Nginx site configuration disabling 301 rewrite for another site - redirect

I currently have two enabled site configurations in nginx, let us call them old-site.example and new-site.example. There is no other site configuration active.
old-site.example should 301-redirect to new-site.example. This currently works well as long as the old-site.example configuration is alone. After adding the new-site.example configuration file, it does not redirect anymore.
oldsite.conf:
server {
listen 80;
server_name *.old-site.example;
rewrite_log on;
location / {
return 301 http://www.new-site.example$request_uri;
}
}
newsite.conf:
server {
listen 80;
server_name www.new-site.example;
charset utf-8;
location / {
#forward to application server
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080;
}
}
other configuration details:
JBoss AS7 as application server running behind Nginx 1.5.1

This was a DNS related error, sorry everyone.
Background: The ISP of the client managed to "smart redirect" the domain instead of using DNS. They basically scraped the new site on their servers and returned it via the old domain. I'm speechless.
If you ever have a problem like this, check DNS resolution before second-guessing your config.

Related

URL requested a HTTP redirect, but it could not be followed. - Facebook/Nginx issue

I have used Facebooks sharing debugger to highlight an issue on the website
URL requested a HTTP redirect, but it could not be followed.
https://developers.facebook.com/tools/debug/sharing/?q=https%3A%2F%2Fwww.badgerbookings.com
This is also stopping it accepting the url in the privacy policy when creating an app.
I have researched and made sure to add all OG meta tags. I also "reduced" down the redirects on my nginx to only support a http > https redirect which to me seems pretty standard.
It still produces the error on both the debugger and the Privacy Policy URL.
My Nginx config:
server_tokens off; #Enables or disables emitting nginx version on error pages and in the “Server” response header field
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
server_name _;
return 301 https://www.badgerbookings.com$request_uri;
}
server {
server_name www.badgerbookings.com badgerbookings.com *.badgerbookings.com;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; # allow websockets
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Forwarded-For $remote_addr; # preserve client IP
proxy_set_header Host $http_host;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/badgerbookings.com-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/badgerbookings.com-0001/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
Go to Facebook Developer's policy page.
Scroll down to this bit:
Privacy Policy
a. Provide a publicly available and easily accessible privacy policy
that explains what data you are collecting and how you will use that
data.
Now run
curl https://badgerbookings.com/terms
Are you looking at an easily accessible privacy policy which is publicly available at that url?
You maybe having IPv6 issues which can be resolved as simple as adding a listen [::]:443 ssl directive in you SSL server block.
If that doesn't fix it, try redirecting with a matching if directive
if ($scheme != "https") {
return 301 https://www.badgerbookings.com$request_uri
}
This is best if you unite both server blocks in one, to avoid more code. Just delete the non-https one and insert port 80 listen directives on the other one as well, with that conditional redirect, this way your code will be even slimmer.

Nginx reverse proxy for HTTPS traffic (through uWSGI socket) and websockets

I have Nginx set up as a reverse proxy for a Flask Application running on uWSGI. The configuration looks like:
server {
listen 80;
server_name subdomain.app.org;
location / {
include uwsgi_params;
uwsgi_pass unix:/home/ubuntu/app/myapp.sock;
}
}
Additionally, I want to access a websocket running on the same machine on port 3232. So I changed the config to:
server {
listen 80;
server_name subdomain.app.org;
location /ws/ {
proxy_pass http://127.0.0.1:3232;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_read_timeout 86400;
}
location / {
include uwsgi_params;
uwsgi_pass unix:/home/ubuntu/app/myapp.sock;
}
}
When I try to access the socket from remote using wscat -c ws://subdomain.app.org/ws I receive error: Error: unexpected server response (301).
Everything works fine when I set the location of the websocket as well as the Flask app to /, but then I cannot access my Flask application anymore.
Any ideas? I undestand that many people before me have asked this but not in connection with a uWSGI socket running. I have spent hours reading stackoverflow posts on this but didn't find anything suitable. Thanks for your help.

prevent redirecting to https and URI hacks nginx reverse proxy

I have setted up a reverse proxy on my server with nginx inside docker, and since then all request are redirecting to https although i didn't set all locations to https redirection.
Basically what i want is to be able to serve both https and http with the reverse proxy.
In addition i want to be able to redirect to different URI dynamically, for example i want to set all routes of /bla2/foo/bar to be redirected to only what comes after /bla2
what i tried to get here is that whenever accessing to example.com/bla2/foo/bar it should redirect it to example.com/foo/bar without the bla2 section...
Is it possible on the same configuration file?
what can cause my server to redirect all request to https
This is my server nginx.conf
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/example.com.crt;
ssl_certificate_key /etc/ssl/example.com.key;
listen 80;
server_name example.com;
location /bla/bla {
proxy_pass http://example.com:3980/foo/bar1;
}
**location /bla2/**{
# proxy_pass http://example.com:3004;
return 301 http://example.com:3004$request_uri;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-Proto $scheme;
}
location /app3 {
rewrite ^/app3(.*) /$1 break;
proxy_pass http://example.com:1236/app3;
}
}
I want to be able to get directly content of http://example.com:3004 if i put it in the browser without any redirection to https.
Only if i try access example.com/bla2 i want it to be required https instead of http, and to be redirected to different path.
You need to use regular expression and capture groups for this
location ~* /bla2/(.*) {
return 301 http://example.com:3004$1$is_args$args;
}
Another way of doing it would be just use rewrite
rewrite ^/bla2/(.*)$ http://example.com:3004/$1 redirect;
If you want to transparently proxy it to the example.com:3004 removing /bla2 then you should use
location /bla2/ {
proxy_pass http://example.com:3004/;
}
The trailing slash / in /bla2/ and http://example.com:3004/ is very important here

How to setup Mojolicious with nginx?

Required to develop a web application using Mojolicious. Therefore required to setup with a web server.
From the Mojolicious Nginx documentation:
One of the most popular setups these days is Hypnotoad behind an Nginx reverse proxy, which even supports WebSockets in newer versions.
upstream myapp {
server 127.0.0.1:8080;
}
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://myapp;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Ad:
Required to develop a web application using Mojolicious. Therefore
required to setup with a web server.
isn't true. Just follow the: http://www.mojolicious.org
put into some file, let say: mojo.pl
use Mojolicious::Lite;
get '/' => {text => 'I ♥ Mojolicious!'};
app->start;
To run this example with the built-in development web server start it with morbo.
$ morbo mojo.pl
it will answer:
Server available at http://127.0.0.1:3000
Just CLICK THIS LINK in your browser. You will get
I ♥ Mojolicious!
And could start the development immediatelly. Setting the nginx is enough much-much later - for the deployment.

Nginx Reverse proxy to different server

We're trying to setup a reverse proxy to redirect traffic to an internal network from a DMZ webserver, using nginx.
The traffic comes in on 443, hits an apache page user logs in against an ldap server, then we are redirecting the traffic from apache to nginx (which is listening on 8089). Nginx is then to proxy that traffic back to the internal network.
The apache redirect works, and at least some of the nginx proxy is working. The page on the internal server loads, but all of the resources on the page are double appending the URL. For example:
https ://webserver.us.com ==redirects==> http ://webserver.us.com:8089 ==Nginx Proxy==> http ://internal.server.com:8080/page
http: //internal.server.com/page loads, but all of the resources on the page are trying to load as:
http: //internal.server.com/page/page/resource.
when hitting the internal page directly, they are of course http: //internal.server.com:8080/page/resource
I am sure that there is an error in our setup of the proxy_pass, proxy_redirect and root / location, but I can't figure it out...
Our Nginx.conf is as follows: (FYI this is a solaris server)
worker_processes 1;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 8089;
server_name <internal.server.com>;
access_log /var/opt/csw/nginx/logs/access.log;
error_log /var/opt/csw/nginx/logs/error.log;
root http://<internal.server.com>:8080;
index index.html index.htm;
location / {
proxy_pass http://<internal.server.com>:8080/<page>/;
proxy_redirect http://<internal.server.com>:8080/<page> http://<internal.server.com>:8080/<page>;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
Whenever we set anything in the "location" parameter other than "/" it returns an nginx 404, and the error log shows:
"/var/opt/csw/nginx//RES_NOT_FOUND"
The client requests webserver.us.com/ which is translated to internal.server.com:8080/page/ through the reverse proxy.
The document specifies resource URIs like /page/resource, so the client requests these as webserver.us.com/page/resource which is translated to internal.server.com:8080/page/page/resource through the reverse proxy.
The simplest solution is to make the reverse proxy transparent. You can add an exact match location to map / to your application's entry point:
location = / {
rewrite ^ /page/ last;
}