Nginx serving non-secure resources on https domain - magento

I'm having some issues setting up a server with an SSL certificate. I was able to install the certificate just fine and restarted the nginx service. However, when I attempt to load my website, I see that all img, css and js files are being retrieved with http instead of https. This is a Magento website. Is there something wrong with my conf file?
server {
listen 80;
server_name www.my-domain.com;
return 301 $scheme://my-domain.com$request_uri;
}
server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/ssl/my-domain/my-domain_com.pem;
ssl_certificate_key /etc/ssl/my-domain/my-domain_com.key;
access_log /var/log/nginx/magento.local-access.log;
error_log /var/log/nginx/magento.local-error.log;
server_name my-domain.com;
root /var/www/my-domain;
include conf/magento_rewrites.conf;
include conf/magento_security.conf;
# PHP handler
location ~ \.php {
## Catch 404s that try_files miss
if (!-e $request_filename) { rewrite / /index.php last; }
## Store code is defined in administration > Configuration > Manage Stores
fastcgi_param MAGE_RUN_CODE default;
fastcgi_param MAGE_RUN_TYPE store;
# By default, only handle fcgi without caching
include conf/magento_fcgi.conf;
}
# 404s are handled by front controller
location #magefc {
rewrite / /index.php;
}
# Last path match hands to magento or sets global cache-control
location / {
## Maintenance page overrides front controller
index index.html index.php;
try_files $uri $uri/ #magefc;
expires 24h;
}
rewrite ^/minify/([0-9]+)(/.*.(js|css))$ /lib/minify/m.php?f=$2&d=$1 last;
rewrite ^/skin/m/([0-9]+)(/.*.(js|css))$ /lib/minify/m.php?f=$2&d=$1 last;
location /lib/minify/ {
allow all;
}
}

maybe cause this is how they are called, if you need to serve every thing as https, i would create an empty server that listens on 80 and redirect to https
server {
# listen 80; delete this part
listen 443 ssl;
# the rest of the config
}
# add this server
server {
listen 80;
server_name example.com;
location / # or a more specific location '~ \.(jpg|css|js|jpeg|png|gif)' {
return https://example.com$request_uri;
}
}
or just fix the css location, it might be an absolute URL with http

Related

All Laravel routes are not found (404 error) on https://proclubs.app/login

I have deployed my Laravel app to the following url proclubs.app - this is a domain from Google domains that requires an SSL certificate (the SSL has been setup using Certbot).
I have setup the Laravel Breeze package for authentication (e.g register/login functionality) and this all works fine when testing locally, now I have pushed this to a remote URL none of the routes don't work, and I just get a 404 Not Found message. I have ran the php artisan route:list and can see all the expected routes are there. I am 99% certain I have made a mistake with the nginx server block - I have used the default one that digitalocean provide in etc/nginx/sites-available and edited it accordingly, but not sure what is incorrect for me to get these 404 errors, can anyone suggest what I have done wrong?
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /var/www/proclubs/public;
index index.php index.html index.htm;
# Laravel related only
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
index index.php;
charset utf-8;
# Make site accessible from http://localhost/
server_name proclubs.app www.proclubs.app;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.(?!well-known).* {
deny all;
}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# root html;
# index index.html index.htm;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
# HTTPS server
#
#server {
# listen 443;
# server_name localhost;
#
# root html;
# index index.html index.htm;
#
# ssl on;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
#
# ssl_session_timeout 5m;
#
# ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
# ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
# ssl_prefer_server_ciphers on;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
server {
root /var/www/proclubs/public;
index index.php index.html index.htm;
# Make site accessible from http://localhost/
server_name proclubs.app www.proclubs.app; # managed by Certbot
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/proclubs.app/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/proclubs.app/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.proclubs.app) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = proclubs.app) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name proclubs.app www.proclubs.app;
return 404; # managed by Certbot
}
-- Expected behaviour --
When a user visits the webpage https://proclubs.app/login OR https://proclubs.app/login I expect to see the Laravel Breeze default login page.
-- Actual Behaviour --
When I visit https://proclubs.app/login I just see a 404 Not Found nginx error instead & no routes are working.
p.s i am confused why I have 3 server blocks too...
Server - nginx/1.18.0 (Ubunto 20.04) on DigitalOcean LEMP droplet
If you get 404, probably requested path wrong. I checked your nginx configurations and I see you have 2 servers, for http (first server) and https (second server) requests.
When you enter the url /login path it means that you want to go login folder. But in laravel it is special request.
So your mistake is in the second server (https) your request find a folder, not a special request. You must change your location option with the first server location option.
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
Change with
location / {
try_files $uri $uri/ /index.php?$query_string;
}

Nginx configuration for angular and magento

I want to do nginx setup for handing two project with same domain.
Example domain: example.com
Angular project should run with example.com
magento2 project should run with example.com/shop
I tried the code below, but its not working.
location /shop {
alias /var/www/www.example.com/shop/;
index index.html;
try_files $uri $uri/
autoindex on;
}
Can please someone help me to do this.
You should use official NGINX configuration sample as provided here.
Naturally, you will prefix all the Magento 2 locations with /shop/, for your specific case.
So you will end up with this kind of config:
server {
listen 80;
server_name example.com;
location / {
root /path/to/your/generated/angular/resources;
try_files $uri$args $uri$args/ /index.html;
}
# Magento 2 directives start here...
location ~* ^/shop/setup($|/) {
# ...
}
# The rest of Magento 2 directives...
}
You can start with the following config to serve your Applications:
server {
listen 80;
server_name example.com;
location / {
root /path/to/your/generated/angular/resources;
try_files $uri$args $uri$args/ /index.html;
}
location /shop {
root /path/to/shop/;
index index.html;
try_files $uri $uri/;
}
}
I'm not 100% sure if the shop route will work. Maybe you need to configure php to serve it. Therefore you can follow this official example.
If you want to serve also to www.example.com you can set server_name *.example.com (docs).

Nginx keeps bad redirect for firefox

i am trying to solve problem. I want to redirect all urls starting with www to non-www version of site. In chrome and opera, it works well.
But when i go to firefox and open http://www.example.com it starts downloading page (mime-type octet/stream), on https://www the connection is not reliable. In other browsers it set mime-type text/html.
server {
listen 80;
listen [::]:80;
server_name www.example.com;
return 301 https://example.com$request_uri;
}
server {
listen 80;
listen [::]:80;
root /var/www/domain/www;
index index.php;
server_name example.com;
return 301 https://$server_name$request_uri;
}
server {
root /var/www/domain/www;
# Add index.php to the list if you are using PHP
index index.php;
server_name example.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.php?$args ;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

Nginx Laravel Php double request per request

I'm having a problem with my Laravel 5.1 site that is deployed on a NGINX server with PHP 7 on Ubuntu. When I make request for a route the request are being duplicated ,I noticed it when I tried out a function that I had to prevent duplicate request , by generating a new token like CSRF token but for each request.
EDIT
I got the the bottom of the problem, it was the most unthinkable for me, an
img tag with asset thing caused the double request to happen on nginx ubuntu,
I found it out after more debugging with logger and google the problem for Laravel where someone suggested it could be favicon thing so I tried to remove html and found the issue.
This image didn't exist apperently.
""
When I try to Log::info("test") on a function in any controller I get the following:
[2017-08-03 19:46:39] local.INFO: test
[2017-08-03 19:46:39] local.INFO: test
I don't have this issue on my local WAMP apache server though.
Sites available config (Symlinked it to sites-enabled)
server {
listen 80;
listen [::]:80;
server_name mysite.com www.mysite.com;
return 301 https://$server_name$request_uri;
}
server {
# SSL configuration
listen 443 ssl; # managed by Certbot
listen [::]:443 ssl;
ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
error_page 401 403 404 /404.html;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/mysite/site/public;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name mysite.com www.mysite.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.php?$query_string;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php7.0-fpm:
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
location /pma {
auth_basic "Auth required";
auth_basic_user_file /etc/nginx/pma_pass;
root /var/www/html;
index index.php index.html index.htm;
location ~ ^/pma/(.+\.php)$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~* ^/pma/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /var/www/html;
}
}
}

Nginx: increase the number of allowed connections from the same browser

I need your help on tuning a bit Nginx and my server.
I've got a website which is hosted on my server, and an API, also hosted on this server.
The website sends Ajax requests to the API. The problem is, once I've opened a page, which sends Ajax requests to the API, I cannot browse the website anymore using this browser because, I've reached the number of allowed connection for this browser on the website's server.
How can I change Nginx or the server configuration in order to increase the number of connections allowed per browser?
Thanks for your help.
EDIT
Server conf
worker_processes 4;
worker_connections 1024;
multi_accept on;
keepalive_timeout 65;
Server block
server {
listen 80;
server_name mywebsite.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443;
ssl on;
ssl_certificate /path/to/pem;
ssl_certificate_key /path/to/key;
# Set the server name
server_name mywebsite.com;
# add Strict-Transport-Security to prevent man in the middle attacks
add_header Strict-Transport-Security "max-age=31536000";
root /path/to/root/folder;
index index.php;
# Logs
error_log /path/to/error.log;
access_log /path/to/access.log;
# strip app_test.php/ prefix if it is present
rewrite ^/index\.php/?(.*)$ /$1 permanent;
location / {
index index.php;
try_files $uri #rewriteapp;
}
location #rewriteapp {
rewrite ^(.*)$ /index.php/$1 last;
}
# pass the PHP scripts to FastCGI server from upstream phpfcgi
location ~ ^/(index)\.php(/|$) {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on;
fastcgi_read_timeout 43200;
internal;
}
# Define error pages
# Error pages are located in the app folder
error_page 403 403.html;
location = 403.html {
root /path/to/error-pages;
internal;
}
error_page 404 404.html;
location = 404.html {
root /path/to/error-pages;
internal;
}
error_page 500 502 503 504 50x.html;
location = 50x.html {
root /path/to/error-pages;
internal;
}
}

Resources