Skip to content

Instantly share code, notes, and snippets.

@apollolm
Last active January 12, 2023 14:47
Show Gist options
  • Save apollolm/23cdf72bd7db523b4e1c to your computer and use it in GitHub Desktop.
Save apollolm/23cdf72bd7db523b4e1c to your computer and use it in GitHub Desktop.
Nginx Configuration with multiple port apps on same domain, with SSL.
# the IP(s) on which your node server is running. I chose port 3000.
upstream app_geoforce {
server 127.0.0.1:3000;
}
upstream app_pcodes{
server 127.0.0.1:3001;
}
#Point http requests to https
server {
listen 0.0.0.0:80;
server_name sub.domain.org;
server_tokens off;
return 301 https://$host$request_uri;
}
# the secure nginx server instance
server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/public.crt;
ssl_certificate_key /etc/nginx/ssl/private.rsa;
server_name sub.domain.org;
access_log /var/log/nginx/myapp.log;
error_log /var/log/nginx/myapp_error.log;
# pass the request to the node.js server with the correct headers and much more can be added, see nginx config options
location /favicon.ico { alias /home/ubuntu/img/favicon_rc.ico; }
location / {
# auth_basic "Restricted";
# auth_basic_user_file /home/ubuntu/app/.htpasswd;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Ssl on;
proxy_pass https://app_geoforce;
proxy_redirect off;
}
location /pcodes/ {
rewrite /pcodes/(.*)$ /$1 break;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Ssl on;
proxy_pass https://app_pcodes;
proxy_redirect off;
}
}
@barbalex
Copy link

thanks a lot for this, it was a great help

@fais3000
Copy link

fais3000 commented Dec 3, 2017

Spent an hour figuring out this. The rewrite statement was the key to my fix. Thanks for the code!

@oussemamzoughi
Copy link

i have a communication between two nodes and i have two locations

node1 VM_Link:3000 & node2 VM_Link:3001

server name : Domain.com

location/chat {listen to VM_Link:3000}
location/back {listen to VM_Link:3001}

the problem is when i use the first node it calls automaticly the second node and when i use the server and write domain.com/chat it calls in the background automaticly domain.com:3001 and not domain.com/back

WHAT SHOULD I DO ????

@andregv
Copy link

andregv commented Mar 6, 2018

Hi, @apollolm.

I'm a PHP developer and I need to set nginx to access two laravel app's (one running on :8081 port and another on :8082 port).
Both of them should run over HTTPS. I tried the following config file, but no luck:

`
upstream portal_server {
server 127.0.0.1:8082;
}

upstream intra_server {
server 127.0.0.1:8081;
}

#Point http requests to https
server {
listen 80;
server_name localhost;
server_tokens off;
return 307 https://$host$request_uri;
}

the secure nginx server instance

server {
listen 443 ssl;

include c:/nginx-1.12.0/servers/cert.conf; # ssl details
server_name localhost;
include c:/nginx-1.12.0/servers/extra.conf;  # others stuffs
include c:/nginx-1.12.0/servers/patch.conf; #security stuffs

location /assets/
{
    autoindex off;
}

location / {
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header Host $http_host;
  proxy_set_header X-NginX-Proxy true;
  proxy_set_header X-Ssl on;

  proxy_pass https://portal_server;
  proxy_redirect off;
}

location /intra/ {
  rewrite /intra/(.*)$ /$1 break;

  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header Host $http_host;
  proxy_set_header X-NginX-Proxy true;
  proxy_set_header X-Ssl on;

  proxy_pass https://intra_server;
  proxy_redirect off;
}

}`

Could you help?

@sihitejulio
Copy link

How to fix if assets error ?
ex: 192.168.0.1:8081/apps
but assets still 192.16.0.1:8081/jquery.js

@techloverparveen
Copy link

Really helpful works for me, for the Same IP address with two subdomains (one is on 3000 another is on 3001) with same wildcard SSL certificates and auto-redirect from HTTP to HTTPS.

Thanks:)

@RosarioAleCali
Copy link

RosarioAleCali commented Jul 25, 2018

I created a config file that looks like this:

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    # the IP(s) on which your node server is running. I chose port 3000.
    upstream app_edafos {
        server 127.0.0.1:3000;
    }

    #Point http requests to https
    server {
        listen 0.0.0.0:80;
        server_name edafos.eng.yorku.ca;
        server_tokens off;
        return 301 https://$host$request_uri;
    }

    server {
        listen 443 ssl;
        server_name edafos.eng.yorku.ca;
        ssl_certificate /etc/letsencrypt/live/edafos.eng.yorku.ca/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/edafos.eng.yorku.ca/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
        ssl_session_cache shared:SSL:1m;

        root /var/www/Interface-2.0/Client/dist;     
        index index.html;
        server_name edafos.eng.yorku.ca;
        
        location / {
            try_files $uri /index.html;
            error_page 405 = $uri;
        }

        location /api/ {
            rewrite /api/(.*)$ /$1 break;

            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_set_header X-NginX-Proxy true;
            proxy_set_header X-Ssl on;

            proxy_pass https://app_edafos;
            proxy_redirect off;
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }
}

Everything seems to be working fine except for when I try to access the back-end api in the location /api/ block to redirect the traffic to port 3000 in the localhost. In that case, I get a 404 error and I can see in Firefox's debugging tools that NGINX returns its 404 page.
When I try to access that back-end API the URL looks like this: https://edafos.eng.yorku.ca/api/example
Does anyone here know what I could do to fix the problem?

UPDATE: my project is a MERN application where the front-end is served on port 80 and the back-end is redirected to localhost:3000. If my theory is correct, the problem in my config file is the root. Therefore, when I type in https://edafos.eng.yorku.ca/api/example it will try to redirect me to /var/www/Interface-2.0/Client/dist/api/example which obviously does not exist and returns me error 404. Can anyone confirm my thinking is right and, if it is, propose a fix?

@amka94amka
Copy link

this case ? how
mysite.com:3300
Help me guys

@Jarmahent
Copy link

Had trouble getting location /first_game/ to work until i wrote the reqwrite part thanks!

@eggswap
Copy link

eggswap commented Oct 8, 2020

rewrite /intra/(.*)$ /$1 break;

This is the line i was missing. ty you sage.

@leshaker
Copy link

thanks! the rewrite line saved my day!

@phuhung273
Copy link

The rewrite line is the key!

@ParthBarot-BoTreeConsulting

This has helped me solving a BIG issue i was facing for CORS issue for Odoo backend server. Thanks a lot! 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment