nginx | Tutes Club

centos web panel – vhost templates for proxying websocket traffic

http://wiki.centos-webpanel.com/webservers-vhost-templates

Templates location: /usr/local/cwpsrv/htdocs/resources/conf/web_servers/
– Folder main contains main configuration for WebServers
– Folder vhosts contains vhosts configuration for domains (this is what you need)

How to create a template file
The easiest way to do that is to simply copy an existing file and then edit a new file you have created.
Note that you need to have .tpl and .stpl files (tpl is for http and stpl is for https version)

Let’s do one example for apache vhost with nginx

cd /usr/local/cwpsrv/htdocs/resources/conf/web_servers/vhosts/nginx/
cp default.tpl my-template.tpl
cp default.stpl my-template.stpl

Now you can edit these newly created template files.

Template folders explained
List from folder: /usr/local/cwpsrv/htdocs/resources/conf/web_servers/vhosts/

httpd = apache templates
nginx = nginx templates
varnish = varnish templates
php-fpm = php-fpm service templates (used for all php-fpm versions)

my-template.stpl_Download

my-template.tpl_Download

add a block

map $http_upgrade $connection_upgrade {
	default upgrade;
	'' close;
}

also add these inside “location /” block

		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection $connection_upgrade;
		proxy_set_header Host $host;

Basic Authentication in nginx for any domain, server or location block

sudo yum install httpd-tools
sudo htpasswd -c /etc/nginx/conf.d/vhosts/.htpasswd USERNAME
Enter Password: xxxxx

sudo chmod 644 /etc/nginx/conf.d/vhosts/.htpasswd

Update the domain.conf file like /etc/nginx/conf.d/vhosts/myrestricteddomain.com.ssl.conf

Ideally, use it in server config

server {
satisfy all; 
auth_basic "Restricted Area";
auth_basic_user_file /etc/nginx/conf.d/vhosts/.htpasswd; 
	location / {

Save and restart nginx

Basic Authentication with Nginx with proxy port (react/node app etc)

Reference: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/

Requirements: apache2-utils or httpd-tools

Use htpasswd utility and create a .htpasswd file, see reference

htpasswd -c  /etc/nginx/.htpasswd usernamethatyouwant
chmod 644 /etc/nginx/.htpasswd

After that, just add lines in nginx conf

location / {
	auth_basic "Backend Area";
    auth_basic_user_file /etc/nginx/.htpasswd; ## path to your passwd file
	## ...
	## xyz code
	##... 
	proxy_pass http://127.0.0.1:4000; ## Proxy port for your app
	proxy_set_header Authorization ""; ## DONT FORGET THIS. reset the auth header
	include proxy.inc;
}

Restart nginx now or test first using “nginx -t”

proxying websockets via nginx and https

How to whitelist IPs in NGINX configuration?

Add this code in your .conf file

if ($remote_addr = "14.51.20.3") {
  set $block_me_now "B";
}
 
 if ($remote_addr = "104.1.20.29") {
  set $block_me_now "B";
}

if ($block_me_now != "B") {
    return 403;
    break;
}