My simple nginx.conf:
http {
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
server_tokens on;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
access_log /_nginx_logs/access.log;
error_log /_nginx_logs/error.log;
gzip on;
server {
server_name www.example.pro;
listen 80;
listen 443 ssl;
return 301 https://example.pro$request_uri;
ssl_certificate "/etc/letsencrypt/live/www.example.pro/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/www.example.pro/privkey.pem";
}
server {
server_name example.pro
listen 80;
listen 443 ssl;
ssl_certificate "/etc/letsencrypt/live/example.pro/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/example.pro/privkey.pem";
location / {
proxy_pass http://localhost:3000;
}
location /api {
proxy_pass http://localhost:7500;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
server {
server_name _;
listen 80 default_server;
location / {
root /projects/site-stub;
}
}
}
When I open my site as https://example.pro everything is ok.
When I open my site as http://example.pro, nginx answers from server block with server_name _.
Why? IP and port are the same, server_name value has exact word for Host header, but server_name example.pro not works for http://.
But it works good for https://!
Related
I have this nginx config:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
}
http {
server {
listen 443 default_server ssl;
ssl_certificate /etc/nginx/certs/fullchain.pem;
ssl_certificate_key /etc/nginx/certs/privkey.pem;
location /private/ {
#root /usr/share/nginx/html;
#index index.html;
proxy_pass http://localhost:5001/;
}
location / {
proxy_pass http://localhost:5000/;
}
}
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets on;
ssl_session_timeout 28h;
ssl_early_data on;
ssl_buffer_size 16k;
http2_chunk_size 8k;
Also I have same python servers on my localhost :
tcp 0 0 127.0.0.1:5000 0.0.0.0:* LISTEN 549524/python3
tcp 0 0 127.0.0.1:5001 0.0.0.0:* LISTEN 549204/python3
The problem is that
proxy_pass in location / always works, and if I turn off python server on 5000 port, nginx will raise me 504 bad gateway. proxy_pass in the location /private/ doesn't work, and nginx server always raise me 404 not found.
If i turn off my server on 5001 nothing will change. But if i change this area this way:
location /private/ {
root /usr/share/nginx/html;
index index.html;
#proxy_pass http://localhost:5001/;
}
Everything will work and nginx return me index.html.
Why doesn't work proxy_pass in this location area?
I have a domain example.com which is registered and working.
I am now trying redirect all requests to example.com and www.example.com to a specific port.
the default config in sites-enabled looks like this:
server{
listen 80;
listen [::]:80;
server_name example.com www.example.com;
location / {
return 301 https://example.com:8081/;
}
}
the above config does not work (when accessing example.com in the browser, i get infinite loading)
While when using this config, example.com/test works.
server{
listen 80;
listen [::]:80;
server_name example.com www.example.com;
location /test {
return 301 https://example.com:8081/;
}
}
nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
include /etc/nginx/sites-enabled/*;
}
I'm doing a proxy server with NGINX to redirect all traffic from port 80 to port 443 and then all traffic from port 443 to an app in one of my servers. I managed to make it work but only redirecting to my main IP 192.168.1.201:8006. When I try to point to my app (192.168.1.201:8006/customerSite/)the page gives me the error TOO MANY REDIRECTS.
Here is my .conf:
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
This is my ssl.conf:
server {
listen 443;
listen [::]:443;
server_name mydomain.com;
ssl on;
ssl_certificate /.../certificate.crt;
ssl_certificate_key /.../clientsmydomain.key;
large_client_header_buffers 4 10k;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /.../certificate.crt;
location / {
proxy_set_header Host $host;
proxy_pass http://192.168.1.201:8060;
}
location /weights {
root /var/www/virtual/server;
try_files $URI $uri/ = 404;
}
}
Thank you all for your time.
I am using centos6 linux vps and i have installed nginx on my server. I have installed letsencrypt SSL certificate . But the thing is that when i go to my website www.mywebsite.com ,it shows SECURE but when i go to www.mywebsite.com/otherpages ,it shows Insecure and letsencrypt certificate invalid.
The configuration of "/etc/nginx/conf.d/default.conf"
server {
listen 80 default_server;
# listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
the configuration of /etc/nginx/sites-available/quiznou.com.conf
server {
listen 80 ;
server_name quiznou.com www.quiznou.com;
return 301 https://$server_name$request_uri;
}
server{
listen 443 ssl http2;
server_name quiznou.com www.quiznou.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/quiznou.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/quiznou.com/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
location / {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location ~ /.well-known {
allow all;
}
location /.well-known/acme-challenge/ {
root /var/www/quiznou.com;
}
}
this my own configuration files of NGINX as a revers_proxy: but I'm using configuration to proxy some docker. I modified directly the /etc/nginx/default.conf ,to proxy an apache web page I've created a VHost in nginx.
If it could help you.
server {
listen 80;
listen 443 ssl;
server_name some.name.com;
server_tokens off;
## Certificates
ssl_certificate /etc/letsencrypt/live/some.name.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/some.name.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/some.name.com/chain.pem;
if ($scheme = http){
return 301 https://$server_name$request_uri;
}
location / {
proxy_pass http://IP_du_serveur:port;
}
## Protocol
ssl_protocols TLSv1.2;
## Diffie-Hellman
ssl_ecdh_curve secp384r1;
## Ciphers
ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;
ssl_prefer_server_ciphers on;
# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
## TLS parameters
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_session_tickets off;
## HSTS
add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
}
I am trying to server secure site using nginx ssl connection.I am not able to load third party http css and js file. It is giving error.
This request has been blocked; the content must be served over HTTPS.
here is the my nginx conf
server {
listen 443 ssl;
server_name api-test.vendorver.com;
ssl_certificate /etc/nginx/ssl/vv_key/cert_chain.crt;
ssl_certificate_key /etc/nginx/ssl/vv_key/vendorver.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
location / {
proxy_pass http://0.0.0.0:8000;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Ssl on;
proxy_redirect off;
}
#if ($host !~* ^(vendorver.com|www.vendorver.com)$ ) {
# return 444;
#}
location /static/ {
autoindex on;
alias /home/ec2-user/vendorver.backend/static/;
}
}
That file is not available on https request. How can i include that file in page?
You have to configure your static directory and your media (images) directory
To run all this over ssl the config should be something like:
server {
listen 80;
charset utf-8;
client_max_body_size 100M;
ssl on;
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/yoursite_com/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/yoursite_com/cert.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
access_log /var/www/vhosts/yoursite.com/logs/access_log;
error_log /var/www/vhosts/yoursite.com/logs/error_log;
server_name yousite.com www.yoursite.com;
root /var/www/vhosts/yoursite.com/yourapp/;
add_header Strict-Transport-Security max-age=31536000;
location / {
.... your settings here
}
location /media {
alias /var/www/vhosts/yoursite.com/yourapp/media;
}
location /static {
alias /var/www/vhosts/yoursite.com/yourapp/static;
}
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
}
Rather than listening to both ports 80 and 443 in the same config. I suggest setting up server redirects, e.g.
server {
listen 80;
server_name endyourif.com www.endyourif.com;
return 301 https://www.endyourif.com$request_uri;
}
Setting up SSL with nginx including redirects from non HTTPS traffic