We Keep Coding

error using nginx to forward https on centos7

I deployed .net core website using docker on centos.
Then I tried to use nginx for forwarding, but when I only used http to access it without any problems. If I use https I get a 403 error.
I have tried the following solutions: modify permissions, modify users, modify configuration files, but to me they are useless.
Below is my configuration file.
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user root;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
index index.html index.htm;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
# Settings for a TLS enabled server.
#
# server {
# listen 443 ssl http2 default_server;
# listen [::]:443 ssl http2 default_server;
# server_name _;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/pki/nginx/server.crt";
# ssl_certificate_key "/etc/pki/nginx/private/server.key";
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# location / {
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
# web config(blog)
server {
listen 80;
server_name www.changqingmao.com changqingmao.com;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:5001;
}
}
}
server {
listen 443 ssl;
server_name www.changqingmao.com changqingmao.com;
root /root/core/web;
ssl_certificate "/root/core/webCer/1_www.changqingmao.com_bundle.crt";
ssl_certificate_key "/root/core/webCer/2_www.changqingmao.com.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
#root /usr/share/nginx/html;
root /root/core/web;
index index.html index.htm;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
server
{
listen 80;
server_name www.changqingmao.com changqingmao.com;
rewrite ^(.*) https://$host$1 permanent;
}
error message:[error] 26994#0: *2 directory index of "/root/core/web/" is forbidden, client: 218.88.84.85, server: www.changqingmao.com, request: "GET / HTTP/1.1", host: "www.changqingmao.com"
I placed the file after posting in"/root/core/web"

Non www version redirect to nginx default page instead of website how can i fix?

Non www version redirect to nginx default page instead of website how can i fix this?
https://www works fine
http://www works fine
https:// works fine
But http:// don't work people get to the default nginx page instead of website
Here is my nginx config file:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /var/www/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
# Settings for a TLS enabled server.
#
# server {
# listen 443 ssl http2 default_server;
# listen [::]:443 ssl http2 default_server;
# server_name _;
# root /var/www/html;
#
# ssl_certificate "/etc/pki/nginx/server.crt";
# ssl_certificate_key "/etc/pki/nginx/private/server.key";
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
# ssl_ciphers PROFILE=SYSTEM;
# ssl_prefer_server_ciphers on;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# location / {
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
}
My issue is I can't seem to make it redirect from http://example.com to https://www.example.com instead showing nginx standard page.
return 301 https://$host$request_uri; i tried this as well and still not working
P.S. Also I am using apache to with nginx in combination
How can I fix?
Thanks

The nginx redirection will looks like
server {
listen 80;
server_name yourdomain.com;
access_log off;
return 301 https://www.yourdomain.com$request_uri;
}
server {
server_name yourserveripaddress;
access_log off;
return 301 https://www.yourdomain.com$request_uri;
}
server {
listen 443 ssl;
server_name yourdomain.com;
ssl_certificate /etc/nginx/ssl/yourdomain.com.chained.crt;
ssl_certificate_key /etc/nginx/ssl/yourdomain_com.key;
access_log off;
return 301 https://www.yourdomain.com$request_uri;
}

nginx is giving 404 error on page reload of my production vue-cli app

I know this is a known problem even explained in vue-cli docs when you use history mode in Vue Router.
If you are using Vue Router in history mode, a simple static file server will fail. For example, if you used Vue Router with a route for /todos/42, the dev server has been configured to respond to localhost:3000/todos/42 properly, but a simple static server serving a production build will respond with a 404 instead.
To fix that, you will need to configure your production server to
fallback to index.html for any requests that do not match a static
file.
But I'm already doing this in my config file and the problem persists when I reload the page manually.
server {
listen 80;
server_name my.domain.name.com;
rewrite ^ https://$server_name$request_uri permanent;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name my.domain.name.com;
root /var/www/my-frontend-dist-root;
location / {
try_files $uri $uri/ /index.html;
}
location ~*.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|ta$
expires 365d;
log_not_found off;
access_log off;
}
access_log /var/log/nginx/my.access.log;
error_log /var/log/nginx/my.error.log debug;
ssl on;
ssl_certificate /etc/letsencrypt/live/my.domain.name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my.domain.name/privkey.pem;
keepalive_timeout 60;
ssl_ciphers "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aN$
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/ssl/dhp-2048.pem;
proxy_buffers 16 64k;
proxy_buffer_size 128k;
}
What am I missing?

ERR_CONNECTION_REFUSED on nginx Raspberry Pi Home Server

Basically, I have created a site and purchased an SSL certificate. Everything worked fine, I linked up the certificate in the config of the site, but then it suddenly stopped working. My linked site configuration, where I replaced my site with 'example.com', is as follows:
server {
listen 80 default_server;
listen [::]:80 default_server;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
# Get SSL setup
ssl on;
ssl_certificate /etc/nginx/ssl/site.crt;
ssl_certificate_key /etc/nginx/ssl/site.key;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_session_timeout 1d;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:50m;
# Enable HSTS ( see http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security )
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/ssl/site.crt;
resolver 8.8.8.8;
server_name www.example.com example.com;
root /var/www/html;
index index.php index.html index.htm;
error_log /var/www/html/logs/error.log;
access_log /var/www/html/logs/access.log;
error_page 404 /404.html;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
Now, my site doesn't even work on a local IP address (192.168.1.x). Can someone please offer a solution?
Thank you.

Nginx config for WSS

I am having a problem in connecting through WSS to my server. I followed the following article to setup nginx with websockets: http://www.letseehere.com/reverse-proxy-web-sockets
The following is my nginx config which serves a Play! application:
#user nobody;
worker_processes 1;
error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
tcp {
upstream websockets {
## Play! WS location
server 127.0.0.1:9000;
}
server {
listen 80;
listen 8000;
server_name socket.domain.com;
tcp_nodelay on;
proxy_pass websockets;
proxy_send_timeout 300;
}
# virtual hosting
#include /usr/local/nginx/vhosts/*;
}
http {
server {
listen 443 ssl;
server_name socket.artoo.in;
ssl_certificate /usr/local/nginx/key/socket.domain.com.crt;
ssl_certificate_key /usr/local/nginx/key/socket.domain.com.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:9000;
}
}
}
While the server is accessible on http://socket.domain.com, https://socket.domain.com, ws://socket.domain.com but not wss://socket.domain.com

I was able to put together a guide in Q&A format that shows you how to do all of this with NGINX modules, much easier ;)
NGINX to reverse proxy websockets AND enable SSL (wss://)?
You will need to rebuild NGINX and follow the config in the question above.

I have at least solved it for the short term by using stunnel (referring to this article: http://www.darkcoding.net/software/proxy-socket-io-and-nginx-on-the-same-port-over-ssl/).
Stunnel can convert HTTPS to HTTP and by that token WSS to WS. Nginx served the socket application running on 9000 port as usual:
/etc/stunnel/stunnel.conf
[https]
accept = 443
connect = 80
TIMEOUTclose = 0
/usr/local/nginx/conf/nginx.conf
#user nobody;
worker_processes 1;
error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
tcp {
upstream websockets {
## Play! WS location
server 127.0.0.1:9000;
check interval=3000 rise=2 fall=5 timeout=1000;
}
server {
listen 80;
listen 8000;
server_name socket.artoo.in;
tcp_nodelay on;
proxy_pass websockets;
proxy_send_timeout 300;
}
# virtual hosting
#include /usr/local/nginx/vhosts/*;
}
#http {
#
# server {
# listen 443 ssl;
# server_name socket.artoo.in;
#
# ssl_certificate /usr/local/nginx/key/socket.domain.com.crt;
# ssl_certificate_key /usr/local/nginx/key/socket.domain.com.key;
#
# ssl_session_timeout 5m;
#
# ssl_protocols SSLv2 SSLv3 TLSv1;
# ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
# ssl_prefer_server_ciphers on;
#
# location / {
# proxy_pass http://127.0.0.1:9000;
# }
# }
#}
Now the only thing I need to worry about is how to increase the timeout for websockets on nginx, the connection seems to be breaking every 75 secs (default for nginx).