After installing SSL certificate with Namecheap’s PositiveSSL on my server i’m getting 403 forbidden error page. in HTTP the page does work.
I’m developing a Laravel app on a Nginx host
here’s my /etc/nginx/sites-enabled/ssl.conf
listen 443;
ssl on;
ssl_certificate /etc/nginx/sites-available/nginx_bundle_guida_deltipo.crt;
ssl_certificate_key /root/azas.social.key;
server_name azas.social;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {
root /var/www/visibilio/visibilio/public;
index index.html;
}
}
And the following is nginx.conf file:
##
# SSL Settings
##
client_max_body_size 1000m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
this is my etc/nginx/sites-available/
server {
listen 80;
listen [::];
root /var/www/visibilio/visibilio/public;
index index.php index.html index.htm;
# Make site accessible from http://localhost/
server_name in-visibili.org;
return 301 https://azas.social$request_uri;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri /index.php?$query_string;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
}
Any help would be highly appreciated
Related
I have deployed my Laravel app to the following url proclubs.app - this is a domain from Google domains that requires an SSL certificate (the SSL has been setup using Certbot).
I have setup the Laravel Breeze package for authentication (e.g register/login functionality) and this all works fine when testing locally, now I have pushed this to a remote URL none of the routes don't work, and I just get a 404 Not Found message. I have ran the php artisan route:list and can see all the expected routes are there. I am 99% certain I have made a mistake with the nginx server block - I have used the default one that digitalocean provide in etc/nginx/sites-available and edited it accordingly, but not sure what is incorrect for me to get these 404 errors, can anyone suggest what I have done wrong?
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /var/www/proclubs/public;
index index.php index.html index.htm;
# Laravel related only
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
index index.php;
charset utf-8;
# Make site accessible from http://localhost/
server_name proclubs.app www.proclubs.app;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.(?!well-known).* {
deny all;
}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# root html;
# index index.html index.htm;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
# HTTPS server
#
#server {
# listen 443;
# server_name localhost;
#
# root html;
# index index.html index.htm;
#
# ssl on;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
#
# ssl_session_timeout 5m;
#
# ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
# ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
# ssl_prefer_server_ciphers on;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
server {
root /var/www/proclubs/public;
index index.php index.html index.htm;
# Make site accessible from http://localhost/
server_name proclubs.app www.proclubs.app; # managed by Certbot
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/proclubs.app/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/proclubs.app/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.proclubs.app) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = proclubs.app) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name proclubs.app www.proclubs.app;
return 404; # managed by Certbot
}
-- Expected behaviour --
When a user visits the webpage https://proclubs.app/login OR https://proclubs.app/login I expect to see the Laravel Breeze default login page.
-- Actual Behaviour --
When I visit https://proclubs.app/login I just see a 404 Not Found nginx error instead & no routes are working.
p.s i am confused why I have 3 server blocks too...
Server - nginx/1.18.0 (Ubunto 20.04) on DigitalOcean LEMP droplet
If you get 404, probably requested path wrong. I checked your nginx configurations and I see you have 2 servers, for http (first server) and https (second server) requests.
When you enter the url /login path it means that you want to go login folder. But in laravel it is special request.
So your mistake is in the second server (https) your request find a folder, not a special request. You must change your location option with the first server location option.
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
Change with
location / {
try_files $uri $uri/ /index.php?$query_string;
}
I deployed my Laravel-5.8 project to DigitalOcean and it works fine as:
http://laravelproject.net
But since I am using Azure AD and Socialite. Azure AD does not allow http but https
/etc/nginx/sites-available/default
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html/laravelproject;
# Add index.php to the list if you are using PHP
# index index.php index.html index.htm;
# index index.php index.html index.htm index.nginx-debian.html;
server_name laravelproject.net;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.php$is_args$args;
# try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
I also have:
/etc/nginx/sites-available/default
server {
listen 80;
listen [::]:80;
server_name laravelproject.net;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name laravelproject.net;
root /var/www/html/peopleedge;
ssl_certificate /etc/letsencrypt/live/laravelproject.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/laravelproject.net/privkey.pem;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.php index.html index.htm index.nginx-debian.html;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location ~ /.well-known {
allow all;
}
}
When I tried to run the project I got this error:
Laravel 403 Forbidden nginx/1.14.0 (Ubuntu)
How do I resolve it please?
Thank you.
I know its late already but for any other person who may need it,below code config helps me resolve the isssue
`server {
listen 80;
server_name yourip or domain;
root /var/www/html/public;
index index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
`
also remember to reload nginx with ` sudo systemctl reload nginx
`
Below URLs and their header status code. Please note that redirection is happening. But in some cases I see 301 in header and some cases I am not able to see.
https://www.oldsite.com -> 301 found in header
https://oldsite.com -> 301 found in header
http://www.oldsite.com -> No 301 found in header
http://oldsite.com -> No 301 found in header
https://www.newsite.com - Target site
https://newsite.com -> 302 found in header
http://www.newsite.com -> No 301 found in header
http://newsite.com -> No 301 found in header
I have four configuration stated below. Is there anything wrong with any of these configurations. Please note that this is a magento site.
oldsite.com.nginx.conf
server {
listen ipaddress:80;
server_name oldsite.com www.oldsite.com;
root /home/oldsite/web/oldsite.com/public_html;
index index.php index.html index.htm;
location / {
return 301 https://www.newsite.com$request_uri;
}
include /home/oldsite/conf/web/nginx.oldsite.com.conf*;
}
oldsite.com.nginx.ssl.conf
server {
listen ipaddress:443;
server_name oldsite.com www.oldsite.com;
root /home/oldsite/web/oldsite.com/public_html;
index index.php index.html index.htm;
ssl on;
ssl_certificate /home/oldsite/conf/web/ssl.oldsite.com.pem;
ssl_certificate_key /home/oldsite/conf/web/ssl.oldsite.com.key;
location / {
return 301 https://www.newsite.com$request_uri;
}
newsite.com.nginx.conf
server {
listen ipaddress:80;
return 301 https://www.newsite.com$request_uri;
server_name newsite.com www.newsite.com;
root /home/newsite/web/newsite.com/public_html/pub;
index index.php;
autoindex off;
charset UTF-8;
error_page 404 403 = /errors/404.php;
add_header "X-UA-Compatible" "IE=Edge";
}
newsite.com.nginx.ssl.conf
server {
listen ipaddress:443 http2;
server_name newsite.com www.newsite.com;
root /home/newsite/web/newsite.com/public_html/pub;
index index.php;
autoindex off;
charset UTF-8;
error_page 404 403 = /errors/404.php;
add_header "X-UA-Compatible" "IE=Edge";
ssl on;
ssl_certificate /home/newsite/conf/web/ssl.newsite.com.pem;
ssl_certificate_key /home/newsite/conf/web/ssl.newsite.com.key;
}
To handle example.com and www.example.com differently, you should split your existing server block into two, and place the desired return statement into one of them.
For example:
server {
listen 443 ssl http2;
server_name example.com;
ssl_certificate /home/newsite/conf/web/ssl.newsite.com.pem;
ssl_certificate_key /home/newsite/conf/web/ssl.newsite.com.key;
return 301 https://www.newsite.com$request_uri;
}
server {
listen 443 ssl http2;
server_name www.example.com;
ssl_certificate /home/newsite/conf/web/ssl.newsite.com.pem;
ssl_certificate_key /home/newsite/conf/web/ssl.newsite.com.key;
root /home/newsite/web/newsite.com/public_html/pub;
index index.php;
autoindex off;
charset UTF-8;
error_page 404 403 = /errors/404.php;
add_header "X-UA-Compatible" "IE=Edge";
...
...
...
}
i am trying to solve problem. I want to redirect all urls starting with www to non-www version of site. In chrome and opera, it works well.
But when i go to firefox and open http://www.example.com it starts downloading page (mime-type octet/stream), on https://www the connection is not reliable. In other browsers it set mime-type text/html.
server {
listen 80;
listen [::]:80;
server_name www.example.com;
return 301 https://example.com$request_uri;
}
server {
listen 80;
listen [::]:80;
root /var/www/domain/www;
index index.php;
server_name example.com;
return 301 https://$server_name$request_uri;
}
server {
root /var/www/domain/www;
# Add index.php to the list if you are using PHP
index index.php;
server_name example.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.php?$args ;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
I've looked on Stack Overflow but every time I find a piece of code that people say would work, it unfortunately doesn't work for me.
I'm using Laravel on Forge and trying to redirect non www & non ssl to ssl+www.
It works. However, it does not redirect https://example.com. It redirects all other's: example.com or www.example.com or http://example.com or http://www.example to https://www.example.com except the one mentioned above.
I have no idea why this is happening.
Here's my Nginx file:
server {
listen 80;
server_name example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 80;
server_name xxx.xxx.xxx.xxx;
return 301 $scheme://example.com$request_uri;
}
server {
listen 443 ssl;
server_name example.com;
root /home/forge/example.com/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/example.com/21671/server.crt;
ssl_certificate_key /etc/nginx/ssl/example.com/21671/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/example.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
#cache:
location ~* \.(css|js|gif|jpe?g|png)$ {
expires 168h;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
}
Because your first two servers only listen to the post 80 (non ssl).
Change them like this:
server {
listen 80;
server_name example.com www.example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/example.com/21671/server.crt;
ssl_certificate_key /etc/nginx/ssl/example.com/21671/server.key;
server_name example.com;
return 301 https://www.example.com$request_uri;
}