logo
Published on

Nginx Config

Authors
  • avatar
    Name
    Bowen Y
    Twitter

QUESTION

What is the difference between listen 80 and listen 80 default_server?

ANSWER

The listen directive in Nginx is used to define what IP address and port number a server block should listen for incoming requests on. The default_server parameter is an optional argument that can be added to the listen directive to specify that a particular server block should be used as the default response for requests that do not match any other server block.

Here's the difference between them:

listen 80;: This tells Nginx to listen for incoming HTTP requests on port 80. If there are multiple server blocks listening on port 80 and a request comes in that does not match any other server_name, Nginx will use the first server block in the configuration file order.

listen 80 default_server;: This also tells Nginx to listen on port 80, but it goes further by designating that server block as the default for that port. If a request comes in that doesn't match any server_name directives in any server block, Nginx will default to using this server block. If there are multiple default_server directives for the same port, Nginx will return an error when you try to restart or reload the service, because it won't know which one to prioritize.

You should only have one default_server for each IP/port combination across your Nginx configuration. If you don't specify a default_server, Nginx will use the first server block that appears in the configuration as the default for that IP/port combination.

QUESTION

Why dose the wildcard domain _ not work?

server {
    listen 80;
    server_name test;

    location /health-check-1 {
        return 200 'healthy-1-test\n';
        add_header Content-Type text/plain;
    }
}

server {
    listen 80;
    server_name localhost;

    location /health-check-1 {
        return 200 'healthy-1-localhost\n';
        add_header Content-Type text/plain;
    }
}

server {
    listen 80;
    server_name _;

    location /health-check-1 {
        return 200 'healthy-1-wild\n';
        add_header Content-Type text/plain;
    }
}

ANSWER

Because in Nginx, there is no built-in wildcard mechanism in server_name.

_ is just a domain that people don't use.

curl localhost:80/health-check-1 -H "Host: _"
healthy-1-wild

So the Nginx will choose the first one server block as the default block for that port, if there is no default_server being declared explicitly.

Also, the server name is not exactly matched, but matched based on prefix.

Reference: https://www.digitalocean.com/community/tutorials/understanding-nginx-server-and-location-block-selection-algorithms

QUESTION

How to solve this issue: HTTPS -> Load Balancer(Decrypt HTTPS to HTTP) -> HTTP -> Nginx -> HTTP -> Application?

The application treats the request as an HTTP request, but it should not be processed as an HTTP request.

ANSWER

To solve this issue, we want the application knows that what protocol that the origin request uses: It is an HTTPS or HTTP request at the beginning.

So what we need to do is to pass HTTPS info in the header to application, but not HTTP.

server {
    listen 80;
    server_name auth.scrawlrapi.com;
    index index.php;
    root /var/www/global/auth/public;

    # Keep the logs
    error_log  /var/log/nginx/error_auth.log;
    access_log /var/log/nginx/access_auth.log;

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass auth_app:9000;
        fastcgi_index index.php;

	    '''proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;'''
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /var/www/public/$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
    }

    location / {
        try_files $uri $uri/ /index.php?$query_string;
        gzip_static on;
    }
}

We added proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; into the config file, so that the nginx can forward header info from the load balancer to the application.

Reference

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto

https://serverfault.com/questions/1056391/proxy-forwarding-not-woking-on-nginx-laravel-elastic-load-balancer

https://stackoverflow.com/questions/59970998/lumen-does-not-detect-https-behind-a-reverse-proxy

https://stackoverflow.com/questions/52517614/laravel-5-7-doesnt-generate-https-routes-if-the-webserver-has-no-encryption-lay

QUESTION

What is the meaning of the tilde after the location block in the nginx configuration? What is the difference between with and without the "~" ?

location ~ \.php$ {
    ...
}

ANSWER

The tilde instructs nginx to perform a case-sensitive regular expression match, instead of a straight string comparison.

If there is no tilde ~, then Nginx will only match file name as ".php" but not treat it as a regex.