https://www.greenhousemarketplace.com
After freshly installing certbot and forcing HTTPS redirect, my CSS and JS no longer loads, even though it is accessible via direct URL.
I'm not sure why, I've updated the links to the CSS and JS files, and set my config.toml to include the https prefix.
sites-enabled/ghm-landing-page
server {
root /var/www/ghm-landing-page/public/;
index index.html index.htm index.nginx-debian.html;
server_name greenhousemarketplace.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/greenhousemarketplace.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/greenhousemarketplace.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = greenhousemarketplace.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name greenhousemarketplace.com;
return 404; # managed by Certbot
config.toml
# Site settings
baseurl = "https://www.greenhousemarketplace.com/"
languageCode = "en-us"
title = "Greenhouse Marketplace"
theme = "hugo-highlights-theme"
The Javascript is not loading because you are loading mixed content. The script tags at the bottom of the page should use the https:// scheme.
The CSS is not loading because of a SSL_ERROR_BAD_CERT_DOMAIN error. You have the content loading on www., which is a domain not listed on your certificate. Using your cert issuer, be sure to add both the www. and non-www. domains of your domain.
Related
I have a spring boot app running on 8080 (not https as I am not sure if this also need https enabled)
There is an nginx server that redirects requests from 80 (or 443/8443) to 8080
The nginx is secured using letsencrypt. I see this domain file in sites-enabled folder
created certificate using
sudo certbot --nginx -d {dom}.co.uk -d www.{dom}.co.uk
server {
root /var/www/{mydomain}.co.uk/html;
index index.html index.htm index.nginx-debian.html;
server_name {mydomain}.co.uk www.{mydomain}.co.uk;
location / {
#try_files $uri $uri/ =404;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass "http://127.0.0.1:8080";
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/{mydomain}.co.uk/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/{mydomain}.co.uk/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.{mydomain}.co.uk) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = {mydomain}.co.uk) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name {mydomain}.co.uk www.{mydomain}.co.uk;
return 404; # managed by Certbot
}
OAuth 2 settings
In OAuth Credentials
Authorized Javascript urls (For use with requests from a browser)
https://{dom}.co.uk
Authorized redirect URIs (For use with requests from a web server)
https://{dom}.co.uk/login/oauth2/code/google
Configured redirect URL
private static API_BASE_URL = "https://{dom}.co.uk/";
private static OAUTH2_URL = AppConstants.API_BASE_URL + "oauth2/authorization/";
Question:
How to fix my
Authorisation Error
Error 400: redirect_uri_mismatch
Do I need to make my spring app also https enabled
(OR)
Any config issue nginx or redirect url etc ?
The redirect_uri you send to Google when initiating the flow must match what you put in the console.
Here you have:
https://example.co.uk/oauth2/authorization/ in the code and
https://example.co.uk/login/oauth2/code/google in the console.
Change either one to match the other. I suggest that you change your code to avoid waiting a good 5 minutes for the changes in the console to propagate.
I was using Laravel Forge and stopped using it due to a problem with my card. So I continued on my own with Digital Ocean.
I followed the below instructable to apply SSL to the site.
https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04-es
This procedure indicated some errors que posteriormente solucioné:
For example:
maquino#codigobyte:/etc/nginx/sites-enabled$ sudo nginx -t
nginx: [warn] conflicting server name "todocontenidoweb.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.todocontenidoweb.com" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "todocontenidoweb.com" on [::]:80, ignored
nginx: [warn] conflicting server name "www.todocontenidoweb.com" on [::]:80, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
The issue is that my site is down, I'm already on the third day and Digital Ocean support tells me that they don't see a problem in the configurations. But the site is down.
On the next page it shows me a problem with the secure connection.
https://www.ssllabs.com/ssltest/analyze.html?d=todocontenidoweb.com
At this moment there are several things that make me believe that I have a problem in the following configuration:
In /etc/nginx/sites-enabled$
I have 3 files and one of them is my site todocontenidoweb.com
In todocontenidoweb.com:
server {
listen 80;
listen [::]:80;
server_name todocontenidoweb;
server_tokens off;
root /home/forge/todocontenidoweb.com/public;
In the server_name line all web content; I understand that I should put todocontenidoweb.com www.todocontenidos web.com
But it doesn't allow me and it gives me an error in the certificate if I do this.
I would really appreciate it if someone could help me to solve this situation.
EDITION
File: /etc/nginx/sites-available/mydomain.com
# FORGE CONFIG (DO NOT REMOVE!)
#include forge-conf/todocontenidoweb.com/before/*;
server {
listen 443 ssl;
listen [::]:443 ssl;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
server_name todocontenidoweb.com www.todocontenidoweb.com;
server_tokens off;
root /home/forge/todocontenidoweb.com/public;
# FORGE SSL (DO NOT REMOVE!)
# ssl_certificate;
# ssl_certificate_key;
# ssl_protocols TLSv1.2 TLSv1.3;
# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY13>
# ssl_prefer_server_ciphers off;
# ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DO NOT REMOVE!)
#include forge-conf/todocontenidoweb.com/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/todocontenidoweb.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
server {
listen 80;
listen [::]:80;
server_name todocontenidoweb.com www.todocontenidoweb.com;
return 302 https://$server_name$request_uri;
}
# FORGE CONFIG (DO NOT REMOVE!)
#include forge-conf/todocontenidoweb.com/after/*;
//Edit
As you can see below, the site is returning a 301 respose and redirecting to https site, but none of your nginx configs are running on port 443
//End of Edit
There seems to an issue with your nginx config. It seems like your config is only allowing port 80 and not 443. Browsers expect to get 443 as port (unless you otherwise specify) as ssl port. And it seems like you're using some redirect to redirect users from http to https, only problem is you're not running any https service on port 443.
I could be an issue with your nginx config. make sure that the server entry that has the ssl input, also running on port 443.
If you did install ssl with let's encrypt, you can try to generate certificate manually and then you can modify nginx config to run on port 443 as ssl
You can follow this guide from digitalocean , just replace the certificates path with lets-encrypt one
Edit 2 :
I don't think this part should be commented out
# FORGE SSL (DO NOT REMOVE!)
# ssl_certificate;
# ssl_certificate_key;
# ssl_protocols TLSv1.2 TLSv1.3;
# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY13>
# ssl_prefer_server_ciphers off;
# ssl_dhparam /etc/nginx/dhparams.pem;
As you're essentially not serving any ssl certificate through the 443 port.
Here is an example server from DigitalOcean. As you can see, they're serving a private and public key. Once you generate your certificate, you need to enter the path of those.
server {
listen 443 http2 ssl;
listen [::]:443 http2 ssl;
server_name your_server_ip;
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
}
End of Edit
User must verify their email address so I use laravel email verification.
I configured the project on Ubuntu20.04 and with nginx. Verification link works when I use let's encrypt certificate.
I followed all the steps and configured cloudflare and I followed digitalocean tutorial for adding cloudflare ssl certificate.
This is the nginx configuration for domain
server {
listen 80;
listen [::]:80;
server_name ishtap.az www.ishtap.az;
return 302 https://$server_name$request_uri;
}
server {
# listen 80;
# ssl(created in cloudflare) configuration follwing digitalocean tutorial
# https://www.digitalocean.com/community/tutorials/how-to-host-a-website-using-cloudflare-and-nginx-on-ubuntu-20-04
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/ssl/cert.pem;
ssl_certificate_key /etc/ssl/key.pem;
ssl_client_certificate /etc/ssl/cloudflare.crt;
ssl_verify_client on;
server_name ishtap.az www.ishtap.az;
root /var/www/ishtap.az/public;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
# listen 443 ssl; # managed by Certbot
# ssl_certificate /etc/letsencrypt/live/ishtap.az/fullchain.pem; # managed by Certbot
# ssl_certificate_key /etc/letsencrypt/live/ishtap.az/privkey.pem; # managed by Certbot
# include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
So when I click email verification link I get error in the attached
image. If cloudflare paused it works no problem but at some route like
where you input sensitive data like password chrome not makes request
and throws "your connection to this site is not fully secured"
In this case, you will have to repair the certificate since the certificate chain is unable to see where is the exact location or the cert is unable to be decrypted. In other words, you can use this tool
To use this tool, you will have to use a Windows machine.
This tool is from DigiCert, you can open it and you can click on SSL, and you can select the cert and click on repair. Also, you can create a new CSR, and you can reissue the cert once again to be able to upload it one more time to your server.
Let me know if you have any other questions or concerns, and I would be more than happy to help you.
The email verification notification is sent in queue and I use supervisor in ubuntu. I find out that there is something wrong with laravel .env file
This is the steps:
fixed APP_URL in .env file to https version of domain
php artisan cache:clear
php artisan config:clear
sudo systemctl reload nginx
php artisan config:cache
supervisorctl restart all restarts all workers
When I head over to my public DNS and attempt to load an Auth route, it sends me to http://localhost:8080/ExoscapeWebsite/public/login. Inside of my .env file, I have altered the APP_URL to my public DNS:
APP_URL=http://exoscape.co.uk
I am using NGINX to load Laravel by proxy_pass since I couldn't get try_files working so I stuck with using Apache2. My NGINX configuration looks like this:
server {
server_name exoscape.co.uk;
location / {
proxy_pass http://localhost:8080/ExoscapeWebsite/public/;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/exoscape.co.uk/fullchain.pem; # manag$
ssl_certificate_key /etc/letsencrypt/live/exoscape.co.uk/privkey.pem; # man$
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
Any ideas on how I could change the hostname in Laravel so it continues with the correct domain?
I've setup nginx and imported codeigniter into my projects and I'm unable to resolve the following error.My server is running Ubuntu 16 and php7 I've tried giving the files permission but still no solution. Anyone know where the problem could be? Thanks
My default config file for my server in nginx.
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/observum/site;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm;
server_name 45.79.4.55;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.php?$query_string;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php7.0-fpm:
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
# Virtual Host configuration for example.com
#
Screenshot
you css/js path is incorrect,its include from 'site' directory
its getting include in your document is
http://45.79.4.55/site/libreriasJS/boceto/css/modern-business.css
but its should be like
http://45.79.4.55/libreriasJS/boceto/css/modern-business.css