FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Having an issue with nginx in front of FusionAuth

    Scheduled Pinned Locked Moved Unsolved
    Q&A
    2
    3
    2.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • danD
      dan
      last edited by

      I use FusionAuth with nginx as a reverse proxy in front of it. After upgrading to version 1.41, I see this error message:

      2022/11/28 01:59:25 [error] 28#28: *1 upstream prematurely closed connection while reading response header from upstream, client: 192.168.0.1, server: , request: "GET / HTTP/1.1", upstream: "http://192.168.0.2:9011/", host: "localhost"

      This was working before I upgraded. I was using version 1.36 before.

      --
      FusionAuth - Auth for devs, built by devs.
      https://fusionauth.io

      1 Reply Last reply Reply Quote 1
      • danD
        dan
        last edited by

        Ah, the answer is that Nginx defaults to HTTP/1.0 and if you are on a recent version of FusionAuth, this protocol is not supported by our HTTP server (HTTP 1.1 was, after all, released in 1997 🙂 ).

        The remedy is to update your Nginx configuration to use a later protocol with this change:

        proxy_http_version 1.1;

        Hope that helps.

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        1 Reply Last reply Reply Quote 2
        • D
          dariusz.ban
          last edited by

          Hi Guys,
          Your reply helped me as well. Thank you. I'm still struggling with the issue of rewriting /admin when using subpath.
          When I click login icon I'm redirected with 302 to $host/admin not $host/fa/admin
          This happened after I updated my FA.

          location /fa/ {
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Accept-Encoding "";
        sub_filter       'action="/'  'action="/fa/';
        sub_filter       'href="/'  'href="/fa/';
        sub_filter       'href="/admin/'  'href="/fa/admin/';
        sub_filter       'src="/images'  'src="/fa/images';
        sub_filter       'src="/js'  'src="/fa/js';
        sub_filter_once  off;
        proxy_pass http://localhost:9011/;
    }
location ~^/(?<fusionPath>(oauth2|admin|ajax|login|password|js/identityProvider))/ {
            proxy_pass       http://127.0.0.1:9011/$fusionPath/;
            # https://fusionauth.io/docs/v1/tech/admin-guide/proxy-setup#how-to-use-a-proxy
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Server $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Accept-Encoding "";
            sub_filter       'action="/'  'action="/fa/';
            sub_filter       'href="/'  'href="/fa/';
            sub_filter       'src="/images'  'src="/fa/images';
            sub_filter       'src="/admin'  'src="/fa/admin';
            sub_filter       'src="/js'  'src="/fa/js';
            sub_filter_once  off;
        }
          1 Reply Last reply Reply Quote 0
          • danD dan referenced this topic on
          • danD dan referenced this topic on
          • danD dan referenced this topic on
          • First post
            Last post