Tag: nginx

  • Nginx Rails Origin header didn’t match request.base_url

    Nginx Rails Origin header didn’t match request.base_url

    After installing SSL on Nginx server, rails application login page stopped working.

    On log file (log/production.log), found following error

    HTTP Origin header (https://domain.com) didn't match request.base_url (http://domain.com)

    The Nginx config used was

    upstream app {
   server unix:/var/www/public/shared/sockets/unicorn.sock fail_timeout=0;
}

server {
   listen 443 ssl;
   root /var/www/public;
   ssl_certificate /etc/ssl/ssl.crt;
   ssl_certificate_key /etc/ssl/ssl.key;
   server_name domain.com;
   try_files $uri/index.html $uri @app;
   location @app {
       proxy_pass http://app;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header Host $http_host;
       proxy_redirect off;
   }
   error_page 500 502 503 504 /500.html;
   client_max_body_size 4G;
   keepalive_timeout 10;
}

    The problem is solved by adding following to nginx config.

    proxy_set_header  X-Forwarded-Proto $scheme;
proxy_set_header  X-Forwarded-Ssl on;
proxy_set_header  X-Forwarded-Port $server_port;
proxy_set_header  X-Forwarded-Host $host;

    The new config is

    server {
   listen 443 ssl;
   root /var/www/public;
   ssl_certificate /etc/ssl/ssl.crt;
   ssl_certificate_key /etc/ssl/ssl.key;
   server_name domain.com;
   try_files $uri/index.html $uri @app;
   location @app {
       proxy_pass http://app;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header Host $http_host;
       proxy_set_header  X-Forwarded-Proto $scheme;
       proxy_set_header  X-Forwarded-Ssl on;
       proxy_set_header  X-Forwarded-Port $server_port;
       proxy_set_header  X-Forwarded-Host $host;
       proxy_redirect off;
   }
   error_page 500 502 503 504 /500.html;
   client_max_body_size 4G;
   keepalive_timeout 10;
}

    See Nginx

  • Docker Nginx Proxy

    Docker Nginx Proxy allow you to run multiple docker containers on same server behind nginx proxy. This is done using

    https://github.com/jwilder/nginx-proxy

    To do this, you need a server with port 80 and 443 unused.

    To setup nginx proxy, run following

    cd /root/
git clone https://github.com/evertramos/docker-compose-letsencrypt-nginx-proxy-companion.git
cd docker-compose-letsencrypt-nginx-proxy-companion
cp .env.sample .env
./start.sh

    This will start nginx proxy. You can modify .env file if you want.

    Starting a Docker Web App Behind Proxy

    To start a web app, all you need is to start docker container on same network as nginx proxy. By default it is “webproxy”.

    Here is an example command to start a web server.

    docker run -d 
    -e VIRTUAL_HOST=test.serverok.in \
    -e LETSENCRYPT_HOST=test.serverok.in \
    -e LETSENCRYPT_EMAIL=admin@serverok.in \
    --network=webproxy \
    --name my_app \
    httpd:alpine

    This will start a test web server. You need to point the domain specified to this servers IP, then only nginx proxy can get LetsEncrypt SSL installed.

    Replace test.serverok.in with your actual domain.

    If you don’t want LetsEncrypt SSL installed, you can remove following 2 options

        -e LETSENCRYPT_HOST=test.serverok.in \
    -e LETSENCRYPT_EMAIL=admin@serverok.in \
  • Nginx Disable Access log

    Nginx Disable Access log

    On a high traffic web site, i want to disable access log as we are hitting I/O Limit. Since we don’t use this access log for anything now, there is no point keep writing it to a file. To disable, you need to add following to server entry for your web site.

    access_log off;

    Here is an example nginx config with access logs disabled.

    server {
    server_name server3.serverok.in www.server3.serverok.in;
    listen 80;
    listen 443 ssl;
    ssl_certificate /etc/ssl/ssl.cert;
    ssl_certificate_key /etc/ssl/ssl.key;
    root /home/server3/public_html;
    index index.html;
    limit_rate_after 10m;
    limit_rate 512k;
    access_log off;
    location / {
        valid_referers none serverok.in www.serverok.in;
        if ($invalid_referer) {
            return 403;
        }
    }
}

  • Enable Directory Listing in Nginx

    To enable directory listing in Nginx, add following to server configuration.

    autoindex on;

    Example

    server {
	listen 80 default_server;
	listen [::]:80 default_server;
	root /var/www/html;
	autoindex on;
	index index.php index.html index.htm;

	server_name _;

    location / {
            try_files $uri $uri/ /index.php?$args;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        proxy_read_timeout 600;
        fastcgi_read_timeout 600;
        fastcgi_send_timeout 600;
        fastcgi_intercept_errors on;
        fastcgi_buffers 16 16k;
        fastcgi_buffer_size 32k;
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    }

}

    If you need it for a specific folder, add

    server {
    listen 80 default_server;
    listen [::]:80 default_server;
    root /var/www/html;
    index index.php index.html index.htm;
    
    server_name _;

    location / {
            try_files $uri $uri/ /index.php?$args;
    }

    location /myfiles {
            autoindex on;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        proxy_read_timeout 600;
        fastcgi_read_timeout 600;
        fastcgi_send_timeout 600;
        fastcgi_intercept_errors on;
        fastcgi_buffers 16 16k;
        fastcgi_buffer_size 32k;
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    }

}

  • Nginx 413 Request Entity Too Large

    On Nginx server, when uploading large file, i get error

    413 Request Entity Too Large

    On nginx error log

    2018/10/10 18:15:34 [error] 25787#0: *184 client intended to send too large body: 31354043 bytes, client: 15.17.7.27, server: _, request: "POST /phpmyadmin/import.php HTTP/1.1", host: "13.16.28.19"

    To fix, edit nginx config for the web site, under the server section of the web site, add

    client_max_body_size 800M;

    Restart nginx.

    service nginx restart

    On cPanel servers, you can add it to

    /etc/nginx/conf.d/users/USRNAME/DOMAIN/custom.conf

# or server wide

/etc/nginx/conf.d/ea-nginx.conf

  • Nginx CloudFlare restore real ip

    When using Nginx Behind Cloudflare, logs and web applications show Cloudflare sever IP instead of visitor IP.

    To fix this, edit

    vi /etc/nginx/nginx.conf

    Inside “http” section, add

    set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2c0f:f248::/32;
set_real_ip_from 2a06:98c0::/29;

real_ip_header CF-Connecting-IP;

    You can get updated list of CloudFlare IPs from

    https://www.cloudflare.com/ips

    Restart Nginx with

    service nginx restart

    Example Nginx Config

    https://gist.github.com/serverok/fef5c76bf96f8e016bf64095da4a64dc

    Back to Nginx

  • Disable Access to a folder in Nginx

    To disable access to folder /admin in Nginx, add following to server block of your web site.

    location /admin {
    deny all;
    return 404;
}

    To disable access to some common virtual control software, use

    location ~ /\.ht    {return 404;}
location ~ /\.svn/  {return 404;}
location ~ /\.git/  {return 404;}
location ~ /\.hg/   {return 404;}
location ~ /\.bzr/  {return 404;}

  • Nginx Proxy SSL Verification

    When using Nginx as a reverse proxy, you may need to handle SSL verification requests. Passing this request to the backend server may not do any good as back-end servers usually only handle application requests.

    To handle SSL validation requests, use the following Nginx Configuration

    server {
    listen 80;
    server_name YOUR-DOMAIN.EXTN www.YOUR-DOMAIN.EXTN;

    location ^~ /.well-known/acme-challenge/ {
        allow all;
        autoindex on;
        root /var/www/html;
    }

    location / {
        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $host;
        proxy_pass http://127.0.0.1:4200;
    }
}

    Now restart Nginx

    service nginx restart

    You can get SSL with the following letsencrypt command

    certbot --authenticator webroot --webroot-path /var/www/html --installer nginx -d DOMAIN.EXTN -d www.DOMAIN.EXTN

    If you have a redirect to HTTPS in your Nginx server block, use something like

    server {
    listen 80;
    server_name YOUR-DOMAIN.EXTN www.YOUR-DOMAIN.EXTN;

    location ^~ /.well-known/acme-challenge/ {
        allow all;
        autoindex on;
        root /var/www/html;
    }

    location / {
        return 301 https://DOMAIN.EXTN$request_uri;
    }
}

    See LetsEncrypt, Nginx

  • Nginx wildcard virtualhost

    wildcard virtual host allow you to host multiple web sites with one configuration file.

    Here is what i use for bizhat.com free hosting sub domains.

    server {
    listen   167.114.61.119:80;
    server_name *.bizhat.com;
    autoindex on;
    access_log /var/log/nginx/free_access.log;
    error_log /var/log/nginx/free_error.log;
    root /home/vhosts/$host;

    index index.html index.htm default.htm default.html;

    location ~* \.(jpg|jpeg|gif|css|png|js|ico|html)$ {
        access_log off;
        expires max;
    }

    location ~ /\.ht {
        deny  all;
    }

    error_page 302  /302.html;
    location = /302.html {
        root  /home/free.bizhat.com/error;
    }

    error_page 404 /404.html;
    location = /404.html {
          root  /home/free.bizhat.com/error;
    }
}

    Nginx

  • Moving from Apache PHP 5 to Nginx PHP 7

    Moving from Apache PHP 5 to Nginx PHP 7

    Today i moved a high traffic WordPress web using from Apache + PHP 5 to Nginx + PHP 7.2.

    Here is a graph provided by LiquidWeb (server provider).

    With Apache, load was like 8.

    root@host:/etc/php# uptime
    12:35:01 up 14:33, 1 user, load average: 8.03, 6.66, 5.84
    root@host:/etc/php#

    After switching to Nginx + PHP-FPM, load come down to 2.

    root@host:~# uptime
    17:26:20 up 19:24, 1 user, load average: 1.13, 1.07, 1.21
    root@host:~#

    Here is sar result.

    With Apache idle CPU was approx 72. With Nginx we have 90%+ idle CPU most of the time.

    Here is NewRelic Web transactions graph. The break in data is due to PHP 7.2 have no newrelic module installed. So i just switched back to Apache for a while, reinstalled NewRelic for PHP 7.2, then turned Nginx back on.

    NewRelic Apdex Score went from poor to fair.

  • Nginx configuration for aMember

    Here is Nginx configuration for aMember script

    location ~* ^/amember/.*\.(js|ico|gif|jpg|png|css|swf|csv)$ {}
location ~* ^/amember/setup/index.php$ { try_files not-existing-file @php; }
location ~* ^/amember/js.php { try_files not-existing-file @php; }
location ~* ^/amember/index.php$ { try_files not-existing-file @php; }
location ~* ^/amember/public.php$ { try_files not-existing-file @php; }
location ~* ^/amember/public { rewrite ^.*$ /amember/public.php; }
location ~* ^/amember/setup { rewrite ^.*$ /amember/setup/index.php; }
location ~* ^/amember { rewrite ^.*$ /amember/index.php; }
location ~* /amember/data/public/* {}
location ~* /amember/data/.* {internal;}

location ~ \.php$ {
   try_files not-existing-file @php;
}

location @php {
  fastcgi_pass 127.0.0.1:9000;
  include fastcgi_params;
}

    See Nginx

  • Nginx

    Nginx is a powerful open source web server that is known for its high performance, stability, and flexibility. It is used by millions of websites around the world, and it is a popular choice for web developers and system administrators who need a reliable and efficient way to serve web content.

    Install Nginx

    Nginx Tricks

    Nginx Configuration for scripts

    Nginx Reverse Proxy

    Nginx Stream

    Nginx Errors