How can use multi location and regex in nginx?

Please help me with nginx.conf that is regex and multi location.

When I create the nginx.conf with next location, proxy_pass works correctly:

location = /test-a-1-1 {
       proxy_pass http://test-a-1-1;
       proxy_set_header Host $host;
       proxy_set_header X-Real-IP $real_remote_addr;
       proxy_redirect off;
   }

  location = /test-b-1-2 {
      proxy_pass http://test-b-1-2;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $real_remote_addr;
      proxy_redirect off;
  }

But I have many locations and I want use multi location, but in this configuration i get the error –

test-b-1-2 could not be resolved (3: Host not found)

resolver 172.16.10.3
location ~ ^/(test-a-[0-9]-[0-9]|test-b-[0-9]-[0-9]) {
                set $test $1;
                proxy_pass http://$test;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_redirect off;
                }

Please help me with regex and multi locations.
Thank you.

Go to Source
Author: perrfect

nginx 1.14 proxy to serve stale content when upstream is not available

I have nginx running inside a Docker container on Docker for Windows with WSL2. It’s function is as a caching proxy to an upstream IIS server.

container/userspace: CentOS 8 container running SystemD as pid1.
nginx version: 1.14 as provided by CentOS 8.
The config file dates back from nginx 1.1 days on RHEL6, but reports no syntax errors.

Problem: When upstream is down, instead of service stale content, Nginx reports “Gateway Timeout.”
Expectation: Nginx would still serve static assets from cache.

The proxying appears to work as I can see requests Hit and Miss, respectively in the access.log.

Could anyone with more nginx experience comment on this use case and if there’s anything obviously missing in the configuration?

nginx.conf:

user              nginx;
worker_processes  1;
worker_rlimit_nofile 1000000;  # Added

error_log  /var/log/nginx/error.log;
error_log  /var/log/nginx/error.log  notice;
error_log  /var/log/nginx/error.log  info;

pid        /var/run/nginx.pid;
load_module /usr/lib64/nginx/modules/ngx_http_perl_module.so;

events {
    worker_connections  9192;  #, increased from 1024 to 9192
    use epoll;  # Added
    multi_accept on;  # Added

#   debug_connection 172.17.0.1;
}


http {
    # Include the perl module
      perl_modules perl/lib;
    # Request_Uri to Lowercase Request_Uri
      perl_set $uri_request_lowercase 'sub {
        my $r = shift;
        my $request_uri = $r->$request_uri;
        $request_uri = lc($request_uri);
        return $request_uri;
      }';

          # Request to lowercase request_uri
      perl_set $uri_lowercase 'sub {
        my $r = shift;
        my $uri = $r->uri;
        $uri = lc($uri);
        return $uri;
      }';

        # Returns everything to the left of ?
     
     perl_set $uri_left_request_lowercase 'sub {
        my $r = shift;
        my $uri = $r->uri;
        $uri = lc($uri);
        my $request_uri = substr($uri, 0, index($uri, "?"));
        return $request_uri;
      }';
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" -  "$upstream_cache_status" '
                      '"$request_method $scheme://$host$request_uri $server_protocol" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';



    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;
    open_file_cache max=100000 inactive=30s;  # Added
    reset_timedout_connection on;  # Added

    gzip  on;  #, Uncommented this to set gzip ON
    gzip_comp_level     1;  # Added
    gzip_disable        msie6;  # Added
    gzip_proxied        any;  # Added
    gzip_types          text/plain text/css application/x-javascript text/xml application/xml application/rss+xml text/javascript;  # Added

    #  Cache Configurations
  
    proxy_cache_path /var/cache/nginx/www-WebSite.com levels=1:2 keys_zone=www-WebSite.com-server-cache:300m max_size=5000m inactive=30d;


    proxy_temp_path /tmp/nginx;  # Added

    # Load config files from the /etc/nginx/conf.d directory
    # The default server is in conf.d/default.conf
    include /etc/nginx/conf.d/*.conf;

}

vhost:

server {
    listen      443 ssl;    
    server_name     www.WebSite.com;
    ssl_certificate /etc/nginx/ssl/__WebSite___cert.cer;
    ssl_certificate_key  /etc/nginx/ssl/wildcard-WebSite.com--.key;
    location ~* /_layouts/authenticate.aspx.*$ {
    root  /usr/share/nginx/html;
    rewrite ^ /error502.html?;
   }
 
    location / {
        proxy_pass                  https://www.WebSite.com/;
        add_header X-dpu-cachesource "DR-NGINX-CONTAINER";
        proxy_connect_timeout       15s;
        proxy_cache_key             "$scheme://$host$uri";
        proxy_cache                 www-WebSite.com--server-cache;
        proxy_cache_valid           302 200 30d;
        proxy_cache_use_stale       updating error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
        proxy_ignore_headers        X-Accel-Expires Expires Cache-Control Set-Cookie;
        proxy_set_header            X-Real-IP        $remote_addr;
        proxy_set_header            X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_cache_background_update on;
        proxy_cache_lock on;
        proxy_max_temp_file_size    15m;
        client_max_body_size        50m;
        client_body_buffer_size     128k;
        proxy_send_timeout          5m;
        proxy_read_timeout          5m;
        proxy_buffer_size           4k;
        proxy_buffers               4 32k;
        proxy_busy_buffers_size     64k;
        proxy_temp_file_write_size  64k;
        error_page 502 /error502.html;
        
    }

   location = /error502.html {
      root  /usr/share/nginx/html;

  }     
}

Go to Source
Author: Yolo Perdiem

NGINX serving by IP only, not by server name

A Raspbery Pi running (arm-)Arch sits behind my router NAT. The RasPi has a static IP 192.168.1.6 and an nginx serving on port 8093. (The nginx is listening on port 80 for another webpage.)

The server_name is “pi.hole” and it is resolved correctly by the source machine to 192.168.1.6

The interface opens successfully in my browser at “http://192.168.1.6:8093”

A “404 Not Found” pops when opening “pi.hole”

Bellow are my /etc/nginx/nginx.conf

user http;

worker_processes auto;

worker_rlimit_nofile 10240;

events {
    # Use epoll on Linux 2.6+
    use epoll;
    # Max number of simultaneous connections per worker process
    worker_connections 2048;
    # Accept all new connections at one time
    multi_accept on;
}

http {

    server_tokens off;

    sendfile on;

    tcp_nopush on;

    tcp_nodelay off;
    
    send_timeout 30;

    keepalive_timeout 60;

    keepalive_requests 200;
    reset_timedout_connection on;
    
    types_hash_max_size 2048;

    server_names_hash_bucket_size 64;

    include /etc/nginx/mime.types;
    default_type text/html;
    charset UTF-8;

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    gzip on;

    gzip_min_length 1000;

    gzip_disable "msie6";
    gzip_proxied any;

    gzip_comp_level 5;
    
    gzip_types
        text/plain
        text/css
        application/json
        application/x-javascript
        text/xml
        application/xml
        application/xml+rss
        text/javascript
        application/javascript
    application/octet-stream;


    open_file_cache max=1000 inactive=20s;
    open_file_cache_valid    30s;
    open_file_cache_min_uses 2;
    open_file_cache_errors   on;
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}


and /etc/nginx/conf.d/pihole.conf

# /etc/nginx/conf.d/pihole.conf
#
# https://github.com/pi-hole/pi-hole/wiki/Nginx-Configuration
#

server {
    listen 192.168.1.6:8093 ;

    root /srv/http/pihole;
    server_name pi.hole;
    autoindex off;

    proxy_intercept_errors on;
    error_page 404 /pihole/index.php;

    index pihole/index.php index.php index.html index.htm;

    location / {
        expires max;
        try_files $uri $uri/ /pihole/index.php?$args =404;
        add_header X-Pi-hole "A black hole for Internet advertisements";
    }

    location ~ .php$ {
        include fastcgi.conf;
        fastcgi_intercept_errors on;
        fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
        #fastcgi_pass 127.0.0.1:9000;
        #fastcgi_param VIRTUAL_HOST "pi.hole";
        #fastcgi_param SERVER_NAME $host;
        fastcgi_param SERVER_NAME "pi.hole";
    }
    
    location /admin {
        root /srv/http/pihole;
        index index.php index.html index.htm;
        add_header X-Pi-hole "The Pi-hole Web interface is working!";
        add_header X-Frame-Options "DENY";
    }
    
    location ~ /.ttf {
        add_header Access-Control-Allow-Origin "*";
    }

    location ~ /admin/. {
        deny all;
    }

    location ~ /.ht {
        deny all;
    }
}

I tried adding the ip to the listener and playing with the fastcgi_param for the host name to no better end.

The user running nginx is the same for php-fpm and has ownership and read-write permissions and the root and down the tree.

What am I doing wrong?

Go to Source
Author: superAnnoyingUser

Nginx with Varnish : all listen directive pointing to 808* ports but nginx still listen to 80

I’m running instances of Symfony or Drupal websites on two Debian servers, with Nginx listening to 443, Varnish listening to 80 and passing to nginx on listening custom ports 80** for each vhost.

Recently I added a new website to one of the servers. Then I began to run in this well documented error nginx: [emerg] bind() to [::]:80 failed (98: Address already in use).

Despite there is no nginx server block at all listening to :80 port, neither any server block without listen directive, Nginx began to listen on port 80 all together with the custom ports.

sudo netstat -tlpn| grep nginx
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      4191/nginx: master  
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      4191/nginx: master  
tcp        0      0 0.0.0.0:8081            0.0.0.0:*               LISTEN      4191/nginx: master  
tcp        0      0 x.x.x.x:8082            0.0.0.0:*               LISTEN      4191/nginx: master  
tcp        0      0 y.y.y.y:8083            0.0.0.0:*               LISTEN      4191/nginx: master  
tcp        0      0 z.z.z.z:8084            0.0.0.0:*               LISTEN      4191/nginx: master  
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      4191/nginx: master  
tcp        0      0 0.0.0.0:8000            0.0.0.0:*               LISTEN      4191/nginx: master  
tcp6       0      0 :::8080                 :::*                    LISTEN      4191/nginx: master  
tcp6       0      0 :::80                   :::*                    LISTEN      4191/nginx: master  
tcp6       0      0 :::8081                 :::*                    LISTEN      4191/nginx: master  
tcp6       0      0 :::443                  :::*                    LISTEN      4191/nginx: master  
tcp6       0      0 :::8000                 :::*                    LISTEN      4191/nginx: master

I also already read all the docs and posts about handling dual-stack IPv4 and IPv6 correct new syntax, and tried all possible syntaxes such as below, no way.

Working directive before crash : listen x.x.x.x:8082;
Tried adding listen [::]:8082 ipv6only=on;. No change.

I listed, and killed process many times with sudo fuser -k 80/tcp before restarting systemctl varnish, nginx, even daemon-reload…

Last, I checked my history but can’t find what could have caused this sudden behavior. The lone point I’m not sure about is I changed a couple of sysctl.conf params, but hopefully reverted them, just in case, I’m not used to this part od administration : cat /etc/sysctl.conf | grep net.ipv4.conf

#net.ipv4.conf.default.rp_filter=1
#net.ipv4.conf.all.rp_filter=1
#net.ipv4.conf.all.accept_redirects = 0
# net.ipv4.conf.all.secure_redirects = 1
#net.ipv4.conf.all.send_redirects = 0
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv4.conf.all.log_martians = 1

Here’s my configuration.

cat /etc/nginx/nginx.conf (relevant 2 lines, no html / server block in it)

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;

cat /etc/nginx/conf.d/default.conf

server {
        listen 8000 default_server;
        listen [::]:8000 ipv6only=on default_server;
        server_name _;

        listen 443 ssl default_server;
        listen [::]:443 ssl ipv6only=on default_server;
}

One of the sites-available vhosts (they all follow exactly same pattern) :

server { # this block only redirects www to non www
        listen x.x.x.x:443 ssl;
        server_name www.example.com;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_certificate /var/www/clients/client0/web3/ssl/example.com-le.crt;
        ssl_certificate_key /var/www/clients/client0/web3/ssl/example.com-le.key;

        return 301 https://example.com$request_uri;
        }

server {
        listen x.x.x.x:443 ssl;
        server_name example.com

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_certificate /var/www/clients/client0/web3/ssl/example.com-le.crt;
        ssl_certificate_key /var/www/clients/client0/web3/ssl/example.com-le.key;

        location / {
            # Pass the request on to Varnish.
            proxy_pass  http://127.0.0.1;
 
            # Pass some headers to the downstream server, so it can identify the host.
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 
            # Tell any web apps like Drupal that the session is HTTPS.
            proxy_set_header X-Forwarded-Proto https;
            proxy_redirect     off;
        }
        
}
server {
        listen x.x.x.x:8082;
#       listen [::]:8082 ipv6only=on;

        server_name example.com www.example.com;

        root   /var/www/example.com/web/public;

        location / {
            # try to serve file directly, fallback to index.php
            try_files $uri /index.php$is_args$args;
        }

       location ~ ^/index.php(/|$) {
            fastcgi_pass 127.0.0.1:8998;
            fastcgi_split_path_info ^(.+.php)(/.*)$;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
            fastcgi_param DOCUMENT_ROOT $realpath_root;
            internal;
        }
        location ~ .php$ {
           # return 404;
        }

        error_log /var/log/ispconfig/httpd/example.com/error.log;
        access_log /var/log/ispconfig/httpd/example.com/access.log combined;

        location ~ /. {
                        deny all;
        }

        location ^~ /.well-known/acme-challenge/ {
             access_log off;
             log_not_found off;
             root /usr/local/ispconfig/interface/acme/;
             autoindex off;
             try_files $uri $uri/ =404;
        }

        location = /favicon.ico {
            log_not_found off;
            access_log off;
            expires max;
            add_header Cache-Control "public, must-revalidate, proxy-revalidate";
        }

        location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
        }
}

cat /etc/default/varnish relevant part

DAEMON_OPTS="-a :80 
             -T localhost:6082 
             -f /etc/varnish/default.vcl 
             -S /etc/varnish/secret 
             -s malloc,3G"

I’m wondering what could have caused a config I’m working with since years to bug ?

I carefully studied these Q&A and a bunch of doc or posts, with no success : Nginx tries to run on port 80 but the configs have been removed ; Nginx will not start (Address already in use) ; nginx – bind() to 0.0.0.0:80 failed (98: Address already in use)

Go to Source
Author: Kojo

Make host header correct from upstream

I configured simple load balancer scheme on the windows:

upstream app.local {
    server app1.local:8001 fail_timeout=10s max_fails=10;
    server app2.local:8002 fail_timeout=10s max_fails=10;
}

server {
    listen 8000;

    location / {
        proxy_pass http://app.local;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $remote_addr;
    }
}

Changed hosts file like this

127.0.0.1       app.local
127.0.0.1       app1.local
127.0.0.1       app2.local

All fine, but my web servers behind app1.local and app2.local receive incorrect headers Host: app.local and therefore don’t want resolve requests. I readed
the post where the same problem but top answer not resolved my and i don’t want to use the double layer proxy option straight off.

Go to Source
Author: Vasil Akhmetov

WordPress website hosted on nginx ubuntu isn’t loading anymore

WordPress website hosted on nginx ubuntu isn’t loading anymore

I just found out the WordPress website isn’t running anymore. When opening example.in, it simply shows the text Error establishing a database connection. The wp website is the folder /var/www/examplewp

I have other non-PHP based websites running smoothly on the same server. Even the xxx.example.in which is a non-php based website is working.

I tried opening files such as example.in/readmore.html or example.in/hello.txt which I created in the base folder of the WP and that’s working.

Here’s the details:

php -v

PHP 7.2.19-0ubuntu0.18.10.1 (cli) (built: Jun  4 2019 14:46:43) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
with Zend OPcache v7.2.19-0ubuntu0.18.10.1, Copyright (c) 1999-2018, by Zend Technologies

uname -a

Linux ubuntu-s-1vcpu-1gb-blr1-01 4.18.0-25-generic #26-Ubuntu SMP Mon Jun 24 09:32:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

This is my xxx_nginx.conf file

server {
        server_name example.in www.example.in;
        root /var/www/examplewp;
        access_log /var/log/nginx/wp_client_access.log;
        error_log /var/log/nginx/wp_client_error.log;

        location / {
                index   index.php index.html;
                #try_files      $uri $uri/ /index.php?$args;
        }
        # Specify a charset
        charset                         utf-8;
        # GZIP
        gzip                            off;

        # Add trailing slash to */wp-admin requests.
        rewrite /wp-admin$ $scheme://$host$uri/ permanent;

        # Prevents hidden files (beginning with a period) from being served
        location ~ /. {
                access_log                      off;
                log_not_found                   off;
                deny                            all;
        }
        ###########
        # SEND EXPIRES HEADERS AND TURN OFF 404 LOGGING
        ###########

        location ~* ^.+.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
                access_log                      off;
                log_not_found                   off;
                expires                         max;
        }

        # Pass all .php files onto a php-fpm or php-cgi server
        location ~ .php$ {
                try_files                       $uri =404;
                include                         /etc/nginx/fastcgi_params;
                fastcgi_read_timeout            3600s;
                fastcgi_buffer_size             128k;
                fastcgi_buffers                 4 128k;
                fastcgi_param                   SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_pass                    unix:/run/php/php7.2-fpm.sock;
                fastcgi_pass                    unix:/run/php/php7.2-fpm.sock;
                fastcgi_index                   index.php;
        }

        # ROBOTS

         location = /robots.txt {
               allow all;
               log_not_found off;
               access_log off;
        }
        # RESTRICTIONS
        location ~* /(?:uploads|files)/.*.php$ {
                deny all;
        }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.in/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.in/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = www.example.in) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = example.in) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

        server_name example.in www.example.in;
    listen 80;
    return 404; # managed by Certbot
}

I tried restarting the server with sudo service nginx restart but it doesn’t help. Even the HTML or TXT files aren’t opening. I tried with the command line sudo service php7-fpm restart but got the response:

Failed to restart php7-fpm.service: Unit php7-fpm.service not found.

I can open info.php file though which has the phpinfo(); and see all the PHP related files.

I also check the error log but it’s empty: /var/log/nginx/wp_client_error.log

I tried restarting the mysql with this command land: sudo /etc/init.d/mysql start and got the following error:

[....] Starting mysql (via systemctl): mysql.serviceJob for mysql.service failed because the control process exited with error code.
See "systemctl status mysql.service" and "journalctl -xe" for details.
 **failed!**

Go to Source
Author: Nikita Gupta