I have a server that runs both development and staging instances of a site and each version has to answer on ports 80 & 443. The staging instance -- there's only one -- works exactly as I'd expect, but the development instances -- configured for each user -- loads a given page on either protocol directly just fine, but if I'm on a page on one port and try to link to the other it fails.
My Config
server {
listen 80;
server_name ~^dev\.(?<username>[^.]+)\.client\.tld\.net$
~^(?<username>[^.]+)\.client\.dev\.tld\.net$
~^(?<username>[^.]+)\.dev\.client\.tld\.net$;
location / {
rewrite ^(.*) http://$username.client.tld.net$1 permanent;
}
}
# This is the primary host that will ultimately answer requests.
server {
listen 80;
server_name ~^(?<username>[^.]+)\.client\.tld\.net$;
root /home/$username/client/www/app/webroot;
index index.php;
access_log /var/log/nginx/client.sandbox.access.log;
error_log /var/log/nginx/client.sandbox.error.log;
location / {
try_files $uri $uri/ /index.php?url=$uri;
}
location ~ \.php$ {
include /etc/nginx/conf/php;
}
include /etc/nginx/conf/expire_content;
include /etc/nginx/conf/ignore;
}
server {
listen 443 ssl;
server_name ~^dev\.(?<username>[^.]+)\.client\.tld\.net$
~^(?<username>[^.]+)\.client\.dev\.tld\.net$
~^(?<username>[^.]+)\.dev\.client\.tld\.net$;
location / {
rewrite ^(.*) https://$username.client.tld.net$1 permanent;
}
}
# This is the primary host that will ultimately answer requests.
server {
listen 443 ssl;
server_name ~^(?<username>[^.]+)\.client\.tld\.net$;
root /home/$username/client/www/app/webroot;
index index.php;
include /etc/nginx/conf/ssl;
access_log /var/log/nginx/client.sandbox.access.log;
error_log /var/log/nginx/client.sandbox.error.log;
location / {
try_files $uri $uri/ /index.php?url=$uri;
}
location ~ \.php$ {
include /etc/nginx/conf/php;
}
include /etc/nginx/conf/expire_content;
include /etc/nginx/conf/ignore;
}
Any idea where I've borked up my config?
First of all, there is no need to create four separate configurations, as both your servers (HTTP and HTTPS) have exactly the same body. You can use the $scheme variable which contains either http or https according to the context your're just working in (for the redirects). Secondly I don't see any root declaration in your dev configuration, also no certificates which might cause problems with browsers.
Other then that the configuration looks okay to me (well, you could move the index declaration to your http configuration; so you don't have to repeat it all the time).
Please check out the following (commented) example configuration I made up for you. Maybe it helps.
# Put this in http context!
index index.php;
server {
# One server configuration to rule them all!
listen 80;
listen 443 ssl;
# Seems legit.
server_name ~^dev\.(?<username>[^.]+)\.client\.tld\.net$
~^(?<username>[^.]+)\.client\.dev\.tld\.net$
~^(?<username>[^.]+)\.dev\.client\.tld\.net$;
# Where am I?
#root /home/$username/client/www/app/webroot;
# No wildcard certificate? No need to specify /etc/nginx as all paths
# in the configuration are relative to the installation path.
#include conf/ssl;
location / {
# May work as well, can't test.
#rewrite ^(.*) $scheme://$server_name$1 permanent;
rewrite ^(.*) $scheme://$username.client.tld.net$1 permanent;
}
}
server {
listen 80;
listen 443 ssl;
server_name ~^(?<username>[^.]+)\.client\.tld\.net$;
root /home/$username/client/www/app/webroot;
include conf/ssl;
access_log /var/log/nginx/client.sandbox.access.log;
error_log /var/log/nginx/client.sandbox.error.log;
location / {
try_files $uri $uri/ /index.php?url=$uri;
}
location ~ \.php$ {
include conf/php;
}
include conf/expire_content;
include conf/ignore;
}
Related
I have a nginx file configured to redirect my www address to non-www. It works correctly but when I try to get an ssl certificate for the www address it fails with a 404 error.
I wouldn't bother with it but I'm trying to improve SEO and the www address returns ERR_TLS_CERT_ALTNAME_INVALID for the https site which seems to reduce SEO.
Any help would be much appreciated.
Here's my nginx config for the redirects. I also have an A name DNS record with the www address setup, would that affect it?
server {
listen 80;
server_name www.example.com.au;
return 301 https://example.com.au$request_uri;
}
server {
listen 443 ssl;
access_log /var/log/nginx/domain.access.log;
error_log /var/log/nginx/domain.error.log debug;
server_name www.example.com.au;
ssl certificates...
return 301 https://example.com.au$request_uri;
}
In my case the following snippet solved it for me (adding the root and location blocks):
server {
listen 80;
server_name www.example.com.au;
root /var/www/letsencrypt;
location /.well-known/acme-challenge/ {
default_type "text/plain";
try_files $uri =404;
}
location / {
return 301 https://example.com.au$request_uri;
}
}
so I manage the domain britoanderson.com and I am trying to get ssl to work on it.
I used certbot to make the certificate for both www. subdomain and the main britoanderson.com domain.
I set up cloudflare to "Full" encryption mode.
For some reason, the SSL certificate works on https://www.britoanderson.com/ but not on https://britoanderson.com/ where the website just refuses to open.
Here is my nginx default file:
server {
if ($host = www.britoanderson.com) {
return 301 https://www.$host$request_uri;
} # managed by Certbot
if ($host = britoanderson.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html/;
index index.php index.html index.htm;
server_name britoanderson.com www.britoanderson.com;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl on;
ssl_certificate /etc/letsencrypt/live/britoanderson.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/britoanderson.com/privkey.pem; # managed by Certbot
root /var/www/html/;
index index.php index.html index.htm;
server_name britoanderson.com www.britoanderson.com;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
}
Both A records for the main domain britoanderson.com and the subdomain www have been set on cloudflare.
What am I doing wrong? Why does the main website just refuse to open?
Do you have restarted nginx after issuing the certificates? I can only access the http site, but not the https-site, so it looks like your https-forwarding which was done by certbot isn't working yet too.
Turns out my PC was giving me a DNS_PROBE_FINISHED_NXDOMAIN while the actual error was within the redirects. Removing the
if ($host = www.britoanderson.com) {
return 301 https://www.$host$request_uri;
} # managed by Certbot
if ($host = britoanderson.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
fixed the issue
I have 2 virtual hosts configured in nginx and both using ssl in a way that http://www.firstsite.com redirects to https://www.firstsite.com and it works correctly, the problem is that http://www.secondsite.com is not redirecting to https://www.secondsite.com, but to https://www.firstsite.com
this is the first config file
server {
listen 80;
return 301 https://www.dianadelvalle.com$request_uri;
server_name www.dianadelvalle.com;
}
server{
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/www.koohack.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.koohack.com/privkey.pem;
root /home/pi/www.dianadelvalle.com/;
index commingsoon.html index.html index.htm index.nginx-debian.html;
server_name www.dianadelvalle.com;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# max upload size
client_max_body_size 5M; # adjust to taste
location / {
try_files $uri $uri/ =404;
}
}
and the second config file:
# the upstream component nginx needs to connect to
upstream django {
server unix:///home/pi/koohack/mysite.sock; # for a file socket
#server 127.0.0.1:8001; # for a web port socket (we'll use this first)
}
server {
listen 80;
server_name www.koohack.com;
return 301 https://www.koohack.com$request_uri;
}
# configuration of the server
server {
listen 443 ssl;
server_name www.koohack.com;
ssl_certificate /etc/letsencrypt/live/www.koohack.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.koohack.com/privkey.pem;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# max upload size
client_max_body_size 15M; # adjust to taste
if (-f /home/pi/koohack/.maintenance) {
return 503;
}
error_page 503 #maintenance;
location #maintenance {
rewrite ^(.*)$ /home/pi/koohack/static/maintenance.html break;
}
# Django media
location /media {
alias /home/pi/koohack/media; # your Django project's media files - amend as required
}
location /static {
alias /home/pi/koohack/static; # your Django project's static files - amend as required
}
# Finally, send all non-media requests to the Django server.
location / {
uwsgi_pass django;
include /etc/nginx/uwsgi_params; # the uwsgi_params file you installed
}
location /.well-known {
alias /home/pi/koohack/.well-known;
}
}
I spared the server name, log and certificate paths for clarity. What I'm doing wrong? Any suggestions?
Necessary note: I already looked to this possible answer to avoid content duplication but it didn't help
You may have the following configs:
server_name my.domain.com;
ssl_certificate /etc/nginx/chain.pem;
ssl_certificate_key /etc/nginx/my.domain.key;
Check that your second site is also listening on ssl ports.
listen 443 ssl;
listen [::]:443 ssl;
If the 2nd site is missing the listening config, it will redirect to default, regardless of the ssl certificate configs.
Here's the situation:
Old domain (none-SSL) let's call it "no-ssldomain.com"
New domain (with-SSL) let's call it "ssldomain.com"
Both domain points to the same SERVER. So using both domains work.
No-ssldomain.com has been running for 7 years, but since my sought after domain name is now available, i registered it with SSL and trying to move to it for good.
It is running on Wordpress, and all permalinks work, all redirects work. Old no-ssldomain.com nested links redirect perfectly to new ssldomain.com. So no google penalties. Nice.
What my current config does (used semicolon because I cannot post more than 2 links):
if you enter: http;//no-ssldomain.com > redirects to > https;//ssldomain.com
if you enter: https;//no-ssldomain.com > redirects to > https;//ssldomain.com
if you enter: http;//no-ssldomain.com/xx/xx/xx > redirects to > https;//ssldomain.com/xx/xx/xx
But found 1 annoying problem.
if you enter: https;//no-ssldomain.com/xx/ it opens the webpage using the no-ssldomain.com and has an insecure warning. It doesn't redirect to the new ssldomain.com. So how can I redirect it properly?
Here's my server config:
server {
listen 80;
server_name no-ssldomain.com;
location / {
rewrite "/([0-9]{4})/([0-9]{2})/(.*)" http://$host/$3 permanent;
}
if ($host = "no-ssldomain.com") {
return 301 https://ssldomain.com$request_uri;
}
}
server {
listen 80;
listen 443;
ssl on;
ssl_certificate /xxx/xxx/ssldomain_com.chained.crt;
ssl_certificate_key /xxx/xxx/server.key;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.php;
server_name ssldomain.com;
location /wp-admin {
index index.php;
}
location / {
index index.php;
rewrite "/([0-9]{4})/([0-9]{2})/(.*)" https://ssldomain.com/$3 permanent;
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
}
I found the answer after an hour of trying.
What I did is install a free certificate from Let's Encrypt for the no-ssldomain.com, and now I can listen to port 443 for the said domain.
Then change the first "server" section of my config to:
server {
listen 80;
listen 443;
#ssl on;
ssl_certificate /etc/letsencrypt/live/xxxx.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/keys/0000_key-certbot.pem;
server_name no-ssldomain.com www.no-ssldomain.com;
return 301 https://ssldomain.com$request_uri;
}
And then everything worked as expected! Thanks!
I have a nginx server running with ssl enabled.
Currently I have https enabled for all directories.
How enable ssl only for www.example.com/shop/* directory and disable for other??
here is my conf file :
# Redirect everything to the main site.
server {
server_name *.example.com;
listen 80;
ssl on;
ssl_certificate /opt/nginx/conf/server.crt;
ssl_certificate_key /opt/nginx/conf/server.key;
keepalive_timeout 70;
access_log /home/example/nginx_logs/access.log ;
error_log /home/example/nginx_logs/error.log ;
root /home/example/public_html/example.com;
location ~ \.php$ {
try_files $uri $uri/ /index.php?q=$uri&$args;
root /home/example/public_html/example.com/;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include /opt/nginx/conf/fastcgi_params;
#fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param SCRIPT_FILENAME /home/example/public_html/example.com$fastcgi_script_name;
index index.php index.html index.htm;
}
if ($http_host != "example.com") {
rewrite ^ http://example.com$request_uri permanent;
}
include global/restrictions.conf;
# Additional rules go here.
#Only include one of the files below.
include global/wordpress.conf;
# include global/wordpress-ms-subdir.conf;
# include global/wordpress-ms-subdomain.conf;
}
tnanks,
D
It is easy to achieve in Nginx. There are two steps involved in it.
Port 443 will be used only when yourdomain.com/shop is accessed. All other requests would be redirected to port 80 (HTTP)
Port 80 will check for yourdomain.com/shop. If found, it'd be redirected to port 443 (HTTPS).
Here is a quick overview of how it could be done...
server {
listen 443;
server_name yourdomain.com;
# directives for SSL certificates
# root, index, error_log, access_log directives
location /shop {
# directives to handle what's inside /shop, for example
# try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
# directives to handle PHP files
}
# leave everything else to port 80
location / {
rewrite ^ http://$host$request_uri permanent;
}
}
server {
listen 80;
server_name yourdomain.com;
# root, index, error_log, access_log directives
# redirect yourdomain.com/shop to port 443
# Please put this before location / block as
# nginx stops after seeing the first match
location /shop {
rewrite ^ https://$host$request_uri permanent;
}
location / {
# directives to handle what's inside /, for example
# try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
# directives to handle PHP files
}
}