NGINX: ONLY apply expiration rules if the URL does not contain a specific parameter

I'm trying to set nginx to disable expiration when passing a parameter named "debug" to the URL.
It tried, but did not work:

location ~* .(ico|css|js)$ {
  if ( $arg_debug ){
      expires off;
  }
}

This seems to be similar to what I need for nginx / Passenger: providing a cached file only if a parameter is not requested, but I am not lucky that this works in my case. I need help from NginX experts. Thanks in advance!

EasyEngine v4 Nginx Reverse Proxy: Please provide a simple working example

The EasyEngine v4 makes it difficult for me with reverse proxy.

Can you give a simple reverse proxy example:

Let's assume the domain is test.com and I want the subfolder wiki to be used as a proxy for wikipedia.com (https://test.com/wiki).

How it goes? (It should be simple, but it does not work in EE v4 because Docker is used.)

P.S (if you can): If you can also give an example of how to reverse the proxy to localhost (https://test.com/mylocal to: https: // localhot: 5984)

Webserver – Nginx Reverse Proxy 404 multiple apps

I configure the Nginx reverse proxy functionality. It does not work for apps as described below. I give you an example of / hbase /. When I type url / hbase / in the browser, 404 is redirected to / master-status (hbase-path), but when I manually edit / hbase / master-status in the browser. It works out,
Everyone can help

server {
    charset utf-8;
    listen 80;
   # Hbase Works perfectly using location / , not working      like below.
  location /hbase/ {
  proxy_pass http://localhost:16010;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header Host $http_host;
  proxy_set_header X-NginX-Proxy true;
  proxy_redirect off;
  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "Upgrade";
  }

https – Redirecting from www to non-www does not work in nginx

I am having trouble redirecting one of my domain names from www to not www. In the past, I used a similar (identical) configuration and it just worked. Somehow this does not work.

The first section I have is for my desired configuration at https://example.org. Basically no www and over SSL served.

server {
    server_name example.org;

    root /var/www/example.org/html;
    index index.php index.html index.htm;

    access_log /var/www/example.org/logs/access.log;
    error_log /var/www/example.org/logs/error.log;

    try_files $uri $uri/ /index.php$is_args$args;

    # pass PHP scripts to FastCGI server
    location ~ .php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    location ~ /.ht {
        deny all;
    }

    listen 443 ssl; 
    ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem; 
    ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem; 
    include /etc/letsencrypt/options-ssl-nginx.conf; 
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; 
}

Then I have a section on forwarding www via https to non www via https:

server {
    if ($host = www.example.org) {
        return 301 https://example.org$request_uri;
    } 

    listen 443 ssl; 
    server_name www.example.org;
    ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem; 
    ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem; 
    include /etc/letsencrypt/options-ssl-nginx.conf; 
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; 

}

Then I have a section to redirect http to https:

server {
    if ($host = example.org) {
        return 301 https://example.org$request_uri;
    }

    listen 80;
    server_name example.org;
    return 404; 
}

Finally I have a redirect for www http to not www https.

server {
    if ($host = www.example.org) {
        return 301 https://example.org$request_uri;
    } 

    listen 80;
    server_name www.example.org;
    return 404; 
}

What I expected is this:

  • https non-www -> show the page;
  • https www -> forwarding to https non-www;
  • http non-www -> redirect to https non-www;
  • http www -> forwarding to https without www.

What happens?

  • https non-www -> shows the site (good).
  • https www -> shows the standard NIGNX page (buggy).
  • http non-www -> redirects to https non-www and then displays the site (good).
  • http www -> redirects to https www and then displays the default NGINX page (faulty).

What do I miss here? It seems to me that this should work, but it does not work. I've reloaded / restarted nginx, made sure the file was actually loaded, reorganized the order of some of those sections, but it did not help.

Thank you for reading.

Kubernetes / nginx – Identify an http request coming from another service in the cluster

I have Kubernetes in Google Cloud, and I have a service connected to a Pod with a Nodejs server and another service connected to a Pod to NGINX.
The NGINX pod has a site block that I would like to decline globally, unless it's from the Nodejs pod.

What would be the right way to do this in my NGINX configuration file?

What I have at the moment is always denied by the location block … I'm using the environment variable for the Nodejs service, which is automatically added to the NGINX pod when I create it.

env NODEJS_SERVICE_HOST;

...

location /target {

  deny all;
  allow NODEJS_SERVICE_HOST;

  return 200;
}

amazon ec2 – How do I set Nginx as a reverse proxy?

server {
        listen 80 default_server;
        server_name _;
        return 301 https://$host$request_uri;
}

server {
        listen 443 ssl;
        server_name _;

        ssl_certificate /etc/nginx/ssl/public.pem;
        ssl_certificate_key /etc/nginx/ssl/private.key;

        location / {
                proxy_pass http://123.123.123.123:7001/someWebsite.html;
        }
}

The above is my attempt to set NGINX as a reverse proxy. Basically first server Block the attempt to redirect the traffic to https and block the second server to which the traffic should be forwarded http://123.123.123.123:7001/someWebsite.html, However, I get a 502 bad gateway.

Just for your information, I made sure of that http://123.123.123.123:7001/someWebsite.html is accessible from anywhere in the browser.

Error log as follows

2019/09/05 07:12:15 (crit) 28723 # 28723: * 1737 connect () to 123.123.123.123:7001 failed (13: permission denied) when connecting to upstream, client: xx.xx.xxx. xxx, server: _, request: "GET /favicon.ico HTTP / 1.1", upstream: "http://123.123.123.123:7001/someWebsite.html

linux – Nginx can not be started because permission for a port has been denied

I used to be able to launch Nginx on my AWS EC2, but now I get it bind() to 0.0.0.0:3008 failed (13: Permission denied), This happens when Nginx calls bind () in response to the configuration listen 3008 default_server, in the /etc/nginx/nginx.conf,

Possible causes I was looking for are that AWS blocks port 3008, the port is being used, or that the user running the service does not have sufficient permissions.

The answers to the following two questions arise from the second or third of these options:

https://stackoverflow.com/questions/48478869/cannot-bind-to-some-ports-due-to-permission-denied
https://stackoverflow.com/questions/39586692/nginx-error-bind-to-0-0-0-080-failed-permission-denied

As for the first of the three possible causes, I've verified that AWS blocks port 3008 by deleting all security groups except the default group (which allows all traffic). The inbound rules for this security group allow inbound TCP traffic to port 3008:

HTTP            TCP 80  0.0.0.0/0
HTTP            TCP 80  ::/0
SSH             TCP 22  0.0.0.0/0
SSH             TCP 22  ::/0
Custom TCP Rule TCP 3000 - 3030 0.0.0.0/0
Custom TCP Rule TCP 3000 - 3030 ::/0
HTTPS           TCP 443 0.0.0.0/0
HTTPS           TCP 443 ::/0
All ICMP - IPv4 All N/A 0.0.0.0/0
All ICMP - IPv4 All N/A ::/0
Custom TCP Rule TCP 8080 - 8084 0.0.0.0/0
Custom TCP Rule TCP 8080 - 8084 ::/0

I checked to see if port 3008 is in use $ sudo netstat -anp | grep 3008 and there is no issue.

To make sure the permissions are sufficient, I have added User=root and Group=root into the service file ls -l From the service file, verify that the user and group are already logged in as root, and I've run them systemctl start with sudo. The following details in the form of commands and outputs should answer any of the routine questions about the above points and the overall environment in which this problem occurs. Thank you in advance for any suggestions.

Operating system:

$ uname -a
Linux ip-172-31-40-184.ec2.internal 3.10.0-957.12.1.el7.x86_64 #1 SMP Wed Mar 20 11:34:37 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

Trying to start Nginx:

$ sudo systemctl start nginx
Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.

Check status of nginx:

$ sudo systemctl status nginx
â— nginx.service - nginx - high performance web server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since mié 2019-09-04 13:59:24 UTC; 32s ago
     Docs: http://nginx.org/en/docs/
  Process: 24450 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=1/FAILURE)

sep 04 13:59:24 ip-172-31-40-184.ec2.internal systemd(1): Failed to start nginx - high performance web server.
sep 04 13:59:24 ip-172-31-40-184.ec2.internal systemd(1): nginx.service failed.

Errors logged by nginx (Port 80 error has been fixed by rebooting):

$ tail /var/log/nginx/error.log
2019/09/03 19:58:09 (emerg) 17319#17319: bind() to 0.0.0.0:3008 failed (13: Permission denied)
2019/09/03 19:58:59 (emerg) 17381#17381: bind() to 0.0.0.0:80 failed (98: Address already in use)
2019/09/03 19:58:59 (emerg) 17381#17381: bind() to 0.0.0.0:3008 failed (13: Permission denied)
2019/09/03 21:18:17 (alert) 7491#7491: unlink() "/var/run/nginx.pid" failed (2: No such file or directory)
2019/09/03 21:25:32 (emerg) 11207#11207: bind() to 0.0.0.0:3008 failed (13: Permission denied)
2019/09/03 22:30:21 (emerg) 16333#16333: bind() to 0.0.0.0:3008 failed (13: Permission denied)
2019/09/03 22:50:51 (emerg) 15980#15980: bind() to 0.0.0.0:3008 failed (13: Permission denied)
2019/09/04 01:31:57 (emerg) 9819#9819: bind() to 0.0.0.0:3008 failed (13: Permission denied)
2019/09/04 01:32:07 (emerg) 10095#10095: bind() to 0.0.0.0:3008 failed (13: Permission denied)
2019/09/04 01:32:12 (emerg) 10264#10264: bind() to 0.0.0.0:3008 failed (13: Permission denied)

The nginx service file (with manual addition of user and group):

$ ls -l /usr/lib/systemd/system/nginx.service 
-rw-r--r--. 1 root root 420 sep  3 22:50 /usr/lib/systemd/system/nginx.service

$ cat /usr/lib/systemd/system/nginx.service
(Unit)
Description=nginx - high performance web server
Documentation=http://nginx.org/en/docs/
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target

(Service)
User=root
Group=root
Type=forking
PIDFile=/var/run/nginx.pid
ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID

(Install)
WantedBy=multi-user.target

Configuration of nginx (including /etc/nginx/conf.d/default.conf indicating):

$ cat /etc/nginx/nginx.conf

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user ($time_local) "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;

    server {
        listen 3008 default_server;
        root /home/ec2-user/webapp/debug/build;
        server_name search-demo.net;
        index index.html index.htm;
        location / {
        }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/search-demo.net-0001/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/search-demo.net-0001/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
}

Unlike the first part shown below, the included default nginx configuration is commented out:

$ cat /etc/nginx/conf.d/default.conf
server {
    listen       80;
    server_name  localhost;

    #charset koi8-r;
    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
...
}

nginx – Ubuntu, block access to ports if they come from a specific domain

I currently use Nginx to host multiple websites on the same server.
On this server, I host several apps that can be accessed through their port, for example:

I do not want these ports to be reachable via the IP or Domain2. I want them to be requested only through Domain1.com. This means that requests like these are rejected or allowed:

I tried to use ufw to block outside access to these domains and then enable proxy_passes in the settings that point to localhost. However, this does not work and stops access altogether.

nginx – What is needed to use the forwarding of Kubernetes ports via a proxy?

I have a Kubernetes cluster that I can access via an Nginx proxy.

I can kubectl get deployments -n kube-system without issue.

However, I try to use the helm. Helmet raises a mistake:

Error: forwarding ports: error upgrading connection: unable to upgrade connection: query parameter "port" is required

After research it seems to be an error in the port forwarding with Kubernetes. For helm to work, kubernetes port forwarding must work first, ie:

https://stackoverflow.com/questions/56864580/error-forwarding-ports-upgrade-request-required-error-in-helm-of-a-kubernete

In fact, try:

kubectl -n kube-system port-forward :44134

Does not work over the proxy.

So … what exactly is needed to enable the forwarding of Kubernetes ports through a proxy?

Do I need to set up a TCP proxy like socat on the proxy server for port 44134? If so, only proxy traffic to 44134 on the Kubernetes master?

KamHost.com 1GB – 6USD / YEAR, Unlimited Hosting – 12USD / YEAR, SSD, Free SSL, Nginx, 24-7 Support

KamHost.com, Choose a Secure, Reliable and Customer Friendly Web Hosting Provider to Boost Your Business.

All accounts are hosted on
-Octa Core, two-processor server
-Php5.3, 5.4, 5.5, 5.6,
-cPanel
Virus scan and spam protection
SSD hard drives
Powerful server, extremely low CPU usage, high performance. Great 24/7 customer service
-GD, Curl, Zend, Softaculous.

KamHost Shared Web Hosting

Welcome Package– (More information here!)
Bandwidth – 10,000 MB
-DiskSpace- 1,000 MB
-Email Accounts- 10
-Domain- 1
-Cpanel + Softaculous
– 6 USD / year
-Order here!

Silver package– (More information here!)
Bandwidth – Unlimited MB
-DiskSpace- Unlimited MB
-Email Accounts- Unlimited
-Domain- 3
-Cpanel + Softaculous
– 12 USD / YEAR
-Order here!

Gold Package– (More information here!)
Bandwidth – Unlimited MB
-DiskSpace- Unlimited MB
-Email Accounts- Unlimited
-Domains- Unlimited
-Cpanel + Softaculous
– 3.99 USD / month or 36 USD / year
-Order here!

All of our accounts are created on Octa Core servers with two processors (16 CPUs total) and SSD disks.
KamHost.comChoose a secure, reliable and customer-friendly web hosting provider to drive your business forward.