Nginx only serves 1 App

Moshe Katz kohenkatz at gmail.com
Tue May 15 13:15:26 UTC 2018


Looks to me like your problem is that Seafile is using HTTPS but Mattermost
is not.

That said, I don't understand how you are able to get to Mattermost at all,
since you are setting HSTS headers that should prevent your browser from
going to a non-secure page on your domain.

Add HTTPS configuration for Mattermost and see if that helps.

--
Moshe Katz
-- kohenkatz at gmail.com
-- +1(301)867-3732


On Tue, May 15, 2018 at 4:35 AM Nginx-Chris <nginx-forum at forum.nginx.org>
wrote:

> Root Server with Ubuntu 16.04.
> Nginx Version: 1.10.3
>
> I have an Nginx server that serves 1 Application: An open source Cloud
> Server from Seafile that listens on cloud.mydomain.com
>
> I now tried to add another Application to my server: A Mattermost server
> that should listen on chat.mydomain.com
>
> When I am adding the Nginx config for Mattermost, then it only is available
> when I deactivate the Seafile nginx config.
>
> So the server only serves one application at a time and that's always the
> Seafile Server.
> Then no nginx error.logs or access.logs get any data from the Mattermost
> login attempts.
>
> I am pasting the configs below and am hoping that someone could give me a
> tip what I have a done wrong or what I need to change.
> I don't understand why Nginx does not listen for chat.mydomain.com
>
> Any help would be very much appreciated!
>
> SEAFILE NGINX CONFIG:
>
> server {
>
>     listen 80 http2;
>     listen [::]:80 http2;
>     server_name cloud.mydomain.com;
>
>     rewrite ^ https://$http_host$request_uri? permanent;    # force
> redirect
> http to https
>
>     # Enables or disables emitting nginx version on error pages and in the
> "Server" response header field.
>     server_tokens off;
>
> }
>
> server {
>     listen 443 ssl http2; # managed by Certbot
>     listen [::]:443 http2;
>     ssl on;
>
>     server_name cloud.mydomain.com;
>
>     ssl_session_cache shared:SSL:5m;
>     server_tokens off;
>
>     ssl_certificate /etc/letsencrypt/live/cloud.mydomain.com/fullchain.pem
> ;
> # managed by Certbot
>     ssl_certificate_key
> /etc/letsencrypt/live/cloud.mydomain.com/privkey.pem; # managed by Certbot
>
>     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
>
>     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
>
>     proxy_set_header X-Forwarded-For $remote_addr;
>
>     add_header Strict-Transport-Security "max-age=31536000;
> includeSubDomains";
>
>         location / {
>          proxy_pass         http://127.0.0.1:8000;
>          proxy_set_header   Host $host;
>          proxy_set_header   X-Real-IP $remote_addr;
>          proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
>          proxy_set_header   X-Forwarded-Host $server_name;
>          proxy_set_header   X-Forwarded-Proto https;
>
>          proxy_read_timeout  1200s;
>
>          # used for view/edit office file via Office Online Server
>          client_max_body_size 0;
>
>          access_log      /var/log/nginx/seahub.access.log;
>          error_log       /var/log/nginx/seahub.error.log;
>     }
>
>     location /seafhttp {
>         rewrite ^/seafhttp(.*)$ $1 break;
>         proxy_pass http://127.0.0.1:8082;
>         client_max_body_size 0;
>
>         proxy_connect_timeout  36000s;
>         proxy_read_timeout  36000s;
>         proxy_send_timeout  36000s;
>         send_timeout  36000s;
>
>         proxy_request_buffering off;
>     }
>
>     location /media {
>         root /home/user/seafile.cloud/seafile-server-latest/seahub;
>     }
>
>     location /webdav {
>         fastcgi_pass    127.0.0.1:8080;
>         fastcgi_param   SCRIPT_FILENAME
> $document_root$fastcgi_script_name;
>         fastcgi_param   PATH_INFO           $fastcgi_script_name;
>
>         fastcgi_param   SERVER_PROTOCOL     $server_protocol;
>         fastcgi_param   QUERY_STRING        $query_string;
>         fastcgi_param   REQUEST_METHOD      $request_method;
>         fastcgi_param   CONTENT_TYPE        $content_type;
>         fastcgi_param   CONTENT_LENGTH      $content_length;
>         fastcgi_param   SERVER_ADDR         $server_addr;
>         fastcgi_param   SERVER_PORT         $server_port;
>         fastcgi_param   SERVER_NAME         $server_name;
>         fastcgi_param   HTTPS               on;
>         fastcgi_param   HTTP_SCHEME         https;
>
>         client_max_body_size 0;
>         proxy_connect_timeout  36000s;
>         proxy_read_timeout  36000s;
>         proxy_send_timeout  36000s;
>         send_timeout  36000s;
>
>         # This option is only available for Nginx >= 1.8.0. See more
> details
> below.
>         proxy_request_buffering off;
>
>         access_log      /var/log/nginx/seafdav.access.log;
>         error_log       /var/log/nginx/seafdav.error.log;
>     }
> }
>
>
>
>
> MATTERMOST NGINX CONFIG:
>
> upstream backend {
>    server 127.0.0.1:8065;
> }
>
> proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m
> max_size=3g inactive=120m use_temp_path=off;
>
> server {
>    listen 80;
>    listen [::]:80;
>    server_name chat.mydomain.com;
>
>    location ~/api/v[0-9]+/(users/)?websocket$ {
>        proxy_set_header Upgrade $http_upgrade;
>        proxy_set_header Connection "upgrade";
>        client_max_body_size 50M;
>        proxy_set_header Host $http_host;
>        proxy_set_header X-Real-IP $remote_addr;
>        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>        proxy_set_header X-Forwarded-Proto $scheme;
>        proxy_set_header X-Frame-Options SAMEORIGIN;
>        proxy_buffers 256 16k;
>        proxy_buffer_size 16k;
>        proxy_read_timeout 600s;
>        proxy_pass http://backend;
>    }
>
>    location / {
>        client_max_body_size 50M;
>        proxy_set_header Connection "";
>        proxy_set_header Host $http_host;
>        proxy_set_header X-Real-IP $remote_addr;
>        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>        proxy_set_header X-Forwarded-Proto $scheme;
>        proxy_set_header X-Frame-Options SAMEORIGIN;
>        proxy_buffers 256 16k;
>        proxy_buffer_size 16k;
>        proxy_read_timeout 600s;
>        proxy_cache mattermost_cache;
>        proxy_cache_revalidate on;
>        proxy_cache_min_uses 2;
>        proxy_cache_use_stale timeout;
>        proxy_cache_lock on;
>        proxy_pass http://backend;
>    }
> }
>
> Posted at Nginx Forum:
> https://forum.nginx.org/read.php?2,279794,279794#msg-279794
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20180515/0531b2fb/attachment-0001.html>


More information about the nginx mailing list