I have a nginx file configured to redirect my www address to non-www. It works correctly but when I try to get an ssl certificate for the www address it fails with a 404 error.
I wouldn't bother with it but I'm trying to improve SEO and the www address returns ERR_TLS_CERT_ALTNAME_INVALID for the https site which seems to reduce SEO.
Any help would be much appreciated.
Here's my nginx config for the redirects. I also have an A name DNS record with the www address setup, would that affect it?
server {
listen 80;
server_name www.example.com.au;
return 301 https://example.com.au$request_uri;
}
server {
listen 443 ssl;
access_log /var/log/nginx/domain.access.log;
error_log /var/log/nginx/domain.error.log debug;
server_name www.example.com.au;
ssl certificates...
return 301 https://example.com.au$request_uri;
}
In my case the following snippet solved it for me (adding the root and location blocks):
server {
listen 80;
server_name www.example.com.au;
root /var/www/letsencrypt;
location /.well-known/acme-challenge/ {
default_type "text/plain";
try_files $uri =404;
}
location / {
return 301 https://example.com.au$request_uri;
}
}
Related
so I manage the domain britoanderson.com and I am trying to get ssl to work on it.
I used certbot to make the certificate for both www. subdomain and the main britoanderson.com domain.
I set up cloudflare to "Full" encryption mode.
For some reason, the SSL certificate works on https://www.britoanderson.com/ but not on https://britoanderson.com/ where the website just refuses to open.
Here is my nginx default file:
server {
if ($host = www.britoanderson.com) {
return 301 https://www.$host$request_uri;
} # managed by Certbot
if ($host = britoanderson.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html/;
index index.php index.html index.htm;
server_name britoanderson.com www.britoanderson.com;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl on;
ssl_certificate /etc/letsencrypt/live/britoanderson.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/britoanderson.com/privkey.pem; # managed by Certbot
root /var/www/html/;
index index.php index.html index.htm;
server_name britoanderson.com www.britoanderson.com;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
}
Both A records for the main domain britoanderson.com and the subdomain www have been set on cloudflare.
What am I doing wrong? Why does the main website just refuse to open?
Do you have restarted nginx after issuing the certificates? I can only access the http site, but not the https-site, so it looks like your https-forwarding which was done by certbot isn't working yet too.
Turns out my PC was giving me a DNS_PROBE_FINISHED_NXDOMAIN while the actual error was within the redirects. Removing the
if ($host = www.britoanderson.com) {
return 301 https://www.$host$request_uri;
} # managed by Certbot
if ($host = britoanderson.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
fixed the issue
I have 2 virtual hosts configured in nginx and both using ssl in a way that http://www.firstsite.com redirects to https://www.firstsite.com and it works correctly, the problem is that http://www.secondsite.com is not redirecting to https://www.secondsite.com, but to https://www.firstsite.com
this is the first config file
server {
listen 80;
return 301 https://www.dianadelvalle.com$request_uri;
server_name www.dianadelvalle.com;
}
server{
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/www.koohack.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.koohack.com/privkey.pem;
root /home/pi/www.dianadelvalle.com/;
index commingsoon.html index.html index.htm index.nginx-debian.html;
server_name www.dianadelvalle.com;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# max upload size
client_max_body_size 5M; # adjust to taste
location / {
try_files $uri $uri/ =404;
}
}
and the second config file:
# the upstream component nginx needs to connect to
upstream django {
server unix:///home/pi/koohack/mysite.sock; # for a file socket
#server 127.0.0.1:8001; # for a web port socket (we'll use this first)
}
server {
listen 80;
server_name www.koohack.com;
return 301 https://www.koohack.com$request_uri;
}
# configuration of the server
server {
listen 443 ssl;
server_name www.koohack.com;
ssl_certificate /etc/letsencrypt/live/www.koohack.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.koohack.com/privkey.pem;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# max upload size
client_max_body_size 15M; # adjust to taste
if (-f /home/pi/koohack/.maintenance) {
return 503;
}
error_page 503 #maintenance;
location #maintenance {
rewrite ^(.*)$ /home/pi/koohack/static/maintenance.html break;
}
# Django media
location /media {
alias /home/pi/koohack/media; # your Django project's media files - amend as required
}
location /static {
alias /home/pi/koohack/static; # your Django project's static files - amend as required
}
# Finally, send all non-media requests to the Django server.
location / {
uwsgi_pass django;
include /etc/nginx/uwsgi_params; # the uwsgi_params file you installed
}
location /.well-known {
alias /home/pi/koohack/.well-known;
}
}
I spared the server name, log and certificate paths for clarity. What I'm doing wrong? Any suggestions?
Necessary note: I already looked to this possible answer to avoid content duplication but it didn't help
You may have the following configs:
server_name my.domain.com;
ssl_certificate /etc/nginx/chain.pem;
ssl_certificate_key /etc/nginx/my.domain.key;
Check that your second site is also listening on ssl ports.
listen 443 ssl;
listen [::]:443 ssl;
If the 2nd site is missing the listening config, it will redirect to default, regardless of the ssl certificate configs.
Here's the situation:
Old domain (none-SSL) let's call it "no-ssldomain.com"
New domain (with-SSL) let's call it "ssldomain.com"
Both domain points to the same SERVER. So using both domains work.
No-ssldomain.com has been running for 7 years, but since my sought after domain name is now available, i registered it with SSL and trying to move to it for good.
It is running on Wordpress, and all permalinks work, all redirects work. Old no-ssldomain.com nested links redirect perfectly to new ssldomain.com. So no google penalties. Nice.
What my current config does (used semicolon because I cannot post more than 2 links):
if you enter: http;//no-ssldomain.com > redirects to > https;//ssldomain.com
if you enter: https;//no-ssldomain.com > redirects to > https;//ssldomain.com
if you enter: http;//no-ssldomain.com/xx/xx/xx > redirects to > https;//ssldomain.com/xx/xx/xx
But found 1 annoying problem.
if you enter: https;//no-ssldomain.com/xx/ it opens the webpage using the no-ssldomain.com and has an insecure warning. It doesn't redirect to the new ssldomain.com. So how can I redirect it properly?
Here's my server config:
server {
listen 80;
server_name no-ssldomain.com;
location / {
rewrite "/([0-9]{4})/([0-9]{2})/(.*)" http://$host/$3 permanent;
}
if ($host = "no-ssldomain.com") {
return 301 https://ssldomain.com$request_uri;
}
}
server {
listen 80;
listen 443;
ssl on;
ssl_certificate /xxx/xxx/ssldomain_com.chained.crt;
ssl_certificate_key /xxx/xxx/server.key;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.php;
server_name ssldomain.com;
location /wp-admin {
index index.php;
}
location / {
index index.php;
rewrite "/([0-9]{4})/([0-9]{2})/(.*)" https://ssldomain.com/$3 permanent;
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
}
I found the answer after an hour of trying.
What I did is install a free certificate from Let's Encrypt for the no-ssldomain.com, and now I can listen to port 443 for the said domain.
Then change the first "server" section of my config to:
server {
listen 80;
listen 443;
#ssl on;
ssl_certificate /etc/letsencrypt/live/xxxx.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/keys/0000_key-certbot.pem;
server_name no-ssldomain.com www.no-ssldomain.com;
return 301 https://ssldomain.com$request_uri;
}
And then everything worked as expected! Thanks!
On startssl.com I received a certificate. Nginx set up as follows:
server {
listen 80;
server_name ***;
location / {
root /usr/html/***;
index index.html index.htm;
}
return 301 https://***$request_uri;
}
server {
listen 433 ssl;
server_name ***;
ssl_certificate /etc/ssl/nginx/***.pem;
ssl_certificate_key /etc/ssl/nginx/***.key;
location / {
root /usr/html/***;
index index.html index.htm;
}
}
When you attempt to visit the site of the browser issues:ERR_CONNECTION_REFUSED
What is my problem?
How to solve my problem?
Set port 433, and 443 should be!
I have a server that runs both development and staging instances of a site and each version has to answer on ports 80 & 443. The staging instance -- there's only one -- works exactly as I'd expect, but the development instances -- configured for each user -- loads a given page on either protocol directly just fine, but if I'm on a page on one port and try to link to the other it fails.
My Config
server {
listen 80;
server_name ~^dev\.(?<username>[^.]+)\.client\.tld\.net$
~^(?<username>[^.]+)\.client\.dev\.tld\.net$
~^(?<username>[^.]+)\.dev\.client\.tld\.net$;
location / {
rewrite ^(.*) http://$username.client.tld.net$1 permanent;
}
}
# This is the primary host that will ultimately answer requests.
server {
listen 80;
server_name ~^(?<username>[^.]+)\.client\.tld\.net$;
root /home/$username/client/www/app/webroot;
index index.php;
access_log /var/log/nginx/client.sandbox.access.log;
error_log /var/log/nginx/client.sandbox.error.log;
location / {
try_files $uri $uri/ /index.php?url=$uri;
}
location ~ \.php$ {
include /etc/nginx/conf/php;
}
include /etc/nginx/conf/expire_content;
include /etc/nginx/conf/ignore;
}
server {
listen 443 ssl;
server_name ~^dev\.(?<username>[^.]+)\.client\.tld\.net$
~^(?<username>[^.]+)\.client\.dev\.tld\.net$
~^(?<username>[^.]+)\.dev\.client\.tld\.net$;
location / {
rewrite ^(.*) https://$username.client.tld.net$1 permanent;
}
}
# This is the primary host that will ultimately answer requests.
server {
listen 443 ssl;
server_name ~^(?<username>[^.]+)\.client\.tld\.net$;
root /home/$username/client/www/app/webroot;
index index.php;
include /etc/nginx/conf/ssl;
access_log /var/log/nginx/client.sandbox.access.log;
error_log /var/log/nginx/client.sandbox.error.log;
location / {
try_files $uri $uri/ /index.php?url=$uri;
}
location ~ \.php$ {
include /etc/nginx/conf/php;
}
include /etc/nginx/conf/expire_content;
include /etc/nginx/conf/ignore;
}
Any idea where I've borked up my config?
First of all, there is no need to create four separate configurations, as both your servers (HTTP and HTTPS) have exactly the same body. You can use the $scheme variable which contains either http or https according to the context your're just working in (for the redirects). Secondly I don't see any root declaration in your dev configuration, also no certificates which might cause problems with browsers.
Other then that the configuration looks okay to me (well, you could move the index declaration to your http configuration; so you don't have to repeat it all the time).
Please check out the following (commented) example configuration I made up for you. Maybe it helps.
# Put this in http context!
index index.php;
server {
# One server configuration to rule them all!
listen 80;
listen 443 ssl;
# Seems legit.
server_name ~^dev\.(?<username>[^.]+)\.client\.tld\.net$
~^(?<username>[^.]+)\.client\.dev\.tld\.net$
~^(?<username>[^.]+)\.dev\.client\.tld\.net$;
# Where am I?
#root /home/$username/client/www/app/webroot;
# No wildcard certificate? No need to specify /etc/nginx as all paths
# in the configuration are relative to the installation path.
#include conf/ssl;
location / {
# May work as well, can't test.
#rewrite ^(.*) $scheme://$server_name$1 permanent;
rewrite ^(.*) $scheme://$username.client.tld.net$1 permanent;
}
}
server {
listen 80;
listen 443 ssl;
server_name ~^(?<username>[^.]+)\.client\.tld\.net$;
root /home/$username/client/www/app/webroot;
include conf/ssl;
access_log /var/log/nginx/client.sandbox.access.log;
error_log /var/log/nginx/client.sandbox.error.log;
location / {
try_files $uri $uri/ /index.php?url=$uri;
}
location ~ \.php$ {
include conf/php;
}
include conf/expire_content;
include conf/ignore;
}