nginx

The original post: /r/nginx by /u/No-Ambition-6032 on 2024-09-24 06:48:43.

Very new to nginx especially when it comes to managing the configuration.

I have started with a clean installation of Ubuntu 24.04.

Then I installed iRedMail using their installation package and instructions which installed MariaDB, Roundcube, iRedMail etc.

I have a registered domain name and installed Certbot and installed the SSL certificate.

All good so far. When directing to the domain name, I am directed to https://domain.com/mail which is the RoundCube logon page. If I change 'mail' to 'iredadmin' I am directed to the iRedMail admin logon page.

Now, I have installed Wordpress and... if I change 'mail' to 'wordpress' I am directed to the Wordpress site...

BUT... I want to be able to enter the domain name and be directed to the wordpress site rather than the roundcube.

I've looked at the nginx.conf file, the sites-available and sites-enabled folders and cannot work out what controls the direction to the first page based on the domain name.

Probably a quick solution for an nginx expert, so I would be grateful for a pointer.

Cheers

The original post: /r/nginx by /u/emmasexytime on 2024-09-24 02:23:09.

When I go to this page (nsfw) I get 404 Not Found nginx

https://xrateduniversity.com/live/stripchat/ritzy-star/

but when I go to this page (nsfw) different site it shows different and says hmm. we're having trouble finding that site

https://xxxratedchicks.com/live/stripchat/ritzy-star/

Do you know what is causing the nginx error?

Thank you x

The original post: /r/nginx by /u/SherbertPale7928 on 2024-09-22 17:27:02.

Bonjour,

Je rencontre un problème avec ma configuration Nginx que je n'arrive pas à solutionner :

J'utilise nginx en reverse-proxy et j'ai un problème avec un site WordPress hébergé sur le même serveur mais sur un port différend du serveur reverse proxy

Ce qu'il se passe c'est que si j'essaye d'accéder à l'interface d'Adminitration de Wordpress :

https://www.ndd.fr/wp-admin (sans mettre un / à la fin)

J'ai une redirection qui s'effectue vers => https://www.ndd.fr:4236/wp-admin/ (le port 4236 est le port sur lequel mon site est hébergé derrière mon reverse proxy)

Si j'effectue la même requete avec un / au bout => https://www.ndd.fr/wp-admin/ (La redirection se fait correctement est je suis redirigé vers la bonne page sans le numéro de port 4236 accolé à mon URL) => https://www.cc-network.eu/wp-login.p...in%2F&reauth=1

Est ce que quelqu'un pourrais m'aiguiller ? la je sèche

The original post: /r/nginx by /u/PZ0013 on 2024-09-22 08:28:16.

I'm trying to setup NextCloud with NPM on TrueNAS Scale, at least according to this guide. I'm stuck on getting NPM to issue the SSL certificate. The immediate problem is that the Server Reachability test keeps failing, and I don't know how to take the troubleshooting forward. So far,

1. when NPM is installed as a TrueNAS app:

• when trying to create a certificate, server reachability is failed. The error is that a server can found but returned an unexpected status code ‘invalid domain or IP’
• port 443 and 30022 (as required for the app) has been forwarded to the device running NPM, however I’m not sure if the port forward is actually running properly
• check with www.portchecktool.com (and telnet) shows port 443 is blocked, but port 30022 is ok

So to check this isn’t an error with my router settings, I also tried,

2. NPM installation in a Docker container:

• same error when creating a certificate as above
• port 443 has been forwarded to the device/container running NPM. (port 30022 not required with the Docker installation)
• this time with the portchecktool, port 443 is shown to be clear

So in:

1. the TrueNAS App installation, the App somehow blocks/is not listening for traffic on port 443; and

2. the Docker installation, port 443 is cleared but NPM can’t process the certificate?

I'm quite new to all this. Grateful if anyone could help me make sense of this

The original post: /r/nginx by /u/peoples888 on 2024-09-21 19:28:59.

I'm at my wits end here. I have the following nginx.conf server block:

server {
    listen 80;
    server_name myapp.com;

    location /platform/_next/ {
        alias /usr/share/nginx/html/_next/;
        index index.html;
    }

    location /platform/static/ {
        alias /usr/share/nginx/html/static/;
        index index.html;
    }

    location ^~ /platform/tutorial {
        proxy_pass http://localhost:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_redirect off;
    }

    location ~ "^/platform/threads/([a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12})" {
        proxy_pass http://localhost:3000$requesturi;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_redirect off;
    }

    location /platform/ {
        alias /usr/share/nginx/html/_next/server/app/;
        index index.html;
        try_files $uri $uri/ index.html;
    }
}

All these urls work great. However, my problem is when trying myapp.com/platform WITHOUT the trailing forward slash.

myapp.com/platform/ works fine. myapp.com/platform returns 404.

I've tried everything. I've tried a location = /platform block, I've tried adding a rewrite at the top of my server block to add trailing forward slashes, nothing I try changes the result. What in the world is going on here?

The original post: /r/nginx by /u/pmarkandu on 2024-09-21 02:00:35.

Hi everyone. Looking for some advice on setting up an nginx reverse proxy.

I got a Raspberry Pi (RPi) recently to workaround some of my Malaysian government efforts to redirect DNS queries to a centralized government controlled DNS. Loius Rossmann covered this in a video and here is one more article here. The enforcement of that DNS redirection has been overturned for now, but I'm sure it will come back eventually. Hence I am running a Pi-Hole in a docker container, and Unbound directly on the RPi. Got that working after tinkering around for a day. Wasn't the easiest thing, but I got it to work in the end.

Since I have a RPi, I wanted to set up an nginx reverse proxy to more easily access some of the services (e.g. bittorrent client on my PC, Jellyfin on my PC, my indoor camera, a few more projects I plan to set up on my RPi).

A bit of information:

1. My ISP does not allow my IPv4 to be addressed. Blocked due to CGNAT (from what I've read). My ISP and router does support IPv6. My router also supports DDNS. I use the free asuscomm one provided by Asus and it is tied to my IPv6 address.
2. I installed Unbound on my RPi directly (not in a docker container). Reason being is that I had some issue installing Unbound as a docker container. I couldn't get it to work. So my current setup is Router DNS points to 192.168.50.4 (which goes to Pi-Hole) and inside Pi-Hole settings the DNS is set to 172.18.0.1#5335. It works but I don't know if this is the "right" setup.

So my questions are:

1. Where should I set up my nginx reverse proxy. Directly on the RPI? In a docker container?
2. What kind of nginx settings should I be focusing on. I tried to set up a proxy_pass to my torrent client onmy PC but didn't have much success. Not sure if it's because it required https:

location /biglybt {
proxy_pass https://192.168.50.2:9092;
}  

1. Is it possible to support RTSP (Real Time Streaming Protocol) via nginx?

https://preview.redd.it/remq9lwsk2qd1.jpg?width=495&format=pjpg&auto=webp&s=fdf36d500e6681bdbb11fa087508a61a7899af06

Please do advise if I've done anything wrong and point me in the direction to get my intended outcome.

I'm no networking expert, so you might have to ELI5 if I respond to you with more questions. Thanks in advance.

The original post: /r/nginx by /u/Kaasjes on 2024-09-20 12:46:52.

Hello! I have a little bit of a difficult situation. I'm trying to create some setup where Ubuntu is being run inside a lab environment. Currently the default page would be reachable via localhost:1000/ubuntu1/

Now I would like to create some subdomain pages. So these should be reachable through sub1.localhost:1000/ubuntu1/

How would I need to setup the server block file for that? Thanks in advance!

The original post: /r/nginx by /u/peoples888 on 2024-09-20 00:58:41.

Hey everyone,

My nextjs app has this example file structure:

code /my-next-app ├── /app # App Router directory (replaces /pages) │ ├── /about # About page folder (maps to /about) │ │ └── page.tsx # Page component for the /about route │ ├── /blog # Blog folder for nested routing (maps to /blog) │ │ ├── /[id] # Dynamic route (maps to /blog/:id) │ │ │ └── page.tsx # Page component for dynamic blog post │ │ └── page.tsx # Page component for /blog route │ ├── /contact # Contact page folder (maps to /contact) │ │ └── page.tsx # Page component for /contact route │ ├── /layout.tsx # Root layout (applies to all routes) │ └── page.tsx # Main page for the root route (/) ├── /public # Static assets (images, fonts, etc.) ├── /styles # Global styles, e.g., CSS, SCSS files ├── /components # Shared React components ├── /hooks # Custom React hooks ├── /utils # Utility functions ├── next.config.js # Next.js configuration ├── package.json # Project dependencies and scripts └── tsconfig.json

Sorry in advance for mobile formatting.

I’m building this app via Docker and serving via Nginx. Unfortunately this is not code I can share.

When deployed in AWS ECS, health checks to the base URL get 308 status.

Let’s say the base URL is my-site.com/app This URL returns 404. All sub-URLs of this work perfectly fine, like my-site.com/app/about.

From what I gather, the base page.tsx in the app directory is not being served, while all other page.tsx files have no problem.

With the info I’ve provided… any ideas? I feel like I’ve tried everything as far as messing with the Nginx.conf.

EDIT: can’t add pictures here but check comments for a screenshot of the hierarchy.

The original post: /r/nginx by /u/Intrepid_Prune2510 on 2024-09-19 20:41:02.

Problem Description:

I am working on a React application using Vite, and I am running it in a Docker container. I use a Dockerfile to build and serve the application, and I also have an nginx.cfg configuration file for NGINX to act as a reverse proxy and provide HTTPS access.

• Dockerfile:

# Build stage
FROM node:18-alpine AS build

# Set the working directory in the container
WORKDIR /app

# Copy package.json and package-lock.json to install dependencies
COPY package*.json ./

# Install project dependencies
RUN npm install

# Copy the rest of the project files
COPY . .

# Build the application
RUN npm run build

# Production stage
FROM node:18-alpine

WORKDIR /app

# Install serve globally
RUN npm install -g serve

# Copy only the build folder
COPY --from=build /app/dist ./dist

EXPOSE 97

CMD ["serve", "-s", "dist", "-l", "97"]
# Build stage
FROM node:18-alpine AS build

# Set the working directory in the container
WORKDIR /app

# Copy package.json and package-lock.json to install dependencies
COPY package*.json ./

# Install project dependencies
RUN npm install

# Copy the rest of the project files
COPY . .

# Build the application
RUN npm run build

# Production stage
FROM node:18-alpine

WORKDIR /app

# Install serve globally
RUN npm install -g serve

# Copy only the build folder
COPY --from=build /app/dist ./dist

EXPOSE 97

CMD ["serve", "-s", "dist", "-l", "97"]

• nginx.cfg:

events {
    worker_connections 1024;  # Maximum number of connections accepted by each worker
}

http {
    server {
        listen 443 ssl;
        server_name my_domain_here;
        http2 on;

        ssl_certificate /etc/nginx/ssl/ssl_certificate.crt;
        ssl_certificate_key /etc/nginx/ssl/ssl_certificate.key;

        location /photo/ {
            proxy_pass http://prueba_front:97/photo/;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_read_timeout 90s;
            proxy_connect_timeout 90s;
            proxy_send_timeout 90s;
            send_timeout 90s;
        }
    }
}

docker-compose.yml

services:
  nginx:
    image: nginx:latest
    ports:
      - "443:443"
    volumes:
      - ./nginx.cfg:/etc/nginx/nginx.conf
      - ./ssl:/etc/nginx/ssl
    networks:
      - poc_probe

  prueba_front:
    build:
      context: ./app/front
      dockerfile: Dockerfile
    ports:
      - "97:97"
    networks:
      - poc_probe

networks:
  poc_probe:
    driver: bridge

• vite.config.js

import { defineConfig } from "vite";
import react from "@vitejs/plugin-react";

// Desarrollo
export default defineConfig({
  base: "/",  // Base URL para la aplicación
  plugins: [react()],
  build: {
    outDir: 'dist', // Directorio de salida para la construcción
    rollupOptions: {
      // Configuración adicional de Rollup si es necesaria
    }
  },
  preview: {
    port: 5173,
    strictPort: true,
  },
  server: {
    port: 5173,
    strictPort: true,
    host: true,
    origin: "http://0.0.0.0:8080",
  },
});

Problem Description:

When I try to access https://my_domain/photo/, I receive an error indicating that the static .js and .css files in the dist folder cannot be found. However, when I enter the container running on port 97, I can see that the files are present.

error image:

https://preview.redd.it/a64orw4vutpd1.png?width=1905&format=png&auto=webp&s=32874662d57d335f045cbaf65bb2eda188971714

I have tried accessing the application using my private IP, and it works correctly, but when using the reverse proxy with HTTPS, I encounter the aforementioned error.

Question: What could be wrong with the NGINX configuration that prevents the static files from being served correctly through the reverse proxy? Is there any way to debug this issue?

I verified that the static files are indeed generated in the dist folder when I build the application. I attempted to configure NGINX to serve these files through the reverse proxy, but I have not been successful in getting it to work as expected. I am quite new to using NGINX, so I may have overlooked something in the configuration.

I was expecting to access the static files via https://my_domain/photo/, and for them to be served correctly without any errors.

The original post: /r/nginx by /u/parkamobil on 2024-09-19 16:16:22.

The original post: /r/nginx by /u/LongjumpingForever87 on 2024-09-19 11:50:27.

Hi guys, as the title says can anyone help me set up a reverse proxy on an unraid server? For the life of me I can't seem to get it working

I've got as far as getting the proxy manager up but I can't seem to get a ssl certificate it just says internal error whenever I try. I have a feeling it is because I haven't set something up correctly in the docker container or on cloudflare (using that for my records as I have got cloudflare tunnels set up, just looking for something more secure), but I also dont know if it's something I need to do in the proxy manager

Can anyone help go over stuff with me? None of the guides seem to be recent and everything has different settings or has been rearranged since those vids so I can't seem to find exactly what I need to do to get this going

Thank you in advance for any help you can offer

The original post: /r/nginx by /u/Diff7666 on 2024-09-19 06:07:30.

Hello everyone, I'm learning about web development and very new to this. Recently, I wrote website based on flask application and tried to deploy it using Gunicorn and Nginx. Gunicorn is working, but I'm not sure about Nginx. When I visit my website through the domain, it works from mobile app browsers . But it gives me 403 error when visiting from laptop. When I run "curl" command, it also gives me 403 error. I tried following things.

1. Removed firewalls from ports 80, 443
2. Got SSL certificate from Let's Encrypt and included in the Nginx configuration
3. Checked Nginx status and it's actively running.
4. In the Nginx configuration file, I included both 80 and 443, directed towards the server where my Gunicorn is running, and provided path to the root directive of my website.
5. Checked all the necessary file and directory permissions, and set them to www-data
6. Also, I deleted sessions and cookies from my browsers, and flushed DNS.

Please let me know if you have anything that might work for this case.

The original post: /r/nginx by /u/Eli_Sterken on 2024-09-17 23:28:00.

Hello there, I am new to nginx so please excuse me if this sounds like a dumb question.

I want all requeststo a certain set of url's to be set to a internalhttp server, and then the response to be sent back to the client through nginx. How do I do this?

The original post: /r/nginx by /u/Glass_Builder_9233 on 2024-09-17 15:54:23.

I'm using flask_socketio to handle WebSocket communication, but for some reason, it's only connecting to the server without emitting any messages to the events. After about a minute, it times out. It works fine locally but when using the deployed version it doesn't work. Any ideas on what could be causing this?

user nginx;
worker_processes auto;

events {
    worker_connections 1024;
}

http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                   '$status $body_bytes_sent "$http_referer" '
                   '"$http_user_agent" "$http_x_forwarded_for"';
    access_log /var/log/nginx/access.log main;

    sendfile on;
    keepalive_timeout 65;

    server {
        listen 80;
        server_name [domain] [domain];

        location / {
            return 301 https://$host$request_uri;
        }
    }

server {
    listen 443 ssl;
    server_name [domain] [domain];

    ssl_certificate /etc/letsencrypt/live/[domain]/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/[domain]/privkey.pem;

    location / {
        proxy_pass [backend server];
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

    }
    location /socket.io/ {
        proxy_pass [backend server];
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_read_timeout 86400;

}
}

}

The original post: /r/nginx by /u/TheRealThrowAwayX on 2024-09-17 15:14:30.

I thought I was successful in setting up nginx.conf such that only https requests are allowed, and when I navigate to my site using the domain name http://mydomain.com it indeed forces it to connect as https. However, when viewing logs today, I saw that someone successfully connected via http by supplying the ip address instead of the domain name - http://my.ip.address, and it connects just fine over http.

After some reading, I added default_server and server_name catchall:

server {
    listen 80 default_server;
    server_name _;

but that didn't do anything.

Here is my full config if anyone can spot anything wrong or incorrect or missing?

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
  worker_connections 1024;
}

http {
  default_type application/octet-stream;

  # Nginx version disclosure
  server_tokens off;

  # Limit request body
  client_max_body_size 50M;
  client_body_buffer_size 1k;

  # upstreams for Gunicorn and frontend
  upstream backend {
    server backend:8000; 
  }

  upstream frontend {
    server frontend:5173; 
  }

  server {
    listen 80 default_server;
    server_name _;

    # Redirect HTTP to HTTPS
    location / {
      return 301 https://$host$request_uri;
    }

    # Serve the Certbot challenge
    location /.well-known/acme-challenge/ {
      root /var/lib/letsencrypt;
    }

  }

  server {
    listen 443 ssl;
    server_name www.mydomainname.co.uk mydomainname.co.uk;

    # SSL config
    ssl_certificate /etc/letsencrypt/live/www.mydomainname.co.uk/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.mydomainname.co.uk/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:T ...
    ssl_prefer_server_ciphers on;

    # Serve static 
    location /static/ {
      include /etc/nginx/mime.types;
      alias /usr/src/app/static/;
      expires 1d;
      add_header Cache-Control "public";
    }

    # Proxy requests to Gunicorn
    location /api {
      proxy_pass http://backend;
      proxy_http_version 1.1;
      proxy_redirect off;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Host $server_name;
    }

    location /admin {
      proxy_pass http://backend;
      proxy_http_version 1.1;
      proxy_redirect off;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Host $server_name;
    }

    # Proxy requests to frontend
    location / {
      proxy_pass http://frontend;
      proxy_http_version 1.1;
      proxy_redirect off;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Host $server_name;
    }
  }
}

The original post: /r/nginx by /u/Extra-Mycologist2365 on 2024-09-16 18:04:01.

Hello together,

working since 3 days on this.

I have two Debian LXC container. One with Nginx and one with Wordpress installed. The Nginx is the central rproxy for all my Webservers that i expose to the Internet.

The wp-admin site is working. But I cant open the normal website. Im getting "error too many redirects".

What am I doing wrong???

Im trying to configure Nginx in front of Wordpress. I have the following configuration:

server {
listen 80;
server_name example.site.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name example.site.com;
ssl_certificate /etc/letsencrypt/live # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
client_max_body_size 50M;
location / {
proxy_set_header        Host $host:$server_port;
proxy_set_header        X-Real-IP $remote_addr;
proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header        X-Forwarded-Proto https;
proxy_pass http://X.X.X.X;
proxy_redirect off;
}
}

wp-config.php

<?php
define('WP_HOME','https://example.site.com');
define('WP_SITEURL','https://example.site.com');
/**
 * The base configuration for WordPress
 *
 * The wp-config.php creation script uses this file during the installation.
 * You don't have to use the website, you can copy this file to "wp-config.php"
 * and fill in the values.
 *
 * This file contains the following configurations:
 *
 * * Database settings
 * * Secret keys
 * * Database table prefix
 * * ABSPATH
 *
 * u/link https://developer.wordpress.org/advanced-administration/wordpress/wp-config/
 *
 * u/package WordPress
 */
// ** Database settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', '' );
/** Database username */
define( 'DB_USER', '' );
/** Database password */
define( 'DB_PASSWORD', '' );
/** Database hostname */
define( 'DB_HOST', 'localhost' );
/** Database charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8' );
/** The database collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', '' );
/**#@+
 * Authentication unique keys and salts.
 *
 * Change these to different unique phrases! You can generate these using
 * the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}.
 *
 * You can change these at any point in time to invalidate all existing cookies.
 * This will force all users to have to log in again.
 *
 * u/since 2.6.0
 */
define( 'AUTH_KEY',         'put your unique phrase here' );
define( 'SECURE_AUTH_KEY',  'put your unique phrase here' );
define( 'LOGGED_IN_KEY',    'put your unique phrase here' );
define( 'NONCE_KEY',        'put your unique phrase here' );
define( 'AUTH_SALT',        'put your unique phrase here' );
define( 'SECURE_AUTH_SALT', 'put your unique phrase here' );
define( 'LOGGED_IN_SALT',   'put your unique phrase here' );
define( 'NONCE_SALT',       'put your unique phrase here' );
/**#@-*/
/**
 * WordPress database table prefix.
 *
 * You can have multiple installations in one database if you give each
 * a unique prefix. Only numbers, letters, and underscores please!
 */
$table_prefix = 'wp_';
/**
 * For developers: WordPress debugging mode.
 *
 * Change this to true to enable the display of notices during development.
 * It is strongly recommended that plugin and theme developers use WP_DEBUG
 * in their development environments.
 *
 * For information on other constants that can be used for debugging,
 * visit the documentation.
 *
 * u/link https://developer.wordpress.org/advanced-administration/debug/debug-wordpress/
 */
define( 'WP_DEBUG', false );
/* Add any custom values between this line and the "stop editing" line. */
/* That's all, stop editing! Happy publishing. */
/** Absolute path to the WordPress directory. */
if ( ! defined( 'ABSPATH' ) ) {
        define( 'ABSPATH', __DIR__ . '/' );
}
/** Sets up WordPress vars and included files. */
require_once ABSPATH . 'wp-settings.php';
define('FORCE_SSL_ADMIN', true);

The original post: /r/nginx by /u/littlebighuman on 2024-09-16 14:01:21.

Hi all,

First post here. I was wondering what the general best practice is for SAML auth on a NGINX proxy, specifically for integrating with Azure SSO. I know NGINX plus has it built in, but that is not an option for me.

So far I'm looking at mod_auth_mellon and shibboleth.

The original post: /r/nginx by /u/Eit4 on 2024-09-16 10:46:52.

I am serving a react application in an address example.com/admin

While I can serve static files, I am unable to access routes like example.com/admin/login or example.com/admin/dashboard. When I do it, I get a 404 error, though I am able to access /admin, /admin/ and static files.

This is my nginx configuration:

# gzip
gzip            on;
gzip_vary       on;
gzip_proxied    any;
gzip_comp_level 6;
gzip_types      text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;

server {
  listen 5000;

  # gzip
  gzip            on;
  gzip_vary       on;
  gzip_proxied    any;
  gzip_comp_level 6;
  gzip_types      text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;

  # Application B under /admin
  location /admin/ {
    alias /usr/share/nginx/html/;
    index index.html index.htm;
    try_files $uri $uri/ /admin/index.html =404;
  }

  # Static files for Application B under /admin
  location /admin/static/ {
    alias /usr/share/nginx/html/static/;
  }

  location /admin/js/ {
    alias /usr/share/nginx/html/js/;
  }

  location /admin/css/ {
    alias /usr/share/nginx/html/css/;
  }

  location /admin/img/ {
    alias /usr/share/nginx/html/img/;
  }

  location /admin/fonts/ {
    alias /usr/share/nginx/html/fonts/;
  }

  # Catch-all route for client-side routing
  location /admin {
    try_files $uri /admin/index.html;
  }

  include /etc/nginx/extra-conf.d/*.conf;
}

The original post: /r/nginx by /u/yukiiiiii2008 on 2024-09-13 05:50:21.

I use the official nginx docker image. Following is my default.conf.template.

server {
 listen 9004; 

root /usr/share/nginx/html;

index index.html;

location ~* .(eot|ttf|woff|woff2|svg)$ { add_header Access-Control-Allow-Origin *; }

location / { try_files $uri $uri/ $uri/index.html /index.html; }

}
```I have a file under`[https://example.com/projects/index.html`](https://example.com/projects/index.html%60). When I access to `https://example.com/projects`, it redirect me to `http://example.com:9004/projects/`.

Note: My `nginx` is behind `traefik`, an another reverse proxy, it passes following headers to `nginx`:
`'x-forwarded-host': 'example.com',
'x-forwarded-port': '443',
'x-forwarded-proto': 'https',
'origin': 'https://example.com',`
How can I utilize this to acheive my goal? I want to log `$uri` to see what's the exact value it has.

The original post: /r/nginx by /u/smalltimesysadmin on 2024-09-13 00:26:42.

TLDR: Is there a way to pass the source IP for a reverse proxy to the upstream host?

I run a password reset tool that's based on a tomcat stack. I have a nginx server operating as a reverse proxy in front of it. It's been like that for months without issue. Recently, a specific client has started to use the tool in rapid succession to reset several user accounts. I'm still trying to determine exactly what/how the user is doing it, but it's causing the password reset tool to semi-crash where the screen to enter a username works, but when you try to progress to the password reset questions, it returns an HTTP 400 error. Restarting the tomcat service restores operation until that specific user tries whatever they're doing again. I can't see how it would be an issue, but the logs seem to indicate that user has a pool of IPs their traffic is egressing from.

Digging into the tomcat logs, it looks like I'm running into a URL_ROLLING_THROTTLES_LIMIT_EXCEEDED error. From my understanding, that error is related to a hard-coded limit of around 10 calls per minute. Or maybe not, because tomcat is the most evil and un-troubleshootable tech stack ever... Given that the user is egressing their traffic from a fairly large IP pool, I suspect that the password reset tool is actually seeing the IP of the reverse proxy as the source IP, causing that throttle limit to be triggered.

All that to say, is the operation of the reverse proxy like I think it is, and if so, is there an option I can put in the conf file to cause it to pass the actual source IP from the client to the password reset tool instead of the proxy's? I'll post the relevant stanzas from the conf file as soon as I can get access to it. Thank you very much for any help that can be offered!

The original post: /r/nginx by /u/neitcho on 2024-09-12 20:00:14.

I can't get my head around why nginx-ultimate-bad-bot-blocker is not working on my site.

sudo nginx -t gives me

nginx: [warn] duplicate network "138.199.57.151", value: "0", old value: "1" in /etc/nginx/conf.d/globalblacklist.conf:18873

nginx: [warn] duplicate network "143.244.38.129", value: "0", old value: "1" in /etc/nginx/conf.d/globalblacklist.conf:18889

nginx: [warn] duplicate network "195.181.163.194", value: "0", old value: "1" in /etc/nginx/conf.d/globalblacklist.conf:18984

nginx: [warn] duplicate network "5.188.120.15", value: "0", old value: "1" in /etc/nginx/conf.d/globalblacklist.conf:19111

nginx: [warn] duplicate network "89.187.173.66", value: "0", old value: "1" in /etc/nginx/conf.d/globalblacklist.conf:19158

nginx: [warn] conflicting server name "" on 0.0.0.0:80, ignored

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

Code has been a added in virtual host

##

# Nginx Bad Bot Blocker Includes

# REPO: https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker

##

include /etc/nginx/bots.d/ddos.conf;

include /etc/nginx/bots.d/blockbots.conf;

And I've added my own IP to blacklist-ips.conf but can still access the website from the browser.

The original post: /r/nginx by /u/Yakuwari on 2024-09-12 17:45:24.

I'm trying to divide my logs between obvious bots and the rest. I use these maps:

map $http_user_agent $is_bot {
    default 0;  # 0 means non-bot
    "~*bot" 1;  # 1 means bot
    "~*crawl" 1;
    "~*spider" 1;
    "~*slurp" 1;
    "~*googleother" 1;
}
map $http_user_agent $is_not_bot {
    default 1;  # 1 means non-bot
    "~*bot" 0;  # 0 means bot
    "~*crawl" 0;
    "~*spider" 0;
    "~*slurp" 0;
    "~*googleother" 0;
}
access_log /var/log/nginx/access_non_bots.log combined if=$is_not_bot;
access_log /var/log/nginx/access_bots.log combined if=$is_bot;

Is there any easier way to do this?

The original post: /r/nginx by /u/whoKilledLouisV on 2024-09-12 04:20:05.

Been trying to get this to work for 3 weeks. Please if someone is able to connect via discord it would be greatly appreciated.

The original post: /r/nginx by /u/katana1096 on 2024-09-11 07:20:43.

Hello. I want to point multi domain names to the same site. For example, like "The website is under construction" Can someone tell me how can I do this in the nginx.conf file? or maybe some other file?

Note: it is a static site.

Please advise me and thank you.

The original post: /r/nginx by /u/Purple_Farmer473 on 2024-09-11 03:48:26.

NGINX Blog post: https://www.kubelynx.com/category/NGINX