nginx, Magento & Cloudfront - magento

I have inherited a website that is running Magento & nginx. I know virtually nothing about nginx and know a fair amount about Magento. The site is configured to use the Amazon Cloudfront CDN however all of the images, js & css are returning a 301 redirect to the origin site. I have a development site running Apache with the same Magento, MySQL & Cloudfront setup that is functioning correctly with this setup so I am pretty sure it is a problem with the config file for nginx. There have been some rewrites written in to the file and my assumption is that when the request for an asset at skin.mydomain.com is made it is redirecting to www.mydomain.com instead of serving the file from the CDN. I have CNAME records setup for js.mydomain.com, skin.mydomain.com and cloud.mydomain.com that all point to the same Cloudfront CDN. Here is the portion of the nginx config file that would seem to be applicable:
server {
listen 80;
##127.0.0.1:8080
server_name mydomain.com;
rewrite / $scheme://www.$host$request_uri permanent; ## Forcibly prepend a www
}
server {
listen 80;
##127.0.0.1:8080 default
## SSL directives might go here
listen 443 default ssl;
ssl_certificate /etc/nginx/
ssl_certificate_key /etc/nginx/
server_name www.mydomain.com;
## *.mydomain.com; Domain is here twice so server_name_in_redirect will favour the www
root /var/www/magento;
location / {
index index.html index.php; ## Allow a static html file to be shown first
try_files $uri $uri/ #handler; ## If missing pass the URI to Magento's front handler
expires 30d;
if ($request_uri ~* "\.(ico|css|js|gif|jpe?g|png)$") {
access_log off;
expires max;
}
port_in_redirect off;
}
Any help would be appreciated as I have been working on this pretty much all day and would like to stop working on it at some point.
Thanks!

It appears the first server directive is forcing a rewrite of the www.
server {
. . .
rewrite / $scheme://www.$host$request_uri permanent; ## Forcibly prepend a www
. . .
}

Related

Nginx Server Configuration: Hostname not resolving on Subdomain

thank you in advance for your support.
I set up an Ubuntu Server with Nginx as a Digitalocean Droplet and am using the server provisioning tool Laravel Forge, which works fine. I successfully installed the PHP Framework Laravel and deployed the code on the server. I ssh into the server and checked the files in the supposed directory. The code is successfully deployed.
Next I own a domain, and created an A record for the following subdomain: app.mywebsite.de, that points to that server. I followed the digitalocean instructions and I waited the required time. Using a DNS Lookup tool, I confirmed that the subdomain actually points to the server.
Screenshot of DNS Lookup
Yet, when I use the subdomain in my browser, the browser doesn't connect to the server. I get the following error message in the browser:
Screenshot of Browser when connecting to server
It seems like the subdomain is correctly pointed to the server, but the server isn't rightly configured. I tried to check the nginx configuration and under sites-avaialble I have the following configuration for the subdomain:
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/app.mywebsite.de/before/*;
server {
listen 80;
listen [::]:80;
server_name app.mywebsite.de;
server_tokens off;
root /home/forge/app.mywebsite.de/public;
# FORGE SSL (DO NOT REMOVE!)
# ssl_certificate;
# ssl_certificate_key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS_AES_256_GCM_SHA384:TLS-AES-256-GCM-SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/app.mywebsite.de/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/app.mywebsite.de-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php8.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/app.mywebsite.de/after/*;
In forge-conf/app.website.de/before/*; is only one file redirect.conf with the following code:
server {
listen 80;
listen [::]:80;
server_name www.app.website.de;
if ($http_x_forwarded_proto = 'https') {
return 301 https://app.website.de$request_uri;
}
return 301 $scheme://app.website.de$request_uri;
}
There are no other sites on the server. So there is only the 000-catch-all file in the sites available directory of the nginx configuration folder.
Unfortunately I reached my limit of understanding here and I would love if somebody could point me into the right direction to find out, which part of nginx is not configured corectly.
P.S.
Some additional info:
Yes I restarted Nginx and the whole server multiple times.
Turns out, everything was configured correctly. I didn't change anything, except that I added some additional sites on the nginx server. Forge probably updated the server blocks, which resolved the problem.

Deployment of Laravel project on Debian 9 using nginx

I try to deploy my Laravel project from localhost to Debian server using nginx. First of all, i followed this tutorial LINK. Ended at the end of 5. chapter. I did not get any errors. Also I successfully connect Laravel project with server DB. I use Laravel version 6, so when i was modifying newly created config file on /etc/nginx/sites-available/myFile I used laravel's deployment tutorial LINK. As my server does not have any domain, I've got only IP available. Screenshot of my config file:
Config file
When I try to open server page using IP, i got error "This page isn't working". It's because i deleted nginx's default file from sites-enabled. Before, i deleted the default file, i got only default home page of nginx.
I tried to change server_name like server_name _;, server_name "";, server_name IP. After all changes i restarted nginx server.
Any help how to run my Laravel project please? Thank you!!
EDIT: route to project: /var/www/html/OciNaCeste/BP_final
Please use the following configuration
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name localhost;
root /var/www/html/OciNaCeste/BP_final/public;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
Then restart nginx

Multiple websites with one IP: settings with proxy server and proxy cache (flask, uwsgi, nginx)

I want to allow my nginx server to server multiple subdomains.
Each site is served by a flask + uwsgi, listening to own ports.
All sites have many endpoints with same name, and responses are cached in different zones: I want to serve the correct cache (or correct site) from the proxy server.
I read https://askubuntu.com/questions/766352/multiple-websites-on-nginx-one-ip : in my configuration I keep having domain2 redirected to domain1.
I cannot find proper configuration for listening to uwsgi and have the proxy server serve the correct site.
How to properly set the ports and proxy_cache on the proxy_server to allow nginx serve two flask sites from a single server?
Below is my set current setup:
configuration domain_1
server {
server_name www.domain1.com;
return 301 $scheme://domain1.com$request_uri;
}
server {
listen 8000 default_server;
server_name domain1.com;
root /var/www/example_site_1;
# common locations for all sites
location / {
include uwsgi_params;
uwsgi_pass unix:/var/www/example_site_1/domain1.sock;
}
# API
location /api {
include uwsgi_params;
uwsgi_param UWSGI_SCRIPT wsgi;
uwsgi_pass unix:/var/www/example_site_1/domain1.sock;
}
}
# Set cache directory for site
proxy_cache_path /tmp/nginx/domain1 levels=1:2 keys_zone=my_zone_domain_1:10m max_size=50m inactive=60m;
proxy_cache_key "$scheme$request_method$host$request_uri";
# Virtualhost/server configuration
server {
listen 80 default_server;
server_name domain1;
root /var/www/domain1;
## how to serve proxy_cache if locations of domain_1 and domain_2 are the same ?
location / {
proxy_cache my_zone_domain_1;
add_header X-Proxy-Cache $upstream_cache_status;
include proxy_params;
proxy_pass http://domain1.com:8000;
}
location /api {
add_header X-Proxy-Cache $upstream_cache_status;
proxy_cache my_zone_domain_1;
proxy_pass http://domain1.com:8000/api;
}
}
configuration domain_2
server {
server_name www.domain2.com;
return 301 $scheme://domain2.com$request_uri;
}
server {
listen 3000;
server_name domain2.com;
root /var/www/example_site_2;
# common locations for all sites
location / {
include uwsgi_params;
uwsgi_pass unix:/var/www/example_site_2/domain2.sock;
}
# API
location /api {
include uwsgi_params;
uwsgi_param UWSGI_SCRIPT wsgi;
uwsgi_pass unix:/var/www/example_site_2/domain2.sock;
}
}
# Set cache directory for site
proxy_cache_path /tmp/nginx/domain2 levels=1:2 keys_zone=my_zone_domain_2:10m max_size=50m inactive=60m;
proxy_cache_key "$scheme$request_method$host$request_uri";
# Virtualhost/server configuration
server {
# I tried listening on other ports than 80, but kept having redirects on domain_1
listen 80;
server_name domain2;
root /var/www/domain2;
## how to serve proxy_cache if locations of domain_1 and domain_2 are the same ?
location / {
proxy_cache my_zone_domain_2;
add_header X-Proxy-Cache $upstream_cache_status;
include proxy_params;
proxy_pass http://domain2.com:3000;
}
location /api {
add_header X-Proxy-Cache $upstream_cache_status;
proxy_cache my_zone_domain_2;
proxy_pass http://domain2.com:3000/api;
}
}
Your domain_2 configuration uses proxy_pass http://domain2.com:8000 but there is only domain_1 server listens on the port 8000 so it gets to serve requests directed to domain_2.
I also recommend you to rethink usage of proxy_pass in your configuration, it isn't really necessary.
I found the culprit was Uwsgi : it was loaded from usr/bin folder, and not from virtual environment folder of my app.
Maybe virtualenv folder was corrupted: when I tried to re-install uwsgi (pip install uwsgi), it kept saying requirements satisfied until I noticed that which uwsgi was not loaded from virtualenv.
I had to remove and reinstall virtualenv folder with uwsgi and python modules.
Now applications were running (answer to the question), but proxy_server configuration has to be further adjusted in my case.
The following may be useful for people making use of url_for() directives in flask: url_for() directive routes to an absolute path, which may conflict with the nginx proxy.
Example: nginx proxy server listens on domains2.com on port 80, proxy_pass /path location to http://domain2.com:3000; if flask is redirecting a route to /path (with url_for()), the resulting url will be http://domain2.com:3000/path (because it follows the port specified in absolute path) instead of http://domain2.com/path (the url of the proxy).
Add proxy_set_header Host $http_host; to /path location to allow nginx proxy follow the correct redirect of your flask application.

#spinner{} element fails two worker when Nginx is the reverse proxy in front of Nitrogen

I have running my Nitrogen driven application directly however because i want to use Nginx load-balancing magic i found out that the progress notifier of Nitrogen, the Spinner is not showing at all. I followed the example as at Nitrogen configuration options - bottom of the page. The example code snippet at the link is shown below.
# My config for a site that I only want serving SSL content.
server {
listen 80;
server_name www.mysite.com, mysite.com;
access_log /var/log/nginx/mysite.com.access.log;
# rewrite all requests to be SSL
rewrite ^(.*) https://$host$1 permanent;
}
server {
listen 443;
server_name mysite.com www.mysite.com
access_log /var/log/nginx/mysite.ssl.access.log;
ssl on;
ssl_certificate ssl/mysite/mysite.com.crt;
ssl_certificate_key ssl/mysite/mysite.com.key;
ssl_client_certificate ssl/mysite/ca.crt;
location / {
# This installation is running on port 8021, as you can plainly see.
proxy_pass http://127.0.0.1:8000;
}
}
Without Nginx the spinner works fine. I am using Nitrogen over Yaws of release as stated in the RELEASE file [{release,"nitrogen","2.3.0-beta5","5.10.3",[...,...,...,...],permanent}]. I do not what I am not doing right.

nginx config files redirecting to subfolder

I'm currently trying to deploy a website in two directories. Despite the lot of documentations on it, I was not able to obtain the behavior that I wish. This is the architecture of the websites :
The main website page is stored in /opt/www/mainsite/index.html
The second webiste (working with CodeIgniter) is stored in /opt/www/apps/myapp/index.php
I wish configure nginx to obtain this behavior :
All requests in http must be redirect to https
www.mydomain.com must point to /opt/www/mainsite/index.html
www.mydomain.com/myapp must point to /opt/www/apps/myapp/index.php
currently, my config file contains :
# redirect http to https
server {
listen 80;
rewrite ^(.*) https://$host$1 permanent;
}
# main webiste
server {
listen 443;
# ssl elements...
root /opt/www/mainsite;
index index.html;
server_name www.mydomain.com;
location / {
try_files $uri $uri/ /index.html;
}
}
On this page I found all the informations to set the config file for CodeIgniter. But I don't know how to create the rules to point mydomain.com/myapp on the CodeIgniter folder and how to configure CodeIgniter in order to set the right configuration.
Is anybody can help me?
thanks in advance
You need http://wiki.nginx.org/HttpFastcgiModule to setup CodeIgniter.
Using 2 server blocks is better than using if block for redirect. See IF is Evil.
Don't use $host because that variable value is obtained from the request's HOST header, and can be easily faked. Always set a server_name directive and use that name instead.
Using "return 301" directive is better than a rewrite. Saving cpu time (regex is slow) and easy to follow. Note that a 302 redirect (rewrite...redirect) has side effect because 302 will turn all POST requests to GET requests, which is not good in your case.
You don't need try_files in the main site because the main site just serves static files. But you can use 'expires' directive to allow browser to cache the static files.
server {
listen 80;
server_name www.mydomain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443;
server_name www.mydomain.com;
# ssl elements...
location / {
root /opt/www/mainsite;
index index.html;
expires max;
}
location /myapp {
root /opt/www/apps/myapp;
# fastcgi module goes here...
}
}
server {
listen 80;
listen 443 ssl;
…
if ($scheme != "https") {
rewrite ^ https://$server_name$request_uri? redirect;
}
root /opt/www/mainsite/;
location /myapp {
root /opt/www/apps/myapp/;
}
}
You'd put whatever configuration that is necessary for your myapp within the location for myapp.
BTW, it is generally a bad idea to host multiple independent apps within a single Host, because of XSS concerns.

Resources