My nginx config is mostly working with https, all redirects from http to https are working except from https://example.com which needs redirect to https://www.example.com Can someone tell me where I'm going wrong?
I've tried adding the redirect in the server block listening to 443 for example.com to redirect to www.example.com but I had the same issue.
server {
server_name www.example.com;
index index.php index.html index.htm;
root /var/www/qc/public;
error_log /var/www/qc/error.log debug;
access_log /var/www/qc/access.log;
location / {
include /etc/nginx/mime.types;
index index.php;
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
listen 443 ssl; # managed by Certbot
location /phpmyadmin {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt$
root /usr/share/;
}
}
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # m$
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; #$
}
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name example.com;
return 404; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # m$
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; #$
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
server_name www.example.com example.com;
return 301 https://www.example.com$request_uri;
listen 80;
return 404; # managed by Certbot
}
I'd like the url https://example.com to redirect to https://www.example.com
In your example.com bracket, you don't need the "if ($host = example.com) {"
as you already delimit the hosts that enter this bracket by setting "server_name example.com;" . Also when you redirect to https://$host$request_uri; , you are redirecting to example.com, not to www.example.com, creating an infinite loop of redirections.
Hops this helps, this is the example.com config that should work:
server {
location / {
return 301 https://www.example.com$request_uri;
}
server_name example.com;
return 404; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # m$
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; #$
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
Related
so I manage the domain britoanderson.com and I am trying to get ssl to work on it.
I used certbot to make the certificate for both www. subdomain and the main britoanderson.com domain.
I set up cloudflare to "Full" encryption mode.
For some reason, the SSL certificate works on https://www.britoanderson.com/ but not on https://britoanderson.com/ where the website just refuses to open.
Here is my nginx default file:
server {
if ($host = www.britoanderson.com) {
return 301 https://www.$host$request_uri;
} # managed by Certbot
if ($host = britoanderson.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html/;
index index.php index.html index.htm;
server_name britoanderson.com www.britoanderson.com;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl on;
ssl_certificate /etc/letsencrypt/live/britoanderson.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/britoanderson.com/privkey.pem; # managed by Certbot
root /var/www/html/;
index index.php index.html index.htm;
server_name britoanderson.com www.britoanderson.com;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
}
Both A records for the main domain britoanderson.com and the subdomain www have been set on cloudflare.
What am I doing wrong? Why does the main website just refuse to open?
Do you have restarted nginx after issuing the certificates? I can only access the http site, but not the https-site, so it looks like your https-forwarding which was done by certbot isn't working yet too.
Turns out my PC was giving me a DNS_PROBE_FINISHED_NXDOMAIN while the actual error was within the redirects. Removing the
if ($host = www.britoanderson.com) {
return 301 https://www.$host$request_uri;
} # managed by Certbot
if ($host = britoanderson.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
fixed the issue
I'm getting 'mysite.com' redirected you too many times. Here is my nginx config.
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mysite.com;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
root /var/www/html/;
index index.php index.html;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
I'm using certbot and this is running on a ubuntu docker container, serving static html files.
The lock icon by the left side of the url shows its locked and the connection is secure.
I have migrated a website from physical server running apache to a virtual machine running nginx.
When I go to website direct link, website is up : http://www.via-ap.com
but when I go to Google and if I click on website on right panel, I get a 404 error.
see below :
https://www.google.fr/search?ei=Ri3jW4TXDZGalwSL46vQAQ&q=via+ap&oq=via+ap&gs_l=psy-ab.3...4929.5483.0.5646.6.5.0.0.0.0.0.0..0.0....0...1c.1.64.psy-ab..6.0.0....0.76V4PDLEtNM
I did these tests from many browsers and from private mode.
my default nginx vhost conf is :
server {
server_name _;
listen 80 default_server;
listen 443 ssl default_server;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
return 404;
}
and then each website have his own conf like this below :
server {
listen 80;
listen [::]:80;
server_name website.com;
return 301 https://www.$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.website.com website.com;
root /home/website/www/;
index index.html index.htm index.php;
access_log /var/log/nginx/website.access_log;
error_log /var/log/nginx/website.error_log info;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.2-fpm-website.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
include /etc/nginx/conf/website.conf; /* file where strict transport security headers are defined */
ssl_certificate /etc/letsencrypt/live/website.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/website.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/website.com/chain.pem;
include /etc/nginx/conf/ssl.conf;
}
Do you know why?
Thanks
L.
solution found.
on first server block (listen 80)
as you said first, I have added www.website.com in addition to website.com
then I have replaced return 301 https://www.$host$request_uri; by return 301 https://$host$request_uri;
I'm trying to serve multiple TLS-secured domains out of a single VPS with Nginx v1.8.0, but for some reason it's just not taking the certificate configuration in the server block. When I put the ssl_certificate and ssl_certificate_key directives in the http block, it works fine. But when I try to put them into the server block instead, there are no errors at startup, nothing in the logs, but chrome gives me an ERR_CONNECTION_CLOSED message. This has to be easier than it seems....
Here's the setup that works:
nginx -V output:
nginx version: nginx/1.8.0
built by gcc 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04)
built with OpenSSL 1.0.1f 6 Jan 2014
TLS SNI support enabled
My main nginx.conf:
user http;
worker_processes 3;
pid /var/run/nginx.pid;
error_log /var/log/nginx_error.log error;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type text/plain;
sendfile on;
keepalive_timeout 65;
index index.php index.html;
log_format main '$remote_addr - $remote_user [$time_local], "$scheme://$host$request_uri", '
'file: "$request_filename", http: $status, sent: $body_bytes_sent, ref: "$http_referer", '
'"$http_user_agent", "$http_x_forwarded_for"';
access_log /var/log/nginx_access.log main;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
server {
listen 80;
server_name "";
return 410;
}
ssl_certificate /etc/letsencrypt/live/site1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site1.com/privkey.pem;
include vhosts/*.conf;
}
My vhosts directory listing:
site1.conf
site2.conf
And finally, my site1.conf file (site2.conf is essentially the same):
# Server block that redirects www.site1.com requests to site1.com
server {
listen 443;
server_name www.site1.com;
return 301 https://site1.com$request_uri;
}
# Server block that serves site1.com;
server {
listen 443 ssl;
server_name site1.com;
root /srv/www/site1/public_html;
index index.php index.html index.htm;
error_log /var/log/nginx_err_site1.log error;
access_log /var/log/nginx_acc_site1.log main;
include global_restrictions.conf;
location / {
try_files $uri /index.php?q=$uri&$args;
}
location ~ \.php$ {
try_files $uri = 404;
include fastcgi_params;
fastcgi_pass unix:/var/run/php-fpm_site1.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
As you can see, the ssl... directives are in the main configuration file http block. That configuration works fine. If I remove them from that location, however, and put them into the server block of the site1.conf vhost file, as indicated below, I get the ERR_CONNECTION_CLOSED error.
# Server block that redirects www.site1.com requests to site1.com
server {
listen 443;
server_name www.site1.com;
return 301 https://site1.com$request_uri;
}
# Server block that serves site1.com;
server {
listen 443 ssl;
server_name site1.com;
root /srv/www/site1/public_html;
index index.php index.html index.htm;
ssl_certificate /etc/letsencrypt/live/site1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site1.com/privkey.pem;
error_log /var/log/nginx_err_site1.log error;
access_log /var/log/nginx_acc_site1.log main;
include global_restrictions.conf;
location / {
try_files $uri /index.php?q=$uri&$args;
}
location ~ \.php$ {
try_files $uri = 404;
include fastcgi_params;
fastcgi_pass unix:/var/run/php-fpm_site1.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
I just can't figure it out!
Thanks for any help you can offer.
Just got back to this after more than a month (ok, so my launch is a little delayed, whatever! ;) ).
Indeed, the answer was as easy as I supposed it had to be.
I had viewed those little "www." redirect blocks as simple bounces, and for some reason didn't feel I had to include information about the certificates in those blocks. However, because of the way secure connections work, the server has to fully establish a secured connection before issuing a response (i.e. redirect instruction), so because I wasn't including the certificate information in those little redirect blocks, it was giving me errors (and frustratingly, it wasn't telling me what those errors were).
So in the end, the solution was simply to add the valid ssl_certificate and ssl_certificate_key directives in each server block that listened on port 443. All works well now!
Just to fully illustrate the point, this is my updated and WORKING site1.conf (and site2.conf, which is virtually identical):
# Server block that redirects www.site1.com requests to site1.com
server {
listen 443 ssl;
server_name www.site1.com;
ssl_certificate /etc/letsencrypt/live/site1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site1.com/privkey.pem;
return 301 https://site1.com$request_uri;
}
# Server block that serves site1.com requests
server {
listen 443 ssl;
server_name site1.com www.site1.com;
root /srv/www/site1/public_html;
ssl_certificate /etc/letsencrypt/live/site1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site1.com/privkey.pem;
index index.php index.html index.htm;
error_log /var/log/nginx_err_site1.log error;
access_log /var/log/nginx_acc_site1.log main;
include global_restrictions.conf;
location / {
try_files $uri /index.php?q=$uri&$args;
}
location ~ \.php$ {
try_files $uri = 404;
include fastcgi_params;
fastcgi_pass unix:/var/run/php-fpm_site1.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
And my nginx.conf file now no longer has the ssl_certificate lines in it.
I'm moving my entire website from http to https
Since I have a few domains, I need to redirect then to the https version of my website.
The problem is that when I try to redirect the original domain from http to https, the nginx gives me a infinite loop.
Can you guys help me?
Here it is my config
server {
listen 80;
server_name www.domain.com.br domain.com.br w.domain.com.br ww.domain.com.br wwww.domain.com.br domain1.com.br www.domain1.com.br domain.com www.domain.com domain.net.br www.domain.net.br;
return 301 https://www.domain.com.br$request_uri;
}
server {
listen 443;
server_name domain.com.br w.domain.com.br ww.domain.com.br wwww.domain.com.br domain1.com.br www.domain1.com.br domain.com www.domain.com domain.net.br www.domain.net.br;
ssl on;
ssl_certificate /home/ssl/ssl-bundle.crt;
ssl_certificate_key /home/ssl/myserver.key;
return 301 https://www.domain.com.br$request_uri;
}
server {
listen 443;
ssl on;
ssl_certificate /home/ssl/ssl-bundle.crt;
ssl_certificate_key /home/ssl/myserver.key;
#ssl_session_timeout 5m;
#ssl_protocols SSLv2 SSLv3 TLSv1;
server_name www.domain.com.br;
root /usr/share/nginx/html2;
location / {
index index.php;
if ($request_filename !~* \.(php|gif|html|jpe?g|png|ico|js|css|flv|swf|pdf|xml)$ ) { rewrite ^ /index.php; }
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php-fpm/php-fpm.socket;
fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
The second server entry is creating the infinite loop. It includes a return 301 to the same site on the https(443) port
Try this answer for sub domain redirects:
https://serverfault.com/questions/67316/in-nginx-how-can-i-rewrite-all-http-requests-to-https-while-maintaining-sub-dom