Nginx blues

RomanV · January 31, 2020, 9:11pm

This is the continuation of another post where I asked how to be able to setup one server and forward - redirect requests to other different servers running Xojo webapps.

I am now fighting with Nginx, which I installed on a windows server.

This is what I want to achieve:
www.mydomain.com.ar --> Landing page
www.mydomain.com.ar/1 --> App 1 at xxx.xxx.xxx.xxx
www.mydomain.com.ar/2 --> App 2 at xxx.xxx.xxx.xxx
Etc

I read some posts here and some other articles online, but I have two issues

I Can’t get the proxy redirection working
When I get it working i get the awfull xojo text message “The app is offline”

Here’s the ngix.conf in case anyone can help… It’s based on what’s been said on this post.

The domain I was using for testing purposes is not online now)

[code]worker_processes 1;

#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;

#pid logs/nginx.pid;

events {
worker_connections 1024;
}

http {
include mime.types;
default_type application/octet-stream;

server_names_hash_bucket_size 64;

#You can change the log format if you want with something like this
#log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
#                  '$status $body_bytes_sent "$http_referer" '
#                  '"$http_user_agent" "$http_x_forwarded_for"';

#access_log  logs/access.log  main;

sendfile        on;
#tcp_nopush     on;

#keepalive_timeout  0;
keepalive_timeout  65;

gzip  on;


#This is for load balancing.  See below for different proxy_pass directive.
#If you wanted to load balance multiple different apps you would need more upstream
#  directives with different names pointing to different ports for that group of apps.
#This essentially gives a logical name to a group of server directives and attempts
#  to distribute the load among the group.

#Disabled for now.

#upstream YourLogicalAppName {
#    ip_hash;  #Needed for session persistence.
#      My limited testing for ip_hash shows this may not result in evenly
#        distributing the load among the different instances but Xojo must
#        have session persistence.
#    server 127.0.0.1:<XojoAppONEport1>;  #Instance One
#    server 127.0.0.1:<XojoAppONEport2>;  #Instance Two
#} #End Upstream

#----------------------------------------
#Normally you would do this return directive to force HTTP to HTTPS using variables ... but ...
#  return 301 https://$server_name$request_uri;

#I had trouble with this format when I had multiple domains resolving to the same IP.
#My solution was to just "Hard Code" the return URL but other formats may work.

#----------------------
#This forces http to https for domain 1

#Browser cache can cause problems with 301 redirects.
#Read here for more:
#http://stackoverflow.com/questions/9130422/how-long-do-browsers-cache-http-301s#21396547

server {
    listen 80;
    server_name guestreport.com.ar;
    return 301 https://guestreport.com.ar;
} #End Server



 #----------------------
server {
    server_name guestreport.com.ar;
    listen 443 ssl;
    #You can put your certs anywhere you want.
    #Note that in the bundle your site specific cert should be
    #  ADDED IN FRONT of the other intermediate certs if needed.
    #The server key should not have a password if you intend to run
    #  NGINX as a Windows service with NSSM.
    #  With a password you will be prompted when NGINX launches.
    #The password can be removed with OPENSSL.  Be careful not to expose the key file.
	ssl_certificate      guestreport.crt;
    ssl_certificate_key  guestreport_com_ar_key;

		location /main {
# proxy_set_header  Host $host;
# proxy_set_header  X-Real-IP $remote_addr;
# proxy_set_header  X-Forwarded-Proto https;
# proxy_set_header  X-Forwarded-For $remote_addr;
# proxy_set_header  X-Forwarded-Host $remote_addr;
                # proxy_buffering off;
                # proxy_cache off;
                # proxy_pass http://66.97.40.251:5941;
                
				root html;
				
                #If you enable load balancing (upstream) above use this instead
                #proxy_pass http:YourLogicalAppName;  #For load balancing
                
               } # End Location

location = /test1 {
	return 302 /test1/;
	}

location /test1 {
proxy_set_header  Host $host;
proxy_set_header  X-Real-IP $remote_addr;
proxy_set_header  X-Forwarded-Proto https;
proxy_set_header  X-Forwarded-For $remote_addr;
proxy_set_header  X-Forwarded-Host $remote_addr;
proxy_buffering off;
proxy_cache off;               
	proxy_pass http://66.97.40.251:5941/;
	}


		   
} #End Server


#----------------------

} #end http[/code]

KevinW · February 1, 2020, 12:59pm

Using subdomains instead of paths for your different apps is going to be much easier. Xojo web apps use certain paths for the framework and maybe other things so you’d have to figure out how to handle all of that with rewrites of some sort. I think most people give up on that and just use subdomains. So something like app1.mydomain.com and app2.mydomain.com instead of mydomain.com/app1.

I would suggest at least getting that to work first so you know there’s not other issues involved. The thread you mentioned in your post has some example configs that should work for you. If you try it and it’s still not working maybe post up the new config and any errors from the nginx log file and the xojo app if there are any.

RomanV · February 1, 2020, 6:31pm

yes! Moving to subdomains made it work immediately… definitely much simpler.

Will this scheme work with one SSL certificate for all the servers ?

KevinW · February 1, 2020, 6:54pm

If you get a wildcard cert you can use one certificate. You could also specify quite a few sub domains in your certificate specifically. If you use let’s encrypt it’s easy to find how to do it by searching the web.

RomanV · February 1, 2020, 10:09pm

Hey Kevin, thanks a lot for taking the time to answer…

The issue I’ve found with let’s encrypt is that the easy automatic renewal works on Linux with ACME’s certbot app, but I’m on Windows here, didn’t find an easy replacement. Please consider I’m pretty new to all this.

I night end up buying a certificate if I can’t find a way around it.

Gary_Smith · February 2, 2020, 3:01am

I think GoDaddy allows up to 100 subdomains. Be sure to get a wildcard cert if you are using subdomains.

Anthony_Mott · February 2, 2020, 3:21am

You can get a wildcard cert from ssl2buy.com for $40/year backed by AlphaSSL. Ive been using these for over a year now on websites, mail servers, VPN devices, etc. and they work great! Never had a trust issue from any device or server.

https://www.ssl2buy.com/alphassl-wildcard.php

Oliver_Osswald · February 2, 2020, 7:18pm

I have letsencrypt autorenewal running on Linux Server for years. A short google tells me that it should not be difficult on Windows as well:

https://pkisharp.github.io/win-acme/

found here

https://www.google.ch/search?q=letsencrypt+windows+automatic+renewal