I know this is a known problem even explained in vue-cli docs when you use history mode in Vue Router.
If you are using Vue Router in history mode, a simple static file server will fail. For example, if you used Vue Router with a route for /todos/42, the dev server has been configured to respond to localhost:3000/todos/42 properly, but a simple static server serving a production build will respond with a 404 instead.
To fix that, you will need to configure your production server to
fallback to index.html for any requests that do not match a static
file.
But I'm already doing this in my config file and the problem persists when I reload the page manually.
server {
listen 80;
server_name my.domain.name.com;
rewrite ^ https://$server_name$request_uri permanent;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name my.domain.name.com;
root /var/www/my-frontend-dist-root;
location / {
try_files $uri $uri/ /index.html;
}
location ~*.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|ta$
expires 365d;
log_not_found off;
access_log off;
}
access_log /var/log/nginx/my.access.log;
error_log /var/log/nginx/my.error.log debug;
ssl on;
ssl_certificate /etc/letsencrypt/live/my.domain.name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my.domain.name/privkey.pem;
keepalive_timeout 60;
ssl_ciphers "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aN$
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/ssl/dhp-2048.pem;
proxy_buffers 16 64k;
proxy_buffer_size 128k;
}
What am I missing?
Related
I have a container with nginx (reverse proxy) and currently I have this configuration for when the user enters the following url (http://panels-cliente1.company.com) the page loads:
upstream panels-cliente1.company.com {
server 172.20.1.100:3000;
}
server {
server_name panels-cliente1.company.com;
listen 443 ssl http2 ;
access_log /var/log/nginx/access.log vhost;
#Limite de subida de ficheros en Nginx
client_max_body_size 50M;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/cert.crt;
ssl_certificate_key /etc/nginx/certs/cert.key;
add_header Strict-Transport-Security "max-age=31536000" always;
location / {
proxy_pass http://panels-cliente1.company.com;
}
}
but I would like to see how to add another url to enter the same container, I mean having:
http://panels-cliente1.company.com
http://panels-cliente1.company.com
and with both links enter the server and when client1 is browsing it always sees "client1" and the same for client2, always in the url "client2" appears
I try adding in the server_name and in the upstream the 2 urls , but I'm not sure what to add in the location
Can I do something like what i describe?
It's been two days that I've been trying to configure my website in https but nothing works.
Here is my configuration file :
worker_processes 1;
error_log logs/error.log info;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 9998 ssl;
server_name mysubdomain.domain.fr;
ssl_certificate "C:/path_to_cert.crt";
ssl_certificate_key "C:/path_to_rsa.rsa";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
On firefox I have PR_CONNECT_RESET_ERROR.
And with openssl -connect :
4384:error:0200274C:system library:connect:reason(1868):crypto\bio\b_sock2.c:110:
4384:error:2008A067:BIO routines:BIO_connect:connect error:crypto\bio\b_sock2.c:111:
connect:errno=0
Am I missing something?
Thank you in advance for your help
After several days of searching for the source of the problem, it turned out that it came from IIS installed on this computer and previously configured on this port which was blocking the connection.
I've been seeing a ton of info about reverse proxies and nginx but I'm a little lost on how to implement. I am running two separate EC2 instances (front and back end, with back end running pm2). I have SSL established on the front using LetsEncrypt, and it won't allow me to hit my backend because of Mixed Content. What should I do?
nginx.conf
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name domain;
location / {}
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name localhost;
root /insert/root/here;
ssl_certificate "/path/to/cert";
ssl_certificate_key "/path/to/key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP;
ssl_prefer_server_ciphers on;
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
It looks like browser complains at your html content because it has hard-coded "http://" references to external resources, like javascript, fonts etc.
It does not mean that it can't reach backend due to this "mixed-content" issue.
I see no proxy_pass (or fastcgi_pass) directives in your config (which should pass requests to your upstream backend server) so probably that is an real reason why you can't reach your backend.
Your configuration should look like this:
server {
listen 443 ssl;
root /here/are/your/static/files/; # here you can place static html, css, js etc files from your backend to offload backend from serving static files - nginx will take care of them.
...
location / {
#this means that nginx will forward requests to backend server in case request does not match local static file.
try_files $uri $uri/ #backend;
}
location #backend {
#....
proxy_pass http://backend-server-ip-address:backend-port
}
}
I am using a ssl certificate provided by comodo that seems to me to be propely configured because my website is showing the https correctly. However, I am getting 502 Bad Gateway when I access my store with ssl.
I am using nginx server and this is how I am doing this.
server {
root /var/www/html/public/;
index index.php index.html;
listen 80 default_server;
error_log /var/log/nginx/error-zzdefault.log;
access_log /var/log/nginx/access-zzdefault.log;
location / {
proxy_pass http://magento/;
}
location /phpmyadmin/ {
proxy_pass http://phpmyadmin/;
}
}
server {
listen 443 ssl;
server_name mydomain.com.br;
keepalive_timeout 70;
ssl_certificate /etc/nginx/ssl/mydomain-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/mydomain.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
error_log /var/log/nginx/error-zzdefault.log;
access_log /var/log/nginx/access-zzdefault.log;
root /var/www/html/public/;
index index.php index.html;
location / {
proxy_pass https://magento/;
}
}
Alter the proxy_pass on the second server location who has SSL certified:
The Ip 32.999.999.999:80 should be your server main Ip address. Passing
the default port 80.
location / {
proxy_pass http://32.999.999.999:80;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Host $host; }
I'm trying to serve multiple TLS-secured domains out of a single VPS with Nginx v1.8.0, but for some reason it's just not taking the certificate configuration in the server block. When I put the ssl_certificate and ssl_certificate_key directives in the http block, it works fine. But when I try to put them into the server block instead, there are no errors at startup, nothing in the logs, but chrome gives me an ERR_CONNECTION_CLOSED message. This has to be easier than it seems....
Here's the setup that works:
nginx -V output:
nginx version: nginx/1.8.0
built by gcc 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04)
built with OpenSSL 1.0.1f 6 Jan 2014
TLS SNI support enabled
My main nginx.conf:
user http;
worker_processes 3;
pid /var/run/nginx.pid;
error_log /var/log/nginx_error.log error;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type text/plain;
sendfile on;
keepalive_timeout 65;
index index.php index.html;
log_format main '$remote_addr - $remote_user [$time_local], "$scheme://$host$request_uri", '
'file: "$request_filename", http: $status, sent: $body_bytes_sent, ref: "$http_referer", '
'"$http_user_agent", "$http_x_forwarded_for"';
access_log /var/log/nginx_access.log main;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
server {
listen 80;
server_name "";
return 410;
}
ssl_certificate /etc/letsencrypt/live/site1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site1.com/privkey.pem;
include vhosts/*.conf;
}
My vhosts directory listing:
site1.conf
site2.conf
And finally, my site1.conf file (site2.conf is essentially the same):
# Server block that redirects www.site1.com requests to site1.com
server {
listen 443;
server_name www.site1.com;
return 301 https://site1.com$request_uri;
}
# Server block that serves site1.com;
server {
listen 443 ssl;
server_name site1.com;
root /srv/www/site1/public_html;
index index.php index.html index.htm;
error_log /var/log/nginx_err_site1.log error;
access_log /var/log/nginx_acc_site1.log main;
include global_restrictions.conf;
location / {
try_files $uri /index.php?q=$uri&$args;
}
location ~ \.php$ {
try_files $uri = 404;
include fastcgi_params;
fastcgi_pass unix:/var/run/php-fpm_site1.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
As you can see, the ssl... directives are in the main configuration file http block. That configuration works fine. If I remove them from that location, however, and put them into the server block of the site1.conf vhost file, as indicated below, I get the ERR_CONNECTION_CLOSED error.
# Server block that redirects www.site1.com requests to site1.com
server {
listen 443;
server_name www.site1.com;
return 301 https://site1.com$request_uri;
}
# Server block that serves site1.com;
server {
listen 443 ssl;
server_name site1.com;
root /srv/www/site1/public_html;
index index.php index.html index.htm;
ssl_certificate /etc/letsencrypt/live/site1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site1.com/privkey.pem;
error_log /var/log/nginx_err_site1.log error;
access_log /var/log/nginx_acc_site1.log main;
include global_restrictions.conf;
location / {
try_files $uri /index.php?q=$uri&$args;
}
location ~ \.php$ {
try_files $uri = 404;
include fastcgi_params;
fastcgi_pass unix:/var/run/php-fpm_site1.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
I just can't figure it out!
Thanks for any help you can offer.
Just got back to this after more than a month (ok, so my launch is a little delayed, whatever! ;) ).
Indeed, the answer was as easy as I supposed it had to be.
I had viewed those little "www." redirect blocks as simple bounces, and for some reason didn't feel I had to include information about the certificates in those blocks. However, because of the way secure connections work, the server has to fully establish a secured connection before issuing a response (i.e. redirect instruction), so because I wasn't including the certificate information in those little redirect blocks, it was giving me errors (and frustratingly, it wasn't telling me what those errors were).
So in the end, the solution was simply to add the valid ssl_certificate and ssl_certificate_key directives in each server block that listened on port 443. All works well now!
Just to fully illustrate the point, this is my updated and WORKING site1.conf (and site2.conf, which is virtually identical):
# Server block that redirects www.site1.com requests to site1.com
server {
listen 443 ssl;
server_name www.site1.com;
ssl_certificate /etc/letsencrypt/live/site1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site1.com/privkey.pem;
return 301 https://site1.com$request_uri;
}
# Server block that serves site1.com requests
server {
listen 443 ssl;
server_name site1.com www.site1.com;
root /srv/www/site1/public_html;
ssl_certificate /etc/letsencrypt/live/site1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site1.com/privkey.pem;
index index.php index.html index.htm;
error_log /var/log/nginx_err_site1.log error;
access_log /var/log/nginx_acc_site1.log main;
include global_restrictions.conf;
location / {
try_files $uri /index.php?q=$uri&$args;
}
location ~ \.php$ {
try_files $uri = 404;
include fastcgi_params;
fastcgi_pass unix:/var/run/php-fpm_site1.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
And my nginx.conf file now no longer has the ssl_certificate lines in it.