Here is my /etc/sites-available/default
server {
listen 443 default_server;
server_name _;
ssl on;
ssl_certificate /etc/ssl/certs/example/example.com.crt;
ssl_certificate_key /etc/ssl/certs/example/example.com.key;
root /usr/share/nginx/html;
index index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
}
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
return 301 https://$host$request_uri;
root /usr/share/nginx/html;
index index.html index.htm;
# Make site accessible from http://localhost/
server_name localhost;
location / {
try_files $uri $uri/ =404;
}
}
The first block is what I've added recently. I host multiple sub-domains on this server. This is an example of sites-available/my.example.com:
server {
server_name my.example.com;
access_log /var/data/log/nginx/my.example.com.log;
error_log /var/data/log/nginx/my.example.com.log;
root /var/data/www/lmy.example.com/htdocs;
index index.php;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
}
Whenever I used to go to http://my.example.com, the website would load fine. But now, going to https://my.example.com just goes to the default page. The my.example.com file is symlinked from sites-enabled. The config seems fine, because if I comment the line return 301 ... from the port 80 block, http://my.example.com works again, but https://my.example.com shows the default nginx page.
Related
I'm getting 'mysite.com' redirected you too many times. Here is my nginx config.
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mysite.com;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
root /var/www/html/;
index index.php index.html;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
I'm using certbot and this is running on a ubuntu docker container, serving static html files.
The lock icon by the left side of the url shows its locked and the connection is secure.
I am using CakePHP 2.9 in Ubuntu 16, and nginx, and I have a vps with a ssl certificate installed on it, and I want to use javascript websockets with php ratchet. The problem is that they don't work, out of the box. For example, without changing a certain setting in firefox about:config, I can't use ws websockets in the browser (that's no good, if I want other people to be able to use it). But I also can't get PHP Ratchet to accept wss websockets. So, I'm trying to redirect the page where the websockets are going to run back to http, so I can use regular ws and connect to PHP ratchet.
The problem is, that I can't seem to get my nginx config file to do that smoothly. I have it redirecting on the page I want to use websockets for, but it seems to give a 404 error. This could be an issue with my DNS for the site perhaps, but here is the nginx config I am using:
server {
listen 80;
listen [::]:80;
server_name server.com;
location /websocket_path {
}
location / {
return 301 https://$server_name/web/$request_uri/;
}
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server ipv6only=on;
root /usr/share/nginx/html;
index index.html index.htm index.php;
ssl on;
ssl_certificate /ssl_path/cert_chain.crt;
ssl_certificate_key /ssl_path/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
location /web {
alias /usr/share/nginx/html/web/app/webroot;
try_files $uri $uri/ /web/app/webroot/index.php;
}
server_name server.com;
location = / {
return 301 https://$server_name/web/$request_uri/;
}
location /websocket_path {
return 301 http://$server_name/websocket_path;
}
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
#include fastcgi_params;
#fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~ /.well-known {
allow all;
}
location ~ /.sandbox {
}
location ~* \.(?:manifest:appcache|htm?|xml|json)$ {
expires -1;
}
}
Any help on this matter would be greatly appreciated. Thank you.
So I am reviewing this server block configuration and honestly it does not look as boilerplate as I had hoped and I need to successfully install an ssl.
The file is /etc/nginx/sites-available/example.com:
server {
listen 80;
server_name example.com;
root /home/forge/example.com/public;
# FORGE SSL (DO NOT REMOVE!)
# ssl on;
# ssl_certificate;
# ssl_certificate_key;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/biossantibodies.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
try_files $uri /404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
# fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
}
And then there is another file in /etc/nginx/sites-available/www.example.com:
server {
listen 80;
listen 443 ssl;
server_name www.example.com;
return 301 $scheme://example.com$request_uri;
}
So I am not even sure which one of these I should be working in.
The below has a good example of what you need to configure ssl for NGINX.
http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate
I have working SSL enabled domain , server and it's up and running HTTP as default. explicitly when I request https://domain.tld it works fine but How to make it as default instead of HTTP
right now I have the following directives of my nginx vhost
server {
listen 80 ;
listen 443 ssl default_server;
ssl on ;
ssl_certificate /etc/nginx/ssl/XX.crt;
ssl_certificate_key /etc/nginx/ssl/XX.key;
server_name x.me www.x.me;
root /usr/share/nginx/www/x/site;
index index.html index.php;
location / {
try_files $uri $uri/ /index.php?q=$request_uri;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
redirect http requests to https. This can be done with scripting, but also with nginx using 'return'.
Tutorial: https://christiaanconover.com/blog/how-to-redirect-http-to-https-in-nginx
Add a separate server, that will redirect to https:
server {
listen 80;
server_name x.me www.x.me;
return 301 https://$host$request_uri;
}
and remove listen 80 from your existing code block
I have nginx web server installed and https domain. I want to make a sub-directory /dap in root folder to use http and exclude from ssl. Please guide me through this.
My /etc/nginx/sites-available virtual host file for this domain is as below,
# WPSINGLE FAST CGI NGINX CONFIGURATION
server {
listen 198.27.70.206:80;
server_name howtofightnow.com;
return 301 https://howtofightnow.com$request_uri;
}
server {
listen 443 ssl;
server_name howtofightnow.com;
ssl on;
ssl_certificate /etc/nginx/ssl/howtofightnow_com.pem;
ssl_certificate_key /etc/nginx/ssl/server.key;
#listen 198.27.70.206:80;
#server_name howtofightnow.com;
access_log /var/log/nginx/howtofightnow.com.access.log rt_cache;
error_log /var/log/nginx/howtofightnow.com.error.log;
root /var/www/howtofightnow.com/htdocs;
index index.php index.htm index.html;
location /zabbix {
if ($scheme ~ ^http:){
rewrite ^(.*)$ https://$host$1 permanent;
}
alias /usr/share/zabbix;
index index.php;
error_page 403 404 502 503 504 /zabbix/index.php;
location ~ \.php$ {
if (!-f $request_filename) { return 404; }
expires epoch;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_pass php;
}
location ~ \.(jpg|jpeg|gif|png|ico)$ {
access_log off;
expires 33d;
}
}
# Use Cached Or Actual File If They Exists, Otherwise Pass Request To WordPress
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ .php$ {
try_files $uri /index.php?args;
include fastcgi_params;
fastcgi_pass php;
}
location /vma {
root /usr/local/vimbadmin/public ;
try_files $uri $uri/ /index.php?$args;
location ~ .php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass php;
}
}
rewrite ^/index.php/register/thanks(.*) /register/thanks$1 permanent;
include /etc/nginx/common/locations.conf;
}
Simply add this location (/dap) to your http server section, plus add a separate root location, as following:
server {
listen 198.27.70.206:80;
server_name howtofightnow.com;
location / {
return 301 https://howtofightnow.com$request_uri;
}
location /dap/ {
# specific rules for this location go here
}
}