I am having an Nginx server, with uwsgi and Wordpress installed on it. So the problem is that whenever I am trying to send a POST request to uwsgi application it fails with the error 405, but the method is allowed on server so I don't know why it happens.
Here is the nginx.conf file:
server {
listen 80;
server_name hrspot.me;
return 301 https://hrspot.me$request_uri;
}
server {
listen 443 ssl;
server_name hrspot.me;
index index.php index.html index.htm;
root /var/www/html;
ssl_certificate /etc/ssl/bundle.crt;
ssl_certificate_key /etc/ssl/www.hrspot.me.key;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
client_max_body_size 1024m;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass wordpress:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location ~ /\.ht {
deny all;
}
location = /favicon.ico {
log_not_found off;
}
location = /robots.txt {
log_not_found off;
}
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
location /api {
include uwsgi_params;
uwsgi_pass hrspotme_server:8080;
}
}
And here is the method in flask app:
...
#account.route('/api/register', methods=['POST'])
def route_api_register():
form = RegisterForm()
return api_register(form)
...
As you can see that is the POST method.
For some reason UWSGI perceives it as a GET request
And here is the log for this method from UWSGI:
[pid: 10|app: 0|req: 2/3] ip_address () {44 vars in 686 bytes} [Fri Jul 10 13:01:55 2020] GET /api/register => generated 178 bytes in 17 msecs (HTTP/1.1 405) 3 headers in 118 bytes (1 switches on core 1)
So I understand that some kind of problem with the settings.
HOW I MAKE A REQUEST:
LOGS WHEN I TRY TO SEND POST REQUEST TO /api/auth:
ip - - [10/Jul/2020:13:51:06 +0000] "POST /api/auth HTTP/1.1" 301 169 "-" "PostmanRuntime/7.26.1" "-"
ip - - [10/Jul/2020:13:51:06 +0000] "GET /api/auth HTTP/1.1" 405 178 "http://hrspot.me/api/auth" "PostmanRuntime/7.26.1"
UPD:
I tried to specify https in front of the url in the postman and it worked, so it seems an error that when I initially call on the http request, it incorrectly redirects it to the https request, changing the method from POST to GET.
Related
I need some help. I've a Django website, i added admin notification and Django keep sending me Invalid HTTP_HOST header notification.
The complete error message is
[Django] ERROR (EXTERNAL IP): Invalid HTTP_HOST header: '/run/gunicorn.sock:'. The domain name provided is not valid according to RFC 1034/1035.
Here is my Nginx configuration
server {
if ($host !~ ^(XX.XX.XX.XX|example.com|www.example.com)$ ) {
return 444;
} # Deny illegal Host headers
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name example.com www.example.com XX.XX.XX.XX;
access_log off;
return 301 https://$host$request_uri;
}
server {
server_name example.com www.example.com XX.XX.XX.XX;
if ($host !~ ^(XX.XX.XX.XX|example.com|www.example.com)$ ) {
return 444;
} # Deny illegal Host headers
location = /favicon.ico { access_log off; log_not_found off; }
location /assets/ {
root /home/joe/example;
}
location /media/ {
root /home/joe/example;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
I have an issue when I run two python flask websites. The port forwarding does not work for the second website.
My starting points are two html hello-world websites accessible via domain names.
I removed the HTML index files and started python flask
waitress-serve --port 8080 --call "mysite_1:myflaskentrypoint"
mysite_1.com:8080 -> accessible (Ok for now)
I entered the following config in Plesk -> Home -> Domains -> mysite_1 -> Appache & nginx Settings -> Additional nginx directives.
location / {
proxy_set_header Accept-Encoding "";
proxy_pass http://0.0.0.0:8080;
}
https://mysite_1.com accessible (great)
Now comes the issue with the second website.
waitress-serve --port 9080 --call "mysite_2:myflaskentrypoint"
mysite_2.com:9080 -> accessible (Ok for now)
Plesk -> Home -> Domains -> mysite_2 -> Appache & nginx Settings -> Additional nginx directives.
location / {
proxy_set_header Accept-Encoding "";
proxy_pass http://0.0.0.0:9080;
}
https://mywebsite_2.com accessible
-> ERROR 403 Forbidden
Error-Log
403 GET / HTTP/2.0 Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:85.0) ... 795 nginx
SSL/TLS access
Error ... 11691#0: *386 directory index of "/var/www/vhosts/<mysite_2>.de/httpdocs/"
is forbidden nginx error
Any hints are welcome
----
nginx -T
root#localhost:~# nginx -T
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
#user nginx;
worker_processes 1;
#error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;
#pid /var/run/nginx.pid;
include /etc/nginx/modules.conf.d/*.conf;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#tcp_nodelay on;
#gzip on;
#gzip_disable "MSIE [1-6]\.(?!.*SV1)";
server_tokens off;
include /etc/nginx/conf.d/*.conf;
}
# override global parameters e.g. worker_rlimit_nofile
include /etc/nginx/*global_params;
# configuration file /etc/nginx/mime.types:
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
font/woff woff;
font/woff2 woff2;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
# configuration file /etc/nginx/conf.d/ssl.conf:
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
# configuration file /etc/nginx/conf.d/zz010_psa_nginx.conf:
#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
include /etc/nginx/plesk.conf.d/server.conf;
include /etc/nginx/plesk.conf.d/webmails/*.conf;
include /etc/nginx/plesk.conf.d/vhosts/*.conf;
include /etc/nginx/plesk.conf.d/forwarding/*.conf;
include /etc/nginx/plesk.conf.d/wildcards/*.conf;
# configuration file /etc/nginx/plesk.conf.d/server.conf:
#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
include "/etc/nginx/plesk.conf.d/ip_default/*.conf";
server {
listen <vps_ip>:443 ssl;
ssl_certificate /opt/psa/var/certificates/scfK6DJ8w;
ssl_certificate_key /opt/psa/var/certificates/scfK6DJ8w;
location ^~ /plesk-site-preview/ {
proxy_pass http://127.0.0.1:8880;
proxy_set_header Host plesk-site-preview.local;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cookie_domain plesk-site-preview.local $host;
access_log off;
}
location / {
proxy_pass https://<vps_ip>:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen <vps_ip>:80;
location ^~ /plesk-site-preview/ {
proxy_pass http://127.0.0.1:8880;
proxy_set_header Host plesk-site-preview.local;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cookie_domain plesk-site-preview.local $host;
access_log off;
}
location / {
proxy_pass http://<vps_ip>:7080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
# configuration file /etc/nginx/plesk.conf.d/ip_default/<website_1>.conf:
#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
server {
listen <vps_ip>:443 ssl;
ssl_certificate /opt/psa/var/certificates/scf9FAuU9;
ssl_certificate_key /opt/psa/var/certificates/scf9FAuU9;
server_name www.<website_1>;
location / {
return 301 https://<website_1>$request_uri;
}
}
server {
listen <vps_ip>:443 default_server ssl http2;
server_name <website_1>;
server_name ipv4.<website_1>;
ssl_certificate /opt/psa/var/certificates/scf9FAuU9;
ssl_certificate_key /opt/psa/var/certificates/scf9FAuU9;
error_page 400 "/error_docs/bad_request.html";
error_page 401 "/error_docs/unauthorized.html";
error_page 403 "/error_docs/forbidden.html";
error_page 404 "/error_docs/not_found.html";
error_page 500 "/error_docs/internal_server_error.html";
error_page 405 "/error_docs/method_not_allowed.html";
error_page 406 "/error_docs/not_acceptable.html";
error_page 407 "/error_docs/proxy_authentication_required.html";
error_page 412 "/error_docs/precondition_failed.html";
error_page 414 "/error_docs/request_uri_too_long.html";
error_page 415 "/error_docs/unsupported_media_type.html";
error_page 501 "/error_docs/not_implemented.html";
error_page 502 "/error_docs/bad_gateway.html";
error_page 503 "/error_docs/maintenance.html";
location ^~ /error_docs {
root "/var/www/vhosts/<website_1>";
}
client_max_body_size 128m;
root "/var/www/vhosts/<website_1>/httpdocs";
access_log "/var/www/vhosts/system/<website_1>/logs/proxy_access_ssl_log";
error_log "/var/www/vhosts/system/<website_1>/logs/proxy_error_log";
location ^~ /plesk-site-preview/ {
proxy_pass http://127.0.0.1:8880;
proxy_set_header Host plesk-site-preview.local;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cookie_domain plesk-site-preview.local $host;
access_log off;
}
#extension letsencrypt begin
location ^~ /.well-known/acme-challenge/ {
root /var/www/vhosts/default/htdocs;
types { }
default_type text/plain;
satisfy any;
auth_basic off;
allow all;
location ~ ^/\.well-known/acme-challenge.*/\. {
deny all;
}
}
#extension letsencrypt end
#extension sslit begin
#extension sslit end
location ~ /\.ht {
deny all;
}
location ~ ^/(plesk-stat|awstats-icon|webstat|webstat-ssl|ftpstat|anon_ftpstat) {
auth_basic "Domain statistics";
auth_basic_user_file "/var/www/vhosts/system/<website_1>/pd/d..httpdocs#plesk-stat";
autoindex on;
location ~ ^/plesk-stat(.*) {
alias /var/www/vhosts/system/<website_1>/statistics/$1;
}
location ~ ^/awstats-icon(.*) {
alias /usr/share/awstats/icon/$1;
}
location ~ ^/(.*) {
alias /var/www/vhosts/system/<website_1>/statistics/$1;
}
}
add_header X-Powered-By PleskLin;
include "/var/www/vhosts/system/<website_1>/conf/vhost_nginx.conf";
}
server {
listen <vps_ip>:80;
server_name www.<website_1>;
location / {
return 301 https://<website_1>$request_uri;
}
}
server {
listen <vps_ip>:80 default_server;
server_name <website_1>;
server_name ipv4.<website_1>;
error_page 400 "/error_docs/bad_request.html";
error_page 401 "/error_docs/unauthorized.html";
error_page 403 "/error_docs/forbidden.html";
error_page 404 "/error_docs/not_found.html";
error_page 500 "/error_docs/internal_server_error.html";
error_page 405 "/error_docs/method_not_allowed.html";
error_page 406 "/error_docs/not_acceptable.html";
error_page 407 "/error_docs/proxy_authentication_required.html";
error_page 412 "/error_docs/precondition_failed.html";
error_page 414 "/error_docs/request_uri_too_long.html";
error_page 415 "/error_docs/unsupported_media_type.html";
error_page 501 "/error_docs/not_implemented.html";
error_page 502 "/error_docs/bad_gateway.html";
error_page 503 "/error_docs/maintenance.html";
location ^~ /error_docs {
root "/var/www/vhosts/<website_1>";
}
client_max_body_size 128m;
location / {
return 301 https://$host$request_uri;
}
}
# configuration file /var/www/vhosts/system/<website_1>/conf/vhost_nginx.conf:
location / {
proxy_set_header Accept-Encoding "";
proxy_pass http://0.0.0.0:8080;
}
# configuration file /etc/nginx/plesk.conf.d/webmails/<website_2>_webmail.conf:
#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
server {
listen <vps_ip>:443 ssl;
server_name "webmail.<website_2>";
ssl_certificate /opt/psa/var/certificates/scfETmI6V;
ssl_certificate_key /opt/psa/var/certificates/scfETmI6V;
client_max_body_size 128m;
#extension sslit begin
#extension sslit end
location / {
proxy_pass https://<vps_ip>:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen <vps_ip>:80;
server_name "webmail.<website_2>";
client_max_body_size 128m;
#extension sslit begin
#extension sslit end
location / {
proxy_pass http://<vps_ip>:7080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
# configuration file /etc/nginx/plesk.conf.d/webmails/<website_1>_webmail.conf:
#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
# Webmail is not enabled on the domain
# Webmail is not enabled on the domain
# configuration file /etc/nginx/plesk.conf.d/vhosts/<website_2>.conf:
#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
server {
listen <vps_ip>:443 ssl;
ssl_certificate /opt/psa/var/certificates/scfETmI6V;
ssl_certificate_key /opt/psa/var/certificates/scfETmI6V;
server_name www.<website_2>;
location / {
return 301 https://<website_2>$request_uri;
}
}
server {
listen <vps_ip>:443 ssl http2;
server_name <website_2>;
server_name ipv4.<website_2>;
ssl_certificate /opt/psa/var/certificates/scfETmI6V;
ssl_certificate_key /opt/psa/var/certificates/scfETmI6V;
error_page 400 "/error_docs/bad_request.html";
error_page 401 "/error_docs/unauthorized.html";
error_page 403 "/error_docs/forbidden.html";
error_page 404 "/error_docs/not_found.html";
error_page 500 "/error_docs/internal_server_error.html";
error_page 405 "/error_docs/method_not_allowed.html";
error_page 406 "/error_docs/not_acceptable.html";
error_page 407 "/error_docs/proxy_authentication_required.html";
error_page 412 "/error_docs/precondition_failed.html";
error_page 414 "/error_docs/request_uri_too_long.html";
error_page 415 "/error_docs/unsupported_media_type.html";
error_page 501 "/error_docs/not_implemented.html";
error_page 502 "/error_docs/bad_gateway.html";
error_page 503 "/error_docs/maintenance.html";
location ^~ /error_docs {
root "/var/www/vhosts/<website_2>";
}
client_max_body_size 128m;
root "/var/www/vhosts/<website_2>/httpdocs";
access_log "/var/www/vhosts/system/<website_2>/logs/proxy_access_ssl_log";
error_log "/var/www/vhosts/system/<website_2>/logs/proxy_error_log";
#extension letsencrypt begin
location ^~ /.well-known/acme-challenge/ {
root /var/www/vhosts/default/htdocs;
types { }
default_type text/plain;
satisfy any;
auth_basic off;
allow all;
location ~ ^/\.well-known/acme-challenge.*/\. {
deny all;
}
}
#extension letsencrypt end
#extension sslit begin
#extension sslit end
location ~ /\.ht {
deny all;
}
location ~ ^/(plesk-stat|awstats-icon|webstat|webstat-ssl|ftpstat|anon_ftpstat) {
auth_basic "Domain statistics";
auth_basic_user_file "/var/www/vhosts/system/<website_2>/pd/d..httpdocs#plesk-stat";
autoindex on;
location ~ ^/plesk-stat(.*) {
alias /var/www/vhosts/system/<website_2>/statistics/$1;
}
location ~ ^/awstats-icon(.*) {
alias /usr/share/awstats/icon/$1;
}
location ~ ^/(.*) {
alias /var/www/vhosts/system/<website_2>/statistics/$1;
}
}
location ~ ^/~(.+?)(/.*?\.php)(/.*)?$ {
alias /var/www/vhosts/<website_2>/web_users/$1/$2;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass "unix:///var/www/vhosts/system/<website_2>/php-fpm.sock";
include /etc/nginx/fastcgi.conf;
}
location ~ \.php(/.*)?$ {
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass "unix:///var/www/vhosts/system/<website_2>/php-fpm.sock";
include /etc/nginx/fastcgi.conf;
}
location ~ /$ {
index "index.html" "index.cgi" "index.pl" "index.php" "index.xhtml" "index.htm" "index.shtml";
}
add_header X-Powered-By PleskLin;
include "/var/www/vhosts/system/<website_2>/conf/vhost_nginx.conf";
}
server {
listen <vps_ip>:80;
server_name www.<website_2>;
location / {
return 301 http://<website_2>$request_uri;
}
}
server {
listen <vps_ip>:80;
server_name <website_2>;
server_name ipv4.<website_2>;
error_page 400 "/error_docs/bad_request.html";
error_page 401 "/error_docs/unauthorized.html";
error_page 403 "/error_docs/forbidden.html";
error_page 404 "/error_docs/not_found.html";
error_page 500 "/error_docs/internal_server_error.html";
error_page 405 "/error_docs/method_not_allowed.html";
error_page 406 "/error_docs/not_acceptable.html";
error_page 407 "/error_docs/proxy_authentication_required.html";
error_page 412 "/error_docs/precondition_failed.html";
error_page 414 "/error_docs/request_uri_too_long.html";
error_page 415 "/error_docs/unsupported_media_type.html";
error_page 501 "/error_docs/not_implemented.html";
error_page 502 "/error_docs/bad_gateway.html";
error_page 503 "/error_docs/maintenance.html";
location ^~ /error_docs {
root "/var/www/vhosts/<website_2>";
}
client_max_body_size 128m;
root "/var/www/vhosts/<website_2>/httpdocs";
access_log "/var/www/vhosts/system/<website_2>/logs/proxy_access_log";
error_log "/var/www/vhosts/system/<website_2>/logs/proxy_error_log";
#extension letsencrypt begin
location ^~ /.well-known/acme-challenge/ {
root /var/www/vhosts/default/htdocs;
types { }
default_type text/plain;
satisfy any;
auth_basic off;
allow all;
location ~ ^/\.well-known/acme-challenge.*/\. {
deny all;
}
}
#extension letsencrypt end
#extension sslit begin
#extension sslit end
location ~ /\.ht {
deny all;
}
location ~ ^/(plesk-stat|awstats-icon|webstat|webstat-ssl|ftpstat|anon_ftpstat) {
return 301 https://$host$request_uri;
}
location ~ ^/~(.+?)(/.*?\.php)(/.*)?$ {
alias /var/www/vhosts/<website_2>/web_users/$1/$2;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass "unix:///var/www/vhosts/system/<website_2>/php-fpm.sock";
include /etc/nginx/fastcgi.conf;
}
location ~ \.php(/.*)?$ {
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass "unix:///var/www/vhosts/system/<website_2>/php-fpm.sock";
include /etc/nginx/fastcgi.conf;
}
location ~ /$ {
index "index.html" "index.cgi" "index.pl" "index.php" "index.xhtml" "index.htm" "index.shtml";
}
add_header X-Powered-By PleskLin;
include "/var/www/vhosts/system/<website_2>/conf/vhost_nginx.conf";
}
# configuration file /etc/nginx/fastcgi.conf:
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
# https://httpoxy.org/
fastcgi_param HTTP_PROXY "";
# configuration file /var/www/vhosts/system/<website_2>/conf/vhost_nginx.conf:
location / { return 200 "OK \n"; }
root#localhost:~#
curl -v <website_2.de>
curl -v https://<website_2.de>
* Trying <plesk IP>:443...
curl -v <website_2.de>
* TCP_NODELAY set
* Connected to <website_2.de> (<plesk IP>) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=<website_2.de>
* start date: Feb 22 18:06:21 2021 GMT
* expire date: May 23 18:06:21 2021 GMT
* subjectAltName: host "<website_2.de>" matched cert's "<website_2.de>"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x565382a48e10)
> GET / HTTP/2
> Host: <website_2.de>
> user-agent: curl/7.68.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 403
< server: nginx
< date: Fri, 26 Feb 2021 08:37:59 GMT
< content-type: text/html
< content-length: 795
< etag: "6033f929-31b"
<
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<title>403 Forbidden</title>
<link rel="stylesheet" href="/error_docs/styles.css">
</head>
<body>
<div class="page">
<div class="main">
<h1>Server Error</h1>
<div class="error-code">403</div>
<h2>Forbidden</h2>
<p class="lead">You do not have permission to access this document.</p>
<hr/>
<p>That's what you can do</p>
<div class="help-actions">
Reload Page
Back to Previous Page
Home Page
</div>
</div>
</div>
</body>
* Connection #0 to host <website_2.de> left intact
I found a configuration that works for me.
First I checked the box in nginx settings "Proxy mode"
I have set the proxy, not in Nginx, but in Additional Apache directives -> "Additional directives for HTTP/HTTPS"
<Proxy *>
Order deny, allow
Allow from all
</Proxy>
ProxyPreserveHost On
<Location "/">
ProxyPass "http://127.0.0.1:9080/"
ProxyPassReverse "http://127.0.0.1:9080/"
</Location>
This worked. I can access both flask websites via domain name.
I have a e-commerce project written in python and flask framework, I keep shopping cart information on session, when I try add product to session, nginx gives this error:
upstream sent too big header while reading response header from upstream, client: xx.xxx.xx.xxx, server: mysite.com, request: "POST /add_to_cart HTTP/1.1", upstream: "uwsgi://unix:/path/uwsgi.sock:", host: "mysite.com"
This occurs when I have a lot of information in session,
I tried adding fastcgi and proxy_buffer parameters, but still not working, here is my nginx conf file:
server {
listen 443 ssl;
server_name mysite.com;
ssl_certificate /path/nginx.pem;
ssl_certificate_key /path/nginx.key;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
access_log /path/access.log main;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
proxy_buffering on;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
location /static/ {
alias /path/web/static/;
access_log off;
index index.html index.htm;
}
location / {
try_files $uri #uwsgi;
root /path/www/;
index index.html index.htm;
}
location #uwsgi {
include uwsgi_params;
uwsgi_pass unix:/path/web/uwsgi.sock;
}
}
If you're capable of reconstructing exact POST request via curl or otherwise measure the actual header size, you can specify the proper size for uwsgi_buffer_size (the directive that is related in your case).
Here's my post that has some insight into a similiar directive, proxy_buffer_size. There are many *_buffer_size directives, each "proxy"-like NGINX module has one (fastcgi, proxy, uwsgi), but how you approach their tuning (and how they essentially work) is the same.
You can try, without measurement, by placing directly in server block:
uwsgi_buffer_size 16k;
uwsgi_busy_buffers_size 24k;
I'm trying to deploy my site using nginx, gunicorn, and django.
When I run gunicorn and load the page at first I was getting a 502 Bad gateway error then I switch the server name to the IP address of my server and now I get a Bad Request 400 error or the domain is unable to be found.
I've been following these steps from Test Driven Development.
I realized last night that I was using my staging server to update my live domain instead of a staging domain. So I created a staging domain as a subdomain of the live domain and created a separate directory for it, then git pulled down the work I had done previously, but it's not working.
My nginx conf file:
server {
listen 80;
server_name my-server-ip-address;
location / {
proxy_set_header Host $host;
proxy_pass http://unix:/tmp/mysitename.socket;
}
location /static {
autoindex on;
root /home/cmac/sites/mysitename/;
}
}
Nginx Error log:
2015/04/11 18:59:16 [error] 18650#0: *494 connect() to
unix:/tmp/mysitename.socket failed (111: Connection refused) while
connecting to upstream
My settings.py:
DEBUG = False
TEMPLATE_DEBUG = DEBUG
ALLOWED_HOSTS = [mysitename]
When I run gunicorn:
[2015-04-11 20:40:39 +0000] [4174] [INFO] Starting gunicorn 19.3.0
[2015-04-11 20:40:39 +0000] [4174] [INFO] Listening at: http://127.0.0.1:8000 (4174)
[2015-04-11 20:40:39 +0000] [4174] [INFO] Using worker: sync
[2015-04-11 20:40:39 +0000] [4177] [INFO] Booting worker with pid: 4177
Things were working before I decided to switch domains.
Edit whole nginx.conf file
user cmac;
worker_processes 1;
error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
include /etc/nginx/sites-enabled/mysitename;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
index index.html index.htm;
server {
listen 80;
server_name localhost;
root /usr/share/nginx/html;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
}
# redirect server error pages to the static page /40x.html
#
error_page 404 /404.html;
location = /40x.html {
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# root html;
# location / {
# }
#}
# HTTPS server
#
#server {
# listen 443;
# server_name localhost;
# root html;
# ssl on;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_timeout 5m;
# ssl_protocols SSLv2 SSLv3 TLSv1;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# }
#}
The include file (from /etc/nginx/sites-enabled/mysitename):
server {
listen 127.0.0.1;
server_name my-server-ip-address;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://unix:/tmp/mysitename.socket;
}
location /static {
autoindex on;
root /home/cmac/sites/mysitename/;
}
}
~
~
In mysitename you need to listen on port 80, and server_name as your your staging domain like staging.example.com, also do not use unix sock at the moment, put http://127.0.0.1:8000 in proxy_pass as where your gunicorn serves. Try also comment out the server block in your nginx.conf, it has conflicts with your mysitename.
Also, are you sure user cmac has permissions under your directory/files? normally it runs on www-data.
Hope this helps.
I've inherited a Python / Django project. I'm setting up a dev server for new changes which is a direct clone of the live server. I'm trying to configure nginx config so that it will stop redirecting.
At the moment it gets stuck in a https redirect loop. If i look at network tab within dev tools for chrome i can see a 302 GET loop going on and on.
here is the nginx conf file:
server {
listen 443 ssl;
server_name dev.mywebsite.com;
## DYNAMIC CONTENT
location / {
uwsgi_pass unix:///tmp/website.sock;
include uwsgi_params;
uwsgi_param HTTP_X_FORWARDED_PROTO $scheme;
}
## STATIC CONTENT
location ^~ /static/ {
alias /home/website/src/www/static/;
access_log off;
expires 30d;
gzip on;
gzip_http_version 1.1;
gzip_vary on;
gzip_comp_level 6;
gzip_proxied any;
gzip_types text/css text/javascript application/javascript application/x-javascript;
gzip_buffers 16 8k;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
}
ssl_certificate /home/website/ssl/mywebsite/crt;
ssl_certificate_key /home/website/ssl/mywebsite/key;
## FAV ICON
location = /favicon.ico {
alias /home/website/www/static/img/_app/favcion.ico;
}
}
server {
listen 80;
server_name *.mywebsite.com;
rewrite .* https://$host$request_uri permanent;
}
server {
listen 80;
server_name mywebsite.com;
rewrite .* https://www.mywebsite.com$request_uri permanent;
}
server {
listen 443;
server_name mywebsite.com;
ssl_certificate /home/website/ssl/mywebsite/crt;
ssl_certificate_key /home/website/ssl/mywebsite/key;
rewrite .* https://www.mywebsite.com/ permanent;
}
uwsgi:
[uwsgi]
processes = 1
threads = 1
module = mywebsite.wsgi:application
chdir = /home/website/src/
home = /home/website/venv
stats = /tmp/website.stats
socket = /tmp/website.sock
pidfile = /tmp/website.pid
max-requests = 1000
listen = 128
chmod-socket = 777
harakiri = 60
cpu-affinity = 1
vacuum = true
master = true
no-orphans = true
thunder-lock = true
disable-logging = true
I've obviously replaced all URL's with mywebsite. Also the dev subdomain exists and is correctly pointing to the server
If anyone can give assistance it would be greatly appreciated. I've spent far too many hours on this task