HTTPS when SSL folder is present in root? - ssl

I want to force HTTPS for certain subdomains in nginx. I also do not want to edit the .conf file when i create a new subdomain that needs HTTPS. Is it possible to force HTTPS if an SSL folder is present in the root or something equivalent to it? So all i have to do to enable HTTPS on a new subdomain is add a new folder or something like that?
Here is my nginx.conf file:
#HTTP DOMAIN.COM
server {
listen 80;
server_name *.domain.com;
root /var/www/$http_host;
location /ssl {
rewrite ^ https://$http_host/$1 redirect;
}
edit:
I've been messing around a bit with symlinks but no luck yet. This is the new configuration I made:
server {
listen 80;
server_name *.domain.com;
root /var/www/$http_host;
location /var/www/ssl/$http_host {
rewrite https://$http_host/$1 redirect;
}
include error_page;
include location_php;
}
Am I coming close to my answer?
edit:
What I basically want is to be able to use ssl without having to change my .conf file.
All I need to do to enable HTTPS is change something somewhere around the docroot.


I don't think you can enable SSL based merely on the existence of a directory. But you can extend the configuration using file globbing:
include vhosts/*.conf
include vhosts/ssl/*.conf
Just drop a minimal file in the directory.
(note that you still need to set up certificates, most likely on a per vhost basis - and these should not be incide the document root).


I got it working! this is the config file:
server {
listen 80;
server_name *.domain.com;
root /var/www/$host;
if (-e /var/www/config/ssl/$host) {
rewrite ^ https://$host$request_uri? permanent;
}
include error_pages;
include php_config;
}
I still had to use an if statement but that's alright because it works now.

Related

Force https for single directory on my server with nginx config

I am trying to force SSL for a single subdirectory on my server by placing a rewrite rule in my nginx config file.
So, for example, when a user goes to example.com/billing or example.com/billing/user they are taken to https://example.com/billing or https://example.com/billing/user.
I have an SSL certificate installed etc. Here is a rule in my server block for nginx:
#billing location
location /billing/ {
if (!-e $request_filename){
rewrite ^/billing/(.*)$ /billing/index.php?request=$1 last;
}
}
Is there a way I can modify this rule to include forcing https?

I hope you have two server blocks one for http and other of http SSL connection; in your http server block adding redirect to https inside /billing/ location block will solve the issue.
server {
listen 80;
location /billing/ {
# 301 for permanent redirect
return 301 https://$host$request_uri;
}
}

Nginx is configured for SSL, configuration?

I have Nginx configured with SSL. It requests certificates as users access the site, this is working fine. If I wanted a particular page of my site to be accessible without requiring the certificate, how can that be accomplished? An important factor to me is keeping all other pages requiring the certificate, and only one page as not requiring the certificate. Any help is appreciated.

This is not easy with nginx. You can set ssl_verify_client optional;, but then you will need to check the $ssl_client_verify variable manually.
See this document for more.

Nginx finds the longest matching location so you can specify your exception(s) and then pass all other traffic to https, like so:
server {
listen 443;
location /exception/ { # redirect https requests to http server
return 301 http://$server_name$request_uri;
}
# ...
}
server {
listen 80;
location / { # the default location redirects to https
return 301 https://$server_name$request_uri;
}
location /exception/ {} # do not redirect requests
# ...
}
I hope this is helpful.

Page loads only on certain computers

since now, I used my server only for education purposes and for encoding video. Now i wanted to try to host some site on it (for my friend) using nginx and apache, but the problem is, that even though it successfully loads on my computer, and some other ones too, I also have seen that the page didn't load and instead of it was showing just the "Welcome to nginx on debian" page.
How can i make it work everytime?
/etc/nginx/sites-available/uterfleru.cz :
server {
listen 80;
root /var/uterfleru.cz;
index index.html index.php index.htm;
server_name uterfleru.cz;
}
DNS - A:
uterfleru.cz 64.188.46.67
www.uterfleru.cz 64.188.46.67
64.188.46.67 is ipv4 of my server,
http://uterfleru.cz/ is the webpage.

server_name uterfleru.cz; means exactly uterfleru.cz domain name. To make this server block working for www subdomain you have to modify it like that:
server_name www.uterfleru.cz uterfleru.cz;
To make it work with any subdomain you have to change it to:
# synonym of *.uterfleru.cz uterfleru.cz;
server_name .uterfleru.cz;
To make this server block work by default you have to remove /etc/nginx/sites-enabled/default.conf file and modify your listen directive like that:
listen 80 default;
Official documentation have all the information you need, it's one of the best documents for software I've ever seen and I highly recommend you learn to make use of it.

Nginx Redirect Subdomain with SSL

So I've got this port 80 redirect working fine
server {
listen 80;
server_name "~^(?<subdomain>.+)\.site-box\.it$";
rewrite ^(.*)$ https://$subdomain.sitebox.co permanent;
}
But I want https to work too, because some old links are left around that have https://guy.site-box.it
But this doesn't work
server {
listen 443;
server_name "~^(?<subdomain>.+)\.site-box\.it$";
rewrite ^(.*)$ https://$subdomain.sitebox.co permanent;
}
It seems to cause nothing in the Nginx conf file to work. I just get cloudflare errors on the main site, and on the testing guy.site-box.it it just says page is not available.
Any idea how to get the SSL subdomain to work?

First of all you need 2 certificates: for subdomain.site-box.it and for subdomain.sitebox.co. If you have wildcard certificate - good, can use one server block. If you have separate certificate - need to create one server for each subdomain (because certificate paths are different).
Also, you need openssl with SNI support (well, almost all modern version has) and check browser/os support. SNI - it's for https name-based hosting.
Also, better use return 301 instead of rewrite. return 301 https://$subdomain.sitebox.co much better.
And finally you server block not configured well. You forgot ssl keyword and certificate paths.
server {
listen 443 ssl;
ssl_certificate ... ;
ssl_certificate_key ... ;
}

How to setup mass dynamic virtual hosts in nginx?

Been playing with nginx for about an hour trying to setup mass dynamic virtual hosts.
If you ever done it in apache you know what I mean.
Goal is to have dynamic subdomains for few people in the office (more than 50)

Perhaps doing this will get you where you want to be:
server {
root /sites/$http_host;
server_name $http_host;
...
}
I like this as I can literally create sites on the fly, just create new directory named after the domain and point the DNS to the server ip.

You will need some scripting knowledge to put this together. I would use PHP, but if you are good in bash scripting use that. I would do it like this:
First create some folder (/usr/local/etc/nginx/domain.com/).
In main nginx.conf add command : include /usr/local/etc/nginx/domain.com/*.conf;
Every file in this folder should be different vhost names subdomain.conf.
You do not need to restart nginx server for config to take action, you only need to reload it : /usr/local/etc/rc.d/nginx reload
OR you can make only one conf file, where all vhosts should be set. This is probably better so that nginx doesn't need to load up 50 files, but only one....
IF you have problems with scripting, then ask question about that...

Based on user2001260's answer, later edited by partlov, here's my outcome.
Bear in mind this is for a dev server located on a local virtual machine, where the .dev prefix is used at the end of each domain. If you want to remove it, or use something else, the \.dev part in the server_name directive could be edited or altogether removed.
server {
listen 80 default_server;
listen [::]:80 default_server;
# Match any server name with the format [subdomain.[.subdomain...]].domain.tld.dev
server_name ~^(?<subdomain>([\w-]+\.)*)?(?<domain>[\w-]+\.[\w-]+)\.dev$;
# Map by default to (projects_root_path)/(domain.tld)/www;
set $rootdir "/var/www/$domain/www";
# Check if a (projects_root_path)/(subdomain.)(domain.tld)/www directory exists
if (-f "/var/www/$subdomain.$domain/www"){
# in which case, set that directory as the root
set $rootdir "/var/www/$subdomain.$domain/www";
}
root $rootdir;
index index.php index.html index.htm index.nginx-debian.html;
# Front-controller pattern as recommended by the nginx docs
location / {
try_files $uri $uri/ /index.php;
}
# Standard php-fpm based on the default config below this point
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
The regex in server_name captures the variables subdomain and domain. The subdomain part is optional and can be empty. I have set it so that by default, if you have a subdomain, say admin.mysite.com the root is set to the same root as mysite.com. This way, the same front-controller (in my case index.php) can route based on the subdomain. But if you want to keep an altogether different application in a subdomain, you can have a admin.mysite.com dir and it will use that directory for calls to admin.mysite.com.
Careful: The use of if is discouraged in the current nginx version, since it adds extra processing overhead for each request, but it should be fine for use in a dev environment, which is what this configuration is good for. In a production environment, I would recommend not using a mass virtual host configuration and configuring each site separately, for more control and better security.

server_name ~^(?<vhost>[^.]*)\.domain\.com$;
set $rootdir "/var/www/whatever/$vhost";
root $rootdir;

As #Samuurai suggested here is a short version Angular 5 with nginx build integration:
server {
server_name ~^(?<branch>.*)\.staging\.yourdomain\.com$;
access_log /var/log/nginx/branch-access.log;
error_log /var/log/nginx/branch-error.log;
index index.html;
try_files $uri$args $uri$args/ $uri $uri/ /index.html =404;
root /usr/share/nginx/html/www/theft/$branch/dist;
}

Another alternative is to have includes a few levels deep so that directories can be categorized as you see fit. For example:
include sites-enabled/*.conf;
include sites-enabled/*/*.conf;
include sites-enabled/*/*/*.conf;
include sites-enabled/*/*/*/*.conf;

As long as you are comfortable with scripting, it is not very hard to put together some scripts that will quickly set up vhosts in nginx. This slicehost article goes through setting up a couple of vhosts and does it in a way that is easily scriptable and keeps the configurations separate. The only downside is having to restart the server, but that's to be expected with config changes.
Update: If you don't want to do any of the config maintaining yourself, then your only 2 options (the safe ones anyways) would be to either find a program that will let your users manage their own chunk of their nginx config (which will let them create all the subdomains they want), or to create such a user-facing management console yourself.
Doing this yourself would not be too hard, especially if you already have the scripts to do the work of setting things up. The web-based interface can call out to the scripts to do the actual work so that all the web interface has to deal with is managing who has access to what things.