Nginx, how to allow DOMAIN:PORT and IP:PORT requests
18,615
You should be able to configure like this:
#resolve domain with no port or port 80
server {
listen 80;
server_name example.com www.example.com;
...
#resolve domain for port 8080
server {
listen 8080;
server_name example.com www.example.com;
...
#resolve with IP on port 8086
server {
listen 8086 default_server;
server_name example.com www.example.com;
...
Server names should not include ports (that is the point of the listen directive) and the default_server is the one where the IP address gets resolved.
You can find more detail about NGINX configuration here.
Author by
RadUma
Updated on June 04, 2022Comments
-
RadUma almost 2 years
What's the proper way to configure Nginx to allow DOMAIN:PORT requests like this:
http://example.com:8080/?a=xxx&b=yyy&c=zzz over TCP or UDP
And IP:PORT requests like this:
http://1.2.3.4:8086/?a=xxx&b=yyy&c=zzz over TCP or UDP
Nginx also must allow domain requests like these, which already work correctly on my setup:
http://example.com/home http://example.com/work over TCP
For the IP:PORT requests, I tried this config, but it didn't work:
server { listen 8080; server_name 1.2.3.4:8080; root /home/public_html/example.com; location / { client_max_body_size 10m; client_body_buffer_size 20m; proxy_connect_timeout 10s; proxy_send_timeout 5s; proxy_read_timeout 60s; proxy_buffer_size 8k; proxy_buffers 4 64k; proxy_busy_buffers_size 128k; proxy_temp_file_write_size 128k; proxy_redirect off; proxy_pass http://1.2.3.4:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }
Added for steve klein
server { # HTTP IP:PORT ... # http://example.com:8080/app/?ip=1.2.3.4&pt=55555&do=things # there's a listener on port 55555 # listen 8080; server_name example.com www.example.com; root /home/public_html/example.com; location /app { client_max_body_size 128k; client_body_buffer_size 256k; proxy_connect_timeout 10s; proxy_send_timeout 5s; proxy_read_timeout 60s; proxy_buffer_size 8k; proxy_buffers 4 64k; proxy_busy_buffers_size 128k; proxy_temp_file_write_size 128k; proxy_ignore_client_abort on; proxy_pass http://$arg_ip:$arg_pt; proxy_redirect off; } }
-
RadUma almost 9 yearsWith your
#resolve domain for port 8080
, Google Chrome Console shows the errornet::ERR_CONNECTION_REFUSED
and there's no response shown in the Chrome Network monitor, only the request is shown. -
steve klein almost 9 yearsThat is a comment - not sure how this is happening but it can be safely removed. If you are still having issues, perhaps post your updated config in your OP.
-
RadUma almost 9 yearssteve, I was talking about your "server" config statement that's headed by your comment
#resolve domain for port 8080
. I'll post the updated config. -
steve klein almost 9 yearsDo you really have a folder called
example.com
? Otherwise, yourroot
needs to be the path to your actual root folder for your application. -
RadUma almost 9 yearsIn the above config,
example.com
as domain name, and as a part of the public root path, is only a place holder for the real thing. -
steve klein almost 9 yearsIf you log into your server and you
cd
to whatever root is assigned to, do you get to your root directory? If so, it is set correctly. -
steve klein almost 9 yearsBack to your error message, does your firewall allow access on port 8080?
-
RadUma almost 9 yearsYes,
cd /public/root/path
takes you to the correct public root directory. Andiptables
does not block access to port 8080. -
steve klein almost 9 yearsWhy do you have
location /app
(sorry just noticed that in your updated post)? That will only route requests to folderapp
at your root. Normally, you would include a route tolocation /
. -
RadUma almost 9 yearsYou can see the GET request format in the comments at the top of the server block:
http://example.com:8080/app/?ip=1.2.3.4&pt=55555&do=things
-
steve klein almost 9 yearsSo all requests will go to the app folder? I've never seen a request start with a question mark... where is the page name?
-
RadUma almost 9 yearsFor the location block shown above, there is no page.
app
is the resource, and the payloaduri
is the parameters, which begin after the?
. I'm not showing several other location blocks, for other resources made available by the server, many of which do offer html pages for service. -
steve klein almost 9 years
app
needs to be a folder under your root or this won't match. Documentation here. So this configuration will only support requests to /path/to/root/app. -
RadUma almost 9 yearsSorry,
iptables
must explicitly allow port 8080, which it wasn't doing! -
steve klein almost 9 yearsAha the firewall strikes! Glad you were able to work it out.