I have a react app running under nginx. App runs just fine and there are no problems.
Now, I have kibana and portainer running on the same server and I configured nginx to run them as a subfolder. The server have a security certificate and I can't really create new sub-domains. So I had to go with the subfolders.
server {
listen 80;
listen 443 ssl;
server_name api.nec.private.systems;
ssl_certificate /etc/ssl/api.nec.private.systems.crt;
ssl_certificate_key /etc/ssl/api.nec.private.systems.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
root /usr/share/nginx/html;
location / {
# Set path
try_files $uri /index.html;
}
# Do not cache sw.js, required for offline-first updates.
location /sw.js {
add_header Cache-Control "no-cache";
proxy_cache_bypass $http_pragma;
proxy_cache_revalidate on;
expires off;
access_log off;
}
location /control/ {
proxy_pass http://portainer:9000/;
add_header Cache-Control "no-cache";
proxy_cache_bypass $http_pragma;
proxy_cache_revalidate on;
expires off;
access_log off;
}
location /kibana/ {
proxy_pass http://kibana:5601/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
# proxy_cache_bypass $http_upgrade;
add_header Cache-Control "no-cache";
proxy_cache_bypass $http_pragma;
proxy_cache_revalidate on;
expires off;
access_log off;
}
}
As you can see the first two locations describe the react app and the last two are all about kibana and poratiner.
Now, here is the problem:
I would open google chrome and go to api.nec.private.systems/control - it would pull up portainer without any problems.
I would open api.nec.private.systems/kibana and would get kibana as expected.
I would open api.nec.private.systems/ and the react app with the react router would open.
Now, having done step #3 I would open api.nec.private.systems/kibana and it won't open kibana anymore, rather it would try to feed /kibana in my router. It WON'T open kibana at all. No matter how much I would try.
Step number X - clear cache of google chrome and try again - kibana and poirtainer works just fine. Until I'll open the react app.
Any ideas?
Ok, so I figured out my own problem here. It's all because of the service worker that comes with create-react-app. Basically, service worker trying to redirect all requests from the app to the local storage cache.
Killed the service worked and it started working fine.
Related
Hive -
I have a Flask + React app running on Debian using Nginx and Gunicorn (which is maintained via supervisor). When I set up my Nginx CONF file to just serve up the site over port 80, everything seemed to work fine except for a CORS error. This only happened in Chrome, but the entire site worked fine in Safari (a known Chrome issue). After tracking down the issue and determining that the cause was the lack of an SSL certificate, I set up my Nginx CONF file to support SSL. Now two things happen that frustrate me to no end:
When I go to the site, the Developer Console shows that the site is getting a Connection Refused on https://localhost:5000/.
When I use CURL to test the API, it works.
Both the React and Flask applications are hosted on the same server, and I even have port 5000 open to be safe (as well as SSL and standard 80).
My conf file is below, but some info that might be useful:
All URLs are served up at the root "domain.com/" of the website.
The Flask app has the API in a nested folder and the exposed API is of the format "domain.com/api/v1/{calls}".
I have UI Swagger installed, but can not access it from the browser.
The development environment works fine, but that is because I'm using the built-in Python/Flask server and running the frontend React app with NPM Start.
My code is below and I've left in place, as commented lines, other things I have tried to make this work to show the various efforts I've exerted. In the location /api section, I previously just had the include proxy_params and the proxy_pass...all other lines were added after they didn't work in the location/section. server_name has _ as the server_name. I also had this as the subdomain of my site and mixed & matched, but no dice.
server {
root /var/www/project-app/frontend/build;
index index.html;
server_name _;
location / {
# proxy_pass http://localhost:5000;
# proxy_redirect off;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
try_files $uri $uri/ =404;
add_header Cache-Control "no-cache";
}
location /static {
alias /var/www/project-app/frontend/build/static;
expires 1y;
add_header Cache-Control "public";
}
location /api {
include proxy_params;
proxy_pass http://localhost:5000;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
listen 443 ssl; # managed by Certbot
listen [::]:443 ssl;
ssl_certificate /etc/letsencrypt/live/project/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/project/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
access_log /var/log/project_access.log;
error_log /var/log/project_access.log;
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
}
server {
if ($host = app.project.tld) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
# server_name app.project.tld;
server_name _;
return 404; # managed by Certbot
}
Debian 11
Latest Nginx Version from APT
All packages are updated and installed via both PIP and NPM
Python 3.9.2
There are fillers in the code...such as app.project.tld...in my actual code, I have the subdomain of the actual app. Just trying to avoid someone telling me I made a copy/paste snafu :)
Thanks!
I have a react and Nginx container.
The react site works normally fine. but when I update the latest code and rebuild the container and restart it. I have to do hard refresh the page first time to get the homepage normal refresh wont work . once the hard refresh the page the next refresh will work normally .
I will get the following error when I do a normal refresh after building the container.
''' Uncaught SyntaxError: expected expression, got '<'main.5a72dfd2.js:1 '''
below is my nginx config
'''
server {
server_name sample.exapmle.com;
access_log /var/log/folder/access.log;
error_log /var/log/folder/error.log;
location / {
proxy_pass http://app:4000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
add_header Last-Modified $date_gmt;
add_header Cache-Control 'no-store, no-cache';
if_modified_since off;
expires off;
etag off;
}
listen [::]:443 ssl ipv6only=on http2;
listen 443 ssl http2;
ssl_certificate /etc/ssl/ssl.pem;
ssl_certificate_key /etc/ssl/ssl.key;
}
'''
I have an nginx server with a local web app running locally in port 4000. I was able to create the Nginx rules to have it loaded trough the proxy, but now I can only access the website trough the main url, like "https://app.domain.com" (this works well), if I try entering trough any link like "https://app.domain.com/page" I get a 404.
This is my current nginx config;
server {
# gzip
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript application/xml+rss application/atom+xml image/svg+xml;
# SSL configuration
listen 443;
listen [::]:443;
expires $expires;
ssl on;
ssl_certificate /etc/ssl/app.crt;
ssl_certificate_key /etc/ssl/app.key;
index index.html;
server_name app.domain.com;
proxy_intercept_errors on;
autoindex off;
root /var/www/domain-app;
# I am using this rule to allow files like icons or css to be accessed directly
location ~ ^.+\..+$ {
proxy_set_header Host $host;
proxy_pass http://localhost:4000;
proxy_redirect off;
if (!-e $request_filename){
rewrite https://$server_name break;
}
try_files $uri /index.html;
}
location / {
proxy_set_header Host $host;
proxy_pass http://localhost:4000;
proxy_redirect off;
try_files $uri /index.html;
}
}
I tried something like this on the location and it worked for root domain and for pages, but accessing the site from a sub-page like "https://app.domain.com/page/sub" failed; It loaded the page but it tried to find the assets under "https://app.domain.com/page/static/..."
location / {
proxy_set_header Host $host;
proxy_pass http://localhost:3000;
proxy_redirect off;
set $fallback_file /index.html;
if ($http_accept !~ text/html) {
set $fallback_file /null;
}
try_files $uri $fallback_file;
}
Alright, for anyone coming here I found the solution after some hours of research;
The problem was not my nginx config after all, but rather a Create React App/react-router thing.
In order for the URI of the assets to be properly replaced in all sub-paths by the application (NOT the server) your homepage in package.json needs to match the URL of your internal server/Proxy, so for example I was hosting the proxy locally at "http://localhost:4000" then that should also be the "homepage" attribute in package.json, differently from what other tutorials suggest of using just "./", since this is not a single page app.
Chhers!
I bought a VPS on OVH, which currently runs on Debian 9.
I installed successfully SSL over defaults ports (80 and 443) and it's working great when displaying basic html.
However, I'm totally lost concerning the run of my react app (basic app to try configuration).
It works in http in Safari but doesn't work at all in Chrome : "This site can’t provide a secure connection wecode-it.fr sent an invalid response.
ERR_SSL_PROTOCOL_ERROR"
I already checked the date of my server which is correct.
I'm running my app locally with npm start and want to use development mode for now. If you have any advice tho on building the app for production, I'll take it too. I think I'll use docker but I don't how to use it yet.
Here is my nginx configuration.
listen 80 default_server;
listen [::]:80 default_server;
server_name wecode-it.fr www.wecode-it.fr;
root /usr/share/nginx/html;
index index.html;
location ~ /.well-known {
allow all;
}
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
ssl on;
ssl_certificate /etc/letsencrypt/live/wecode-it.fr/fullchain.pem
ssl_certificate_key /etc/letsencrypt/live/wecode-it.fr/privkey.pem
ss_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_servers_ciphers on;
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
location / {
proxy_pass https://MYIP:3030;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
I'm available to answer any of you questions.
Thank you.
You have to decide if you want to use the proxy or direct.
Some ssl settings are missing (if certificate is local).
But for now, you can try this setting:
server {
listen 443 ssl;
server_name backend1.example.com;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/certs/server.key;
#...
location /yourapp {
proxy_pass http://url_to_app.com;
#...
}
}
See more in docs
https://docs.nginx.com/nginx/admin-guide/security-controls/securing-http-traffic-upstream/#configuring-upstream-servers
I completely reinstalled my vps, did every steps from scratch and it's now working. I think I lost myself trying too much stuff, and starting all over again made it simple.
I want to use NGINx as a reverse proxy server so I can open my GAE (google app engine) web site from china mainland, because there most of google IP's are blocked by the GFW.
DNS: I have those DNS records:-
A mydomain.com ==> x.x.x.x
CNAME www ==> ghs.google.com
CNAME * ==> ghs.google.com
I'm planing to use geo DNS to point to my reverse proxy in case the request is coming from china mainland, currently I'm testing locally by having hosts record points mydomain.com to localhost.
I have nginx 1.1.19 on Ubuntu 12.04.
my site configuration file is:-
server {
#listen 80;
listen 443 ssl;
server_name mydomain.com;
ssl on;
ssl_certificate /home/user/Desktop/ssl/mydomain.com.pem;
ssl_certificate_key /home/user/Desktop/ssl/mydomain.com.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
large_client_header_buffers 4 16k;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# keepalive_timeout 70;
location / {
proxy_pass https://mydomain.com/;
proxy_set_header Host www.mydomain.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-HOST $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy-Hostname $scheme://$http_host;
proxy_redirect off;
proxy_intercept_errors on;
#error_page 500 = /error_page.html;
}
#location = /error_page.html {
# root /local_path_to_static_files_root;
#}
}
When I tried to open https: //mydomain.com:-
I got a number of connection is too low error at the beginning solve it by adding/editing the following to the nginx.conf file:-
events {
worker_connections 8024;
# multi_accept on;
}
then I got too many open files error, I solve it by adding/editing the following to the nginx.conf file:-
worker_rlimit_nofile 5000;
Now I'm getting error 504 Gateway Time-out (connection time out):-
Any idea what I'm doing or did wrong ??
UPDATE:
It turned to be infinite redirecting loop because I have mydomain.com ==> 127.0.0.1 in the hosts file and the reverse proxy pass the requests coming to it to mydomain.com so it keeps requesting it self, I removed the URL proxy passing the request to from hosts to avoid loops.
SOLVED