I've configured Nginx as you can see:
server {
listen 443 ssl;
ssl on;
ssl_certificate /etc/nginx/ssl/bundle.crt;
ssl_certificate_key /etc/nginx/ssl/privateKey.key;
location /webmin/ {
proxy_pass http://127.0.0.1:10000;
}
server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/bundle.crt;
ssl_certificate_key /etc/nginx/ssl/privateKey.key;
server_name localjob.it;
access_log off;
location / {
alias /webapps/sitoweb/;
}
Now if I go on mysite.com the page is loaded with the CSS, but if I add:
location ~* \.(css|js|gif|jpe?g|png)$ {
expires 168h;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
Now if I go on mysite.com the page can't load CSS.
I can't understand the reason!!
Nginx locations exclusive so your alias inslide root location doesn't applies to another locations. Also it's a bit misuse, just use root directive in server block.
server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/bundle.crt;
ssl_certificate_key /etc/nginx/ssl/privateKey.key;
server_name localjob.it;
access_log off;
root /webapps/sitoweb;
location ~* \.(css|js|gif|jpe?g|png)$ {
expires 168h;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
}
Related
I have a multi-tenancy app hosted on DO. Users are able to create subdomains and also set their preferred custom domain. Need help in setting up the right Nginx config, here is the current one:
Requirements:
1- User setup for their required subdomain on app's domain (with SSL) - WORKING
2- User setup for their own custom domain - for this I have set up an A record to the server IP and below is the Nginx config - NOT WORKING
3- User custom domain is loaded with SSL - need help on how to structure this? Would an A record suffice?
#FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/wiki.pk/before/*;
server {
listen 80;
listen [::]:80;
server_name .one.com "";
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name .one.com "";
#server_name ~.;
#server_name _;
#server_name ~^(?.*)$;
server_tokens off;
root /home/forge/one.com/public;
#FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/one.com/1233982/server.crt;
ssl_certificate_key /etc/nginx/ssl/one.com/1233982/server.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
#FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/one.com/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/one.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php8.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
#FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/one.com/after/*;
Would appreciate all the help.
Below URLs and their header status code. Please note that redirection is happening. But in some cases I see 301 in header and some cases I am not able to see.
https://www.oldsite.com -> 301 found in header
https://oldsite.com -> 301 found in header
http://www.oldsite.com -> No 301 found in header
http://oldsite.com -> No 301 found in header
https://www.newsite.com - Target site
https://newsite.com -> 302 found in header
http://www.newsite.com -> No 301 found in header
http://newsite.com -> No 301 found in header
I have four configuration stated below. Is there anything wrong with any of these configurations. Please note that this is a magento site.
oldsite.com.nginx.conf
server {
listen ipaddress:80;
server_name oldsite.com www.oldsite.com;
root /home/oldsite/web/oldsite.com/public_html;
index index.php index.html index.htm;
location / {
return 301 https://www.newsite.com$request_uri;
}
include /home/oldsite/conf/web/nginx.oldsite.com.conf*;
}
oldsite.com.nginx.ssl.conf
server {
listen ipaddress:443;
server_name oldsite.com www.oldsite.com;
root /home/oldsite/web/oldsite.com/public_html;
index index.php index.html index.htm;
ssl on;
ssl_certificate /home/oldsite/conf/web/ssl.oldsite.com.pem;
ssl_certificate_key /home/oldsite/conf/web/ssl.oldsite.com.key;
location / {
return 301 https://www.newsite.com$request_uri;
}
newsite.com.nginx.conf
server {
listen ipaddress:80;
return 301 https://www.newsite.com$request_uri;
server_name newsite.com www.newsite.com;
root /home/newsite/web/newsite.com/public_html/pub;
index index.php;
autoindex off;
charset UTF-8;
error_page 404 403 = /errors/404.php;
add_header "X-UA-Compatible" "IE=Edge";
}
newsite.com.nginx.ssl.conf
server {
listen ipaddress:443 http2;
server_name newsite.com www.newsite.com;
root /home/newsite/web/newsite.com/public_html/pub;
index index.php;
autoindex off;
charset UTF-8;
error_page 404 403 = /errors/404.php;
add_header "X-UA-Compatible" "IE=Edge";
ssl on;
ssl_certificate /home/newsite/conf/web/ssl.newsite.com.pem;
ssl_certificate_key /home/newsite/conf/web/ssl.newsite.com.key;
}
To handle example.com and www.example.com differently, you should split your existing server block into two, and place the desired return statement into one of them.
For example:
server {
listen 443 ssl http2;
server_name example.com;
ssl_certificate /home/newsite/conf/web/ssl.newsite.com.pem;
ssl_certificate_key /home/newsite/conf/web/ssl.newsite.com.key;
return 301 https://www.newsite.com$request_uri;
}
server {
listen 443 ssl http2;
server_name www.example.com;
ssl_certificate /home/newsite/conf/web/ssl.newsite.com.pem;
ssl_certificate_key /home/newsite/conf/web/ssl.newsite.com.key;
root /home/newsite/web/newsite.com/public_html/pub;
index index.php;
autoindex off;
charset UTF-8;
error_page 404 403 = /errors/404.php;
add_header "X-UA-Compatible" "IE=Edge";
...
...
...
}
I've looked on Stack Overflow but every time I find a piece of code that people say would work, it unfortunately doesn't work for me.
I'm using Laravel on Forge and trying to redirect non www & non ssl to ssl+www.
It works. However, it does not redirect https://example.com. It redirects all other's: example.com or www.example.com or http://example.com or http://www.example to https://www.example.com except the one mentioned above.
I have no idea why this is happening.
Here's my Nginx file:
server {
listen 80;
server_name example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 80;
server_name xxx.xxx.xxx.xxx;
return 301 $scheme://example.com$request_uri;
}
server {
listen 443 ssl;
server_name example.com;
root /home/forge/example.com/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/example.com/21671/server.crt;
ssl_certificate_key /etc/nginx/ssl/example.com/21671/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/example.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
#cache:
location ~* \.(css|js|gif|jpe?g|png)$ {
expires 168h;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
}
Because your first two servers only listen to the post 80 (non ssl).
Change them like this:
server {
listen 80;
server_name example.com www.example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/example.com/21671/server.crt;
ssl_certificate_key /etc/nginx/ssl/example.com/21671/server.key;
server_name example.com;
return 301 https://www.example.com$request_uri;
}
Trying to get nginx to cache static assets, but getting a 404 on everything. If I take out the cache block it works fine, but obviously it's not caching. How can I set this up so that things will get cached by nginx?
server {
listen 80;
return 301 https://$host$request_uri;
}
upstream backends {
server 127.0.0.1:8443;
#server 192.168.100.101:80;
}
server {
listen 443 ssl; # 'ssl' parameter tells NGINX to decrypt the traffic
server_name example.com;
ssl_certificate /etc/nginx/ssl/nginx.crt; # The certificate file
ssl_certificate_key /etc/nginx/ssl/nginx.key; # The private key file
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
location / {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_pass http://backends;
}
location ~* \.(css|js|gif|jpe?g|png)$ {
expires 168h;
}
}
nginx chooses one location block to process a request. You need to replicate or inherit common functionality. For example:
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
location / {
proxy_pass http://backends;
}
location ~* \.(css|js|gif|jpe?g|png)$ {
expires 168h;
proxy_pass http://backends;
}
Replicating complex configurations is best done with a separate file by using the include directive.
I have a Rails app up and running on my server and now I'd like to add another one.
I want Nginx to check what the request is for and split traffic based on domain name
Both sites have their own nginx.conf symlinked into sites-enabled, but I get an error starting nginx Starting nginx: nginx: [emerg] duplicate listen options for 0.0.0.0:80 in /etc/nginx/sites-enabled/bubbles:6
They are both listening on 80 but for different things.
Site #1
upstream blog_unicorn {
server unix:/tmp/unicorn.blog.sock fail_timeout=0;
}
server {
listen 80 default deferred;
server_name walrus.com www.walrus.com;
root /home/deployer/apps/blog/current/public;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri #blog_unicorn;
location #blog_unicorn {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://blog_unicorn;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}
Site two:
upstream bubbles_unicorn {
server unix:/tmp/unicorn.bubbles.sock fail_timeout=0;
}
server {
listen 80 default deferred;
server_name bubbles.com www.bubbles.com;
root /home/deployer/apps/bubbles/current/public;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri #bubbles_unicorn;
location #bubbles_unicorn {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://bubbles_unicorn;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}
The documentation says:
The default_server parameter, if present, will cause the server to become the default server for the specified address:port pair.
It's also obvious, there can be only one default server.
And it is also says:
A listen directive can have several additional parameters specific to socket-related system calls. They can be specified in any listen directive, but only once for the given address:port pair.
So, you should remove default and deferred from one of the listen 80 directives. And same applies to ipv6only=on directive as well.
Just hit this same issue, but the duplicate default_server directive was not the only cause of this message.
You can only use the backlog parameter on one of the server_name directives.
Example
site 1:
server {
listen 80 default_server backlog=2048;
server_name www.example.com;
location / {
proxy_pass http://www_server;
}
site 2:
server {
listen 80; ## NOT NOT DUPLICATE THESE SETTINGS 'default_server backlog=2048;'
server_name blogs.example.com;
location / {
proxy_pass http://blog_server;
}
I was having the same issue. I fixed it by modifying my /etc/nginx/sites-available/example2.com file. I changed the server block to
server {
listen 443 ssl; # modified: was listen 80;
listen [::]:443; #modified: was listen [::]:80;
. . .
}
And in /etc/nginx/sites-available/example1.com I commented out listen 80 and listen [::]:80 because the server block had already been configured for 443.