I am trying to authenticate several locations together with proxy_pass in Nginx. The Nginx config is following:
server {
listen 443;
server_name example.com;
location /hg/ {
rewrite ^/hg/(.*)$ /$1 break;
proxy_pass http://127.0.0.1:8001;
auth_basic "hg";
auth_basic_user_file hg.htpasswd;
location /hg/repo1/ {
auth_basic "hg-repo1";
auth_basic_user_file repo1.htpasswd;
}
location /hg/repo2/ {
auth_basic "hg-repo2";
auth_basic_user_file repo2.htpasswd;
}
}
}
The authentication works ok, but the proxy gets broken in nested locations (repo1, repo2). It seems that proxy_pass config is not inherited. So, Nginx returns 404 (on /hg/repo1 and /hg/repo2).
Any hints?
You need to repeat proxy_pass for each location block.
Also, there is no function to nesting the location blocks. Usually they are not nested.
Related
I have an existing server which is working well hosting a number of sites using nginx and ISPconfig. However I have created a new site and wish to use Laravel.
I've installed Laravel successfully via composer and have got as far as seeing the familiar welcome blade displayed when I visit mywebsite.com/public
What I want to do next is make some clean urls. My experience with vhost files is somewhat limited and I'm having a bit of trouble with the config.
My routes file looks like this
Route::get('/', function () {
return view('welcome');
});
Route::get('/test', function () {
return view('test');
});
and I'd hoped to see mywebsite.com/test display the contents of test.blade.php
I'm aware I need to do some work with the vhost file before I can expect this to work but my experience with vhosts is limited and I'm at a bit of a loss.
My current file looks like this
server {
listen *:80;
server_name mywebsite.com ;
root /var/www/mywebsite.com/web;
index index.html index.htm index.php index.cgi index.pl index.xhtml;
error_page 400 /error/400.html;
error_page 401 /error/401.html;
error_page 403 /error/403.html;
error_page 404 /error/404.html;
error_page 405 /error/405.html;
error_page 500 /error/500.html;
error_page 502 /error/502.html;
error_page 503 /error/503.html;
recursive_error_pages on;
location = /error/400.html {
internal;
}
location = /error/401.html {
internal;
}
location = /error/403.html {
internal;
}
location = /error/404.html {
internal;
}
location = /error/405.html {
internal;
}
location = /error/500.html {
internal;
}
location = /error/502.html {
internal;
}
location = /error/503.html {
internal;
}
error_log /var/log/ispconfig/httpd/mywebsite.com/error.log;
access_log /var/log/ispconfig/httpd/mywebsite.com/access.log combined;
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location /stats/ {
index index.html index.php;
auth_basic "Members Only";
auth_basic_user_file /var/www/clients/client1/web5/web/stats/.htpasswd_stats;
}
location ^~ /awstats-icon {
alias /usr/share/awstats/icon;
}
location ~ \.php$ {
try_files /5e26a1d85cb98f7191261e023385e60d.htm #php;
}
location #php {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/lib/php5-fpm/web5.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
}
}
Now on another server I have this working with this simple directive
server {
root /var/www/public;
index index.php index.html index.htm;
server_name localhost;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
}
But I am limited to what I can do with the vhost on the current server as ISPconfig writes most of it for me and it refuses to write the above config that worked elsewhere. Also I feel editing the file directly will be bad practice, I'd always be on edge that ISPconfig will rewrite the file for me, so I'm not really sure how best to proceed with this.
My options would be to just go ahead and edit the vhost and hope for the best, but if I do that how would I ensure ISPconfig could not overwrite the file without resorting to "hacky" methods?
Alternatively, is there a config I can enter via ISPconfig that will allow rewrites to happen properly in a way that suits Laravel? In this instance, any directive entered would need to take precedence over the ~ .php$ clause as that is written by ISPconfig before any directives entered via the control panel.
I just had the same problem recently. Digging the ISPConfig's sources, I understood it can insert/ merge/ delete location blocks of that default vhosts file. So i did the following:
Sites' menu > choose website > Options
Then I inputed the following on the "nginx Directives" field:
# redirect stuff to the public inner folder
location / {
root {DOCROOT}/public;
try_files /public/$uri /public/$uri/ /public/index.php?$query_string;
}
# merged the stuff people suggests for laravel inside the php block
# mind the 'merge' keyword that did the trick
location ~ \.php$ { ##merge##
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors off;
fastcgi_buffer_size 16k;
fastcgi_buffers 4 16k;
}
There is a slight problem with Danilo's answer. Php ran but assets like js/css/images stopped loading. Adding the following to nginx directives inside ISPConfig works for me:
location / {
root {DOCROOT}/public;
try_files $uri public/$uri/ /public/index.php?$query_string;
}
I am not expert with this but from my past experience if I have two domains I would define server blocks for each in two different files and place them in /etc/nginx/sites-available/site1.com and /etc/nginx/sites-available/site2.com
but it looks like you already have a website that you access using mywesite.com which is located at /var/www/mywebsite.com/web; (see the root value of your configuration file)
Now you install Laravel in test folder in /var/www/mywebsite.com/test location.
To access this you need can try adding following at the end of your ispconfig file.
Note how I used the relative path to laravel's public folder from the root of the server block.
location /../test/public {
try_files $uri $uri/ /index.php$is_args$args;
}
For more detailed tutorial try Nginx Server Block Setup.
Hope this helps,
K
With this configuration:
server {
listen 8080;
location / {
if ($http_cookie ~* "mycookie") {
proxy_set_header X-Request $request;
proxy_pass http://localhost:8081;
}
}
}
I have this error when I reload nginx service:
Reloading nginx configuration: nginx: [emerg] "proxy_set_header" directive is not allowed here in /etc/nginx/conf.d/check_cookie.conf:5
nginx: configuration file /etc/nginx/nginx.conf test failed
This configuration works OK, but it does not do what I want:
server {
listen 8080;
location / {
proxy_set_header X-Request $request;
if ($http_cookie ~* "mycookie") {
proxy_pass http://localhost:8081;
}
}
}
Why I can't put proxy_set_header directive inside an if clause?
Inside location try something like this
# default header value in a new variable
set $esb "$remote_addr, $host";
# if my custom header exists
if ($http_my_header){
set $esb "$http_my_header, $remote_addr, $host";
}
proxy_set_header my-header $esb;
Unlike proxy_pass, you cannot put proxy_set_header inside an if block. You can only put it in http/server/location block. So your 2nd config is good.
Reference: http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_header
context: http, server, location
Don't know what the $request variable is. It doesn't appear in nginx variable list: http://wiki.nginx.org/HttpCoreModule#Variables. What are you trying to achieve here?
How can I configure nginx to redirect all URL's (not prepended with /api or some static resource eg. JS/images) to index.html? Reason is I am using HTML5 push state URL's with a single page application. Meaning content is changed whether AJAX or JS depending on the URL
My current nginx config looks like:
server {
listen 2000;
server_name localhost;
location / {
root /labs/Projects/Nodebook/public;
index index.html;
}
location /api/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:3000/;
proxy_redirect off;
}
}
location / {
try_files $uri /index.html;
}
This will check if the requested file exists and return it. If the file doesn't exist, it will return index.html.
http://nginx.org/en/docs/http/ngx_http_core_module.html#try_files
mattes answer is almost a solution, however it won't give 404 for missing files (e.g. favicon.icon) as aschepis pointed out.
Nginx will pick the first location that matches. So we can first match for files (which will give 404 if the file does not exist). And after put a location which defaults to index.html for all urls.
location /.+\..+ { # files (assuming they always have a dot)
# use eg alias to serve some files here
}
location / { # url routed by client, client gives 404 for bad urls
try_files $uri /index.html;
}
You need to add to your nginx config file:
rewrite ^(.+)$ /index.html last;
Then say you're using Backbone.js just make sure you re-route any non-defined route to a 404 page:
routes: {
// Other routes
"*path" : "notFound"
},
notFound: function(path) {
// Load 404 template, probably of a cute animal.
}
Source:
http://readystate4.com/2012/05/17/nginx-and-apache-rewrite-to-support-html5-pushstate/
I'm trying to do a reverse proxy with Nginx based on the URL. I want http://mydomain.example.com/client1/... to be redirected to http://127.0.0.1:8193/.... I have tried many ways, and none of them worked. Please note that the application can make redirections. These are the configuration files of my last solution :
default
server {
listen 80;
server_name mydomain.example.com;
location / {
set $instance none;
if ($request_uri ~ ^/(.*)/$) {
set $instance $1;
}
set $no_cookie true;
if ($http_cookie ~ "instance=([^;] +)(?:;|$)") {
set $instance $1;
set $no_cookie false;
}
if ($no_cookie = true) {
add_header Set-Cookie "instance=$instance;Domain=$host;Path=/";
rewrite ^ / break;
}
include instances.conf;
}
instances.conf
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 90;
proxy_send_timeout 60;
# Installation of language packs, etc. can take a long time
proxy_read_timeout 10800;
if ($instance = client1) {
proxy_pass http://127.0.0.1:8193;
}
if ($instance = client2) {
proxy_pass http://127.0.0.1:8194
}
...
When the browser requests http://mydomain.example.com/client1/, Nginx should set a cookie named instance with the value client1 then redirect the traffic to the appropriate proxy. For subsequent queries, it should use this cookie to make redirection. The problem I have is it never sets the $instance variable to client1. Don't forget that the application has no idea of the prefix /client1.
Do you have an idea? Do you know of a better solution?
The regex used to get the cookie was wrong. I have changed this to
"instance=([^;][^ ]+)(?:;|$)"
and it works now.
Edit: It's only a part of the solution finally. I'm sorry. There is still a problem. See my comment below.
It is not related to your problem but "proxy_connect_timeout"
"This directive assigns a timeout for the connection to the upstream server. It is necessary to keep in mind that this time out cannot be more than 75 seconds."
See Nginx' map module
map $uri $proxy {
/client1 http://127.0.0.1:8193/client1;
/client2 http://127.0.0.1:8194/client2;
}
server {
server_name my.domain.com;
proxy_pass $proxy;
}
Note that appending /clientX to the end of the proxy_pass URI strips that portion of the URI from the request (which seems rational to me, but may not be what you want).
I have an application with both dynamic and static content. I use nginx as a front end for this app. When dynamic content is requested, the request is forwarded to an unix socket (to a node.js app), this part works well. I have added a "location" directive to serve the static content but this part does not work, I get the 404 error each time despite the fact the folder "/home/test/my_app/static" does exist.
This is the nginx conf I have:
upstream test_sock {
server unix:/tmp/test.sock
fail_timeout=0;
}
server {
listen 15000;
client_max_body_size 4G;
server_name localhost domain.com;
keepalive_timeout 5;
location ~ /static/ {
if (!-f $request_filename) {
return 404;
}
if (-f $request_filename) {
root /home/test/my_app/static;
expires 30d;
}
}
location / {
proxy_pass http://test_sock;
proxy_redirect off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
}
Any idea ?
hmmm... ok, silly thing, I was missing the root directive before the locations ones...