Im having an error ERR_TOO_MANY_REDIRECTS
Im implement the ssl and i get the errors
In Magento i have the sites with ssl
web/unsecure/base_url https://pontebuso.com/
web/secure/base_url https://pontebuso.com/
------------------nginx.conf--------------
user www-data;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
sendfile on;
autoindex off;
tcp_nopush on;
tcp_nodelay on;
types_hash_max_size 2048;
fastcgi_param HTTPS on;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
#include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_comp_level 2;
gzip_proxied any;
gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
include /etc/nginx/mime.types;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/default;
log_format main '$remote_addr - $remote_user [$time_local] "$request "'
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
map $scheme $fastcgi_https { ## Detect when HTTPS is used
default off;
https on;
}
------------------site------------------
server {
listen 80;
server_name pontebuso.com;
rewrite ^/(.*) https://pontebuso.com/$1 permanent;
}
server {
listen 443 ssl;
server_name pontebuso.com;
ssl on;
ssl_certificate /etc/nginx/ssl/pontebuso.com.chained.crt;
ssl_certificate_key /etc/nginx/ssl/pontebuso.key;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_prefer_server_ciphers on;
add_header Access-Control-Allow-Origin sub.pontebuso.com;
root /home/sites/pontebuso/;
autoindex off;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {
proxy_set_header X-Forwarded-Proto $scheme;
fastcgi_param HTTPS on;
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
access_log off;
#expires max;
}
## These locations would be hidden by .htaccess normally
location ^~ /app/ { deny all; }
location ^~ /includes/ { deny all; }
location ^~ /lib/ { deny all; }
location ^~ /media/downloadable/ { deny all; }
location ^~ /pkginfo/ { deny all; }
location ^~ /report/config.xml { deny all; }
location ^~ /var/ { deny all; }
location /var/export/ {
auth_basic "Restricted";
auth_basic_user_file htpasswd;
autoindex on;
}
location /. {
return 404;
}
location #handler {
rewrite / /index.php;
}
location ~ .php/ {
rewrite ^(.*.php)/ $1 last;
}
location ~ .php$ {
if (!-e $request_filename) { rewrite / /index.php last; }
expires off;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS $fastcgi_https;
fastcgi_param MAGE_RUN_CODE default;
fastcgi_param MAGE_RUN_TYPE store;
include fastcgi_params;
}
location ~ \.css {
add_header Content-Type text/css;
}
location ~ \.js {
add_header Content-Type application/x-javascript;
}
}
---------------------default--------------------
server {
listen 80;
server_name pontebuso.com;
add_header Access-Control-Allow-Origin sub.pontebuso.com;
root /home/sites/pontebuso/;
autoindex off;
location / {
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
access_log off;
expires max;
}
## These locations would be hidden by .htaccess normally
location ^~ /app/ { deny all; }
location ^~ /includes/ { deny all; }
location ^~ /lib/ { deny all; }
location ^~ /media/downloadable/ { deny all; }
location ^~ /pkginfo/ { deny all; }
location ^~ /report/config.xml { deny all; }
location ^~ /var/ { deny all; }
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location /var/export/ {
auth_basic "Restricted";
auth_basic_user_file htpasswd;
autoindex on;
}
location /. {
return 404;
}
location #handler {
rewrite / /index.php;
}
location ~ .php/ {
rewrite ^(.*.php)/ $1 last;
}
location ~ .php$ {
if (!-e $request_filename) { rewrite / /index.php last; }
expires off;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS $fastcgi_https;
fastcgi_param MAGE_RUN_CODE default;
fastcgi_param MAGE_RUN_TYPE store;
include fastcgi_params;
}
location ~ .php/ {
rewrite ^(.*.php)/ $1 last;
}
location ~ .php$ {
if (!-e $request_filename) { rewrite / /index.php last; }
expires off; ## Do not cache dynamic content
fastcgi_pass 127.0.0.1:9000;
fastcgi_param HTTPS $fastcgi_https;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param MAGE_RUN_CODE default;
fastcgi_param MAGE_RUN_TYPE store;
include fastcgi_params; ## See /etc/nginx/fastcgi_params
}
location ~ \.css {
add_header Content-Type text/css;
}
location ~ \.js {
add_header Content-Type application/x-javascript;
}
}
As i can see css is not loading appropriately with https. so please use https with only base secure url.
Related
I'm trying to configure the site to work with Nginx and Apache. When I try to reach the site, I get a 403 error.
In the file /etc/httpd/conf/httpd.conf I set the default port 8089 (since 8080 is already busy):
Listen 127.0.0.1:8089
Next, I create a config for Apache (/etc/httpd/conf.d/site.conf):
<VirtualHost 127.0.0.1:8089>
ServerName site.com
ServerAlias www.site.com
DocumentRoot "/usr/share/site/public"
ErrorLog /var/log/httpd/error.log
CustomLog /var/log/httpd/access.log combined
<Directory "/usr/share/site/public">
Require all granted
AllowOverride all
</Directory>
</VirtualHost>
Finally, I create a config for Nginx (/etc/nginx/conf.d/site.conf):
server {
listen 80;
server_name site.com www.site.com;
root /usr/share/site/public;
charset utf-8;
gzip on;
gzip_types
text/css
application/javascript
text/javascript
application/x-javascript
image/svg+xml
text/plain
text/xsd
text/xsl
text/xml
image/x-icon;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php {
proxy_pass http://localhost:8089;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~ /\.ht {
deny all;
}
}
What could be the problem?
Good Day!
try this original config by laravel ref link https://laravel.com/docs/7.x/deployment
server {
listen 80;
server_name site.com www.site.com;
root /usr/share/site/public;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.php;
charset utf-8;
gzip on;
gzip_types
text/css
application/javascript
text/javascript
application/x-javascript
image/svg+xml
text/plain
text/xsd
text/xsl
text/xml
image/x-icon;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
NOTE: fastcgi_pass u need to change php{version}-fpm.sock; based on your version
I want to access a laravel 5.5 api endpoint https://foo.bar.com/api/v1.0/foo/bar from another origin. Thus I need to allow cross origin requests. I've added the header to my nginx config. Yet my browser still complains about it not being present.
This is my nginx config:
server {
listen *:443 ssl;
server_name foo.bar.com ;
ssl on;
ssl_certificate /etc/nginx/nxv_bhxwewp1idzm.crt;
ssl_certificate_key /etc/nginx/nxv_bhxwewp1idzm.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "...";
ssl_prefer_server_ciphers on;
client_max_body_size 1m;
index index.html index.htm index.php;
access_log /var/log/nginx/ssl-nxv_bhxwewp1idzm.access.log;
error_log /var/log/nginx/ssl-nxv_bhxwewp1idzm.error.log;
root /var/www/share/foo.bar.com;
location ~ ^/index\.php(/|$) {
set $path_info $fastcgi_path_info;
root /var/www/share/foo.bar.com/public/;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
try_files $uri $uri/ /index.php$is_args$args;
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
add_header 'Access-Control-Allow-Origin' '*';
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location / {
root /var/www/share/foo.bar.com/public/;
try_files $uri $uri/ /index.php$is_args$args;
autoindex off;
index index.html index.php;
add_header 'Access-Control-Allow-Origin' '*';
}
sendfile off;
}
I already took the info from the link #DigitalDrifter has posted. But it seems just adding the Access-Control-Allow-Origin isn't enough to get it to work. Although I don't care about access methods and such.
So this got the deal working:
server {
listen *:443 ssl;
server_name foo.bar.com ;
ssl on;
ssl_certificate /etc/nginx/nxv_bhxwewp1idzm.crt;
ssl_certificate_key /etc/nginx/nxv_bhxwewp1idzm.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "...";
ssl_prefer_server_ciphers on;
client_max_body_size 1m;
index index.html index.htm index.php;
access_log /var/log/nginx/ssl-nxv_bhxwewp1idzm.access.log;
error_log /var/log/nginx/ssl-nxv_bhxwewp1idzm.error.log;
root /var/www/share/foo.bar.com;
location ~ ^/index\.php(/|$) {
set $path_info $fastcgi_path_info;
root /var/www/share/foo.bar.com/public/;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
try_files $uri $uri/ /index.php$is_args$args;
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'X-Frame-Options' 'ALLOW-FROM *';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location / {
root /var/www/share/foo.bar.com/public/;
try_files $uri $uri/ /index.php$is_args$args;
autoindex off;
index index.html index.php;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'X-Frame-Options' 'ALLOW-FROM *';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
sendfile off;
}
add both lines into below file
/etc/nginx/sites-available/yours_conf_file
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Headers' 'Content-Type';
and restart nginx server
sudo systemctl restart nginx
On my local machine doesn't work nginx config from official laravel documentation
server {
listen 80;
server_name example.com;
root /example.com/public;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
But it worked with changes in a few lines
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
changed to
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
and everything works fine. Can anyone explane me the difference in that piece of code and is it unsecure ?
Only reasonable diff I see inclusion of files: snippets/fastcgi-php.conf and fastcgi_params
You issue could be fixed simply by adding:
fastcgi_param SCRIPT_FILENAME $request_filename;
to /etc/nginx/fastcgi_params file.
In old versions of nginx that line existed.
But from 1.10.x it was removed and become reason of blank screen.
i have a nginx webserver and i want to run multiple laravel projects on it
first project is working fine but second project only opens home and home page address is
example.com/secondproject/
but when i want to open
example.com/secondproject/foo
nginx would skip /secondproject alias and looks for requested route in first project (root of server in nginx config)
this is my config
server {
listen 80;
server_name example.com;
rewrite_log on;
location / {
root /path/to/first-project/public;
index index.php index.html index.htm;
try_files $uri $uri/ $uri/index.php /index.php;
location ~ \.php$ {
fastcgi_pass unix:/run/php-fpm/www.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
}
}
location /secondproject {
alias /path/to/second-project/public;
index index.php;
location /secondproject {
try_files $uri $uri/ $uri/index.php /index.php;
}
location ~ \.php$ {
fastcgi_pass unix:/run/php-fpm/www.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
}
}
}
and when i replace
root /path/to/second-project/public;
instead of
alias /path/to/second-project/public;
nginx shows 403!
try like this:
server {
listen 80;
server_name example.com www.example.com;
location / {
root /path/to/first-project/public;
index index.php index.html index.htm;
try_files $uri $uri/ $uri/index.php /index.php;
location ~ \.php$ {
fastcgi_pass unix:/run/php-fpm/www.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
}
}
# ------- second
location /secondproject {
root /path/to/second-project/public;
index index.php index.html index.htm;
try_files $uri $uri/ $uri/index.php /index.php;
location ~ \.php$ {
fastcgi_pass unix:/run/php-fpm/www.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
}
}
}
The config of nginx is as follows:
server {
listen 80;
server_name www.example.com;
root /home/wwwroot/example.com;
index index.php index.html index.htm;
location / {
index index.php index.html index.htm;
}
location ~ \.php($|/) {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
if (!-e $request_filename) {
rewrite ^/(.*)$ /index.php/$1 last;
break;
}
location ~ /\.ht {
deny all;
}
}
please give me some advice, thank you~
I finally make it right myself.
server {
listen 80;
server_name example.com;
root /home/wwwroot/example.com;
index index.php index.html index.htm;
location / {
root /home/wwwroot/example.com;
index index.php index.html index.htm;
if (!-e $request_filename) {
rewrite ^/(.*)$ /index.php/$1 last;
break;
}
}
location ~ \.php($|/) {
fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
please add the following line to Nginx configuration file /etc/nginx/nginx.conf
http {
...
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
...
}
reference
I was also getting this error on Codeigniter + nginx but i have solved it by changing my code.
The problem is with the session. In the Session i was saving the stdClass object. When i change the value or retrieve the value from session it gives me 502 bad gateway. So i change the session value to Associative Array and then my problem is solved. I think session storage value get exceed this is why the server give the error 502 bad gateway.
You don't have a root in location / (this might be OK)
You haven't stated whether or not you are trying to remove index.php from the url (if you are trying to visit a URL without index.php and without the rewrite, this may lead to the 502)
You are missing some suggested params
Here is an nginx config I have running and working with CI (CentOS 6). It removes index.php from the URL. It's also SSL but you can just take that junk out if you don't need. It should at least point you in the right direction.
server {
listen 80;
server_name _;
access_log /var/www/https/logs/access.log;
error_log /var/www/https/logs/error.log;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 default_server ssl;
server_name *.example.com;
ssl on;
ssl_certificate /var/www/ssl/wildcard.example.com.chained.crt;
ssl_certificate_key /var/www/ssl/wildcard.example.com.key;
ssl_verify_depth 3;
access_log /var/www/https/logs/ssl/access.log;
error_log /var/www/https/logs/ssl/error.log;
#http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html
if ($request_uri ~ " ") {
return 444;
}
location / {
root /var/www/https/;
# file doesn't exist, let CI handle it
if (!-f $request_filename) {
rewrite ^(.*) /index.php?$1 last;
}
}
location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico)$ {
root /var/www/https/;
access_log on;
expires 30d;
}
location ~ \.php$ {
include fastcgi.conf;#/etc/nginx/fastcgi.conf
fastcgi_param SCRIPT_FILENAME /var/www/https$fastcgi_script_name;
}
}
/etc/nginx/conf.d/fastcgi.conf:
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;