iframe using nginx reverse proxy - html

i am trying to iframe amazon.com but it refuses to connect even after reverse proxy using nginx.
server {
listen 443;
server_name www.amazon.com amazon.com;
root /var/www/example.com;
index index.html;
location / {
proxy_pass http://140.82.3.69;
proxy_set_header Host http://140.82.3.69;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_hide_header 'x-frame-options';
proxy_set_header x-frame-options allowall;
}
}
i am using this type of configs.
here is test url: http://140.82.3.69/
i am facing issue it's still refused to connect as it shows on regular hosting.

Related

Several PM2 web apps with NGINX

I have several NodeJS web apps running in localhost in different ports through PM2. I then use NGINX as web server.
I read the PM2/Nginx production setup for NGINX configuration
upstream my_nodejs_upstream {
server 127.0.0.1:3001;
keepalive 64;
}
server {
listen 443 ssl;
server_name www.my-website.com;
ssl_certificate_key /etc/ssl/main.key;
ssl_certificate /etc/ssl/main.crt;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://my_nodejs_upstream/;
proxy_redirect off;
proxy_read_timeout 240s;
}
}
My question is, is there any further optimizations I can do considering I have several NodeJS web apps running under PM2?

Chrome not handling "308 - Permanent Redirect" redirects as expected on HTTPS

I am running a web server on Sinatra behind an Nginx reverse proxy server. It is a requirement that HTTP requests are all redirected to HTTPS, so that is my current configuration.
map $http_upgrade $connection_upgrade {
default Upgrade;
'' close;
}
## Listen on port 80 for HTTP requests, redirect to https
server {
listen 80 default;
listen [::]:80 default;
return 308 https://$host$request_uri;
}
## Use HTTPS when requests are made
server {
listen 443 ssl;
# don't allow old ssl protocols
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ensure that our ciphers are preferred, and give a list of preferred ciphers
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
# enable session tickets
ssl_session_tickets on;
# TLS session cache 4 hours, 40 MB
ssl_session_cache shared:SSL:40m;
ssl_session_timeout 4h;
ssl_certificate /data/projects/cloudpeel-next/cloudpeel.crt;
ssl_certificate_key /data/projects/cloudpeel-next/cloudpeel.key;
location / {
proxy_pass http://localhost:4567;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
This works great in most cases, except when a POST request occurs from the client. Ideally the 308 (or 307) redirect is supposed to preserve the POST data and request the client again to request a different address (in this case the HTTPS version of the site).
However, what occurs in Chrome, is that the request is handled (as far as I can tell more like a 301 redirect, and the request is interpreted as GET, for which my backend has different behavior, redirecting the user to an incorrect page.
I have tried using return 301 and 307, with neither producing the desired results.
The curious thing, is that when tested in Edge and Firefox, the application works exactly as expected.
The network tab in the developer shows the following: a 303 code for a POST attempt and a 308 GET, which is not the desired behavior. In Firefox, only code 200 is shown. Is there anything I can do about this in my Nginx configuration?
Edit: I tried changing my redirect in Nginx to 301, and Firefox still works as intended, while Chrome is still broken.
Well, I figured out my problem. I edited my location / {} block and here is what finally got it working for me - hope it helps someone!
map $http_upgrade $connection_upgrade {
default Upgrade;
'' close;
}
## Listen on port 80 for HTTP requests, redirect to https
server {
listen 80 default_server;
server_name localhost;
return 301 https://$host$request_uri;
}
## Use HTTPS when requests are made
server {
listen 443 ssl;
# don't allow old ssl protocols
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ensure that our ciphers are preferred, and give a list of preferred ciphers
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
# enable session tickets
ssl_session_tickets on;
# TLS session cache 4 hours, 40 MB
ssl_session_cache shared:SSL:40m;
ssl_session_timeout 4h;
ssl_certificate /etc/ssl/certs/cloudpeel.crt;
ssl_certificate_key /etc/ssl/certs/cloudpeel.key;
location / {
#HTTPS Config
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-SSL on;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://localhost:4567;
#WebSocket config
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
#proxy_set_header X-Real-IP $remote_addr;
}
}

Trouble serving static files with my goapp through nginx

I am making my first go app on an Ubuntu Server. When I run my server using either an executable or simply go run main.go, I get the initial html page to render, but none of the css, images, or js. The routes also take me to a 404 page. The only thing that seems to pass is the index.html(which is named index.gohtml as a template for go)
All my assets are loaded when I run it on localhost and ip:port configuration on the server, however when I use nginx the assets are not loading in at all. I am assuming because of these factors that nginx is where I am coming across my issue.
Below is what I have so far. This is my first time using nginx so I am unaware of what is necessary to configure it properly.
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8001;
try_files $uri $uri/ =404;
}
}
You might want to separate the try_files and proxy_pass into separate locations:
location / {
try_files $uri $uri/ #proxy;
}
location #proxy {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8001;
}
If the static file does not exist, the request will be forwarded to the service running on port 8001.
See this document for details.

nginx connect() failed (110: Connection timed out)

I know that, this question has been asked multiple times on different forums, but still I can not manage to find a solution, which solves my problem... The situation: We have a nginx, php-fpm and MySQL stack on a server. The server sits behind a nginx reverse proxy. The problem is that on the upstream server there are clean error logs and on the reverse proxy I am getting multiple messages
connect() failed (110: Connection timed out) while connecting to >upstream, client: ++++++++++, server: domain.com, request: "GET >/files/imagecache/FrontBullet/blog1/dknasda.jpg HTTP/1.1", upstream: >"http://192.168.158.142:80/files/imagecache/FrontBullet/blog1/dknasda.jpg>", host: "somedomain.com"
For some reason this error occurs every 1-5 minutes for different resources or files.
My nginx config on the reverse proxy is the following one :
user ++++;
worker_processes 3;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
events {
worker_connections 1024;
use epoll;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 60s; #keeps the connection open with the client; MS default is 60.
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
gzip on;
gzip_http_version 1.1;
gzip_vary on;
gzip_comp_level 6;
gzip_proxied any;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript text/x-js;
gzip_buffers 16 8k;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
upstream main_upstream {
server 192.168.158.142:80 max_fails=3 fail_timeout=60s; # New Server. Sent to 192.168.90
# server 192.168.158.143:80; # HSB
keepalive 32;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name domain.com;
location / {
proxy_buffers 32 32k;
proxy_buffer_size 64k;
proxy_pass http://main_upstream;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-By $server_addr:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_connect_timeout 600s;
proxy_send_timeout 600s;
proxy_read_timeout 600s;
send_timeout 600s;
proxy_http_version 1.1;
proxy_set_header Connection "";
client_max_body_size 32M;
client_body_buffer_size 512k;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
Any Idea why is this happening? I am using centos 7.1 abd nginx 1.6.3
Thanks in advance,
Todor
Finally found the reason and it has been clean for hours now. It turned out that there were 2 overlapping problems. The first one was the kernel dropping requests after the queue is full. Here is a nice manual about tuning the kernel linux kernel parameters - https://www.nginx.com/blog/tuning-nginx/
After the problems started we migrated the site to a new server and used DHCP to assign IP address - BIG MISTAKE. Every hour or so the dhcp restarted the network Interface. Examining the entire system log I noticed that the IP of the network interface is reassigned on regular intervals. Those intervals coincided with the bursts of errors in the log. So the solution was to go back to static IPs.
You have a upstream block like this:
upstream main_upstream {
server 192.168.158.142:80 max_fails=3 fail_timeout=60s; # New Server. Sent to 192.168.90
# server 192.168.158.143:80; # HSB
keepalive 32;
}
The first line fetches requests from 192.168.158.142:80 and stop trying after 3 fails for 60 seconds.
The second line is commented out, so it doesn't work.
Also there are other ip's listed on your other comments, which obviously won't work.
Assuming you want to fetch requests from 192.168.158.142:80 and failover to another ip 192.168.158.143:80 if it fails, this is how you do it:
upstream main_upstream {
keepalive 30;
server 192.168.158.142:80; # main server
server 192.168.158.143:80 backup; # failover
}
Or if you want to distribute the load evenly in a round robin style:
upstream main_upstream {
keepalive 30;
server 192.168.158.142:80; # server 1
server 192.168.158.143:80; # server 2
}
In both cases, make sure you can access both 192.168.158.142:80 and 192.168.158.143:80
Also bear in mind that you're using keepalive, meanning that if your backend servers are set to limit requests in any way, they might start refusing to serve requests to your frontend nginx (I will assume this is your load balancer).

Nginx and Amazon EC2 with multiple static subdomains

Currently have a pure HTML website with some embedded JS code to control flow between HTML files along with graph configuration details. The directories are as follows: html, css, fonts, img, js, sound. On my local machine, I can easily open the HTML files and navigate the site. I am using an Ubuntu Amazon EC2 instance with nginx as the reverse proxy. When running a express.js controlled website on the instance I usually just edit the nginx config file and start the app/server.js file. However, I am unsure as to how to do this with a set of static HTML files that have CSS and other assets associated with them. Below is my attempt at writing the nginx file but I'm not sure if what I'm proposing is possible.
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /var/www/website-dashboard/;
index index.html;
# Make site accessible from http://localhost/
server_name localhost;
location / {
default_type "text/html";
try_files $uri.html $uri $uri/ /index.html;
access_log off;
}
}
You shouldn't have a problem opening HTML files with NGINX - The question is, considdering you're running NGINX as a reverse proxy, what are you running as your web server?
If you're running Apache then you need to make sure it's running on port 8080 and the below NGINX configuration should meet your requirements.
upstream apachebackend {
server 127.0.0.1:8080; #apachebackend
}
server {
listen 80 default;
server_name www.domain.com domain.com;
access_log /var/log/nginx/domain.com.access.log main;
error_log /var/log/nginx/domain.com.error.log;
root /usr/share/nginx/html;
index index.html index.htm index.php;
## send request back to apachebackend ##
location / {
proxy_pass http://apachebackend;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_buffering on;
proxy_buffers 12 12k;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
If you're running NGINX as your web server then you need to set it up accordingly. The default set-up should suffice, just drop your files in the default vhost directory, but I recommend setting it up correctly using separate directories and log files.