I have set up and brand new server with forge and install a bitbucket repo
Forge nginx set up looks like this
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/default/before/*;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name default;
root /home/forge/default/public;
# FORGE SSL (DO NOT REMOVE!)
# ssl_certificate;
# ssl_certificate_key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!3DES';
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/default/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/default-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/default/after/*;
On page load I'm getting a 403 error for the load of the site
Any ideas?
I followed the same process over and over. The project going in is a Laravel project , have run the normal composer and NPM installs.
Related
I'm trying to deploy my laravel app to ubuntu using nginx, everything was fine before I using ssl. But after I using ssl, it's not working anymore if I'm accessing my website using outside network (still working if I access it using server network).
this is my nginx configuration:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name kopidw.id www.kopidw.id;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl on;
ssl_certificate /etc/nginx/ssl/certificate_kopinedw.crt; #path to your public key
ssl_certificate_key /etc/nginx/ssl/private_kopinedw.key; #path to your private key
ssl_client_certificate /etc/nginx/ssl/ca-bundle.crt;
ssl_verify_client optional;
root /var/www/html/kopinedw-cms/public;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
This is my first time using nginx, so I don't have any Idea why I got ERR_TOO_MANY_REDIRECTS.
Any help would be very helpful for me, thanks
I have a multi-tenancy app hosted on DO. Users are able to create subdomains and also set their preferred custom domain. Need help in setting up the right Nginx config, here is the current one:
Requirements:
1- User setup for their required subdomain on app's domain (with SSL) - WORKING
2- User setup for their own custom domain - for this I have set up an A record to the server IP and below is the Nginx config - NOT WORKING
3- User custom domain is loaded with SSL - need help on how to structure this? Would an A record suffice?
#FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/wiki.pk/before/*;
server {
listen 80;
listen [::]:80;
server_name .one.com "";
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name .one.com "";
#server_name ~.;
#server_name _;
#server_name ~^(?.*)$;
server_tokens off;
root /home/forge/one.com/public;
#FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/one.com/1233982/server.crt;
ssl_certificate_key /etc/nginx/ssl/one.com/1233982/server.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
#FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/one.com/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/one.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php8.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
#FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/one.com/after/*;
Would appreciate all the help.
I deployed my Laravel-5.8 project to DigitalOcean and it works fine as:
http://laravelproject.net
But since I am using Azure AD and Socialite. Azure AD does not allow http but https
/etc/nginx/sites-available/default
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html/laravelproject;
# Add index.php to the list if you are using PHP
# index index.php index.html index.htm;
# index index.php index.html index.htm index.nginx-debian.html;
server_name laravelproject.net;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.php$is_args$args;
# try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
I also have:
/etc/nginx/sites-available/default
server {
listen 80;
listen [::]:80;
server_name laravelproject.net;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name laravelproject.net;
root /var/www/html/peopleedge;
ssl_certificate /etc/letsencrypt/live/laravelproject.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/laravelproject.net/privkey.pem;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.php index.html index.htm index.nginx-debian.html;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location ~ /.well-known {
allow all;
}
}
When I tried to run the project I got this error:
Laravel 403 Forbidden nginx/1.14.0 (Ubuntu)
How do I resolve it please?
Thank you.
I know its late already but for any other person who may need it,below code config helps me resolve the isssue
`server {
listen 80;
server_name yourip or domain;
root /var/www/html/public;
index index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
`
also remember to reload nginx with ` sudo systemctl reload nginx
`
I'm running a static built nuxt.js app on my server. It uses the nuxt auth module for authentificating against my laravel backend which runs laravel passport.
My auth-strategy looks like this:
auth: {
strategies: {
'laravel.passport': {
url: 'https://correct_url',
//client_id: 1, //for local use
//client_secret: 'CLIENTSECRET1', //for local use
client_id: 2,
client_secret: 'CLIENTSECRET2',
userinfo_endpoint: 'https://correct_url/oauth/me'
}
}
},
In my local environment (yarn run dev) everything runs fine. After I built and deployed my nuxt-app (yarn run build) the authentification process comes to the authorisation step (where I can click "Authorize" or "cancel"). After I click "Authorize" browser redirects to my nuxt-app but requests still give me:
{"message":"Unauthenticated."}
After a few investigations the only possible cause for this could be the nginx-site which is automatically created through laravel forge. Config looks like this:
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/correct_url/before/*;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name correct_url;
root /home/forge/correct_url/dist;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/correct_url/589448/server.crt;
ssl_certificate_key /etc/nginx/ssl/correct_url/589448/server.key;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/correct_url/server/*;
location / {
try_files $uri $uri/ /index.html;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/correct_url-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/correct_url/after/*;
is there something I overlooked or am I on the wrong path?
I have a laravel web app that acts as a CMS and has several sites in one app. I access these sites with the following url:
my-site.com/site/1 - Leads to site 1
I want to rewrite NGINX so that i can point several top domains to their respective site in my CMS.
my-site-1.com -> my-site.com/site/1
How can this be achieved? All questions i can find wants to point a domain to a subfolder, i want to point it to a query parameter.
I use Larave forge + Digitalocean. This is my configuration file
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/default/before/*; #*/
server {
listen 80 default_server;
server_name default;
root /home/forge/default/public;
# FORGE SSL (DO NOT REMOVE!)
# ssl_certificate;
# ssl_certificate_key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/default/server/*; #*/
location / {
try_files $uri $uri/ /index.php?$query_string;
if ($http_host ~ "^(www.)?my-site-1.com$"){
#I tried adding som conditional rules here
}
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/default-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_connect_timeout 18000;
fastcgi_send_timeout 18000;
fastcgi_read_timeout 18000;
}
location ~ /\.ht {
deny all;
}
}
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/default/after/*; #*/