant:
server {
server_name .foreigndomain.com;
return 301 http://www.myowndomain.com$request_uri;
}