On startssl.com I received a certificate. Nginx set up as follows:
server {
listen 80;
server_name ***;
location / {
root /usr/html/***;
index index.html index.htm;
}
return 301 https://***$request_uri;
}
server {
listen 433 ssl;
server_name ***;
ssl_certificate /etc/ssl/nginx/***.pem;
ssl_certificate_key /etc/ssl/nginx/***.key;
location / {
root /usr/html/***;
index index.html index.htm;
}
}
When you attempt to visit the site of the browser issues:ERR_CONNECTION_REFUSED
What is my problem?
How to solve my problem?
Set port 433, and 443 should be!
Related
I have migrated a website from physical server running apache to a virtual machine running nginx.
When I go to website direct link, website is up : http://www.via-ap.com
but when I go to Google and if I click on website on right panel, I get a 404 error.
see below :
https://www.google.fr/search?ei=Ri3jW4TXDZGalwSL46vQAQ&q=via+ap&oq=via+ap&gs_l=psy-ab.3...4929.5483.0.5646.6.5.0.0.0.0.0.0..0.0....0...1c.1.64.psy-ab..6.0.0....0.76V4PDLEtNM
I did these tests from many browsers and from private mode.
my default nginx vhost conf is :
server {
server_name _;
listen 80 default_server;
listen 443 ssl default_server;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
return 404;
}
and then each website have his own conf like this below :
server {
listen 80;
listen [::]:80;
server_name website.com;
return 301 https://www.$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.website.com website.com;
root /home/website/www/;
index index.html index.htm index.php;
access_log /var/log/nginx/website.access_log;
error_log /var/log/nginx/website.error_log info;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.2-fpm-website.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
include /etc/nginx/conf/website.conf; /* file where strict transport security headers are defined */
ssl_certificate /etc/letsencrypt/live/website.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/website.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/website.com/chain.pem;
include /etc/nginx/conf/ssl.conf;
}
Do you know why?
Thanks
L.
solution found.
on first server block (listen 80)
as you said first, I have added www.website.com in addition to website.com
then I have replaced return 301 https://www.$host$request_uri; by return 301 https://$host$request_uri;
Trying to use Nginx as a reverse proxy here. This is what I want to achieve:
Redirect example.com and www.example.com to https://example.com.
Proxy the request to another port.
This is the flow: example.com -> Nginx -> Go web server listening on port 5000
It seems that the rewriting is working properly, cause in the browser I get https://example.com, however I am getting this error in the browser:
ERR_TOO_MANY_REDIRECTS
If it matters, my DNS settings are as such:
# - A - 11.XX.XX.XX
www - A - 11.XX.XX.XX
Here is my /etc/nginx/nginx.conf file:
events {
worker_connections 1024;
}
http {
server {
listen 80;
listen [::]:80;
server_name www.example.com example.com;
rewrite ^(.*)$ https://example.com$request_uri permanent;
location / {
proxy_pass http://127.0.0.1:5000;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name www.example.com example.com;
ssl_certificate "/etc/letsencrypt/live/example.com/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/example.com/privkey.pem";
rewrite ^(.*)$ https://example.com$request_uri permanent;
location / {
proxy_pass http://127.0.0.1:5000;
}
}
}
Any help would be appreciated. Networking noob here.
In this server block, just redirect to HTTPS block, no need a location block here:
server {
listen 80;
listen [::]:80;
server_name www.example.com example.com;
return 301 https://example.com$request_uri;
}
No need to add the redirection 443 block as it is already redirected from 80 block. So try the following configuration:
events {
worker_connections 1024;
}
http {
server {
listen 80;
listen [::]:80;
server_name www.example.com example.com;
return 301 https://example.com$request_uri;
location / {
proxy_pass http://127.0.0.1:5000;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name www.example.com example.com;
ssl_certificate "/etc/letsencrypt/live/example.com/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/example.com/privkey.pem";
location / {
proxy_pass http://127.0.0.1:5000;
}
}
}
The other two answers were very helpful in fixing the answer to this question (Redirect loop). There was another bug however, which is that the www was showing up every time even though I redirected to non-www https version.
Here is the updated config that does the following:
Turn www to non-www
Turn http to https
events {
worker_connections 1024;
}
http {
server {
listen 80;
listen [::]:80;
server_name www.example.com example.com;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name www.example.com;
ssl_certificate "/etc/letsencrypt/live/example.com-0001/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/example.com-0001/privkey.pem";
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name example.com;
ssl_certificate "/etc/letsencrypt/live/example.com-0001/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/example.com-0001/privkey.pem";
location / {
proxy_pass http://127.0.0.1:5000;
}
}
}
I have 2 virtual hosts configured in nginx and both using ssl in a way that http://www.firstsite.com redirects to https://www.firstsite.com and it works correctly, the problem is that http://www.secondsite.com is not redirecting to https://www.secondsite.com, but to https://www.firstsite.com
this is the first config file
server {
listen 80;
return 301 https://www.dianadelvalle.com$request_uri;
server_name www.dianadelvalle.com;
}
server{
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/www.koohack.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.koohack.com/privkey.pem;
root /home/pi/www.dianadelvalle.com/;
index commingsoon.html index.html index.htm index.nginx-debian.html;
server_name www.dianadelvalle.com;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# max upload size
client_max_body_size 5M; # adjust to taste
location / {
try_files $uri $uri/ =404;
}
}
and the second config file:
# the upstream component nginx needs to connect to
upstream django {
server unix:///home/pi/koohack/mysite.sock; # for a file socket
#server 127.0.0.1:8001; # for a web port socket (we'll use this first)
}
server {
listen 80;
server_name www.koohack.com;
return 301 https://www.koohack.com$request_uri;
}
# configuration of the server
server {
listen 443 ssl;
server_name www.koohack.com;
ssl_certificate /etc/letsencrypt/live/www.koohack.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.koohack.com/privkey.pem;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# max upload size
client_max_body_size 15M; # adjust to taste
if (-f /home/pi/koohack/.maintenance) {
return 503;
}
error_page 503 #maintenance;
location #maintenance {
rewrite ^(.*)$ /home/pi/koohack/static/maintenance.html break;
}
# Django media
location /media {
alias /home/pi/koohack/media; # your Django project's media files - amend as required
}
location /static {
alias /home/pi/koohack/static; # your Django project's static files - amend as required
}
# Finally, send all non-media requests to the Django server.
location / {
uwsgi_pass django;
include /etc/nginx/uwsgi_params; # the uwsgi_params file you installed
}
location /.well-known {
alias /home/pi/koohack/.well-known;
}
}
I spared the server name, log and certificate paths for clarity. What I'm doing wrong? Any suggestions?
Necessary note: I already looked to this possible answer to avoid content duplication but it didn't help
You may have the following configs:
server_name my.domain.com;
ssl_certificate /etc/nginx/chain.pem;
ssl_certificate_key /etc/nginx/my.domain.key;
Check that your second site is also listening on ssl ports.
listen 443 ssl;
listen [::]:443 ssl;
If the 2nd site is missing the listening config, it will redirect to default, regardless of the ssl certificate configs.
can i please know how to forward all the requests coming from port 80 to 443?
my code:
server {
listen 80;
root /var/www/html/;
index index.html index.htm index.php;
server_name myexample.com;
location / {
proxy_pass http://myexample.com:443/;
}
}
server {
listen 443;
root /var/www/html/;
index index.html index.html index.php;
server_name myexample.com;
}
but requests to http://myexample.com are not redirecting to https://myexample.com
Redirect HTTP to HTTPS
server {
listen 80;
server_name myexample.com;
return 301 https://$host$request_uri;
}
server {
listen 443;
root /var/www/html/;
index index.html index.html index.php;
server_name myexample.com;
}
I am new to setup a simple SSL connection using nginx. The code I wrote below is accessible but it is not running with SSL. What am I missing?
My test site is just a simple index.html. My certificate and key is saved in /etc/ssl/certs.
server {
listen 80;
server_name example.com;
location / {
proxy_pass https://example.com:443;
}
}
server {
listen 443;
root /home/deploy/test;
ssl on;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/certs/server.key;
}
You have to redirect non-HTTPS to HTTPS, not proxy pass.
server {
listen 80;
server_name example.com;
return 301 https://example.com$request_uri;
}
server {
listen 443;
server_name example.com;
root /home/deploy/test;
ssl on;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/certs/server.key;
}