This is my config as of now, trying to set this site up with ssl certificate.
server {
listen [::]:443 ssl domain.io, *.domain.io;
ssl on;
ssl_certificate /etc/ssl/certs/domain.io.pem;
ssl_certificate_key /etc/ssl/certs/domain.io.key;
root /var/www/html/domain.io/;
# Add index.php to the list if you are using PHP
index index.html;
server_name domain.io;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
When I restart nginx it complains about this:
nginx: [emerg] invalid parameter "domain.io," in /etc/nginx/sites-enabled/domain.io:3
What am I missing? I am for the moment config-blind. :)
Sp be kind I toting out my dead simple error.
Trying to see what simple error I have made and failed.
I don't really see listen directive accepting a domain name.
https://docs.nginx.com/nginx/admin-guide/web-server/web-server/
I would try this:
server {
listen [::]:443 ssl;
ssl on;
ssl_certificate /etc/ssl/certs/domain.io.pem;
ssl_certificate_key /etc/ssl/certs/domain.io.key;
root /var/www/html/domain.io/;
# Add index.php to the list if you are using PHP
index index.html;
server_name domain.io *.domain.io;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
Related
I have an NGINX web server with two domains and it also runs phpMyAdmin.
phpMyAdmin is working fine and I access it through the below non-https url:
public-ip-address/phpMyAdmin
This is how the symbolic link was setup:
sudo ln -s /usr/share/phpmyadmin/ /var/www/html
Is there a way I can point phpMyAdmin to a website's subdirectory?
For example, I would like to access the phpMyAdmin login page by accessing the following URL:
domain1.com/phpMyAdmin/
How can I achieve this? domain1.com has https enabled. So it would also secure my phpMyAdmin login.
The server block is the same as the default block for NGINX. I have created a new config file by copying it to domain.com in the /etc/NGINX/sites-available folder.
The only changes are in the server and root path tags. Rest everything is default.
server domain1.com www.domain1.com;
root /var/www/domain1.com/html/
I am using certbot for Let's Encrypt SSL certificates. My server block config is shared below:
# Server Block Config for domain1.com
server {
root /var/www/domain1.com/html;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name domain1.com www.domain1.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php?q=$uri&$args;
}
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain1.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain1.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.domain1.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = domain1.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name domain1.com www.domain1.com;
return 404; # managed by Certbot
}
Contents of /etc/nginx/snippets/fastcgi-php.conf:
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# Check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;
# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
fastcgi_index index.php;
include fastcgi.conf;
Here is the location block that should work for you (at least the similar config works for me):
location ~* ^/phpmyadmin(?<pmauri>/.*)? {
alias /usr/share/phpmyadmin/;
index index.php;
try_files $pmauri $pmauri/ =404;
location ~ \.php$ {
include fastcgi.conf;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$pmauri;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
}
Place it before the default PHP handler location block, or the default PHP handler block will take precedence and this configuration won't work!
You can simply add another symlink to the domain1.com root, while keeping everything else same, like you did for the default domain.
sudo ln -s /usr/share/phpmyadmin/ /var/www/domain1.com/html
Am I missing something?
I came to this thread while looking for a solution to another problem (Nginx alias breaks due to try_files $uri alias bug) but since you are already using symlink to phpmyadmin for the site you access through IP, you can do the same for any domain.
I have setup an NGINX server with multiple server blocks. I have configured 2 simple websites to run on the same server. They point to two different root paths specified in the respective server block file.
I have updated the DNS details for both the domains:
Name Servers: updated details as per registrar
A records: updated same static IP address
However, when I test with domain2.com in the browser, it redirects to domain1.com. What am I doing wrong? I have already restarted the nginx server using:
sudo systemctl restart nginx
This is how my server block looks like:
# Default server configuration
#
server {
root /var/www/domain1.com/html;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name domain1.com www.domain1.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php?q=$uri&$args;
}
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain1.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain1.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.domain1.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = domain1.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name domain1.com www.domain1.com;
return 404; # managed by Certbot
}
This is my second server block file:
# Default server configuration
#
server {
listen 80;
listen [::]:80;
root /var/www/domain2.com/html;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name domain2.com www.domain2.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php?q=$uri&$args;
}
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
Your server block configuration files are perfect. Do not change anything. Let me explain what is happening. Your server block indicates that you installed certbot, probably for deploying Lets Encrypt SSL certificates for domain1.com whereas the server block for domain2.com does not have any entry managed by certbot yet. This probably means that you are using ssl certificates for domain1.com but not for domain2.com.
At the time of configuring SSL certificates for domain1.com, you probably selected the option of redirecting all traffic to SSL. Whats happening is that when the dns servers send a request for domain2.com to your web server, it expects an SSL certificate for that domain but finds none. It then redirects all traffic to the existing domain which has a valid SSL certificate installed.
However, the domain name on the certificate (domain1.com) shall not match the information passed on by the DNS server for domain2.com. Hence, it shall, in all likelihood, throw an error or warning message regarding invalid SSL certificates.
Solution: Install a new SSL certificate for domain2.com just like you did for domain1.com and everything should work fine.
Let me know if it works.
I have five domains i am trying to setup on nginx installation
This is what i found as default conf
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
#try_files $uri $uri/ =404;
# }
#}
I want to remove the comments and default conf and replace it with numbered conf files like
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name first.com www.first.com;
root /var/www/first;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
one.conf and two.conf
server {
listen 80;
listen [::]:80;
server_name second.com www.second.com;
root /var/www/second;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
Granted i delete the default conf, what is the effect of leaving out default_server in the one.conf conf?
Thanks.
Nginx always has a default server. It is either the one you choose with the default_server attribute, otherwise Nginx will use the first server block with the correct listen directive. See this document for details.
In your case, the first server block will be in the first .conf file, which is usually the one with the first filename when sorted alphanumerically.
I want to run both WordPress and YOURLS on one domain which is configured by a NGINX server block (not the default site). Since both need to handle URLs differently, they need different try_files directives. WordPress sits on the root of the domain (domain.tld), while YOURLS is being installed to the /g/ directory. Despite the two location rules, I get 404s on any links generated by YOURLS (e.g. domain.tld/g/linkname, all are redirects to external URLs), though I can access the admin backend.
As far as I read, declaring to location rules (one for /g/, and one for /) should suffice in order to let NGINX handle the direct and the /g/ URLS differently - is there something in wrong in my thinking?
The try_files rules are correct and do work well on other single-application server block (WordPress as well as YOURLS on installs on separate server blocks).
The server block definition config looks like this:
server {
listen [::]:80;
listen 80;
server_name domain.tld www.domain.tld;
return 301 https://domain.tld$request_uri;
}
server {
listen [::]:443 ssl;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.tld/privkey.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
root /var/www/html/domain.tld;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html index.php;
server_name domain.tld www.domain.tld;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors off;
}
location /g/ {
try_files $uri $uri/ /yourls-loader.php$is_args$args;
expires 14d;
add_header Cache-Control 'public';
}
location / {
try_files $uri $uri/ /index.php?$args;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
The problem with the location /g/ try_files directive is that the path to the YOURLS loader isn't correct. If the URL handler (yourls-loader.php) lies within the /g directory, the path to it has to be changed to include the /g directory:
try_files $uri $uri/ /g/yourls-loader.php$is_args$args;
The location rule does not imply that each path is handled from that location as well, but rather from the root path given above.
I am having a bit of an issue at the moment with the nginx. No matter what config I make, I will get 404 page.
I am following instructions for setting up nginx for laravel.
Folder where the project is located is /var/www/smuvajse, and main index.php is located into public folder (full path would be /var/www/smuvajse/public)
This is my config file:
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/smuvajse/public;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name ip_of_the_instac;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php7.0-fpm:
# fastcgi_pass unix:/run/php/php7.0-fpm.sock;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
change try_files $uri $uri/ =404; to try_files $uri $uri/ /index.php?q=$uri&$args; and reload nginx and it should solve the issue.