I thought this would be simple, but for some reason I can't get my subdomain to serve. I am just trying to get the basic "Welcome to Nginx" page to show at this point.
I have A records in digital ocean:
A api.example.com -> my_ip 3600
A www.api.example.com -> my_ip 3600
A example.com -> my_ip 3600
A www.example.com -> my_ip 3600
This is my config file for api.example.com. It sits in /etc/nginx/sites-available/api.example.com and is linked to /sites-enabled:
server {
root /var/www/api.example.com/html;
index index.html index.htm index.nginx-debian.html;
server_name api.example.com www.api.example.com;
location / {
try_files $uri $uri/ =404;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/api.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/api.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.api.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = api.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name api.example.com www.api.example.com;
return 404; # managed by Certbot
}
I know the DNS record exists using Dig and because certbot ran successfully, but when I navigate to the page it is unable to resolve. Ping and curl also cannot resolve. This is the exact same configuration I have for the main domain (example.com), which does display the Nginx splash page.
What I have tried: I noticed that default has configs for example.com but not for api.example.com (why is that?), so I tried creating them and restarting nginx, but that didn't change anything. Is it necessary to have the configs in default?
Related
I use TrueNas and the Nextcloud plugin.
Inside the nextcloud jail, I installed certbot and generated a cert for myself.
When loading the nextcloud page in browser now I get an error "err_too_many_redirects", it seems to me that this is a configuration error, but I don't know how to fix it. thank.
upstream php-handler {
server unix:/var/run/nextcloud-php-fpm.sock;
}
# Redirect to HTTPS
server {
server_name my_server_domain;
location ^~ /.well-known/acme-challenge {
# Path to the root of your installation
root /usr/local/www/nextcloud/;
try_files $uri $uri/ =404;
}
location / {
return 301 https://$host:443$request_uri;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /usr/local/etc/letsencrypt/live/my_server_domain/fullchain.pem;
ssl_certificate_key /usr/local/etc/letsencrypt/live/my_server_domain/privkey.pe
include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # managed by Cert
ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # managed by Certbo
}
server {
listen 443 ssl http2;
server_name my_server_domain;
# HSTS settings
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# in all major browsers and getting removed from this list
# could take several months.
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains;"
include conf.d/nextcloud.inc;
}
server {
if ($host = my_server_domain) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80;
server_name my_server_domain;
return 404; # managed by Certbot
}
I'm trying to configure NGINX on CentOS 8 (with SSL). I believe I have configured it properly, but I can't get rid of the NGINX welcome page. I've tried a lot of things, even deleted the entire /usr/share/nginx/html directory, but I still get NGINX welcome on example.com, whereas example.com/index.html gives me the index page of my website. In fact I have noticed that the http to https and non-www to www redirections I have implemented below don't work on example.com, but do work on example.com/index.html. The root of my website is /var/www/example.com/html. The configure file which is given below is called example.com.conf and located at /etc/nginx/conf.d/.
server {
root /var/www/example.com/html;
index index.html index.htm;
server_name example.com www.example.com;
location / {
try_files $uri $uri/ =404;
}
access_log /var/log/nginx/example.com.access.log;
error_log /var/log/nginx/example.com.error.log;
listen [::]:443 ssl ipv6only=on default_server; # managed by Certbot
listen 443 ssl default_server; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
# Redirect non-SSL to SSL
server {
listen 80;
listen [::]:80;
server_name .example.com;
return 301 https://$host$request_uri;
}
# Redirect non-www to www
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name example.com;
return 301 https://www.example.com$request_uri;
}
So it appears that you need to edit the global configuration file using sudo nano /etc/nginx/nginx.conf and comment out "default_server" in the listen statements. Alternatively deleting the whole server block in the global conf file also works, as long as you keep the include statement which reads the example.com.conf file.
include /etc/nginx/conf.d/*.conf;
server {
listen 80; # default_server;
listen [::]:80; # default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
I was trying to set up a wordpress web server using nginx on my own laptop. The certificate was installed successfully and I can visit my site through https. However, I found out that the redirecting from http to https is not working. My site always showed 400 Bad Request when I tried to visit through http. Lots of answers on Google say that this can be fixed by commenting out "ssl on" but actually I don't have this line in my code.
server {
root /var/www/html;
index index.php index.html index.htm;
server_name mydomain.com;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
location ~ /\.ht {
deny all;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = mydomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
server_name mydomain.com;
return 404; # managed by Certbot
}
I found out the problem was coming from my NAT setting. The external 80 and 443 connections were forwarded to my internal server's port 443 under 1 NAT rule. After separating 80 and 443 to different rules and everything works!
Hello I have hard times to configure nginx properly. I would like redirect from https://example.com to https://www.example.com I found a lot of tutorials how to do it but not a single one worked with mine configuration files.
I used letsencrpyt to configure the SSL for me.
Here is the nginx conf file:
server {
server_name IP_ADDRESS example.com www.example.com;
location /static/ {
root /home/user/pyapps/ks_g;
}
location /media/ {
root /home/user/pyapps/ks_g;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name IP_ADDRESS example.com www.example.com;
return 404; # managed by Certbot
}
Add redirect on condition to the server block with SSL or both:
if ($host != www.example.com) {
return 301 https://www.example.com$request_uri;
} # managed by Stack Overflow (sorry cannot hold myself)
This works as the following: if the Host HTTP header not equals www.example.com make permanent redirect to https://www.example.com$request_uri.
I have the following nginx server block for my domain name example.com. I want to redirect non www to www for the SEO.
Update
According to this answer I used the following server block. But when I test it, I got the following
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:80, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
So, I have the doubt is it correct or not and Whether it actually redirects the non www to www, please.
/etc/nginx/sites-available/example.com
server {
server_name www.example.com;
rewrite ^(.*) https://www.example.com$1 permanent;
}
server {
root /var/www/abc-company-website/public;
index index.php index.html index.htm index.nginx-debian.html;
server_name example.com;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
#Cache-Control
location ~* \.(?:ico|ttf|png|svg|jpg|jpeg|js)$
{
expires 7d;
add_header Pragma public;
add_header Cache-Control "public";
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name example.com www.example.com;
return 404; # managed by Certbot
}
How can I change the above server block to redirect, please?
It's in the best practices of nginx not to use if (even more of a reason if you are using it for $host), it's better to use server brackets with different server_name.
server {
listen 80;
server_name example.org www.example.org;
return 301 https://www.example.org$request_uri;
}
This will send HTTP www and HTTP non-www to HTTPS www
If you have a cert for non-www set a server bracket and redirect to www:
server{
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
return 301 https://www.example.com$request_uri;
}
And finally you can do whatever you want in the https www.example.com bracket:
server {
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
server_name www.example.com;
# Do whatever you want to do here to get to your application
}
It's better to read the documentation and best practices of nginx, and try to make clean configurations so the next one that comes can understand it on first sight :D
If you've got any question just ask it. (looks like you didn't understand the duplicates given in the comments, so I decided to explain it 1 by 1 for your case)