Tag Archives: nginx

OwnCloud connection to server error

Owncloud-logo
The OwnCloud is great replacement of google, yandex, dropbox disks. It is really useful and convenient tool to manage your private data.

There are few ways to connect to you server:
- web dav directly from OS
- browser access
- iOS/Android mobile OS

If you OwnCloud service is behind the Nginx server with SSL protection, you can see the next error when access from mobile client:

it is not possible to connect to the server at this time

After spending few days in searching the solution on forum https://forum.owncloud.org no one fix helped.

I paid attention in Admin panel on “Security & setup warnings” section:

The "Strict-Transport-Security" HTTP header 
is not configured to least "15768000" seconds. 
For enhanced security we recommend enabling HSTS 
as described in our security tips.

So, go ahead!

Just add the header to Nginx config (Strict-Transport-Security):

add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";

Restart Nginx and voila – mobile client will ask you to accept SSL certificate!

Install and configure Nginx web-server


This is lightweight and great web server. I like use it as a frontend web server on 80 port. So, let’s configure.

1. File conf/nginx.conf:

worker_processes 1;
events { worker_connections 1024; }

#[ debug | info | notice | warn | error | crit ]
error_log logs/error.log info;

http {
    include mime.types;
    default_type application/octet-stream;

	client_header_timeout  3m;
    client_body_timeout    3m;
    send_timeout           3m;

    client_header_buffer_size    1k;
    large_client_header_buffers  4 4k;

    output_buffers   1 32k;
    postpone_output  1460;

    sendfile         on;
    tcp_nopush       on;
    tcp_nodelay      on;

    keepalive_timeout  75 20;
	
	server_names_hash_bucket_size 64;
	access_log off;

    server {
        listen 80;
        server_name localhost;
        location / { root html; index index.html index.htm; }
        error_page 500 502 503 504 /50x.html;
        location = /50x.html { root html; }
    }

	#[ JIRA ]
	upstream jira { server 127.0.0.1:7000; }
	server { listen 80; server_name jira.yoursitename.com www.jira.yoursitename.com; location / { proxy_pass http://jira; include proxy.conf; } }
	
	#[ SVN ]
	upstream svn { server 127.0.0.1:8000; }
	server { listen 80; server_name svn.yoursitename.com www.svn.yoursitename.com; location / { proxy_pass http://svn; include proxy.conf; } }

	#[ IIS ]
	upstream iis { server 127.0.0.1:8080; }
	server {
		listen 80;
		server_name 
			404.yoursitename.com www.404.yoursitename.com 
			otheryoursitename.com www.otheryoursitename.com 
		;
		location / { proxy_pass http://iis; include proxy.conf; }
	}
}

2. File conf/proxy.conf:

proxy_redirect              off;
proxy_set_header            Host $host;
proxy_set_header            X-Real-IP $remote_addr;
proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size        10m;
client_body_buffer_size     128k;
proxy_connect_timeout       90;
proxy_send_timeout          90;
proxy_read_timeout          90;
proxy_buffer_size           4k;
proxy_buffers               4 32k;
proxy_busy_buffers_size     64k;
proxy_temp_file_write_size  64k;

3. If you are using Windows OS, configure service launcher. I usually use Service Wrapper – creates a wrapper executable that can be used to host any executable as an Windows service.

  
 nginx  
  nginx  
  nginx  
  C:\SERVER\nginx\nginx.exe  
  C:\SERVER\nginx\logs\  
  append  
  Apache2.2  
  -p C:\SERVER\nginx  
  -p C:\SERVER\nginx -s stop  
 

Now run!

P.S. Also, you need to install Application Request Routing (ARR) for IIS.