Search the Community

I am looking for a way to deploy an NGINX instance standalone and/or inside a Docker-Container. But I am having troubles compiling it with a Web-Application-Firewall (WAF, modsecurity if you have other better options please let me know) and the plugin more headers. I also want to make use of HTTP/3 (quick support). The newest version of NGINX seems to have HTTP/3 support backed in (1.25.5). But I am not sure about that. I used to compile NGINX with the Cloudflare version of HTTP/3 and brotli compression. But I would like to use a WAF and the "More-Headers-Plugin" if possible as well. Maybe someone knows a step by step guide since I couldn't find one working for me yet. Also for now I would like to use PHP_fpm_8.3.6 if that's possible for testing purposes. It should run on a Debian 12.2 system. Thanks in advance Jens Humke

I'm trying to set up vaultwarden in my raspberry pi 4 but I run in some issues with nginx. This is my setup so far. I have docker running on my raspberry pi with vaultwarden on and nginx both seem to be working so far because I can acces them local with the right port. Also I've created a DDNS on Duck DNS. Everything I did was according to those guides (https://www.wundertech.net/how-to-setup-duckdns-on-a-raspberry-pi/, https://www.wundertech.net/nginx-proxy-manager-raspberry-pi-install-instructions/, https://www.wundertech.net/how-to-self-host-bitwarden-on-a-raspberry-pi/). I also forwarded Port 80 and 443 in my router to my pi. Port 80 and 443 are also open in ufw. The config in nginx looks like this (I replaced the domain name): Now when I enter the Duck DNS domain name in my browser I get a 504 gateway timeout, but when I enter the current IP that is displayed on the Duck DNS site I get this: I'm not quite sure what this means or where I did go wrong. I'm newbie to this field and would apreciate some help to improve I've also added the logs from my docker containers if that helps. Please let me know if you need more information. _vaultwarden_logs.txt _portainer_logs.txt _nginx_db_1_logs.txt _nginx_app_1_logs.txt

I will be monitoring this thread to the best of my ability and any guidance or help is greatly appreciated. So after a period, I am reaching out to the community. We had severe weather a few weeks ago and I shut my server down as usual but when I brought it back up all of my websites were down. I create A records in Cloudflare and Nginx for all my applications I access on other devices like Overseer, Portainer, and Nginx. These domains all worked with no issues prior to the shutdown and bringing them back up they stopped working. I checked the server and nothing appeared to change when the system came back. Since coming back I have only gotten Cloudflare Error 522. I am having difficulty digesting and determining the issue and route cause. Initially, I thought it was an SSL authentication issue between Cloudflare and Nginx but again nothing there changed. Just a quick disclaimer, none of these sites are working. I had a total of 6 of them so I don't believe it is as simple as a specific setting for a docker container necessarily. Cloudflare: A record for Nginx.example.com with my local IP, this record is proxied. Force HTTPS enabled SSL/TLS encryption mode is set to Full (tried Full (strict) and didn't work either with any testing) API token for all zones created for Nginx SSL Cert. I do not have the pro-plan so I cannot simply input a ticket for help from Cloudflare. Nginx: Source: domain created in Cloudflare. Destination: At this moment it is set to https://127.0.0.1:81 or https://localhost:81 Side note, this is something I am on, I have watched many videos and am unable to determine which IP is used, I have watched some use their LAN or the systems' IP, some use the IP used to connect locally, and a few other variations. This is the IP Nginx uses to connect to SSL Cert: I used a wildcard cert (*.example.com) pointed this at Cloudflare and provided the API token from Cloudflare. I used the curl command to confirm this cert is valid and working. Portainer: version 2.18.2 At this moment using nginx image: jc21/nginx-proxy-manager:latest. Published ports 80:80, 81:81, 443:443 in a container and forwarded on ISP Router. I have tried numerous things, I started from scratch on the image, I tried defining my domain under the network section, and published ports, we have been trying the same with Overseer to try and get anything to work and even disabling all SSL to the best of our ability and trying to make an unsecured connection to the webpage has not worked, continues to give the 522 error. Questionable items: When researching and gathering information I noticed services like Overseer running on IP 10.0.0.208:Portnumber whereas Nginx is running on 127.0.0.1, I have not dictated the IPs for these containers and in Portainer I do not have them part of a specified network right now. When going through the port forwarding setup on my ISP router I found that it reserved an IP and in my app, it shows my server IP as 10.0.0.208 but nowhere else does this show or reflect and the connected gig ethernet NIC has the IP of 192.168.x.x Hardware: Ubuntu 22.04.2 LTS i3-9100F, AMD Radeon rx 560, 16GB RAM, RealTek Gig/Ethernet NIC, 40TB.

Hello to you all! I have created the following nginx config inside the folder sites-enabled: In this example: # Define separate upstream blocks for IPv4 and IPv6 backend servers upstream backend_ipv4_ht1 { server 192.168.178.111:1080; } upstream backend_ipv6_ht1 { server [2a02:8070:5181:25a0:da3a:ddff:fe28:17b0]:1080; } upstream backend_ipv4_ht2 { server 192.168.178.111:2080; } upstream backend_ipv6_ht2 { server [2a02:8070:5181:25a0:da3a:ddff:fe28:17b0]:2080; } # Map $remote_addr to the appropriate backend based on IP version map $remote_addr $backend_ht1 { ~[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ backend_ipv4_ht1; default backend_ipv6_ht1; } map $remote_addr $backend_ht2 { ~[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ backend_ipv4_ht2; default backend_ipv6_ht2; } # HTTP and HTTPS server block for ht1.mk-homelab.net server { listen 443 ssl; listen [::]:443 ipv6only=off; server_name ht1.mk-homelab.net; ssl_certificate /etc/letsencrypt/live/mk-homelab.net/cert.pem; ssl_certificate_key /etc/letsencrypt/live/mk-homelab.net/privkey.pem; ssl_protocols TLSv1.3; location / { # Proxy to the appropriate backend based on the client's IP version proxy_pass http://$backend_ht1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } # HTTP and HTTPS server block for ht2.mk-homelab.net server { listen 443 ssl; listen [::]:443; server_name ht2.mk-homelab.net; ssl_certificate /etc/letsencrypt/live/mk-homelab.net/cert.pem; ssl_certificate_key /etc/letsencrypt/live/mk-homelab.net/privkey.pem; ssl_protocols TLSv1.3; location / { # Proxy to the appropriate backend based on the client's IP version proxy_pass http://$backend_ht2; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } But when I test it with: nginx -t It gives me the following error: nginx: [emerg] "upstream" directive is not allowed here in /e tc/nginx/sites-enabled/mk_homelab_config.conf:2 nginx: configuration file /etc/nginx/sites-enabled/mk_homelab _config.conf test failed Please help

Hey, I am trying to host a minecraft server for which the control panel is on port - 8443, analytics panel is on 8804 and the server map is on 8123, what I want to is use subdomains as follows - crafty.riftcraftmc.com - publicip:8443 analytics.riftcraftmc.com - publicip:8804 map.riftcraftmc.com - publicip:8123 Domain Service - Google Domains I have - done port forwarding using UPNP - Ubuntu LTS Installed - 500Mbps Internet Connection - tried Nginx but it showed some errors and I didn't touch nginx since I would like someone to guide me on how to do it with either Nginx or any simpler alternative, it would be very helpful. Thanks in advance!

I had previously had an NGINX proxy on a tn scale docker, but the system was unstable and I wanted to move that to a battery-backed-up pi zero. This is for accessing Jellyfin outside the home with dynamic DNS. When I used the TN Scale docker container for NPM and the NPM log reader, it had the server ip with a specific port :10582 by default for the web gui. I know everything I need to do through the GUI, but I cannot find any mention of that on forums or documentation, but frankly, that is likely me missing something. I knew how to set things up from inside the gui, but I am hesitant to mess with conf files from CLI. I also have Pi-hole running on this, which seems to work great, but I also do not know the port for that one (just running roku and random devices, not my whole network), it's just "<IP here>/admin" to get the gui for it. but when I add NPM that just takes me to the nginx success page. I'm just kinda done bashing my head against this wall, someone has to know more about this than little old me lol. Just want to get Jellyfin back up without just open vpning to my home network for access

I have installed Pterodactyl and Wings according to the documentation on Pterodactyl.io. I also have generated two certs using certbot. One for the panel and one for the node. The panel cert is for panel.rvm-mc.com and node is for node.rvm-mc.com, which both point via A records in Cloudflare (not behind proxy) towards my pubic IP. My router then forwards the proper traffic to the server. The panel works and is encrypted with a cert, but with wings I get this: https://ptero.co/axyzuduwup The command I used to generate the certs is certbot certonly --nginx -d panel.rvm-mc.com -d node.rvm-mc.com , but it keeps generating a cert for "mediarouter.home" or at least Wings keeps saying that. Does anyone have any experience with this or has encountered this in the past? Thanks in advance

I'm trying to use self-signed certs for my web-application based on vue/node.js. And added two conf files for nginx to handle vue and node. The Vue part works if I disable the Nginx node conf file. I just add it for completion. I guess the problem is within the proxy to node (or self-signed certs?). VUE: server { listen 80; listen [::]:80; server_name inf-education-67.umwelt-campus.de; return 301 https://$server_name$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name inf-education-67.umwelt-campus.de; # point to ssl certificate path include snippets/self-signed.conf; include snippets/ssl-params.conf; location / { # point to dist folder inside vue source code folder root /var/www/client/pvapp-client/dist; autoindex on; autoindex_exact_size off; index index.html index.htm; try_files $uri $uri/ /index.html; } } NODE: server { listen 80; listen [::]:80; server_name MY_IP; return 301 https://$server_name$request_uri; } server { listen 443 ssl; listen [::]:443 ssl http2; server_name MY_IP; # point to ssl certificate path include snippets/self-signed.conf; include snippets/ssl-params.conf; root /var/www/server/pvapp-server; location / { proxy_http_version 1.1; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://MY_IP:60702; proxy_ssl_verify off; } } The Nginx logs are: Error.log (This one is common with self-signed certs tho) 2021/02/23 07:30:07 [warn] 233791#233791: "ssl_stapling" ignored, issuer certificate not found for certificate "/etc/nginx/selfSignedCerts/example.crt"` 2021/02/24 07:26:48 [error] 233793#233793: *17 connect() failed (111: Connection refused) while connecting to upstream, client: IP, server: IP, request: "GET / HTTP/2.0", upstream: "http://MyIP:60702/", host> Access.log MYIP - - [23/Feb/2021:07:31:02 +0000] "GET / HTTP/2.0" 404 128 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36"

so i dont know whats really going on here, but its confusing the hell out of me. so i set an NGINX+PHP-FPM server, with all my needed extinctions. I get this url from facebook: https://***/posts/?post=**UUIDv4***&fbclid=**** nothing weird about the URL but when i open the URL, my PHP session changes, along with a logout of my user. when i refresh the screen after that URL is used, it does logout again. nginx conf: server { root /***/; index index.php; server_name ***; location / { # try_files $uri $uri/ =404; try_files $uri $uri/ /index.php$uri$is_args$args; } location /posts/ { # try_files $uri $uri/ @rewrites; } # pass PHP scripts to FastCGI server # location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; } location @rewrites { rewrite ^/posts/(?<id>[a-zA-Z0-9]+)$ /posts/?post=$id; } #below here is SSL stuff for Certbot } the server is Behind a proxy: (the proxy config) server { server_name ***; location / { proxy_pass "https://192.168.0.155:443"; proxy_set_header HTTP_Country-Code US; proxy_pass_request_headers on; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_cache_bypass $http_upgrade; proxy_set_header Connection 'upgrade'; } #below here is SSL stuff for Certbot } PHP session settings: main issue: When using other than ?post= queries, the session expires, and i dont know why. i can provide any more details, just let me know

Hey! I have a big problem in my website. Since i moved from Apache webserver to Nginx the ads in my site are not working. I added these lines in my website config file in nginx: add_header 'Access-Control-Allow-Origin' 'https://xy.hu' always; (i tried with *, but nothing) add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested -With' always; I did nginx reload but nothing happened. i tested with curl -X OPTIONS -i https://xy.hu The answer is: HTTP/1.1 405 Not Allowed Server: nginx Date: Thu, 01 Jul 2021 21:33:48 GMT Content-Type: text/html Content-Length: 166 Connection: keep-alive Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS Access-Control-Allow-Credentials: true <html> <head><title>405 Not Allowed</title></head> <body bgcolor="white"> <center><h1>405 Not Allowed</h1></center> <hr><center>nginx</center> </body> </html> and i tried with an external tester: HERE Any ideas? thanks

Sorry if this is a terrible question but I don't know where else to turn. I have spent all day trying to have gunicorn bind to 127.0.0.1. So to start from the Top. I am making a website with a React frontend and a Flask backend all of this is running on centos7. I am using Nginx to manage the traffic I have it set up for SSL. I am using gunicorn to run Flask for production. Currently, I have this working where I have Nginx routing the traffic to React and then having the requests sent to gunicorn bound on 0.0.0.0:8000. In order to get this to work, I had to use 2 certificates one for each port. I was reading that binding gunicorn to an internal port would make it so I don't need the second certificate. When I try and run gunicorn with out the certs bound to localhost i get this error from React. Error: Network Error followed by ERR_CONNECTION_REFUSED to 127.0.0.1:8000/auth/login I have CORS enabled on the flask end and I'm using Blueprints. Here is my Nginx configurations server { listen 80; listen [::]:80; server_name my_server_name; return 301 https://$host$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name my_server_name; ssl_certificate "/etc/nginx/nginx-selfsigned.crt"; ssl_certificate_key "/etc/nginx/private/nginx-selfsigned.key"; ssl_dhparam "/etc/nginx/dhparam.pem"; ssl_protocols TLSv1.2; ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; ssl_prefer_server_ciphers on; ssl_session_tickets off; ssl_stapling on; ssl_stapling_verify on; proxy_set_header HOST $http_host; proxy_set_header X-REAL-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #proxy_set_header X-Forwarded-Proto $scheme; location / { proxy_pass "http://127.0.0.1:8080/"; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /api/ { proxy_pass http://127.0.0.1:8000/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /auth/ { proxy_pass http://127.0.0.1:8000/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } } Any help would be greatly appreciated.

Hello people! I have seen people getting really confused about server configuration etc even after seeing online tutorials. So i have decided to make this website for people like them who are really afraid of setting up such things. Please review and share my site to as many people as u can! will help them a lot! Thanks! site link: <content removed by staff>

Hi, So I'm trying to setup more websites on my server. Right now I got the folder structure like this ../www/html ../www/beta And when going to www.mydomain.com it goes to ../www/html. when going to beta.mydomain.com I want it to go to ../www/beta. How do I do this? I dident find any good how to on this so thats why I'm asking here. Many of the reasons why I probably dident find a good how to was becaouse I don't really know the simple like, do I need to specify diffrent port or do they work with same ports (I know normaly programs need a port alone) So if you could help I would be really happy, an explanation is more welcome than a simple here is the code www.mydomain.com - ../www/html beta.mydomain.com - ../www/beta

Okay so I am creating a video streaming website and I need the videos to have different resolutions. Now this would not be a problem if I didn't care about security/DRM and whatnot, however I am using Wowza on a Windows server (I know... but it is much easier to manage) and I also have a Ubuntu server running NGINX and PHP. I want to be able to upload videos through my Ubuntu web server (I don't care if I have to switch languages), transcode it through something like FFmpeg and then somehow get it to my Windows server. I do not want to use Wowza's transcoding because it slows the server down by a lot and I want a actual file in the format of VIDEOID_1080.mp4 or something.

So I have been trying to get a server to work but I just cant do it... I have Docker Toolbox with rtmp server install into a virtual machine instance but no dice. I only have a windows 10 computer and a win 7 laptop. I need some help getting this to work, by which I mean make it so people other than the host can access it, like my friend. The plan is when we get it up is to stream both our perspectives into one or two streams. If you can help message me, I'll be sure to reply fast.

Hello, I am HR for a company called KewlHost which are still in development and we are looking for someone to help us with a NGINX issue. We are trying to use NGINX on one of our nodes that we own to host several sites. At the moment, we need one for the main website, one for the gameserver panel and one for the billing website. We also want 3 - 4 dummy sites that we can change in the future. It would be appreciated if someone could help, either by providing a tutorial on how to do it or by sending a message to me on Discord (Stentorian#9524) so you can help us out. Either way would be much appreciated. Many Thanks, Stentorian EDIT: All of the sites need to have SSL encryption on them. We have LetsEncrypt keys but we need it to support SSL.

Is it possible / how could I setup a web server and a gitlab server on a single system and have them share a domain name? Gitlab uses nginx, so could I just setup gitlab and then modify the nginx setting to add the webserver? I would like to have something like www.website.com would be the webserver and then www.website.com/gitlab would be the gitlab server.

Hello,many of my friends have requested me to edit their photos for instagram and they keep sending them over Whatsapp in compressed quality.So my question is using nginx and wordpress orany web builder(I know Dreamviewer),with the abilityfor every person to login,send message/request send the files and a "refrence" photo frow which to copy design from.Can someone link a video to do that or wordpress plugin. Thanks in advance, Erik

Hey all, Quick run-down of my setup and what I'm trying to achieve: Note: All of the below is hosted on my home network, and not internet-facing or accessible over the internet. My intention is not to get this working over the inetnet. - I've got multiple web apps running accross a handful of servers,IP's and ports. - DNS is handled by a Windows Server - I have a domain of: mydomain.home - Only a few things in the house are actually attached to the domain, but everything is being pointed towards the windows DNS server What I want to achieve: I'd like to be able to use Nginx Reverse Proxy, to point to all my various web apps on other servers etc, i.e: - The Ubuntu box running Nginx is called 'Den', it has a static IP and is registered in DNS as 'Den'. - I'd like to be able to point 'Sab.Den' towards 10.0.0.5:8181, and 'UniFi.Den' towards 10.0.0.3:5000, etc etc Is the above possible, somehow? I've configured the proxy on nginx, but when trying to go to any of the sub domains, I get "page not found" (not an nginx error, just a standard - there's nothing here msg). The part thats really confusing and puzzling to me personally, which I haven't found an explanation for online, is how the sub-domains actually get routed? How can UniFi.Den even hit my Nginx server at all, I don't get it

Hello, After installing PHP7.2 I get this error. after some googling I found out it was something with a timeout, but I didn't manage to fix it. What does this mean? 2018/03/04 22:12:31 [error] 29153#29153: *8 upstream timed out (110: Connection timed out) while reading response header from upstream, client: <router IP>, server: <domain>, request: "GET / HTTP/2.0", upstream: "fastcgi://unix:/run/php/php7.2-fpm.sock", host: "<domain>"

Hello, I tried to create a catch all server and return 444 on it so it didn't respond on random.mydomain.com with the page of www.mydomain.com. But by adding this which people suggested it catches ALL, nothing gets around it. server { listen 80 default_server; listen 443 ssl default_server; listen [::]:80 default_server; listen [::]:443 ssl default_server; server_name _; return 444; } #here are the includes for the .conf files Also, this starts pushing errors saying that the SSL is configured wrong when connecting to www.mydomain.com on https. How do I fix it so that it responds with the correct site for the correct domain, rest gets terminated? Including https attempts.

So I have tried using the NDI plugin for OBS, since I got two computers and am mainly playing csgo, so I need all the cpu power for the gaming pc possible. The problem is that the NDI-stream to the streaming PC is very laggy. It constantly goes from smooth 60 fps to 30 and back again. I have searched high and low for an explanation but so far I have only found posts from people having the same problem and no solution. Here is what I have tried so far: Every resolution possible on both the gaming and streaming pc. The lag is just as bad if I'm running 480p as when running 1080p. The LAN is not the bottleneck, both are on a gigabit connection and I have even tested the speed between the two computers to >750mbit. When NDI is on, both computers are using about 100-200 mbit as expected. I have tried both through a router and a cross-cable. None of the computers are the bottleneck either. CPU, ram, network, and GPU utilization are very low. I have even tried doing a RTMP/NGINX stream with the same result. The playback on the OBS running the NDI-signal is smooth, while the OBS recieving the signal is lagging. I have tried both wasys (gaming to streaming pc and streaming pc to gaming pc) Please help me, I have tried everything and the damn studdering just won't go away. Specs: Gaming PC i7 7700K @ 5hz 16gb ram 2600mhz GTX980 StreamingPC i7 2600 12 gb ram GTX1050

I am using webmin for local server to play around with. I set it up so you can access it from webmin.mydomain.com and I can log in and see any pages for the sidebar menu but nothing else. No actions work either. It just gets stuck in a loading phase with that little bar at the top. Ideas on what might be wrong? It is behind a Nginx reverse proxy

Hello LTT Forum! Straight to the point. I have an old laptop that sports Intel Pentium Dual Core P6xxx (forgot the model), and 3 GBs of DDR3 RAM, and now it's just sitting calmly in the shelf. I planned to use this laptop as a little reverse proxy server, especially for Steam downloads (just for 2-3 PCs), for 24/7, as data caps here are albeit unhandy anymore for my family needs, and based on down here: https://arstechnica.com/gaming/2017/01/building-a-local-steam-caching-server-to-ease-the-bandwidth-blues/ http://pathar.tl/blog/steam-cache/ https://steamcache.github.io/ Which one is good? I wanna use Ubuntu Server with the GUI tho.. Or is there's any nice linux out there beside that? By the way either, I'm here using tethering from a mobile phone as the source of the internet. (No more options tho, period.) Can I actually use the tethering as the source of the internet itself, by using the laptop internal wifi, but the end users will using wired connections? On the future I could use an access point tho from the switch.. Down here, this is the graph of what I mean: Thanks for ya attention.

I've been diving into the NGINX documentation as I do with almost any server I deploy, and I was wondering what the community here does with NGINX. I've been messing with stuff specifically with SSL reverse proxying and letsencrypt and thought this section might have people that do similar stuff. And maybe you guys have some configs or snippets to post!