I have a multi-tenancy app hosted on DO. Users are able to create subdomains and also set their preferred custom domain. Need help in setting up the right Nginx config, here is the current one:
Requirements:
1- User setup for their required subdomain on app's domain (with SSL) - WORKING
2- User setup for their own custom domain - for this I have set up an A record to the server IP and below is the Nginx config - NOT WORKING
3- User custom domain is loaded with SSL - need help on how to structure this? Would an A record suffice?
#FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/wiki.pk/before/*;
server {
listen 80;
listen [::]:80;
server_name .one.com "";
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name .one.com "";
#server_name ~.;
#server_name _;
#server_name ~^(?.*)$;
server_tokens off;
root /home/forge/one.com/public;
#FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/one.com/1233982/server.crt;
ssl_certificate_key /etc/nginx/ssl/one.com/1233982/server.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
#FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/one.com/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/one.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php8.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
#FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/one.com/after/*;
Would appreciate all the help.
Related
I'm trying to deploy my laravel app to ubuntu using nginx, everything was fine before I using ssl. But after I using ssl, it's not working anymore if I'm accessing my website using outside network (still working if I access it using server network).
this is my nginx configuration:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name kopidw.id www.kopidw.id;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl on;
ssl_certificate /etc/nginx/ssl/certificate_kopinedw.crt; #path to your public key
ssl_certificate_key /etc/nginx/ssl/private_kopinedw.key; #path to your private key
ssl_client_certificate /etc/nginx/ssl/ca-bundle.crt;
ssl_verify_client optional;
root /var/www/html/kopinedw-cms/public;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
This is my first time using nginx, so I don't have any Idea why I got ERR_TOO_MANY_REDIRECTS.
Any help would be very helpful for me, thanks
I'm running a static built nuxt.js app on my server. It uses the nuxt auth module for authentificating against my laravel backend which runs laravel passport.
My auth-strategy looks like this:
auth: {
strategies: {
'laravel.passport': {
url: 'https://correct_url',
//client_id: 1, //for local use
//client_secret: 'CLIENTSECRET1', //for local use
client_id: 2,
client_secret: 'CLIENTSECRET2',
userinfo_endpoint: 'https://correct_url/oauth/me'
}
}
},
In my local environment (yarn run dev) everything runs fine. After I built and deployed my nuxt-app (yarn run build) the authentification process comes to the authorisation step (where I can click "Authorize" or "cancel"). After I click "Authorize" browser redirects to my nuxt-app but requests still give me:
{"message":"Unauthenticated."}
After a few investigations the only possible cause for this could be the nginx-site which is automatically created through laravel forge. Config looks like this:
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/correct_url/before/*;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name correct_url;
root /home/forge/correct_url/dist;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/correct_url/589448/server.crt;
ssl_certificate_key /etc/nginx/ssl/correct_url/589448/server.key;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/correct_url/server/*;
location / {
try_files $uri $uri/ /index.html;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/correct_url-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/correct_url/after/*;
is there something I overlooked or am I on the wrong path?
I have set up and brand new server with forge and install a bitbucket repo
Forge nginx set up looks like this
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/default/before/*;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name default;
root /home/forge/default/public;
# FORGE SSL (DO NOT REMOVE!)
# ssl_certificate;
# ssl_certificate_key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!3DES';
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/default/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/default-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/default/after/*;
On page load I'm getting a 403 error for the load of the site
Any ideas?
I followed the same process over and over. The project going in is a Laravel project , have run the normal composer and NPM installs.
I've looked on Stack Overflow but every time I find a piece of code that people say would work, it unfortunately doesn't work for me.
I'm using Laravel on Forge and trying to redirect non www & non ssl to ssl+www.
It works. However, it does not redirect https://example.com. It redirects all other's: example.com or www.example.com or http://example.com or http://www.example to https://www.example.com except the one mentioned above.
I have no idea why this is happening.
Here's my Nginx file:
server {
listen 80;
server_name example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 80;
server_name xxx.xxx.xxx.xxx;
return 301 $scheme://example.com$request_uri;
}
server {
listen 443 ssl;
server_name example.com;
root /home/forge/example.com/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/example.com/21671/server.crt;
ssl_certificate_key /etc/nginx/ssl/example.com/21671/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/example.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
#cache:
location ~* \.(css|js|gif|jpe?g|png)$ {
expires 168h;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
}
Because your first two servers only listen to the post 80 (non ssl).
Change them like this:
server {
listen 80;
server_name example.com www.example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/example.com/21671/server.crt;
ssl_certificate_key /etc/nginx/ssl/example.com/21671/server.key;
server_name example.com;
return 301 https://www.example.com$request_uri;
}
I have read this tutorial to set up SSL for my laravel site. I did not read everything (oops), and did not delete the "default" site. I have generated CSR from default site (but with example.com for domain). Now I have my certificate and i have installed it through laravel forge, but it does not work:
cannot connect to https://example.com (browser / curl)
http://example.com does not redirect to https
Nothing in /var/log/nginx/default-error.log
I restarted nginx
Here is my /etc/nginx/sites-available/default file content :
server {
listen 80;
#server_name default;
server_name example.com www.example.com;
#return 301 default$request_uri;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
#server_name default;
server_name example.com www.example.com;
root /home/forge/default/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/default/XXXXX/server.crt;
ssl_certificate_key /etc/nginx/ssl/default/XXXXX/server.key;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/default-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
What can I do to make it work ?
Ok, it was a certificate problem. I tried nginx -t and there was an error, now I restarted all the process and everything is alright now.