Firefox is the only browser I am having issues with. I have found similar issues, but no solutions seem to work.
When I visit http://example.com nginx rewrites it as http://www.example.com.
I did this because the site used ssl sitewide, where now that has remains on the initial server using a subdomain, so is https://subdomain.example.com. Search engines, old bookmarks, and other old links attempted to take the user to https://example.com.
In all Browsers this works like a charm, except in firefox.
The Problem: Firefox takes the users request of http://example.com and forwards them to https://subdomain.example.com.
And then from the search engine link that reads https://example.com, an SSL error is raised because it's trying to read subomain.example's.
I'm getting confused and now it's 430 in the morning. Does someone have any clues here?
Here's my nginx conf:
upstream thin_server {
server 0.0.0.0:8080 fail_timeout=0;
}
server {
listen 80 default;
listen 443 ssl;
ssl off;
root /home/example/public;
server_name example.com www.example.com;
ssl_certificate /etc/nginx/ssl/www.example.com.chained.crt;
ssl_certificate_key /etc/nginx/ssl/example.key;
index index.htm index.html;
if ($host = 'example.com') {
rewrite ^/(.*)$ http://www.example.com/$1;
}
location / {
try_files $uri/index.html $uri.html $uri #app;
}
location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|mp3|flv|mpeg|avi)$ {
try_files $uri #app;
}
location #app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://thin_server;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}
UPDATE Just started working randomly a couple of days later
I had the a similar issue, Chrome was working fine, IE and firefox did not working with the http to https redirect.
I was searching for a day, build various configurations but nothing helped.
By accident I checked my firewall (ufw status) and realized that port 80 was not open, only 443.
After allowing port 80 it worked.
Here is my nginx config which is working ( I know it is not optimized )
# Redirect http to https
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name domain.tl www.domain.tl *.domain.tl;
return 301 https://www.domain.tl$request_uri;
}
#HTTPS config for SSL with certificate
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name www.domain.tl www.domain.tl;
#Limited Cipers to avoid MD5 etc attacks
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
#Limit to TLSv1.2 for security
ssl_protocols TLSv1.2;
#Chained certificate to make sure the intermediate is in
ssl_certificate /etc/nginx/ssl/certificate.chain.crt;
ssl_certificate_key /etc/nginx/ssl/certificat_key.key;
#PHP, Wordpress etc config
root /var/www/html;
index index.php index.html index.htm;
# unless the request is for a valid file, send to bootstrap
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
#try_files $uri $uri/ =404;
#Rewrite rule fuer Wordpress
try_files $uri $uri/ /index.php?$args;
}
# PHP7 specific
location ~ \.php$ {
try_files $uri =404;
#fastcgi_pass 127.0.0.1:9000;
# With php5-fpm:
#fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# OLD CONFIG for php5
# location ~ \.php$ {
# try_files $uri =404;
# fastcgi_split_path_info ^(.+\.php)(/.+)$;
# fastcgi_pass unix:/var/run/php5-fpm.sock;
# fastcgi_index index.php;
# include fastcgi_params;
#}
}
Related
I´ve been searching a lot and found a lot of answers but unfortunately non of the answers is working, my scenario is below:
In my project folder i have laradock and laravel folders. In the .env(inside laradock) i have:
NGINX_HOST_HTTP_PORT=8080
and this is because my 80 is ocuppied. and inside the nginx folder, in the default.conf i have:(note that the code below is pratically the default, i have putted here many things but it didn´t work)
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
# For https
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server ipv6only=on;
# ssl_certificate /etc/nginx/ssl/default.crt;
# ssl_certificate_key /etc/nginx/ssl/default.key;
server_name mam1.test;
root /var/www/laravelProject/public;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_pass php-upstream;
fastcgi_index index.php;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fixes timeouts
fastcgi_read_timeout 600;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
location /.well-known/acme-challenge/ {
root /var/www/letsencrypt/;
log_not_found off;
}
}
Meanwhile i have to edit the hosts file on my mac and put: 127.0.0.1 laravelProject. If i acess laravelProject on my url it shows a message saying, it works which is not what i want, bu if i access with laravelProject:8080 it works great!. but how do i remove the port? i have tried many things, the last one was this but if it keeps NOT redirecting to the correct url.
How do i do this?
Regards
I deployed my Laravel-5.8 project to DigitalOcean and it works fine as:
http://laravelproject.net
But since I am using Azure AD and Socialite. Azure AD does not allow http but https
/etc/nginx/sites-available/default
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html/laravelproject;
# Add index.php to the list if you are using PHP
# index index.php index.html index.htm;
# index index.php index.html index.htm index.nginx-debian.html;
server_name laravelproject.net;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.php$is_args$args;
# try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
I also have:
/etc/nginx/sites-available/default
server {
listen 80;
listen [::]:80;
server_name laravelproject.net;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name laravelproject.net;
root /var/www/html/peopleedge;
ssl_certificate /etc/letsencrypt/live/laravelproject.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/laravelproject.net/privkey.pem;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.php index.html index.htm index.nginx-debian.html;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location ~ /.well-known {
allow all;
}
}
When I tried to run the project I got this error:
Laravel 403 Forbidden nginx/1.14.0 (Ubuntu)
How do I resolve it please?
Thank you.
I know its late already but for any other person who may need it,below code config helps me resolve the isssue
`server {
listen 80;
server_name yourip or domain;
root /var/www/html/public;
index index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
`
also remember to reload nginx with ` sudo systemctl reload nginx
`
I have read this tutorial to set up SSL for my laravel site. I did not read everything (oops), and did not delete the "default" site. I have generated CSR from default site (but with example.com for domain). Now I have my certificate and i have installed it through laravel forge, but it does not work:
cannot connect to https://example.com (browser / curl)
http://example.com does not redirect to https
Nothing in /var/log/nginx/default-error.log
I restarted nginx
Here is my /etc/nginx/sites-available/default file content :
server {
listen 80;
#server_name default;
server_name example.com www.example.com;
#return 301 default$request_uri;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
#server_name default;
server_name example.com www.example.com;
root /home/forge/default/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/default/XXXXX/server.crt;
ssl_certificate_key /etc/nginx/ssl/default/XXXXX/server.key;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/default-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
What can I do to make it work ?
Ok, it was a certificate problem. I tried nginx -t and there was an error, now I restarted all the process and everything is alright now.
I have set up a Laravel app at Digitalocean (nginx).
It works fine when I go to site.com but when I go to www.site.com it won't load.
My question is how should I set up the DNS record at Digitalocean and how should i set the /etc/nginx/sites-available/default file:
www.site.com/path should redirect to site.com/path.
all the subdomain should refer to the main app site.
media.site.com should refer to other directory.
Thank you!
This is the file now:
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /var/www/hzofe/public;
index index.php index.html index.htm;
server_name localhost;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 80;
listen [::]:80 ipv6only=on;
server_name media.site.com;
....
}
server {
listen 80;
listen [::]:80 ipv6only=on;
server_name *.site.com;
....
}
Have you tries adding a cname record for DNS redirect?
Also, if you are using https you can make one cert for the alias domain and your regular with lets-encrypt.
This is a nodejs tutorial but it may help...
https://code.lengstorf.com/deploy-nodejs-ssl-digitalocean/#install-nginx
I have installed varnish on nginx. I have some really big problems.
my default.vcl is:
backend default {
.host = "127.0.0.1";
.port = "81";
}
my website virtual server is:
server {
listen 80;
root /var/www/site.com.ro/public_html;
index index.php index.html index.htm;
# Make site accessible from http://localhost/
server_name www.site.com.ro;
access_log /var/www/site.com.ro/logs/log.access;
error_log /var/www/site.com.ro/logs/log.error error;
location / {
index index.php;
try_files $uri $uri/ #handler;
}
location #handler {
rewrite / /index.php;
}
location /blog {
alias /var/www/site.com.ro/public_html_blog/;
index index.php index.html index.htm;
try_files $uri $uri/ /blog/index.php;
}
location ~ ^/blog(.+\.php)$ { ### This location block was the solution
alias /var/www/site.com.ro/public_html_blog/$1;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_read_timeout 300;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location /doc/ {
alias /usr/share/doc/;
autoindex on;
allow 127.0.0.1;
allow ::1;
deny all;
}
# Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests
#location /RequestDenied {
# proxy_pass http://127.0.0.1:8080;
#}
error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/www;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
if (!-e $request_filename) {
rewrite / /index.php last;
}
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_read_timeout 300;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
server {
listen 80;
# Make site accessible from http://localhost/
server_name site.com.ro;
rewrite ^(.*) http://www.site.com.ro$1 permanent;
}
and the varnish file is:
DAEMON_OPTS="-a :80 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-S /etc/varnish/secret \
-s malloc,256m"
when I try to change the listen port for the website to 81 I get a 500 error...
can anyone help me? I don't know what I did wrong.
Varnish is configured to listen to port 80, and connect to localhost:81. nginx is configured to listen to port 80. You didn't mention the intended flow, but I'm taking a wild shot and guessing:
client -> varnish:80 -> nginx:81.
Do you spot the problem now?
Hint:
server {
listen 80;
Oh, and make sure you have a real similar setup in a test machine (virtualbox - or something) that you use when you dabble with settings you're not familiar with. That will give you time to understand why something is not working, and will gain you invaluable experience so you don't have to mess up the production site(s).