I have current got this error:
ActionController::InvalidAuthenticityToken in PostController#create
I research many answers and tried many solutions but it's still error.
Problem my page on local works ok, but on server it work error.
I checked nginx.config
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name sub1.mydomain.com;
root /usr/share/nginx/html;
ssl_certificate /etc/letsencrypt/live/sub1.mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sub1.mydomain.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
proxy_pass http://localhost:3200/;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name sub2.mydomain.com;
root /usr/share/nginx/html;
location / {
proxy_pass http://localhost:4000/;
}
}
Related
I have followed some tutorials that teaches to implement ssl but most of them are not working for some reason, http works fine tho, don't know what I'm missing
This is my default config, It looks like I have something wrong on my default config because I can create an httpServer in my backend.
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/metroville/{{domain}}/build;
index index.html index.htm index.nginx-debian.html;
server_name {{domain}};
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/{{domain}}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{domain}}/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
try_files $uri /index.html;
}
location /api/ {
proxy_pass http://localhost:5000;
}
}
I have been trying to serve some static files using NGINX server but despite the configurations I haven't been able to get it running. I have tried using alias, root and even regex match - what could be missing?
/home/user/coka/staticfiles/ contains all the files i want to serve but whenever i visit http://127.0.0.1/staticfiles/file.css or http://example.com/staticfiles/file.css it is not showing up.
My configuration is shown below:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
location /staticfiles/ {
root /home/user/coka/staticfiles/;
access_log /home/user/coka/logs/nginx-static-access.log;
error_log /home/user/coka/logs/nginx-static-error.log;
}
}
server {
listen 80;
listen [::]:80;
server_name example.com;
return 301 https://example.com$request_uri;
}
I have been getting error 404.
Can you try the following?
ssl_session_cache shared:SSL:4m; # measured in megabytes, not minutes
ssl_buffer_size 4k; # reduced from the default 16k to minimize TTFB
ssl_session_timeout 60m;
ssl_session_tickets off;
ssl_dhparam /etc/ssl/nginx/dhparam.pem; # create with "openssl dhparam -out dhparam.pem 4096"
ssl_ecdh_curve X25519:sect571r1:secp521r1:secp384r1;
ssl_prefer_server_ciphers off;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_certificate /etc/ssl/chain.pem;
ssl_certificate_key /etc/ssl/key.pem;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
root /home/user/coka;
access_log /home/user/coka/logs/nginx-static-access.log;
error_log /home/user/coka/logs/nginx-static-error.log;
}
server {
listen 80;
listen [::]:80;
server_name example.com;
return 301 https://example.com$request_uri;
}
I have my below nginx config, I'm trying to redirect everything to https://www regardless of what comes in for example http://example.com, http://www.example.com or https://example.com.
I've looked at numerous topics on SO and tried a couple of things but still stumped, I can't ever get https://example.com to redirect to the https://www pattern!?
server {
listen 80;
listen 443 ssl;
server_name example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
ssl_session_timeout 30m;
ssl_session_cache shared:SSL:10m;
ssl_buffer_size 8k;
add_header Strict-Transport-Security max-age=31536000;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
Make one server block a default server and give the other server block the one true server_name.
server {
listen 80 default_server;
listen 443 ssl default_server;
ssl_certificate ...;
ssl_certificate_key ...;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl;
server_name www.example.com;
ssl_certificate ...;
ssl_certificate_key ...;
...
}
The default server for https requires a valid certificate. Assuming you have a wildcard certificate - most of the ssl_ statements could be moved into the outer block and be inherited by both server blocks. For example:
ssl_certificate ...;
ssl_certificate_key ...;
ssl_...;
server {
listen 80 default_server;
listen 443 ssl default_server;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl;
server_name www.example.com;
...
}
See this document for more.
I am configuring Nginx to serve two different locations. Idea is to serve the localhost:3000 as default and if the page not found in that location then try to use the other location as a fallback. But is not working. Any help will be appreciated. Thanks
server {
listen 80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name server.in;
ssl_certificate /junk/server.crt;
ssl_certificate_key /junk/server.key;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
index index.html;
recursive_error_pages on;
proxy_intercept_errors on;
location / {
proxy_pass http://localhost:3000;
error_page 404 = #fallback;
}
location #fallback {
proxy_pass http://localhost:9000;
}
}
So I am trying to achieve 4 things:
support both ip-v4 and ip-v6
support letsencrypt ssl certificates (the acme-challenge location in http)
redirect www to non www
redirect http to https
I have come up with a config, but it seems not to work. I get a "page does not exist" when trying to access http://www.MY_DOMAIN.COM.
Due to the hsts setting, this does work after having visited the https non-www version once.
Note that I have ssl certificates for both the with and without www domain.
How can I achieve this / what am I doing wrong in my config:
# HTTP server
#
server {
listen [::]:80;
server_name MY_DOMAIN.COM www.MY_DOMAIN.COM;
location /.well-known/acme-challenge {
root /var/www/letsencrypt;
try_files $uri $uri/ =404;
}
location / {
return 301 https://MY_DOMAIN.COM$request_uri;
}
}
# HTTPS server
#
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name www.MY_DOMAIN.COM;
ssl on;
ssl_certificate /etc/letsencrypt/live/www.MY_DOMAIN.COM/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.MY_DOMAIN.COM/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/www.MY_DOMAIN.COM/fullchain.pem;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security "max-age=86400; includeSubDomains";
return 301 https://MY_DOMAIN.COM$request_uri;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server ipv6only=on;
server_name MY_DOMAIN.COM;
ssl on;
ssl_certificate /etc/letsencrypt/live/MY_DOMAIN.COM/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/MY_DOMAIN.COM/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/MY_DOMAIN.COM/fullchain.pem;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security "max-age=86400; includeSubDomains";
root /var/www/MY_DOMAIN.COM;
index index.html;
}
Also, I do not find the copy-paste nature of the two server blocks very nice.
As #RichardSmith notes; I was not listening to the ipv4 version of the http://www variant. Hence, the redict was not triggered at all.
After fixing this, the setup is working.