settings.py:
ALLOWED_HOSTS = ['64.225.1.249', 'domain.az']
nginx:
server {
listen 80;
server_name domain.az;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/progbash/ccproject;
}
location / {
proxy_set_header Host $host;
include proxy_params;
proxy_pass http://unix:/home/progbash/ccproject.sock;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
}
}
error:
2019/12/12 02:51:50 [crit] 23765#23765: *1 connect() to unix:/home/progbash/ccproject.sock failed (2: No such file or directory) while connecting to upstream, client: 188.253.227.99, server: domain.az, request: "GET / HTTP/1.1", upstream: "http://unix:/home/progbash/ccproject.sock:/", host: "domain.az"
2019/12/12 03:05:57 [alert] 24056#24056: *12 open socket #3 left in connection 4
2019/12/12 03:05:57 [alert] 24056#24056: *13 open socket #11 left in connection 5
2019/12/12 03:05:57 [alert] 24056#24056: aborting
2019/12/12 03:09:16 [alert] 24143#24143: *11 open socket #11 left in connection 3
2019/12/12 03:09:16 [alert] 24143#24143: *12 open socket #12 left in connection 5
2019/12/12 03:09:16 [alert] 24143#24143: aborting
Although I have project.sock in the shown location, I've bought domain, connected DigitalOcean's DNS Servers, set up everything as in DigitalOceans's official manual. But still seeing this trashy nginx default page instead of application.
Change the ownership of the folder where .sock file is located to nginx user and group.
For your case, try
> sudo chown -R www-data:www-data /home/progbash/
Related
I need to get the client IP address of a websocket connection for some extra functionality I would like to implement. I have an existing deployed Django server running an Nginx-Gunicorn-Uvicorn Worker-Redis configuration. As one might expect, during development, whilst running a local server, everything works as expected. However, when deployed, I receive the error NoneType object is not subscriptable when attempting to access the client IP address of the websocket via self.scope["client"][0].
Here are the configurations and code:
NGINX Config:
upstream uvicorn {
server unix:/run/gunicorn.sock;
}
server {
listen 80;
server_name <ip address> <hostname>;
location = /favicon.ico { access_log off; log_not_found off; }
location / {
include proxy_params;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://uvicorn;
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
}
location /ws/ {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
proxy_pass http://uvicorn;
}
location /static/ {
root /var/www/serverfiles/;
autoindex off;
}
location /media {
alias /mnt/apps;
}
}
Gunicorn Config:
NOTE: ExecStart has been formatted for readability, it is one line in the actual config
[Unit]
Description=gunicorn daemon
Requires=gunicorn.socket
After=network.target
[Service]
User=django
Group=www-data
WorkingDirectory=/srv/server
Environment=DJANGO_SECRET_KEY=
Environment=GITEA_SECRET_KEY=
Environment=MSSQL_DATABASE_PASSWORD=
ExecStart=/bin/bash -c "
source venv/bin/activate;
exec /srv/server/venv/bin/gunicorn
--workers 3
--bind unix:/run/gunicorn.sock
--timeout 300
--error-logfile /var/log/gunicorn/error.log
--access-logfile /var/log/gunicorn/access.log
--log-level debug
--capture-output
-k uvicorn.workers.UvicornWorker
src.server.asgi:application
"
[Install]
WantedBy=multi-user.target
Code throwing the error:
#database_sync_to_async
def _set_online_if_model(self, set_online: bool) -> None:
model: MyModel
for model in MyModel.objects.all():
if self.scope["client"][0] == model.ip:
model.online = set_online
model.save()
This server has been running phenomenally in its current configuration before my need to access connect client IP addresses. It handles other websocket connections just fine without any issues.
I've already looked into trying to configure my own custom UvicornWorker according to the docs. I'm not at all an expert in this, so I might have misunderstood what I was supposed to do: https://www.uvicorn.org/deployment/#running-behind-nginx
from uvicorn.workers import UvicornWorker
class ServerUvicornWorker(UvicornWorker):
def __init__(self, *args, **kwargs) -> None:
self.CONFIG_KWARGS.update({"proxy_headers": True, "forwarded_allow_ips": "*"})
super().__init__(*args, **kwargs)
I also looked at https://github.com/django/channels/issues/546 which mentioned a --proxy-headers config for Daphne, however, I am not running Daphne. https://github.com/django/channels/issues/385 mentioned that HTTP headers are passed to the connect method of a consumer, however, that post is quite old and no longer relavent as far as I can tell. I do not get any additional **kwargs to my connect method.
Client IP has nothing to do with channels
self.scope["client"][0] is undefined because when you receive data from the front end at the backend there is no data with the name client. so try to send it from the frontend. you can send a manual, static value at first to verify and then find techniques to read the IP address and then send it.
I have a Django project already using AWS SSL certificate from the Certificate Manager service. My application is accessible via HTTPS, however, it isn't redirecting automatically when accessing via HTTP.
My Nginx default.conf file before redirect (works like a charm!):
upstream django {
server my_app:8000;
}
server {
location / {
proxy_pass http://django;
}
}
After setting up the redirect:
upstream django {
server my_app:8000;
}
server {
listen 80;
if ($http_x_forwarded_proto = 'http'){
return 301 https://$host$request_uri;
}
location / {
proxy_pass http://django;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
And here is my Django settings.py for this:
.
.
.
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
CORS_ORIGIN_ALLOW_ALL = True
CSRF_COOKIE_SECURE = True
SESSION_COOKIE_SECURE = True
SECURE_HSTS_SECONDS = 340505040
SECURE_SSL_REDIRECT = True
.
.
.
Then I'm getting http 400 (this is the Load Balancer Health Checker):
Edit 1
With this new setup, I'm getting http 301:
upstream django {
server my_app:8000;
}
server {
listen 80;
location / {
proxy_pass http://django/;
if ($http_x_forwarded_proto != 'https') {
rewrite ^ https://$host$request_uri? permanent;
}
}
}
I've been looking around and didn't find any example that helps me. What can I try next?
On NGINX config put all the sites on SSL only
site on SSL
nginx/sites-available/sitex only listens to port 443
server {
# SSL configuration
#
listen 443 ssl ;
listen [::]:443 ssl ;
ssl_certificate /etc/letsencrypt/live/www.sitex.nl/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.sitex.cops.nl/privkey.pem; # managed by Certbot
server_name www.sitex.com; # managed by Certbot
access_log /var/log/nginx/sitex_access.log;
error_log /var/log/nginx/sitex_error.log;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Access-Control-Allow-Origin *;
proxy_pass http://127.0.0.1:8004;
}
}
All SSL/TLS requests to www.sitex.com are forwarded to localhost:8004.
And the SiteX Docker Image is picking up on that port.
nginx.conf
In the nginx.conf file the Virtual Hosts section is as follows
##
# Virtual Host Configs
##
include /etc/nginx/all_http_to_https.conf;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
all_http_to_https.conf
This file does the trick
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
I've deployed a Django application on DigitalOcean.
First off, when i try to secure this with https and ssl, I get this error.
when i run nginx -t :
nginx: [emerg] invalid parameter "server_name" in /etc/nginx/sites-enabled/django:12
nginx: configuration file /etc/nginx/nginx.conf test failed
upstream app_server {
server unix:/home/django/gunicorn.socket fail_timeout=0;
}
server {
#listen 80 default_server;
#listen [::]:80 default_server ipv6only=on;
listen 443 ssl
server_name domain.com
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
root /usr/share/nginx/html;
index index.html index.htm;
client_max_body_size 4G;
server_name _;
keepalive_timeout 5;
# Your Django project's media files - amend as required
location /media {
alias path/to/media;
}
# your Django project's static files - amend as required
location /static {
alias path/to/static;
}
# Proxy the static assests for the Django Admin panel
location /static/admin {
alias path/to/staticadmin;
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://app_server;
}
}
server {
listen 80;
server_name domain.com;
return 301 https://$host$request_uri;
}
Furthermore, I can access the website using the ip address but not the domain name registered.It results in a 400 bad request page.
Could this be an issue with the settings.py ?
for reference in settings.pyALLOWED_HOSTS=['*']. What list do I provide in the ip_addresses() function?
Are these two problems related?
using Django v1.10.5
You're missing semicolons on a bunch of lines, that's why nginx -t is failing.
Am using python sentry server for tracking logs of my website.And i have used nginx server to deploy it, my servers IP is xx.xx.xx.xx when i open this in browser it shows me 502 Bad Gateway and when i checked the log it shows
"connect() failed (111: Connection refused) while connecting to upstream".
Below is configuration i have used in NGINX ,
log_format timed_combined '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'$request_time $upstream_response_time $pipe';
server {
listen 80;
server_name xx.xx.xx.xx ;
root /srv/www/name-sentry;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 default ssl;
ssl on;
ssl_certificate /etc/ssl/xx.xx.xx.xx/ssl.crt;
ssl_certificate_key /etc/ssl/xx.xx.xx.xx/ssl.key;
ssl_ciphers '';
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security "max-age=2592000; includeSubDomains";
keepalive_timeout 0;
# CHANGE ME: long timeout for ERP POST images
proxy_read_timeout 200;
proxy_send_timeout 200;
server_name xx.xx.xx.xx ;
root /srv/www/name-sentry;
access_log /var/log/nginx/name-sentry-access.log timed_combined;
error_log /var/log/nginx/name-sentry-error.log;
error_page 502 /502.html;
error_page 503 /503.html;
error_page 504 /504.html;
try_files $uri #name-sentry;
location / {
proxy_pass http://xx.xx.xx.xx;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header Host $http_host;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Protocol https;
#add_header Access-Control-Allow-Origin "*";
#add_header Access-Control-Allow-Credentials "true";
#add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
#add_header X-Backend-Server $hostname;
}
}
NOTE: xx.xx.xx.xx--is my IP.Command to start sentry server is "sentry start" and it works and sentry uses 9000 port.What is the solution of this ?
I'm trying to deploy my site using nginx, gunicorn, and django.
When I run gunicorn and load the page at first I was getting a 502 Bad gateway error then I switch the server name to the IP address of my server and now I get a Bad Request 400 error or the domain is unable to be found.
I've been following these steps from Test Driven Development.
I realized last night that I was using my staging server to update my live domain instead of a staging domain. So I created a staging domain as a subdomain of the live domain and created a separate directory for it, then git pulled down the work I had done previously, but it's not working.
My nginx conf file:
server {
listen 80;
server_name my-server-ip-address;
location / {
proxy_set_header Host $host;
proxy_pass http://unix:/tmp/mysitename.socket;
}
location /static {
autoindex on;
root /home/cmac/sites/mysitename/;
}
}
Nginx Error log:
2015/04/11 18:59:16 [error] 18650#0: *494 connect() to
unix:/tmp/mysitename.socket failed (111: Connection refused) while
connecting to upstream
My settings.py:
DEBUG = False
TEMPLATE_DEBUG = DEBUG
ALLOWED_HOSTS = [mysitename]
When I run gunicorn:
[2015-04-11 20:40:39 +0000] [4174] [INFO] Starting gunicorn 19.3.0
[2015-04-11 20:40:39 +0000] [4174] [INFO] Listening at: http://127.0.0.1:8000 (4174)
[2015-04-11 20:40:39 +0000] [4174] [INFO] Using worker: sync
[2015-04-11 20:40:39 +0000] [4177] [INFO] Booting worker with pid: 4177
Things were working before I decided to switch domains.
Edit whole nginx.conf file
user cmac;
worker_processes 1;
error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
include /etc/nginx/sites-enabled/mysitename;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
index index.html index.htm;
server {
listen 80;
server_name localhost;
root /usr/share/nginx/html;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
}
# redirect server error pages to the static page /40x.html
#
error_page 404 /404.html;
location = /40x.html {
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# root html;
# location / {
# }
#}
# HTTPS server
#
#server {
# listen 443;
# server_name localhost;
# root html;
# ssl on;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_timeout 5m;
# ssl_protocols SSLv2 SSLv3 TLSv1;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# }
#}
The include file (from /etc/nginx/sites-enabled/mysitename):
server {
listen 127.0.0.1;
server_name my-server-ip-address;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://unix:/tmp/mysitename.socket;
}
location /static {
autoindex on;
root /home/cmac/sites/mysitename/;
}
}
~
~
In mysitename you need to listen on port 80, and server_name as your your staging domain like staging.example.com, also do not use unix sock at the moment, put http://127.0.0.1:8000 in proxy_pass as where your gunicorn serves. Try also comment out the server block in your nginx.conf, it has conflicts with your mysitename.
Also, are you sure user cmac has permissions under your directory/files? normally it runs on www-data.
Hope this helps.