i have have trouble with nginx wildcard sub-domains.
I've bought a domain from godaddy. then create host zone in amazone and then created a record set for A(A-IPv4) - for both www.domain.com / domain.com
and in nginx.conf i have the very basic configuration and 1 server file that look like this:
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
access_log /var/log/nginx/domain.com.access.log;
error_log /var/log/nginx/domain.com.error.log;
# i tried the following for server name: domain.com *.domain.com/*.domain.com/.domain.com
server_name .domain.com;
root /usr/share/nginx/html/test;
index index.html;
}
when i visit subdomain.domain.com i get Firefox can't find the server at subdomain.domain.com
looking at the access log files nothing got logged it's completely empty.
Thanks
You have to add A-record for subdomains too. And before visiting site in Firefox, try ping - you will see if domain name can be resolved at all.
Related
My situations is as follows:
app 1 running at: server.domain.com (192.168.1.3)
app 2 running at: server.domain.com:8080 (192.168.1.2)
My router is set up to route requests on port 80 to app 1 and port 8080 to app 2.
So far so good, this scenario has been working for ages.
Recently I tried switching to nginx and I decided to redirect http traffic to https traffic for app 1.
I set up a container with nginx and am using the following config:
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
# main server block
server {
listen 443 ssl default_server;
root /config/www;
index index.html index.htm index.php;
server_name _;
ssl_certificate /path to cert;
ssl_certificate_key /path to cert;
ssl_dhparam /path to cert;
ssl_ciphers '';
ssl_prefer_server_ciphers on;
client_max_body_size 0;
location / {
try_files $uri $uri/ /index.html /index.php?$args =404;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# With php7-cgi alone:
fastcgi_pass 127.0.0.1:9000;
# With php7-fpm:
#fastcgi_pass unix:/var/run/php7-fpm.sock;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
}
This successfully redirects http to https and app 1 works as expected.
However when trying to visit app 2 I will also be redirected to https (which it shouldn't, app 2 doesn't support it)
Now I already figured out why this happens.
Google Chrome has a cache so when I visit the non-https url it gets a 301 redirect to the https version. It saves this in it's cache and now thinks I always want https regardless of the port.
The workaround I've found is going to chrome://net-internals and clearing the cache there. Opening app 2 then succeeds but after visiting app 1 I end up in the same loop all over again.
I've tried several default fixes found all over the net but none of them have worked thus far.
Anyone know what I have to put in my config to fix this?
ps: cert paths, domain names and ports are fake representations of the real situation
First off it would be helpful if in the nginx config you label which server definition corresponds to App 1 and App 2, because it appears there may be a mix up in the configuration. You are also missing some configuration, such as listening to port 8080. So first I'll clarify the requirements you clearly stated for both apps:
App 1:
Listens on port 80
Uses SSL
App 2:
Listens on port 8080
Does not use SSL / doesn't support it.
So I'd recommend config closer to:
# Corresponds better to app 2 given your requirements
server {
listen 8080 default_server;
server_name _;
# NOTE: You may want to listen for certain routes, without redirect EG
# location /foo/* { . . . }
return 301 $scheme://$host$request_uri;
}
# main server block - app 1
server {
listen 443 ssl default_server;
. . . # The rest of your definition here is fine for an SSL server
}
My main point here is that the server block on port 80 as you've defined it above is just a redirect machine to https, hardcoded. This block as you've defined it contradicts the requirements that you "route requests on port 80 to app 1" and you "use SSL for app 1" since your SSL configuration is actually in the second server definition. What you've set up in the first server definition is actually a pattern used to force ssl redirects leaving you in a position where you'll never serve non-ssl HTTP traffic. This might clear up the issue somewhat; perhaps I can help more once the server blocks more closely match the stated requirements.
Finally noting that it is possible to listen to multiple ports and route to http and https traffic within one server definition block:
server {
listen 80;
listen 443 ssl;
# can force some routes to be ssl or non ssl accordingly
}
Configuration like this may be more ideal if both app servers are hosted on the same machine using the same nginx service.
I have a nginx server which is running multiple vhost, I have configured one more vhost and tried to make it https, but when I tried to access it redirects to default page. I have configured SSL certs with letsencrypt.
my config file is
server {
listen 443 ssl;
root /var/www/html;
server_name abc.xyz.com;
include includes/letsencrypt;
location / {
proxy_pass http://abc;
include includes/proxy-config;
}
}
I have also tried with below config
server {
listen 80;
server_name abc.xyz.com;
return 301 https://abc.xyz.com$request_uri;
}
server {
listen 443 ssl;
server_name abc.xyz.com;
ssl on;
include includes/letsencrypt;
access_log /var/log/nginx/log/abc.access.log;
error_log /var/log/nginx/log/abc.error.log;
location /.well-known/acme-challenge {
root /var/www/letsencrypt;
}
location / {
proxy_pass http://abc;
}
}
After this page is redirecting to my firewall.
Port 443 is also opened up.
Any Ideas what is wrong here?
I have nail down this by adding NAT rule in firewall.
Basically nothing wrong in above configuration.
I had only opened port on firewall.
As opening port is just between Internet and firewall
NAT redirects traffic from public-ip:443 -> local-ip:443
I too had this problem, but for me the solution was eventually found in a problem with the configuration file for php-fpm. There was a problem creating/accessing the error log for php-fpm, which I had turned on myself in the config file for php-fpm earlier thinking it was a good thing to do. Turning it back off again, restarting php-fpm and nginx got everything working as expected.
Just in case you're googling around like I was and kept finding this question at the top ;-)
I've an nginx vhost setup with both HTTP and HTTPS.
I'd like to make visitors which write in the address bar "www.example.com" to be directed to the HTTPS version of my website, but if they specify http://www.example.com then I'd like them to get the HTTP version.
I have tried setting the ssl listen as default_server but nothing seems different...
server {
listen *:80;
listen *:443 ssl spdy default_server;
ssl_certificate /etc/ssl/custom/www.example.com.crt;
ssl_certificate_key /etc/ssl/custom/www.example.com.key;
server_name example.com www.example.com;
}
Is there a way?
If the user specifies 'www.example.com' the browser simply assumes http://www.example.com. While you can redirect the http:// then to https:// there is no way to do this only if the access was caused by the browsers assumption, that is you cannot distinguish between the user entering http://... and the browser assuming http://...
I haven't seen anything related to this topic on Google and since I'm a newbie on Nginx I'd like to ask a question about load balancing: I have a dedicated server currently running Apache with multiple accounts and domains. I'd like to switch to Nginx and set up a load balance only for one of these domains (mydomain1.com) to load balance traffic between this dedicated server and another 3 ones. I have the following Nginx config (/etc/nginx/conf.d/default.conf) on my dedicated server:
upstream mywebsite1 {
ip_hash;
server xxx.xxx.xxx.196 weight=1 max_fails=3 fail_timeout=15s;
server xxx.xxx.xxx.67 weight=1 max_fails=3 fail_timeout=15s;
server xxx.xxx.xxx.201 weight=1 max_fails=3 fail_timeout=15s;
}
server {
listen 80;
server_name mywebsite1.com;
access_log /var/log/nginx/proxy.log;
location / {
proxy_pass http://mywebsite1;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
}
But this is not working and when I read the proxy.log is also balancing traffic not just from mywebsite1.com, but also from my other domains: mywebsite2.com, mywebsite3.com, etc. Any help is really appreciated since as you see I'm not an expert! Thanks :)
I know it is years old question, but it still might help someone.
To make it work like you want, you must define at least two virtualhosts (server blocks).
1st is so called "default" - that is it serves everything that is not defined in any other virtualhost. Default in nginx context means defining:
server_name _;
You can add index.html to that virtualhost to tell visitors to go to right place. Display some sort of error message. Or redirect visitors to right place without any message - what ever suits your purposes.
But some sort of default is required if you want your other virtualhost block(s) to serve only specific domain(s) and nothing else.
2nd is "mywebsite1.com" - that only serves that particular domain. Your configuration for that domain is correct. And you can add more virtualhost blocks for different domains.
If you only have one virtualhost (even if it is not "default" type) then every single http request will go to that virtualhost, regardless if domain name matches or not.
You need to keep in mind that you should define different root path for every virtualhost, unless you want them all so serve same content.
root /some/path;
Which domain is served by which virtualhost is defined through server_name directive.
"_" means default and serves anything that does not match some other virtualhost.
You can define more than one domain if you want virtualhost block to serve more than one (do not forget to add both with and without www if you want both to work):
server_name www.example.com example.com some.other.domain.com;
You can also use wildcards:
server_name *.example.com;
So correct config file would be something like this:
# default virtualhost to serve everything that does not match other virtualhosts
server {
listen 80;
server_name _;
root /some/path/default_site;
# add other rules for default site
}
# virtualhost to server only (www.)mywebsite1.com
server {
listen 80;
# please note that you need to add both with and without "www." if you want both to work.
server_name mywebsite1.com www.mywebsite1.com;
root /some/path/mywebsite1.com;
# add other rules for mywebsite1.com
}
# virtualhost for example.com (without www)
server {
listen 80;
server_name example.com;
root /some/path/example.com;
# add other rules for example.com
}
If you send all of your traffic to your Nginx server, it has to do something with it. Since you only have one server block, regardless of what the server name is configured to be it will take the traffic for all host names.
If you don't want Nginx to handle traffic for all of your domains, simply don't point all of your domains at it (with DNS).
I'm using nginx for hosting multiple websites on a ubuntu server. Basically my setup is as follows.
My first domain example1.com (SSL enabled) can be accessed from http://example1.com as well as from https://example1.com. This working fine.
But my 2nd domain example2.com, I don't have SSL enabled - but when I type https://example2.com the url redirects to the first domain https://example1.com - Which is wrong
Now currently I have added this server block if someone type in the URL with https:// it will redirect back to http:// on the same domain. But this is not the right way to handle this issue. Does anyone has some better ideas?
server {
listen 443 ssl;
server_name example2.com www.example2.com;
rewrite ^ http://$server_name$request_uri? permanent;
}
The problem here is that you’re only using a single IP address (server-side) and rely on the TLS Server Name Indication extension (client-side). Nginx will always use your default HTTPS server if nothing else is available to handle the request.
Your solution looks quite right to me, although it will produce an error on the client-side if you have no valid certificate. The only other possibility would be to create a default invalid HTTPS server that simply drops the connection attempt. But I guess that’s not what you want.
server {
listen 443 ssl;
server_name example2.com *.example2.com;
return 301 http://$server_name$request_uri;
}
Always use return if you redirect at such a point.
A default invalid catch all configuration could look like the following:
server {
listen 443 ssl;
server_name _;
ssl_certificate blank.crt;
ssl_certificate_key blank.key;
return 403;
}
As I said, it will simply drop any connection attempt that doesn't contain a valid HTTP Host in the submitted headers or if the submitted HTTP Host in the header is not valid.
Having the following will listen on 443 (SSL), and because you don't have a SSL certificate for this domain, nginx will use the first or default SSL certificate, which will throw invalid domain error. Simply remove it, so that it doesn't listen on 443 (SSL).
server {
listen 443 ssl;
server_name example2.com www.example2.com;
rewrite ^ http://$server_name$request_uri? permanent;
}