date:20180926

Re: Nginx as Reverse Proxy for multiple servers binded to proxy using UNIX sockets - how to reached in LAN

2018-09-26 Thread Stefan Müller


  
  
Hi,
it got quite late, so I'll try to keep it short and simple.
My question is the outcome on my discussion on reddit-
  one single user per web server (and delete default Web server
  user) - possible and consequences?.
  I have a Synology NAS what runs a nginx as default web server to
  run all their apps. I would like to extend it to meet the
  following. 
  I have 1 nginx server running as root (in my understanding it is a
  reverse proxy), listening on port 80/443. this is your master nginx server. have each
  user account that needs a website run their own nginx server,
  they're not allowed to serve port 80/443 directly, let them serve
  a unix socket, that means
  the config looks something like shown in my previous email. 
  The purposes is that  if the useraccount webapp1 is compromised,
  it will only affect webaoos1's web server.. and repeat this for
  all accounts/websites/whatever you want to keep separated. this
  approach use some more ram than having a single nginx instance do
  everything directly.

Besides the question for the optimal setup to realize this, I'm
  wondering how I can call the web server locally, within my LAN if
  I call them by the NAS's IP.
Hope that makes it clearer.
Thank you
Stefan

 



On 26.09.2018 13:03, Stefan Mueller
  wrote:


  
  I've just entered office :(. I will try to give you
more details later this day.
  
  
Le mer. 26 sept. 2018 à 12:52, Reinis Rozitis
  
  a écrit :

> I added
  include for the location config files may it makes it better
  readable but still no clue hoiw to reach UNIX socket proxied
  webserver in LAN.
  
  It's a bit unclear what is the problem or what you want to
  achieve?
  
  The nginx can't connect/proxy_pass to the socket files (what's
  the error)?
  
  
  Also I'm not sure how LAN goes together with unix socket files
  which are ment for local process communication (IPC) inside a
  single server instance. 
  Is there a single server just with nginx and some other
  services (node/python etc) which create those socket files
  (/home/app1; /home/app2 ..) or you are trying to proxy some
  other applications which reside on other devices/servers
  inside LAN (to expose to WAN)?
  
  
  rr
  
  
  
  ___
  nginx mailing list
  nginx@nginx.org
  http://mailman.nginx.org/mailman/listinfo/nginx

  

  

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Configuration problem: request default 15.15.15.15/ not working

2018-09-26 Thread Frank_Mascarell

Effectively it was necessary to restart gunicorn every time that I modify
the file urls.py so that the changes take effect. I did not know that. I did
it like that:


$ systemctl daemon-reload
$ systemctl restart gunicorn


Thanks for the help.

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,281393,281423#msg-281423

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Nginx caching proxy dns name even when using variables

2018-09-26 Thread Rob Fulton


Hi,

I'm using nginx to proxy to a host with a rapidly changing dns entry but 
I can't seem to get the proxy command the re-query dns using the 
vairable method suggested, the following is a excerpt from my config :


server {

    listen 443 ssl;

    resolver 127.0.0.1 valid=20s;
    set $proxy_server somehostname.com;

    location / {

        proxy_pass https://$proxy_server/blue/content$request_uri;


I'm using nginx 1.14, watching my dns logs I see no requests following 
nginx starting up. The upstream_addr value in my nginx logs also doesn't 
change.


Any suggestions of why this isn't working as expected?

Regards

Rob


___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Enabling "Transfer-Encoding : chunked"

2018-09-26 Thread Maxim Dounin

Hello!

On Wed, Sep 26, 2018 at 04:49:42AM -0400, anish10dec wrote:

> We are using Nginx with DAV Module , where encoder is pushing the content. 
> These content when being accessed is not coming with header
> "Transfer-Encoding : chunked" though these header is being added by
> Encoder.

This is not going to work.  The DAV module only makes files 
available once they are fully uploaded, while for the low-latency 
live HLS streaming the last segment needs to be sent to the 
clients while it is being produced.

As previously suggested, if you want low latency live HLS 
streaming to work, you'll have to use proxying for the last 
segment (the one which is being written to).

-- 
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Nginx as Reverse Proxy for multiple servers binded to proxy using UNIX sockets - how to reached in LAN

2018-09-26 Thread Stefan Mueller

I've just entered office :(. I will try to give you more details later this
day.

Le mer. 26 sept. 2018 à 12:52, Reinis Rozitis  a écrit :

> > I added include for the location config files may it makes it better
> readable but still no clue hoiw to reach UNIX socket proxied webserver in
> LAN.
>
> It's a bit unclear what is the problem or what you want to achieve?
>
> The nginx can't connect/proxy_pass to the socket files (what's the error)?
>
>
> Also I'm not sure how LAN goes together with unix socket files which are
> ment for local process communication (IPC) inside a single server instance.
> Is there a single server just with nginx and some other services
> (node/python etc) which create those socket files (/home/app1; /home/app2
> ..) or you are trying to proxy some other applications which reside on
> other devices/servers inside LAN (to expose to WAN)?
>
>
> rr
>
>
>
> ___
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

RE: RE: Configuration problem: request default 15.15.15.15/ not working

2018-09-26 Thread Reinis Rozitis

> I've also tried adding "/" and throwing the same error. I have also added to 
> the
> .conf file:
> 
> location = / {
> include proxy_params;
> proxy_pass http://unix:/run/gunicorn.sock; }
> 
> before the fragment location / {..} with the same error.
> This error is very strange. The configuration is very simple, but I can not 
> find the
> problem.

Again the error is not coming from nginx but your backend (you either didn't 
add the "/" handling in the right place or maybe didn't restart the gunicorn 
workers afterwards).

The configuration change you made doesn't make any difference in the way nginx 
operated before, what I meant was something like this:

location = / {
return 301 /inicio/;
}


Obviously this is just a workaround and if you can manage to fix the backend 
this location block is not needed.

rr

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Nginx as Reverse Proxy for multiple servers binded to proxy using UNIX sockets - how to reached in LAN

2018-09-26 Thread Stefan Müller


  
  
Hallo,
I added include for the location config files may
  it makes it better readable but still no clue hoiw to reach UNIX
  socket proxied webserver in LAN.



main proxy file 
server {
listen 80;
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
#include letsencrypt.conf;
server_app1 app1subdomain.domain.eu;
include app1location.conf
   }

server {
listen 80;
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
#include letsencrypt.conf;
server_app2 app2subdomain.domain.eu;
include app1location.conf
   }

app1location.conf (location file for proxied web
  server)
location / {
proxy_pass http://unix:/home/app1/app1.com.unix_socket;
proxy_set_header X-Real-IP $remote_addr; #Authorization
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
   }

app2location.conf (location file for proxied web
  server)
   location / {
proxy_pass http://unix:/home/app2/app2.com.unix_socket;
proxy_set_header X-Real-IP $remote_addr; #Authorization
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
   }

On 21.09.2018 08:34, Stefan Müller wrote:


  
  Hallo,
  I am trying to configure nginx as a reverse proxy for multiple
servers on my LAN. They should go out on my WAN with different
subdomains.
  

   Unlike the approach described in Use Nginx as Reverse Proxy for
  multiple servers I want to use UNIX socket for the
interprocess communication on my server. 
  Based on 
  
the above post 
nginx reverse ssl proxy with
multiple subdomains
Using Nginx as Webserver 
Nginx to apache reverse proxy,
instruct use of unix sockets
Difference
between socket- and port-based connection to outer
NGINX?
keeping in mind the solution given in How do I configure Nginx
proxy_pass Node.js HTTP server via UNIX socket? 
  
  my configuration shall look something like this below,
doesn't it? In order to keep the main file slim, I would
like to outsource the location blocks.
I find all on the web more or less but nothing about wow I
can reach the servers in within the LAN? Do I need to set up
a local DNS server as described in Running DNS locally for home
  network?
  main proxy file 
  server {
listen 80;
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
#include letsencrypt.conf;
server_app1 app1subdomain.domain.eu;
*read app1location.file*
   }

server {
listen 80;
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
#include letsencrypt.conf;
server_app2 app2subdomain.domain.eu;
*read app2location.file*
   }

  location files for proxied web servers: 
  location / {
proxy_pass http://unix:/home/app1/app1.com.unix_socket;
proxy_set_header X-Real-IP $remote_addr; #Authorization
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
   }

  -
 location / {
proxy_pass http://unix:/home/app2/app2.com.unix_socket;
proxy_set_header X-Real-IP $remote_addr; #Authorization
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
   }


  

  

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Enabling "Transfer-Encoding : chunked"

2018-09-26 Thread anish10dec

We are using Nginx with DAV Module , where encoder is pushing the content. 
These content when being accessed is not coming with header
"Transfer-Encoding : chunked" though these header is being added by
Encoder.


Below is version details : 

nginx version: nginx/1.10.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC)
built with OpenSSL 1.0.2k-fips  26 Jan 2017
TLS SNI support enabled
configure arguments: --with-http_ssl_module --with-http_realip_module
--with-http_addition_module --with-http_sub_module --with-http_dav_module
--add-module=/opt/nginx-dav-ext-module-master --with-http_flv_module
--with-http_mp4_module --with-http_gunzip_module
--with-http_gzip_static_module --with-http_random_index_module
--with-http_secure_link_module --with-http_stub_status_module
--with-http_auth_request_module --with-mail --with-mail_ssl_module
--with-file-aio --with-ipv6

Below is the nginx configuration where encoder is pushing the content on
Nginx running on Port 81

location /packagerx {
root   /ram/streams_live/packagerx;
dav_methods PUT DELETE MKCOL COPY MOVE;
dav_ext_methods PROPFIND OPTIONS;
create_full_put_path  on;
dav_access user:rw group:rw all:r;
autoindex on;
client_max_body_size 100m;
}

Below is the configuration from which Nginx running on Port 80 is used for
accessing the content 

location / {
root   /ram/streams_live/packagerx;
expires 1h;
access_log /usr/local/nginx/logs/access_client.log lt-custom;
proxy_buffering off;
chunked_transfer_encoding on;

types {
application/dash+xml mpd;
application/vnd.apple.mpegurl m3u8;
video/mp2t ts;
video/x-m4v   m4v;
audio/x-m4a   m4a;
text/html html htm shtml;
text/css   css;
text/xml   xml;
image/gif gif;
image/jpeg   jpeg jpg;
application/javascript   js;
application/atom+xml   atom;
application/rss+xml  rss;
text/mathml  mml;
text/plain  txt;

}
}

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,281371,281413#msg-281413

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Nginx as Reverse Proxy for multiple servers binded to proxy using UNIX sockets - how to reached in LAN

Re: Configuration problem: request default 15.15.15.15/ not working

Nginx caching proxy dns name even when using variables

Re: Enabling "Transfer-Encoding : chunked"

Re: Nginx as Reverse Proxy for multiple servers binded to proxy using UNIX sockets - how to reached in LAN

RE: RE: Configuration problem: request default 15.15.15.15/ not working

Re: Nginx as Reverse Proxy for multiple servers binded to proxy using UNIX sockets - how to reached in LAN

Re: Enabling "Transfer-Encoding : chunked"

8 matches

Site Navigation

Mail list logo

Footer information