Re: Nginx as Reverse Proxy for multiple servers binded to proxy using UNIX sockets - how to reached in LAN
Hi, it got quite late, so I'll try to keep it short and simple. My question is the outcome on my discussion on reddit- one single user per web server (and delete default Web server user) - possible and consequences?. I have a Synology NAS what runs a nginx as default web server to run all their apps. I would like to extend it to meet the following. I have 1 nginx server running as root (in my understanding it is a reverse proxy), listening on port 80/443. this is your master nginx server. have each user account that needs a website run their own nginx server, they're not allowed to serve port 80/443 directly, let them serve a unix socket, that means the config looks something like shown in my previous email. The purposes is that if the useraccount webapp1 is compromised, it will only affect webaoos1's web server.. and repeat this for all accounts/websites/whatever you want to keep separated. this approach use some more ram than having a single nginx instance do everything directly. Besides the question for the optimal setup to realize this, I'm wondering how I can call the web server locally, within my LAN if I call them by the NAS's IP. Hope that makes it clearer. Thank you Stefan On 26.09.2018 13:03, Stefan Mueller wrote: I've just entered office :(. I will try to give you more details later this day. Le mer. 26 sept. 2018 à 12:52, Reinis Rozitisa écrit : > I added include for the location config files may it makes it better readable but still no clue hoiw to reach UNIX socket proxied webserver in LAN. It's a bit unclear what is the problem or what you want to achieve? The nginx can't connect/proxy_pass to the socket files (what's the error)? Also I'm not sure how LAN goes together with unix socket files which are ment for local process communication (IPC) inside a single server instance. Is there a single server just with nginx and some other services (node/python etc) which create those socket files (/home/app1; /home/app2 ..) or you are trying to proxy some other applications which reside on other devices/servers inside LAN (to expose to WAN)? rr ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Configuration problem: request default 15.15.15.15/ not working
Effectively it was necessary to restart gunicorn every time that I modify the file urls.py so that the changes take effect. I did not know that. I did it like that: $ systemctl daemon-reload $ systemctl restart gunicorn Thanks for the help. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,281393,281423#msg-281423 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Nginx caching proxy dns name even when using variables
Hi, I'm using nginx to proxy to a host with a rapidly changing dns entry but I can't seem to get the proxy command the re-query dns using the vairable method suggested, the following is a excerpt from my config : server { listen 443 ssl; resolver 127.0.0.1 valid=20s; set $proxy_server somehostname.com; location / { proxy_pass https://$proxy_server/blue/content$request_uri; I'm using nginx 1.14, watching my dns logs I see no requests following nginx starting up. The upstream_addr value in my nginx logs also doesn't change. Any suggestions of why this isn't working as expected? Regards Rob ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Enabling "Transfer-Encoding : chunked"
Hello! On Wed, Sep 26, 2018 at 04:49:42AM -0400, anish10dec wrote: > We are using Nginx with DAV Module , where encoder is pushing the content. > These content when being accessed is not coming with header > "Transfer-Encoding : chunked" though these header is being added by > Encoder. This is not going to work. The DAV module only makes files available once they are fully uploaded, while for the low-latency live HLS streaming the last segment needs to be sent to the clients while it is being produced. As previously suggested, if you want low latency live HLS streaming to work, you'll have to use proxying for the last segment (the one which is being written to). -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Nginx as Reverse Proxy for multiple servers binded to proxy using UNIX sockets - how to reached in LAN
I've just entered office :(. I will try to give you more details later this day. Le mer. 26 sept. 2018 à 12:52, Reinis Rozitis a écrit : > > I added include for the location config files may it makes it better > readable but still no clue hoiw to reach UNIX socket proxied webserver in > LAN. > > It's a bit unclear what is the problem or what you want to achieve? > > The nginx can't connect/proxy_pass to the socket files (what's the error)? > > > Also I'm not sure how LAN goes together with unix socket files which are > ment for local process communication (IPC) inside a single server instance. > Is there a single server just with nginx and some other services > (node/python etc) which create those socket files (/home/app1; /home/app2 > ..) or you are trying to proxy some other applications which reside on > other devices/servers inside LAN (to expose to WAN)? > > > rr > > > > ___ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
RE: RE: Configuration problem: request default 15.15.15.15/ not working
> I've also tried adding "/" and throwing the same error. I have also added to > the > .conf file: > > location = / { > include proxy_params; > proxy_pass http://unix:/run/gunicorn.sock; } > > before the fragment location / {..} with the same error. > This error is very strange. The configuration is very simple, but I can not > find the > problem. Again the error is not coming from nginx but your backend (you either didn't add the "/" handling in the right place or maybe didn't restart the gunicorn workers afterwards). The configuration change you made doesn't make any difference in the way nginx operated before, what I meant was something like this: location = / { return 301 /inicio/; } Obviously this is just a workaround and if you can manage to fix the backend this location block is not needed. rr ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Nginx as Reverse Proxy for multiple servers binded to proxy using UNIX sockets - how to reached in LAN
Hallo, I added include for the location config files may it makes it better readable but still no clue hoiw to reach UNIX socket proxied webserver in LAN. main proxy file server { listen 80; listen [::]:80; listen 443 ssl; listen [::]:443 ssl; #include letsencrypt.conf; server_app1 app1subdomain.domain.eu; include app1location.conf } server { listen 80; listen [::]:80; listen 443 ssl; listen [::]:443 ssl; #include letsencrypt.conf; server_app2 app2subdomain.domain.eu; include app1location.conf } app1location.conf (location file for proxied web server) location / { proxy_pass http://unix:/home/app1/app1.com.unix_socket; proxy_set_header X-Real-IP $remote_addr; #Authorization proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_buffering off; client_max_body_size 0; proxy_read_timeout 36000s; proxy_redirect off; } app2location.conf (location file for proxied web server) location / { proxy_pass http://unix:/home/app2/app2.com.unix_socket; proxy_set_header X-Real-IP $remote_addr; #Authorization proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_buffering off; client_max_body_size 0; proxy_read_timeout 36000s; proxy_redirect off; } On 21.09.2018 08:34, Stefan Müller wrote: Hallo, I am trying to configure nginx as a reverse proxy for multiple servers on my LAN. They should go out on my WAN with different subdomains. Unlike the approach described in Use Nginx as Reverse Proxy for multiple servers I want to use UNIX socket for the interprocess communication on my server. Based on the above post nginx reverse ssl proxy with multiple subdomains Using Nginx as Webserver Nginx to apache reverse proxy, instruct use of unix sockets Difference between socket- and port-based connection to outer NGINX? keeping in mind the solution given in How do I configure Nginx proxy_pass Node.js HTTP server via UNIX socket? my configuration shall look something like this below, doesn't it? In order to keep the main file slim, I would like to outsource the location blocks. I find all on the web more or less but nothing about wow I can reach the servers in within the LAN? Do I need to set up a local DNS server as described in Running DNS locally for home network? main proxy file server { listen 80; listen [::]:80; listen 443 ssl; listen [::]:443 ssl; #include letsencrypt.conf; server_app1 app1subdomain.domain.eu; *read app1location.file* } server { listen 80; listen [::]:80; listen 443 ssl; listen [::]:443 ssl; #include letsencrypt.conf; server_app2 app2subdomain.domain.eu; *read app2location.file* } location files for proxied web servers: location / { proxy_pass http://unix:/home/app1/app1.com.unix_socket; proxy_set_header X-Real-IP $remote_addr; #Authorization proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_buffering off; client_max_body_size 0; proxy_read_timeout 36000s; proxy_redirect off; } - location / { proxy_pass http://unix:/home/app2/app2.com.unix_socket; proxy_set_header X-Real-IP $remote_addr; #Authorization proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_buffering off; client_max_body_size 0; proxy_read_timeout 36000s; proxy_redirect off; } ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Enabling "Transfer-Encoding : chunked"
We are using Nginx with DAV Module , where encoder is pushing the content. These content when being accessed is not coming with header "Transfer-Encoding : chunked" though these header is being added by Encoder. Below is version details : nginx version: nginx/1.10.2 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC) built with OpenSSL 1.0.2k-fips 26 Jan 2017 TLS SNI support enabled configure arguments: --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --add-module=/opt/nginx-dav-ext-module-master --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 Below is the nginx configuration where encoder is pushing the content on Nginx running on Port 81 location /packagerx { root /ram/streams_live/packagerx; dav_methods PUT DELETE MKCOL COPY MOVE; dav_ext_methods PROPFIND OPTIONS; create_full_put_path on; dav_access user:rw group:rw all:r; autoindex on; client_max_body_size 100m; } Below is the configuration from which Nginx running on Port 80 is used for accessing the content location / { root /ram/streams_live/packagerx; expires 1h; access_log /usr/local/nginx/logs/access_client.log lt-custom; proxy_buffering off; chunked_transfer_encoding on; types { application/dash+xml mpd; application/vnd.apple.mpegurl m3u8; video/mp2t ts; video/x-m4v m4v; audio/x-m4a m4a; text/html html htm shtml; text/css css; text/xml xml; image/gif gif; image/jpeg jpeg jpg; application/javascript js; application/atom+xml atom; application/rss+xml rss; text/mathml mml; text/plain txt; } } Posted at Nginx Forum: https://forum.nginx.org/read.php?2,281371,281413#msg-281413 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx