Two sites on same IP address, different ports. Using NGINX for reverse-proxy to serve both sites based on different locations. Both backends are running Apache. One backend is at root / and the other is at /app. This configuration works fine most of the time. However, users on /app will sometimes be redirected to the root / application.
dpaste here:
Rather than posting a reference to code and configuration data that is going to go away, please post that data here in the body of your message, with each file’s contents surrounded by lines of three backtick - ` characters. This means you’ll have a line of ```, then the code for a file, then another line of ```. Also please try to ensure that the posted code doesn’t have an excessive number of blank lines or other artifacts that are going to make it more difficult to read.
NGINX CONFIG:
worker_connections 4096; ## Default: 1024
}
http {
map $ssl_client_s_dn $ssl_client_s_dn_cn {
default "";
~CN=(?<CN>[^/,\"]+) $CN;
}
server{
listen 80;
server_name myservername.com;
return 301 https://myservername.com$request_uri;
}
server{
listen 443 ssl;
server_name 127.0.0.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-CC-CN $ssl_client_s_dn_cn;
proxy_pass_request_headers on;
ssl_certificate E:/Apache24/cert/public.cer;
ssl_certificate_key E:/Apache24/cert/private.key;
ssl_client_certificate E:/Apache24/cert/CAs.pem;
ssl_prefer_server_ciphers on;
ssl_verify_client on;
ssl_verify_depth 10;
location /otherapp{
location = /otherapp {
return 301 /otherapp/menu;
}
proxy_pass http://127.0.0.1:92;
}
location /{
proxy_pass http://127.0.0.1:81;
}
}
}
ROOT APP CONF:
Define SRVROOT "e:\app"
ServerRoot "${SRVROOT}"
Listen 0.0.0.0:81
#modules redacted
<IfModule unixd_module>
User daemon
Group daemon
</IfModule>
ServerAdmin admin@example.com
ServerName myserver:81
<Directory />
AllowOverride none
Require all denied
</Directory>
DocumentRoot "E:/webdart2/webdart/DjangoWebProject1/webdart/templates/webdart"
<Directory "E:/webdart2/webdart/DjangoWebProject1/webdart/templates/webdart/">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
<Files ".ht*">
Require all denied
</Files>
ErrorLog "logs/error.log"
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access.log" common
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "${SRVROOT}/cgi-bin/"
</IfModule>
<Directory "${SRVROOT}/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule mime_module>
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
</IfModule>
# MaxRanges: Maximum number of Ranges in a request before
# returning the entire resource, or one of the special
# values 'default', 'none' or 'unlimited'.
# Default setting is to accept 200 Ranges.
#MaxRanges unlimited
Include conf/extra/httpd-autoindex.conf
Include conf/extra/httpd-info.conf
<IfModule proxy_html_module>
Include conf/extra/httpd-proxy-html.conf
</IfModule>
<IfModule ssl_module>
Include conf/extra/httpd-ssl.conf
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
ErrorLog e:/webdart2/logs/ssl_engine.log
LogLevel debug
</IfModule>
<IfModule http2_module>
ProtocolsHonorOrder On
Protocols h2 h2c http/1.1
</IfModule>
ServerName myserver:81
# Django Project
LoadFile "e:/python/python39.dll"
LoadModule wsgi_module "e:/python/lib/site-packages/mod_wsgi/server/mod_wsgi.cp39-win_amd64.pyd"
WSGIPythonHome "e:/python"
SetEnvIfNoCase ^X-CC.CN$ ^(.*)$ fix_accept_encoding=$1
RequestHeader set X-CC-CN %{fix_accept_encoding}e env=fix_accept_encoding
WSGIPassAuthorization On
WSGIApplicationGroup %{GLOBAL}
WSGIScriptAlias / "E:/myapp/app/DjangoWebProject1/DjangoWebProject1/wsgi.py"
<Directory "E:/myapp/app/DjangoWebProject1/DjangoWebProject1">
<Files wsgi.py>
Require all granted
</Files>
</Directory>
Alias /static "E:/myapp/app/DjangoWebProject1/app/static"
<Directory "E:/myapp/app/DjangoWebProject1/app/static/">
Require all granted
</Directory>
<IfModule log_forensic_module>
ForensicLog e:/myapp/logs/forensic.log
</IfModule>
/app CONF relevant info
Listen 0.0.0.0:92
Servername myserver:92
# Django Project
LoadFile "e:/python/python39.dll"
LoadModule wsgi_module "e:/python/lib/site-packages/mod_wsgi/server/mod_wsgi.cp39-win_amd64.pyd"
WSGIPythonHome "e:/python"
SetEnvIfNoCase ^X-CC.CN$ ^(.*)$ fix_accept_encoding=$1
RequestHeader set X-CC-CN %{fix_accept_encoding}e env=fix_accept_encoding
WSGIPassAuthorization On
WSGIApplicationGroup %{GLOBAL}
WSGIScriptAlias /otherapp "E:/Otherapp/app/APPWebProject/APPWebProject/wsgi.py"
<Directory "E:/Otherapp/miles/APPWebProject/APPWebProject">
<Files wsgi.py>
Require all granted
</Files>
</Directory>
Alias /miles/static "E:/Otherapp/app/APPWebProject/app/static"
<Directory "E:/Otherapp/app/APPWebProject/app/static/">
Require all granted
</Directory>
<IfModule log_forensic_module>
ForensicLog e:\Otherapp\logs\forensic.log
</IfModule>
Thanks - that’s very helpful.
It appears from this that any url starting with “/otherapp” is going to be handled by the instance on port 92, and anything else is going to be directed to port 81. Superficially then, you’d want to find out what the last view being handled by these users is, to see what’s linking them to the other application.
So, I’d look for a case where this is occurring, maybe find some entries in the nginx log where a reference to /otherapp is followed by a reference to /something-else for the same IP address, and dig into those views to see if something isn’t being handled correctly from a url-generation perspective.
(This doesn’t appear to me to be in any way a system-configuration issue. My gut hunch for this is that this is an application issue - a redirect or page reference that is not propery getting prefixed with /otherapp.)
So I looked in the nginx logs as I’ve looked in the logs before and while there was still nothing of note in there, I did notice there was a 404 for favicon.ico. I didn’t think this was a big deal and didn’t pay no attention, but then I watched the server logs and recreated the redirect and noticed that the 404 for favicon.ico shows up in the logs every single time right before the redirect to the server running on root “/” . I’m not sure if this qualifies as a “bug” on nginx or apache, but it seems that when it can’t find the favicon.ico in /whatever/, then it looks in / and then the user is redirected to the / server from there forward.
So, placing a favicon.ico in app/static/img and then referencing it in the head in base.html with
<link rel="shortcut icon" href="{% static 'img/favicon.ico' %}"/>
seems to have done the trick. Been running all day and no redirects.