I have two domain names www.example.com and example.com, both need to be redirected to https://www.example.com in nginx, the no-www configuration takes effect, but the www domain configuration does not take effect.
Here is my nginx configuration
server
{
listen 80;
server_name example.com www.example.com;
return 301 https://www.example.com;
}
server
{
listen 443 ssl;
server_name example.com;
ssl_certificate pem;
ssl_certificate_key key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
return 301 https://www.example.com;
}
}
server
{
listen 443 ssl;
server_name www.example.com;
ssl_certificate pem;
ssl_certificate_key key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Nginx-Proxy true;
proxy_cache_bypass $http_upgrade;
}
rewrite_log on;
access_log /www/wwwlogs/www.example.com.log;
error_log /www/wwwlogs/www.example.com.error.log;
}
Where is the problem?
Related
If I have an NGINX with reverse proxy setting such as:
upstream {{ server_name }} {
server 127.0.0.1:1111;
}
server {
listen 443 ssl default deferred;
server_name {{ domain_name }};
ssl_certificate /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ domain_name }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "....";
ssl_dhparam /etc/nginx/dhparams.pem;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/reverse-access.log;
error_log /var/log/nginx/reverse-error.log;
root /var/www/html/;
location / {
proxy_pass http://{{ server_name }};
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
}
How can I make that port number appear in the browser when requesting that resource as well? Currently it only appear the domain name which I normally prefer, but now I need to have the possibility to have the port in the URL. Any idea how to achieve this?
I have some question while integration web server.
My server is developed as
nginx + nodejs + azure load balancer.
Now I'm using 2 domains. But I have to redirect to one domain.
And also i have to redirect all http to https.
server {
listen 80;
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
server_name {MY_DOMAIN_1};
ssl_certificate_key /etc/nginx/ssl/_wildcard_.{MY_DOMAIN_1}_20211208D2F14.key.pem;
ssl_certificate /etc/nginx/ssl/_wildcard_.{MY_DOMAIN_1}_20211208D2F14.ca-bundle.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Proxy-From {MY_DOMAIN_1};
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
}
}
server {
listen 80;
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
server_name {MY_DOMAIN_2} www.{MY_DOMAIN_1} www.{MY_DOMAIN_2};
ssl_certificate_key /etc/nginx/ssl/_wildcard_.{MY_DOMAIN_1}_20211208D2F14.key.pem;
ssl_certificate /etc/nginx/ssl/_wildcard_.{MY_DOMAIN_1}_20211208D2F14.ca-bundle.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
return 301 $scheme://{MY_DOMAIN_1}$request_uri;
}
Here is my code. I thought there is no problem..
But it doesn't work.(Only http -> https doesn't work, forward to one domain is working)
Please help me. Thank you
Start with the basic redirection below and incrementally add new lines to it. Enabling HTTP/2 is highly-recommended.
# http to https
server {
listen 80;
listen [::]:80;
server_name example.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
ssl_certificate_key ...;
ssl_certificate ...;
}
Test with the command line to ensure the browser is not caching responses.
$ curl -I http://example.com/
I am using centos6 linux vps and i have installed nginx on my server. I have installed letsencrypt SSL certificate . But the thing is that when i go to my website www.mywebsite.com ,it shows SECURE but when i go to www.mywebsite.com/otherpages ,it shows Insecure and letsencrypt certificate invalid.
The configuration of "/etc/nginx/conf.d/default.conf"
server {
listen 80 default_server;
# listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
the configuration of /etc/nginx/sites-available/quiznou.com.conf
server {
listen 80 ;
server_name quiznou.com www.quiznou.com;
return 301 https://$server_name$request_uri;
}
server{
listen 443 ssl http2;
server_name quiznou.com www.quiznou.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/quiznou.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/quiznou.com/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
location / {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location ~ /.well-known {
allow all;
}
location /.well-known/acme-challenge/ {
root /var/www/quiznou.com;
}
}
this my own configuration files of NGINX as a revers_proxy: but I'm using configuration to proxy some docker. I modified directly the /etc/nginx/default.conf ,to proxy an apache web page I've created a VHost in nginx.
If it could help you.
server {
listen 80;
listen 443 ssl;
server_name some.name.com;
server_tokens off;
## Certificates
ssl_certificate /etc/letsencrypt/live/some.name.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/some.name.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/some.name.com/chain.pem;
if ($scheme = http){
return 301 https://$server_name$request_uri;
}
location / {
proxy_pass http://IP_du_serveur:port;
}
## Protocol
ssl_protocols TLSv1.2;
## Diffie-Hellman
ssl_ecdh_curve secp384r1;
## Ciphers
ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;
ssl_prefer_server_ciphers on;
# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
## TLS parameters
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_session_tickets off;
## HSTS
add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
}
I am migrating some infrastructure and I am having the following issue.
I got a CNAME record from api.oldserver.com to api.newserver.com. I am using a multi-domain ssl with Nginx. And it all works great!
*nginx config below
The issue is that whenever someone navigates to api.oldserver.com it shows at the url bar that the user is actually seeing api.newserver.com. I wish the user could still see the api.olderserver.com.
server {
listen 80;
server_name _;
return 301 http://$http_host$request_uri;
}
server {
listen 443 ssl;
server_name api.newerserver.com;
ssl_certificate "/etc/nginx/domain.crt";
ssl_certificate_key "/etc/nginx/domain.key";
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:9000;
}
}
This is happening because of the redirect. Consider creating another server statement with the api.oldserver.com that would have the appropriate cert and would have the same proxy setup so it would be handled the same way.
server {
listen 80;
server_name _;
return 301 http://$http_host$request_uri;
}
server {
listen 443 ssl;
server_name api.newerserver.com;
ssl_certificate "/etc/nginx/domain.crt";
ssl_certificate_key "/etc/nginx/domain.key";
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:9000;
}
}
server {
listen 443 ssl;
server_name api.oldserver.com;
ssl_certificate "/etc/nginx/olddomain.crt";
ssl_certificate_key "/etc/nginx/olddomain.key";
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:9000;
}
}
Or something like that...
I am trying to server secure site using nginx ssl connection.I am not able to load third party http css and js file. It is giving error.
This request has been blocked; the content must be served over HTTPS.
here is the my nginx conf
server {
listen 443 ssl;
server_name api-test.vendorver.com;
ssl_certificate /etc/nginx/ssl/vv_key/cert_chain.crt;
ssl_certificate_key /etc/nginx/ssl/vv_key/vendorver.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
location / {
proxy_pass http://0.0.0.0:8000;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Ssl on;
proxy_redirect off;
}
#if ($host !~* ^(vendorver.com|www.vendorver.com)$ ) {
# return 444;
#}
location /static/ {
autoindex on;
alias /home/ec2-user/vendorver.backend/static/;
}
}
That file is not available on https request. How can i include that file in page?
You have to configure your static directory and your media (images) directory
To run all this over ssl the config should be something like:
server {
listen 80;
charset utf-8;
client_max_body_size 100M;
ssl on;
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/yoursite_com/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/yoursite_com/cert.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
access_log /var/www/vhosts/yoursite.com/logs/access_log;
error_log /var/www/vhosts/yoursite.com/logs/error_log;
server_name yousite.com www.yoursite.com;
root /var/www/vhosts/yoursite.com/yourapp/;
add_header Strict-Transport-Security max-age=31536000;
location / {
.... your settings here
}
location /media {
alias /var/www/vhosts/yoursite.com/yourapp/media;
}
location /static {
alias /var/www/vhosts/yoursite.com/yourapp/static;
}
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
}
Rather than listening to both ports 80 and 443 in the same config. I suggest setting up server redirects, e.g.
server {
listen 80;
server_name endyourif.com www.endyourif.com;
return 301 https://www.endyourif.com$request_uri;
}
Setting up SSL with nginx including redirects from non HTTPS traffic