I have a webapp deployed on a wildfly 10.1 application server.
This webapp is listened on: http://localhost:8080/app-profile-jsp/ (1)
I successful installed nginx. The server is successfull installed and I test to serve static web pages and images.
Now I want configure nginx to acccess the web app from
"http://www.frizio.local" (2) url.
I configure this address in /etc/hosts.
My configuration in nginx is the following:
server {
listen 80;
server_name frizio.local www.frizio.local;
access_log /var/log/nginx/static.access.log;
error_log /var/log/nginx/static.error.log;
root /srv/http/static;
location / {
proxy_pass http://localhost:8080/app-profile-jsp;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
location /pics {
autoindex on;
autoindex_exact_size off;
}
}
When I try to access to (2) the server respond "404 not found".
Thanks in advance
I think you missed the trailing / of the proxypass :
proxy_pass http://localhost:8080/app-profile-jsp/;
An other thing, I don't think you need the proxy_redirect off; here.
Hope it helped !
Related
I am trying to proxy tomcat using nginx. I have this configuration below. Now the problem I am facing is if I access the url by IP(192.168.2.6) then it gets redirected to /auth_app is tomcat which is perfectly fine. The tomcat url redirect to a third party SAML2 provider and once it authenticated it redirected to http://localhost:8080/auth_app/ instead of http://192.168.2.6/auth_app/ and because of that my application doesn't open as tomcat is running on 192.168.2.6 and not localhost.
server {
listen 80 default_server;
server_name _;
error_log /var/log/nginx/abc_error.log;
access_log /var/log/nginx/abc_access.log;
rewrite ^/?$ /auth_app;
location /auth_app {
proxy_redirect off;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8080/auth_app/;
}
}
There should be a config setting in your tomcat app to set the redirect URL to http://192.168.2.6/auth_app/.
How can I deploy my Java web application created in Netbeans in NGINX. I already tried this link for configuring my application.
Please configure your nginx proxy setting.
location / {
proxy_pass http://localhost:8080; #or use http://127.0.0.1:8080
root /etc/tomcat7/webapps/apple; # path of you application.
index index.html;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $remote_addr;
}
Now check one more thing your server are access your port
please hit netstat -ntpl and check your 8080 port and 80 port are one and access but all IP.
Using nginx/1.10.2 proxy and tomcat7 I'm trying to get the actual remote ip address in java webapp by request.getRemoteAddr() but always getting 127.0.0.1. Here's what I did:
CentOS proxy pass: setsebool -P httpd_can_network_connect true
& No config on tomcat7 other than the http/ajp port change.
Nginx config:
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log off;
client_body_in_file_only clean;
client_body_buffer_size 32K;
client_max_body_size 50M;
sendfile on;
send_timeout 300s;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /var/www/html;
index index.php index.html index.htm;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
try_files $uri $uri/ =404;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
}
Nginx proxy config:
upstream my_tomcat {
server 127.0.0.1:81;
}
server {
listen 80;
server_name sub.domain.com;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://my_tomcat;
proxy_redirect off;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
}
}
server {
listen 80;
server_name www.sub.domain.com;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://my_tomcat;
proxy_redirect off;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
}
}
You should use the HTTP header X-Real-IP to get the real remote ip.
The 'how' is written below
request.getHeader("X-Real-IP")
The 'why' is that, the proxy adds the real client-ip in the http header X-Real-IP as part of the proxying process.
Accoding Remote IP address from Nginx set IP to header:
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
after that it available at application with
req.getHeader("X-Forwarded-For")
Also may be useful: blacklist IPs in NGINX and
check blacklisted IP
Unless things have changed a lot since I last looked, your use of request.getRemoteAddr() will always return the address of the proxy host. You must examine the headers added by the proxy server to extract the actual host identity. What you get (hostname or IP address) will depend on what the nginx proxy does.
Tomcat 7/8/9 has a Valve for this very purpose, the Remote IP Valve.
By default it will examine the request header for "X-Forwarded-For", which is the standard header that a proxy will add. Then when request.getRemoteAddr() is called it returns the actual remote address.
For example, place the following in server.xml in the <Engine> level:
<!-- Replaces the apparent client remote IP address and hostname for
the request with the IP address list presented by a proxy or a
load balancer -->
<Valve className="org.apache.catalina.valves.RemoteIpValve"
requestAttributesEnabled="true"
internalProxies="127\.0\.0\.1" />
NOTE: if you want the actual remote address used in the access logs, you also need the to configure the AccessLogValve: add requestAttributesEnabled="true" to it.
I have implemented BE application with WebSockets support using Spring Boot. I use SockJS in order to connect to my WebSocket endpoint and during the connection process I get a following error:
error during WebSocket handshake: Unexpected response code: 400
but then (as you can see at the image above) everything is working fine and websocket opened.
Right now I don't understand what can be a reason of this issue and how to fix it. Please help.
UPDATED
Thanks for the paweln1986 help I have fixed version issue with SockJS lib but the issue with Unexpected response code 400 still exists:
I also using nginx in front of Tomcat 8. This is my nginx config:
server {
listen 443 ssl;
server_name myserver.com;
ssl on;
location /api/ {
proxy_pass_header X-XSRF-TOKEN;
proxy_pass http://localhost:8081/api/;
proxy_set_header Origin "http://localhost:8081/api/";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
}
location /dashboard/ {
proxy_pass http://localhost:8081/dashboard/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /manager {
proxy_pass http://localhost:8081/manager/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
root /srv/www/htdocs/myserver/;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /srv/www/htdocs/;
}
}
You have wrong version of SockJS.
On the browser side, applications can use the sockjs-client (version 1.0.x) that emulates the W3C WebSocket API
http://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html
You are missing two things under your /api/ section
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
https://www.nginx.com/blog/websocket-nginx/
This complication also occurs if you are using SSL with Amazon load balancers. The listener of the elb should have an entry of SSL(instead of HTTPS) with load balancer port as 443 and instance protocol as TCP with instance port as 80 (Don't forget to add certificate)
This will enable WebSocket traffic to pass through.
For detailed reference :
https://blog.jverkamp.com/2015/07/20/configuring-websockets-behind-an-aws-elb/
I have a java spring application deployed in a tomcat 8 environment in Amazon elastic beanstalk server. The application has HTTPS configured with proper certificate. When a socket connection connect the application I am getting below error in log
ERROR o.s.w.s.s.s.DefaultHandshakeHandler - Handshake failed due to invalid Upgrade header: null
I tried to figure out over internet, some post is saying it need to enable HTTPS. HTTPS is already enabled and normal webservice calls to the same server works.
Please let me know if anyone has any idea. Thank you !
The problem is the elastic beanstalk uses a proxy, so you can configure the proxy to support sockets.
The default proxy to Tomcat is Apache, I have changed it to nginx with the next file:
.ebextensions\nginx-proxy.config
option_settings:
aws:elasticbeanstalk:environment:proxy:
ProxyServer: nginx
then I added my nginx file:
.ebextensions\files.config
files:
"/etc/nginx/conf.d/01_websockets.conf" :
mode: "000644"
owner: root
group: root
content : |
worker_processes 1;
events {
worker_connections 2024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
gzip on;
server {
listen 80;
server_name localhost;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
# prevents 502 bad gateway error
proxy_buffers 8 32k;
proxy_buffer_size 64k;
proxy_pass http://127.0.0.1:8080;
proxy_redirect off;
# enables WS support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
}
Good luck!!!