Re: nginx Digest, Vol 129, Issue 24

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: nginx Digest, Vol 129, Issue 24

Kunal Punjabi
Hi Francis,

Thanks for the response, and sorry for the delay here - I'm new to the mailing list and trying to figure out how the threads and responses are supposed to work (If I am not following the nginx digest's guidelines, please let me know)

> Can you give some specific examples of "I make *this* request, and I want to get *this* response"? It looks like you have a nuxt.js http service listening on port 4001, and you want an nginx https service to listen on port 443 and reverse-proxy the 4001 service. But your suggested nginx config seems to try to do something different from that.

So, in simple terms, this is what I have and this is what I want to happen:



So far, it's been like shooting darts blindfolded. If you could help figure this out, that would be so appreciated.

Kunal




On Wed, Jul 22, 2020 at 5:00 AM <[hidden email]> wrote:
Send nginx mailing list submissions to
        [hidden email]

To subscribe or unsubscribe via the World Wide Web, visit
        http://mailman.nginx.org/mailman/listinfo/nginx
or, via email, send a message with subject or body 'help' to
        [hidden email]

You can reach the person managing the list at
        [hidden email]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of nginx digest..."


Today's Topics:

   1. Wildcard subdomains in Nginx (Kunal Punjabi)
   2. Re: Wildcard subdomains in Nginx (Francis Daly)


----------------------------------------------------------------------

Message: 1
Date: Tue, 21 Jul 2020 23:41:31 -0700
From: Kunal Punjabi <[hidden email]>
To: [hidden email]
Subject: Wildcard subdomains in Nginx
Message-ID:
        <CAOCVYed_pWdtnvXNMUBju7tR6Z1T37WY=[hidden email]>
Content-Type: text/plain; charset="utf-8"

I've been struggling with setting up nginx subdomains on my linode instance
and setting up CNAME redirects.

*What I need is to be able to do:*

1. First set up wildcard subdomains on my server (tinyadults.com), so that
users can go to abc.tinyadults.com, xyz.tinyadults.com, etc.
My server is running nuxt.js on port 4001 (default port is 3000 but I chose
to use 4001 as a non-standard port), so I guess I have to use reverse
proxies:
proxy_pass http://localhost:4001;

2. Then for my users I need to set up CNAME redirects from domain1.com to
abc.tinyadults.com, and from domain2.com to xyz.tinyadults.com, so that if
I visit domain1.com , it would serve the contents (without redirecting me)
of abc.tinyadults.com. For testing purposes I have an additional domain (
passivefinance.com) that we could use.

However, I've not been able to get step 1 working. Can someone who is
experienced with nginx setup please guide me?

Below is my nginx config from sites-available/tinyadults.com.conf:

server {

    index index.html index.htm;

    server_name tinyadults.com www.tinyadults.com;


    location / {

        # WARNING: https in proxy_pass does NOT WORK!! I spent half a day
debugging this.

        #proxy_pass https://localhost:4001;

        proxy_pass http://localhost:4001;

        proxy_http_version 1.1;

        proxy_set_header Upgrade $http_upgrade;

        proxy_set_header Connection 'upgrade';

        proxy_set_header Host $host;

        proxy_cache_bypass $http_upgrade;

    }


    # Kunal: create a custom 404 nginx page, from
https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-to-use-custom-error-pages-on-ubuntu-14-04

    error_page 404 /custom_404.html;

    location = /custom_404.html {

        root /etc/nginx/sites-available/custom_nginx_error_pages;

        internal;

    }


    listen [::]:4001 ssl http2; # managed by Certbot, modified by Kunal to
add http2

    listen 4001 ssl http2; # managed by Certbot, modified by Kunal to add
http2


    #Install SSL certificates and configure https:// on a per-domain-basis
by running:

    #sudo certbot --nginx

    #(when prompted, be sure to select the option to set up redirects from
http to https and effectively "disable" http)

    ssl_certificate
/etc/letsencrypt/live/tinyadults.com-0001/fullchain.pem; # managed by
Certbot

    ssl_certificate_key
/etc/letsencrypt/live/tinyadults.com-0001/privkey.pem; # managed by Certbot

    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot



}


server {

    server_name tinyadults.com;

    if ($host = tinyadults.com) {

        return 301 https://$host$request_uri;

    } # managed by Certbot


    listen 80 default_server;

    listen [::]:80 default_server;

    return 404; # managed by Certbot

}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20200721/85055f7d/attachment-0001.htm>

------------------------------

Message: 2
Date: Wed, 22 Jul 2020 11:52:11 +0100
From: Francis Daly <[hidden email]>
To: [hidden email]
Subject: Re: Wildcard subdomains in Nginx
Message-ID: <[hidden email]>
Content-Type: text/plain; charset=us-ascii

On Tue, Jul 21, 2020 at 11:41:31PM -0700, Kunal Punjabi wrote:

Hi there,

> I've been struggling with setting up nginx subdomains on my linode instance
> and setting up CNAME redirects.

I don't fully understand what you are trying to do here.

For example -- what do you mean by a CNAME redirect?

> *What I need is to be able to do:*
>
> 1. First set up wildcard subdomains on my server (tinyadults.com), so that
> users can go to abc.tinyadults.com, xyz.tinyadults.com, etc.

server_name *.tinyadults.com;

(See http://nginx.org/r/server_name)

Or, if the names should be handled differently:

server { server_name abc.tinyadults.com; }
server { server_name xyz.tinyadults.com; }

> My server is running nuxt.js on port 4001 (default port is 3000 but I chose
> to use 4001 as a non-standard port), so I guess I have to use reverse
> proxies:
> proxy_pass http://localhost:4001;

Ok. Does your nuxt.js service care whether the original request was for
the hostname abc or xyz? If so, you may want to indicate to it what the
original hostname was.

> 2. Then for my users I need to set up CNAME redirects from domain1.com to
> abc.tinyadults.com, and from domain2.com to xyz.tinyadults.com, so that if
> I visit domain1.com , it would serve the contents (without redirecting me)
> of abc.tinyadults.com.

I don't know what you mean by that.

Might it be

server { server_name abc.tinyadults.com domain1.com; }

or perhaps

server { server_name domain1.com;
  location / { proxy_pass https://abc.tinyadults.com; }
}

?

> However, I've not been able to get step 1 working. Can someone who is
> experienced with nginx setup please guide me?

Can you give some specific examples of "I make *this* request, and I
want to get *this* response"?

It looks like you have a nuxt.js http service listening on port 4001, and
you want an nginx https service to listen on port 443 and reverse-proxy
the 4001 service.

But your suggested nginx config seems to try to do something different
from that.

Good luck with it,

        f
--
Francis Daly        [hidden email]


------------------------------

Subject: Digest Footer

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx

------------------------------

End of nginx Digest, Vol 129, Issue 24
**************************************

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: Wildcard subdomains in Nginx

Francis Daly
On Thu, Jul 23, 2020 at 02:30:42PM -0700, Kunal Punjabi wrote:

Hi there,

> Thanks for the response, and sorry for the delay here

No worries -- this list is not built for immediate responses.

>  - I'm new to the
> mailing list and trying to figure out how the threads and responses are
> supposed to work (If I am not following the nginx digest's guidelines,
> please let me know)

Welcome to the list.

> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of nginx digest..."

The only change I made in this response, was to edit the Subject: line
to match the original mail, instead of it being the generic "digest"
Subject line.

> *> Can you give some specific examples of "I make *this* request, and I
> want to get *this* response"? It looks like you have a nuxt.js http service
> listening on port 4001, and you want an nginx https service to listen on
> port 443 and reverse-proxy the 4001 service. But your
> suggested nginx config seems to try to do something different from that.*

> *So, in simple terms, this is what I have and this is what I want to
> happen:*
>
>    - I have nuxt.js (frontend) running on a specific port, let's say 4001
>    (this can be changed and does not matter).

Ok. I guess that your nuxt system must have some way to know
that "one.tinyadults.com" should get one set of content, while
"two.tinyadults.com" and "example.com" should both get a different set of
content. From what I understand, nginx does not need to care about that;
that is for nuxt-or-something-behind-it to handle.

>    - So, a user (say user1) should be able to the app (tinyadults.com),
>    specify their own subdomain URL, like user1.tinyadults.com,
>    user2.tinyadults.com etc. I probably need a nginx config with "wildcard
>    subdomains" to do this, which I also haven't figured out how to do.

If nginx should handle all incoming domain (server_name or Host:) requests
in the same way, then nginx does not need to care about the domains.

For just-http, your nginx config might be just

  server {
    listen 80 default;
    location / {
      proxy_pass <a href="http://localhost:4001;">http://localhost:4001;
    }
  }

with probably something like "proxy_set_header Host $host;" and maybe
some other proxy_* parts, depending on what your nuxt system does.

If you want to include https, then you will need to have a certificate
for every server_name that your clients might use to access nginx. That
would probably mean that you would have a server{} block like the above,
but with ssl enabled and a matching certificate, for each of those
server_name values.

>    - They can also specify a custom domain (that they own), like domain1.com
>    in the admin settings. What should happen is if you go to domain1.com,
>    it would show the contents of that user's subdomain, user1.tinyadults.com
>    in this example.

That sounds to me like it is not for your nginx to worry about.

If "domain1.com" is your nginx, then your nginx just proxy_pass'es to
nuxt as normal, and nuxt must know that domain1.com should get the same
content as user1.tinyadults.com.

If "domain1.com" is not your nginx, then domain1.com must know to
proxy_pass to user1.tinyadults.com (which *is* your nginx); and your
nginx just proxy_pass'es to nuxt as normal.


>    It probably requires
>    nginx and some DNS / CNAME changes, and we haven't been able to figure out
>    how to get it to work.

All that DNS (including CNAME) does in this context, is get the client
to talk to your IP address when they want to talk to whatever name they
are looking for.

The DNS side has nothing to do with nginx.

> Our current nginx configs can be seen here
> https://gist.github.com/connecteev/f16b01e2aadbdcfbeb2e53f1b29cea04

Pretty much all nginx config starts with you deciding what you want
to have happen.

What is the full data flow that you care about?

When the user makes a request for "one.tinyadults.com" or
"two.tinyadults.com", DNS must make sure that the request gets to
your nginx.

After that: how do you want nginx to handle those two requests?

If you want a http request to be proxy_pass'ed to nuxt, configure your
nginx to do that (like is shown above). If you want a http request to
be redirected to a https equivalent of the same request, configure your
nginx to do that (like the "return 301" is your linked config).

If you want a https request to be handled by nginx, you must (for the
client's sake) first make sure that you present a certificate that the
client will accept; and then: what do you want nginx to do with the
request? If it is "proxy_pass to nuxt" -- do that. If it is something
else -- decide what that something else is, and then see how to configure
nginx to do it.

> So far, it's been like shooting darts blindfolded. If you could help figure
> this out, that would be so appreciated.

The hard part is you deciding what you want nginx to do with each request.

(Usually it will be "serve *this* file from the filesystem", or "redirect
to *this* http(s) url", or "proxy_pass to *this* http(s) url", or
"fastcgi_pass to the configured service, asking it to process *this*
filename". You just have to be very clear on how you want each request
to be handled.)

After that is decided, then you can worry about how to configure nginx
to do the thing that you want nginx to do.

That's where the documentation, the mailing list, and other resources
come in.

Good luck with it,

        f
--
Francis Daly        [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx