Nginx : Sub-domain config file - python

I have subdomain, Currently its showing an index.html page containing just the name of the domain etc.
That index.html page is loading from the /home/admin/web/****.******.com/public_html.
What i cannot find is the config file which is pointing to that directory.
I checked twice /etc/nginx/conf.d it have nothing which seems to be pointing to that page.
I am using centOs with nginx.
/etc/nginx/nginx.conf :
# Server globals
user nginx;
worker_processes auto;
worker_rlimit_nofile 65535;
error_log /var/log/nginx/error.log crit;
pid /var/run/nginx.pid;
# Worker config
events {
worker_connections 1024;
use epoll;
multi_accept on;
}
http {
# Main settings
sendfile on;
tcp_nopush on;
tcp_nodelay on;
client_header_timeout 1m;
client_body_timeout 1m;
client_header_buffer_size 2k;
client_body_buffer_size 256k;
client_max_body_size 256m;
large_client_header_buffers 4 8k;
send_timeout 30;
keepalive_timeout 60 60;
reset_timedout_connection on;
server_tokens off;
server_name_in_redirect off;
server_names_hash_max_size 512;
server_names_hash_bucket_size 512;
# Log format
log_format main '$remote_addr - $remote_user [$time_local] $request '
'"$status" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format bytes '$body_bytes_sent';
#access_log /var/log/nginx/access.log main;
access_log off;
# Mime settings
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Compression
gzip on;
gzip_comp_level 9;
gzip_min_length 512;
gzip_buffers 8 64k;
gzip_types text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+r$
gzip_proxied any;
gzip_disable "MSIE [1-6]\.";
# Proxy settings
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_header Set-Cookie;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 32 4k;
# Cloudflare https://www.cloudflare.com/ips
set_real_ip_from 199.27.128.0/21;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 172.64.0.0/13;
#set_real_ip_from 2400:cb00::/32;
#set_real_ip_from 2606:4700::/32;
#set_real_ip_from 2803:f800::/32;
#set_real_ip_from 2405:b500::/32;
#set_real_ip_from 2405:8100::/32;
real_ip_header CF-Connecting-IP;
# SSL PCI Compliance
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SH$
# Error pages
error_page 403 /error/403.html;
error_page 404 /error/404.html;
error_page 502 503 504 /error/50x.html;
# Cache settings
proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m;
proxy_cache_key "$host$request_uri $cookie_user";
proxy_temp_path /var/cache/nginx/temp;
proxy_ignore_headers Expires Cache-Control;
proxy_cache_use_stale error timeout invalid_header http_502;
proxy_cache_valid any 1d;
# Cache bypass
map $http_cookie $no_cache {
default 0;
~SESS 1;
~wordpress_logged_in 1;
}
# File cache settings
open_file_cache max=10000 inactive=30s;
open_file_cache_valid 60s;
open_file_cache_min_uses 2;
open_file_cache_errors off;
proxy_cache_valid any 1d;
# Cache bypass
map $http_cookie $no_cache {
default 0;
~SESS 1;
~wordpress_logged_in 1;
}
# Wildcard include
include /etc/nginx/conf.d/*.conf;
}


If you check the configuration file you'll see the following:
include /etc/nginx/sites-enabled/*;
This means that additional vhost config files are being loaded from "/etc/nginx/sites-enabled/".
The correct way to use this is to have the config files in /etc/nginx/sites-available/ and create symlinks to them in /etc/nginx/sites-enabled/.

Related

Django + nginx + gunicorn error while IMAGE PROCESSING [ upstream prematurely closed connection while reading response header from upstream ]

I am using Django, and I believe it is not an issue from Django side.
Simply upload an image (~500kb) using a Model Form, and using OpenCV just convert it into the grayscale (plus many more if this works).
I have configured using nginx and gunicorn and all functionalities works except file uploading and editing.
ERROR: upstream prematurely closed connection while reading response header from upstream, client: 174...194, server: .com, request: "POST / HTTP/1.1", upstream: "http://unix:/run/gunicorn.sock:/", host: ".com", referrer: "http://****.com/"
Configuration-----------------------
/etc/systemd/system/gunicorn.service
[Unit]
Description=gunicorn daemon
Requires=gunicorn.socket
After=network.target
[Service]
User=shubham
Group=www-data
WorkingDirectory=/home/shubham/editor/src
ExecStart=/home/shubham/editor/venv/bin/gunicorn \
--access-logfile - \
--workers 3 \
--timeout 600 \
--bind unix:/run/gunicorn.sock \
src.wsgi:application
Restart=always
RestartSec=3
[Install]
WantedBy=multi-user.target
/etc/systemd/system/gunicorn.socket
[Unit]
Description=gunicorn socket
[Socket]
ListenStream=/run/gunicorn.sock
[Install]
WantedBy=sockets.target
/etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
client_max_body_size 10000M;
proxy_connect_timeout 300s;
proxy_read_timeout 300s;
client_body_buffer_size 10000M;
proxy_max_temp_file_size 10000M;
send_timeout 300s;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascr>...
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
/etc/nginx/sites-available/editor
server {
listen 80;
server_name ****.com;
client_max_body_size 10000M;
proxy_max_temp_file_size 10000M;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/shubham/editor/src/static;
}
location /media/ {
root /home/shubham/editor/src/media;
}
location / {
include proxy_params;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_read_timeout 300s;
proxy_connect_timeout 75s;
client_max_body_size 10000M;
client_body_buffer_size 10000M;
proxy_max_temp_file_size 10000M;
send_timeout 300s;
proxy_pass http://unix:/run/gunicorn.sock;
}
}
Error log /var/log/nginx/error.log
2023/02/03 06:29:27 [error] 2479#2479: *1 upstream prematurely closed connection while reading response header from upstream, client: 174.***.***.194, server: ****.com, request: "POST / HTTP/1.1", upstream: "http://unix:/run/gunicorn.sock:/", host: "****.com", referrer: "http://****.com/"
Please Help me out, all the configuration files are available above.

Plesk + Python Flask - Configuring proxy on second website does not work

I have an issue when I run two python flask websites. The port forwarding does not work for the second website.
My starting points are two html hello-world websites accessible via domain names.
I removed the HTML index files and started python flask
waitress-serve --port 8080 --call "mysite_1:myflaskentrypoint"
mysite_1.com:8080 -> accessible (Ok for now)
I entered the following config in Plesk -> Home -> Domains -> mysite_1 -> Appache & nginx Settings -> Additional nginx directives.
location / {
proxy_set_header Accept-Encoding "";
proxy_pass http://0.0.0.0:8080;
}
https://mysite_1.com accessible (great)
Now comes the issue with the second website.
waitress-serve --port 9080 --call "mysite_2:myflaskentrypoint"
mysite_2.com:9080 -> accessible (Ok for now)
Plesk -> Home -> Domains -> mysite_2 -> Appache & nginx Settings -> Additional nginx directives.
location / {
proxy_set_header Accept-Encoding "";
proxy_pass http://0.0.0.0:9080;
}
https://mywebsite_2.com accessible
-> ERROR 403 Forbidden
Error-Log
403 GET / HTTP/2.0 Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:85.0) ... 795 nginx
SSL/TLS access
Error ... 11691#0: *386 directory index of "/var/www/vhosts/<mysite_2>.de/httpdocs/"
is forbidden nginx error
Any hints are welcome
----
nginx -T
root#localhost:~# nginx -T
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
#user nginx;
worker_processes 1;
#error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;
#pid /var/run/nginx.pid;
include /etc/nginx/modules.conf.d/*.conf;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#tcp_nodelay on;
#gzip on;
#gzip_disable "MSIE [1-6]\.(?!.*SV1)";
server_tokens off;
include /etc/nginx/conf.d/*.conf;
}
# override global parameters e.g. worker_rlimit_nofile
include /etc/nginx/*global_params;
# configuration file /etc/nginx/mime.types:
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
font/woff woff;
font/woff2 woff2;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
# configuration file /etc/nginx/conf.d/ssl.conf:
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
# configuration file /etc/nginx/conf.d/zz010_psa_nginx.conf:
#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
include /etc/nginx/plesk.conf.d/server.conf;
include /etc/nginx/plesk.conf.d/webmails/*.conf;
include /etc/nginx/plesk.conf.d/vhosts/*.conf;
include /etc/nginx/plesk.conf.d/forwarding/*.conf;
include /etc/nginx/plesk.conf.d/wildcards/*.conf;
# configuration file /etc/nginx/plesk.conf.d/server.conf:
#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
include "/etc/nginx/plesk.conf.d/ip_default/*.conf";
server {
listen <vps_ip>:443 ssl;
ssl_certificate /opt/psa/var/certificates/scfK6DJ8w;
ssl_certificate_key /opt/psa/var/certificates/scfK6DJ8w;
location ^~ /plesk-site-preview/ {
proxy_pass http://127.0.0.1:8880;
proxy_set_header Host plesk-site-preview.local;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cookie_domain plesk-site-preview.local $host;
access_log off;
}
location / {
proxy_pass https://<vps_ip>:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen <vps_ip>:80;
location ^~ /plesk-site-preview/ {
proxy_pass http://127.0.0.1:8880;
proxy_set_header Host plesk-site-preview.local;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cookie_domain plesk-site-preview.local $host;
access_log off;
}
location / {
proxy_pass http://<vps_ip>:7080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
# configuration file /etc/nginx/plesk.conf.d/ip_default/<website_1>.conf:
#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
server {
listen <vps_ip>:443 ssl;
ssl_certificate /opt/psa/var/certificates/scf9FAuU9;
ssl_certificate_key /opt/psa/var/certificates/scf9FAuU9;
server_name www.<website_1>;
location / {
return 301 https://<website_1>$request_uri;
}
}
server {
listen <vps_ip>:443 default_server ssl http2;
server_name <website_1>;
server_name ipv4.<website_1>;
ssl_certificate /opt/psa/var/certificates/scf9FAuU9;
ssl_certificate_key /opt/psa/var/certificates/scf9FAuU9;
error_page 400 "/error_docs/bad_request.html";
error_page 401 "/error_docs/unauthorized.html";
error_page 403 "/error_docs/forbidden.html";
error_page 404 "/error_docs/not_found.html";
error_page 500 "/error_docs/internal_server_error.html";
error_page 405 "/error_docs/method_not_allowed.html";
error_page 406 "/error_docs/not_acceptable.html";
error_page 407 "/error_docs/proxy_authentication_required.html";
error_page 412 "/error_docs/precondition_failed.html";
error_page 414 "/error_docs/request_uri_too_long.html";
error_page 415 "/error_docs/unsupported_media_type.html";
error_page 501 "/error_docs/not_implemented.html";
error_page 502 "/error_docs/bad_gateway.html";
error_page 503 "/error_docs/maintenance.html";
location ^~ /error_docs {
root "/var/www/vhosts/<website_1>";
}
client_max_body_size 128m;
root "/var/www/vhosts/<website_1>/httpdocs";
access_log "/var/www/vhosts/system/<website_1>/logs/proxy_access_ssl_log";
error_log "/var/www/vhosts/system/<website_1>/logs/proxy_error_log";
location ^~ /plesk-site-preview/ {
proxy_pass http://127.0.0.1:8880;
proxy_set_header Host plesk-site-preview.local;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cookie_domain plesk-site-preview.local $host;
access_log off;
}
#extension letsencrypt begin
location ^~ /.well-known/acme-challenge/ {
root /var/www/vhosts/default/htdocs;
types { }
default_type text/plain;
satisfy any;
auth_basic off;
allow all;
location ~ ^/\.well-known/acme-challenge.*/\. {
deny all;
}
}
#extension letsencrypt end
#extension sslit begin
#extension sslit end
location ~ /\.ht {
deny all;
}
location ~ ^/(plesk-stat|awstats-icon|webstat|webstat-ssl|ftpstat|anon_ftpstat) {
auth_basic "Domain statistics";
auth_basic_user_file "/var/www/vhosts/system/<website_1>/pd/d..httpdocs#plesk-stat";
autoindex on;
location ~ ^/plesk-stat(.*) {
alias /var/www/vhosts/system/<website_1>/statistics/$1;
}
location ~ ^/awstats-icon(.*) {
alias /usr/share/awstats/icon/$1;
}
location ~ ^/(.*) {
alias /var/www/vhosts/system/<website_1>/statistics/$1;
}
}
add_header X-Powered-By PleskLin;
include "/var/www/vhosts/system/<website_1>/conf/vhost_nginx.conf";
}
server {
listen <vps_ip>:80;
server_name www.<website_1>;
location / {
return 301 https://<website_1>$request_uri;
}
}
server {
listen <vps_ip>:80 default_server;
server_name <website_1>;
server_name ipv4.<website_1>;
error_page 400 "/error_docs/bad_request.html";
error_page 401 "/error_docs/unauthorized.html";
error_page 403 "/error_docs/forbidden.html";
error_page 404 "/error_docs/not_found.html";
error_page 500 "/error_docs/internal_server_error.html";
error_page 405 "/error_docs/method_not_allowed.html";
error_page 406 "/error_docs/not_acceptable.html";
error_page 407 "/error_docs/proxy_authentication_required.html";
error_page 412 "/error_docs/precondition_failed.html";
error_page 414 "/error_docs/request_uri_too_long.html";
error_page 415 "/error_docs/unsupported_media_type.html";
error_page 501 "/error_docs/not_implemented.html";
error_page 502 "/error_docs/bad_gateway.html";
error_page 503 "/error_docs/maintenance.html";
location ^~ /error_docs {
root "/var/www/vhosts/<website_1>";
}
client_max_body_size 128m;
location / {
return 301 https://$host$request_uri;
}
}
# configuration file /var/www/vhosts/system/<website_1>/conf/vhost_nginx.conf:
location / {
proxy_set_header Accept-Encoding "";
proxy_pass http://0.0.0.0:8080;
}
# configuration file /etc/nginx/plesk.conf.d/webmails/<website_2>_webmail.conf:
#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
server {
listen <vps_ip>:443 ssl;
server_name "webmail.<website_2>";
ssl_certificate /opt/psa/var/certificates/scfETmI6V;
ssl_certificate_key /opt/psa/var/certificates/scfETmI6V;
client_max_body_size 128m;
#extension sslit begin
#extension sslit end
location / {
proxy_pass https://<vps_ip>:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen <vps_ip>:80;
server_name "webmail.<website_2>";
client_max_body_size 128m;
#extension sslit begin
#extension sslit end
location / {
proxy_pass http://<vps_ip>:7080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
# configuration file /etc/nginx/plesk.conf.d/webmails/<website_1>_webmail.conf:
#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
# Webmail is not enabled on the domain
# Webmail is not enabled on the domain
# configuration file /etc/nginx/plesk.conf.d/vhosts/<website_2>.conf:
#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
server {
listen <vps_ip>:443 ssl;
ssl_certificate /opt/psa/var/certificates/scfETmI6V;
ssl_certificate_key /opt/psa/var/certificates/scfETmI6V;
server_name www.<website_2>;
location / {
return 301 https://<website_2>$request_uri;
}
}
server {
listen <vps_ip>:443 ssl http2;
server_name <website_2>;
server_name ipv4.<website_2>;
ssl_certificate /opt/psa/var/certificates/scfETmI6V;
ssl_certificate_key /opt/psa/var/certificates/scfETmI6V;
error_page 400 "/error_docs/bad_request.html";
error_page 401 "/error_docs/unauthorized.html";
error_page 403 "/error_docs/forbidden.html";
error_page 404 "/error_docs/not_found.html";
error_page 500 "/error_docs/internal_server_error.html";
error_page 405 "/error_docs/method_not_allowed.html";
error_page 406 "/error_docs/not_acceptable.html";
error_page 407 "/error_docs/proxy_authentication_required.html";
error_page 412 "/error_docs/precondition_failed.html";
error_page 414 "/error_docs/request_uri_too_long.html";
error_page 415 "/error_docs/unsupported_media_type.html";
error_page 501 "/error_docs/not_implemented.html";
error_page 502 "/error_docs/bad_gateway.html";
error_page 503 "/error_docs/maintenance.html";
location ^~ /error_docs {
root "/var/www/vhosts/<website_2>";
}
client_max_body_size 128m;
root "/var/www/vhosts/<website_2>/httpdocs";
access_log "/var/www/vhosts/system/<website_2>/logs/proxy_access_ssl_log";
error_log "/var/www/vhosts/system/<website_2>/logs/proxy_error_log";
#extension letsencrypt begin
location ^~ /.well-known/acme-challenge/ {
root /var/www/vhosts/default/htdocs;
types { }
default_type text/plain;
satisfy any;
auth_basic off;
allow all;
location ~ ^/\.well-known/acme-challenge.*/\. {
deny all;
}
}
#extension letsencrypt end
#extension sslit begin
#extension sslit end
location ~ /\.ht {
deny all;
}
location ~ ^/(plesk-stat|awstats-icon|webstat|webstat-ssl|ftpstat|anon_ftpstat) {
auth_basic "Domain statistics";
auth_basic_user_file "/var/www/vhosts/system/<website_2>/pd/d..httpdocs#plesk-stat";
autoindex on;
location ~ ^/plesk-stat(.*) {
alias /var/www/vhosts/system/<website_2>/statistics/$1;
}
location ~ ^/awstats-icon(.*) {
alias /usr/share/awstats/icon/$1;
}
location ~ ^/(.*) {
alias /var/www/vhosts/system/<website_2>/statistics/$1;
}
}
location ~ ^/~(.+?)(/.*?\.php)(/.*)?$ {
alias /var/www/vhosts/<website_2>/web_users/$1/$2;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass "unix:///var/www/vhosts/system/<website_2>/php-fpm.sock";
include /etc/nginx/fastcgi.conf;
}
location ~ \.php(/.*)?$ {
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass "unix:///var/www/vhosts/system/<website_2>/php-fpm.sock";
include /etc/nginx/fastcgi.conf;
}
location ~ /$ {
index "index.html" "index.cgi" "index.pl" "index.php" "index.xhtml" "index.htm" "index.shtml";
}
add_header X-Powered-By PleskLin;
include "/var/www/vhosts/system/<website_2>/conf/vhost_nginx.conf";
}
server {
listen <vps_ip>:80;
server_name www.<website_2>;
location / {
return 301 http://<website_2>$request_uri;
}
}
server {
listen <vps_ip>:80;
server_name <website_2>;
server_name ipv4.<website_2>;
error_page 400 "/error_docs/bad_request.html";
error_page 401 "/error_docs/unauthorized.html";
error_page 403 "/error_docs/forbidden.html";
error_page 404 "/error_docs/not_found.html";
error_page 500 "/error_docs/internal_server_error.html";
error_page 405 "/error_docs/method_not_allowed.html";
error_page 406 "/error_docs/not_acceptable.html";
error_page 407 "/error_docs/proxy_authentication_required.html";
error_page 412 "/error_docs/precondition_failed.html";
error_page 414 "/error_docs/request_uri_too_long.html";
error_page 415 "/error_docs/unsupported_media_type.html";
error_page 501 "/error_docs/not_implemented.html";
error_page 502 "/error_docs/bad_gateway.html";
error_page 503 "/error_docs/maintenance.html";
location ^~ /error_docs {
root "/var/www/vhosts/<website_2>";
}
client_max_body_size 128m;
root "/var/www/vhosts/<website_2>/httpdocs";
access_log "/var/www/vhosts/system/<website_2>/logs/proxy_access_log";
error_log "/var/www/vhosts/system/<website_2>/logs/proxy_error_log";
#extension letsencrypt begin
location ^~ /.well-known/acme-challenge/ {
root /var/www/vhosts/default/htdocs;
types { }
default_type text/plain;
satisfy any;
auth_basic off;
allow all;
location ~ ^/\.well-known/acme-challenge.*/\. {
deny all;
}
}
#extension letsencrypt end
#extension sslit begin
#extension sslit end
location ~ /\.ht {
deny all;
}
location ~ ^/(plesk-stat|awstats-icon|webstat|webstat-ssl|ftpstat|anon_ftpstat) {
return 301 https://$host$request_uri;
}
location ~ ^/~(.+?)(/.*?\.php)(/.*)?$ {
alias /var/www/vhosts/<website_2>/web_users/$1/$2;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass "unix:///var/www/vhosts/system/<website_2>/php-fpm.sock";
include /etc/nginx/fastcgi.conf;
}
location ~ \.php(/.*)?$ {
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass "unix:///var/www/vhosts/system/<website_2>/php-fpm.sock";
include /etc/nginx/fastcgi.conf;
}
location ~ /$ {
index "index.html" "index.cgi" "index.pl" "index.php" "index.xhtml" "index.htm" "index.shtml";
}
add_header X-Powered-By PleskLin;
include "/var/www/vhosts/system/<website_2>/conf/vhost_nginx.conf";
}
# configuration file /etc/nginx/fastcgi.conf:
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
# https://httpoxy.org/
fastcgi_param HTTP_PROXY "";
# configuration file /var/www/vhosts/system/<website_2>/conf/vhost_nginx.conf:
location / { return 200 "OK \n"; }
root#localhost:~#
curl -v <website_2.de>
curl -v https://<website_2.de>
* Trying <plesk IP>:443...
curl -v <website_2.de>
* TCP_NODELAY set
* Connected to <website_2.de> (<plesk IP>) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=<website_2.de>
* start date: Feb 22 18:06:21 2021 GMT
* expire date: May 23 18:06:21 2021 GMT
* subjectAltName: host "<website_2.de>" matched cert's "<website_2.de>"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x565382a48e10)
> GET / HTTP/2
> Host: <website_2.de>
> user-agent: curl/7.68.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 403
< server: nginx
< date: Fri, 26 Feb 2021 08:37:59 GMT
< content-type: text/html
< content-length: 795
< etag: "6033f929-31b"
<
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<title>403 Forbidden</title>
<link rel="stylesheet" href="/error_docs/styles.css">
</head>
<body>
<div class="page">
<div class="main">
<h1>Server Error</h1>
<div class="error-code">403</div>
<h2>Forbidden</h2>
<p class="lead">You do not have permission to access this document.</p>
<hr/>
<p>That's what you can do</p>
<div class="help-actions">
Reload Page
Back to Previous Page
Home Page
</div>
</div>
</div>
</body>
* Connection #0 to host <website_2.de> left intact

I found a configuration that works for me.
First I checked the box in nginx settings "Proxy mode"
I have set the proxy, not in Nginx, but in Additional Apache directives -> "Additional directives for HTTP/HTTPS"
<Proxy *>
Order deny, allow
Allow from all
</Proxy>
ProxyPreserveHost On
<Location "/">
ProxyPass "http://127.0.0.1:9080/"
ProxyPassReverse "http://127.0.0.1:9080/"
</Location>
This worked. I can access both flask websites via domain name.

Nginx : why 400 bad request happend?

I'm doing build my own django server with nginx and uwsgi.
i almost done but 400 Bad Request always appear...
what am i wrong?
[info] 61794#0: *35 client sent invalid method while reading client request line, client: 127.0.0.1, server: localhost, request: "
QUERY_STRINGREQUEST_METHODGET
CONTENT_TYPECONTENT_LENGTH
REQUEST_URI/ PATH_INFO/"
this is error.log(info)
and this is .conf file
upstream django {
#server localhost:9001;
server unix://~/Desktop/fido_virtual/fido.sock;
}
server {
listen 8999;
server_name localhost;
charset utf-8;
client_max_body_size 75M;
location /media {
alias ~/Desktop/fido_virtual/media/;
}
location /static {
alias ~/Desktop/fido_virtual/fidoproject/staticfiles/;
}
location / {
uwsgi_pass django;
include /usr/local/etc/nginx/uwsgi_params;
}
}
this .conf in project folder
upstream django {
#server localhost:9001;
server unix:///Users/junbeomkwak/Desktop/fido_virtual/fido.sock;
}
server {
listen 8999;
server_name localhost;
charset utf-8;
client_max_body_size 75M;
location /media {
alias /Users/junbeomkwak/Desktop/fido_virtual/media/;
}
location /static {
alias /Users/junbeomkwak/Desktop/fido_virtual/fidoproject/staticfiles;
}
location / {
uwsgi_pass django;
#include /Users/junbeomkwak/Desktop/fido_virtual/fidoproject/uwsgi_params;
include /usr/local/etc/nginx/uwsgi_params;
}
}
this file is in /usr/local/etc/nginx/site-enabled/.conf
#user nobody;
worker_processes 1;
error_log /var/log/error.log;
#error_log logs/error.log notice;
error_log /var/log/errorngnix.log info;
events {
worker_connections 1024;
}
http {
large_client_header_buffers 4 16k;
include mime.types;
include /usr/local/etc/nginx/sites-enabled/*;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 8080;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
/ssl
⚡️  /usr/local/etc/nginx  cd ..
#user nobody;
worker_processes 1;
error_log /var/log/error.log;
#error_log logs/error.log notice;
error_log /var/log/errorngnix.log info;
events {
worker_connections 1024;
}
http {
large_client_header_buffers 4 16k;
include mime.types;
include /usr/local/etc/nginx/sites-enabled/*;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 8080;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
and this is /usr/local/etc/nginx/nginx.conf
what is my mistake?... help me

Nginx 502 Bad Gateway error when running flask app, but can run manually

I have a flask app that I can run by doing python app.py from the command line, and can view it by going to localhost:5000. I'm trying to run it as a service with gunicorn/nginx, and have an nginx.conf file that looks like this
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
server_name myserver.com;
root /home/user/app/deviceapp/templates;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:8001;
}
}
}
My nginx isn't great. I'm getting the error
2018/05/07 16:12:49 [error] 10419#0: *5 connect() failed (111: Connection refused) while connecting to upstream, client: 10.8.5.79, server: server.com, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8001/", host: "server.com"
along with a 502 Bad Gateway message. Is there something in my nginx.conf that's an obvious culprit?

Install NGINX with SSL por443 over BottlePy port 80

I have an web-service created in BottlePy. Now it is on production.
But only serve to port 80.
I need an HTTPs solution, and I read that NGINX is a good solution.
But is it possible install NGINX without change BottlePy code?
Is it possible serve by port 80 in BottlePy and by port 443 in NGINX?
Some one can help me please?
Thanks
EDIT:
I solve the problem:
/etc/nginx/nginx.conf
:
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 443 default_server;
listen [::]:443 default_server;
server_name _;
root /usr/share/nginx/html;
ssl on;
ssl_certificate /xxx.crt;
ssl_certificate_key /xxx.key;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://localhost:80;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}

Categories

Resources