This is my Nginx config
server {
server_name subdomain.mydomain.com;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl on;
ssl_certificate /etc/letsencrypt/live/subdomain.mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/subdomain.mydomain.com/privkey.pem; # managed by Certbot
index index.html index.htm;
location / {
proxy_pass http://localhost:3000/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
}
}
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
When I type subdomain.mydomain.com everything works as expected and i can see grafana (which is hosted on that server)
What I want is to type in subdomain.mydomain.com/mysite and access the website, that is hosted in /var/www/html
What do I need to alter in my config to archive that?
Thanks
Related
My default nginx conf file is working well for http to https redirection but I want to redirect non-www to www or www to non-www (any one of that). But this isn't working for me.
default.conf
server {
if ($host = 'www.example.com') {
return 301 https://example.com$request_uri;
} # managed by Certbot
if ($host = 'example.com') {
return 301 https://example.com$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
# server_name example.com www.example.com;
return 404; # managed by Certbot
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
location /apipoint/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://nodeserver:8082/;
}
}
server {
listen 443 ssl ;
listen [::]:443 ssl ;
ssl_certificate /etc/nginx/conf.d/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/nginx/conf.d/privkey.pem; # managed by Certbot
server_name www.example.com; # managed by Certbot
# server_name example.com www.example.com; # managed by Certbot
location /apipoint/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://nodeserver:8082/;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
}
location / {
root /var/www/html;
try_files $uri /index.html;
}
}
T have hardcoded to force any www or non-www site to redirect to https://example.com but this is not working. Though when I give http://example.com redirects to https://example.com.
What am I doing wrong? is it with my nginx config or somewhere else?
I am trying to reverse proxy a wordpress containerized app. I've turned off the proxy of cloudflare and make them act as DNS only. here is my nginx conf file:
server {
root /var/www/html;
listen 443 ssl;
listen [::]:443 ssl;
server_name [redacted].us www.[redacted].us;
location / {
proxy_pass http://127.0.0.1:81/;
proxy_redirect off;
#proxy_set_header Host localhost:81;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
}
ssl_certificate /etc/letsencrypt/live/[redacted].us/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/[redacted].us/privkey.pem;
# managed by Certbot
}
server {
if ($host = www.[redacted].us) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = [redacted].us) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
#listen [::]:80;
server_name [redacted].us www.[redacted].us;
return 404; # managed by Certbot
}
If proxy set header is change to the one that is commented the infinite redirect is resolve but every link inside is broken. I use certbot to auto renew the ssl certificate and I believe i leaving the default configuration file as default. Any work around because I can't even open the Admin panel yet to see how wordpress handle the request
I become desparate... I want to write a configuration for nginx where shell.foo.org use a reverse proxy and *.shell.foo.org use a wildcard subdomain, so e.g. name1.shell.foo.org read /var/www/name1.shell.foo.org and name2.shell.foo.org read /var/www/name2.shell.foo.org. I tried a lot of versions but either the reverse proxy work or the wildcard subdomains.
My nginx-configuration is:
server {
listen 80;
listen [::]:80;
server_name ~^(www\.)(?<subdomain>.+).shell.foo.org$
~^(?<subdomain>.+).shell.foo.org$ ;
return 301 https://$host$request_uri;
}
server {
# SSL configuration
#
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
server_name ~^(www\.)(?<subdomain>.+).shell.foo.org$
~^(?<subdomain>.+).shell.foo.org$ ;
ssl_certificate /etc/letsencrypt/live/shell.foo.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/shell.foo.org/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
root /var/www/$subdomain;
index index.html index.htm;
location / {
# if I comment this out the wildcard subdomains work;
# in this version, the reverse proxy work
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_read_timeout 300;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-PORT $remote_port;
}
root /var/www/$subdomain;
index index.html index.htm;
}
Anyone an idea where my mistake is?
Thanks,
bengoshi
How do i get nginx to serve assets adjacent to index.html when using proxy_pass?
Context: I have a github repository that serves up content using github pages. When serving from a repository, GHP requires a url path that matches the repository name
rightisleft.github.io/repo_name/
Currently index.html and all subdirectories are working as expected. Loading assets from (css/*, images/*) return 200s.
However, assets like robots.txt and other files in the repository root return 404s.
Here's my domain .conf
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.redacted.com;
# SSL
ssl_certificate /etc/letsencrypt/live/redacted.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/redacted.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/redacted.com/fullchain.pem;
location / {
proxy_set_header Host rightisleft.github.io;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass https://rightisleft.github.io/redacted/;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
# HTTP redirect
server {
listen 80;
listen [::]:80;
server_name www.redacted.com,redacted.com;
include nginxconfig.io/letsencrypt.conf;
location / {
return 301 https://www.redacted.com$request_uri;
}
}
# subdomains redirect
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name redacted.com;
# SSL
ssl_certificate /etc/letsencrypt/live/redacted.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/redacted.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/redacted.com/fullchain.pem;
return 301 https://www.redacted.com$request_uri;
}
EDIT
Nginx is used for certificate management to tie together a few different micro services.
Try this as it might work (if your css/assets are in github repo pages) and you do not need to setup many redirect unless you have a lot of domains/subdomains and I have also set redacted.com to server_name:
server {
listen 80 http2;
listen [::]:80 http2;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name redacted.com www.redacted.com;
# SSL
ssl_certificate /etc/letsencrypt/live/redacted.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/redacted.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/redacted.com/fullchain.pem;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://rightisleft.github.io/redacted$request_uri;
proxy_buffering off;
proxy_redirect default; #or off
proxy_intercept_errors on;
# allow GitHub to pass caching headers instead of using your own
expires off;
}
}
My current configuration for Nginx is
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/html;
index index.html index.html;
server_name url.tdl;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://localhost:2368;
}
}
server {
listen 443 ssl;
server_name url.tdl; # Replace with your domain
root /usr/share/nginx/html;
index index.html index.htm;
ssl on;
ssl_certificate /root/url.tdl.chained.crt;
ssl_certificate_key /url.tdl.me.key;
client_max_body_size 10G;
location / {
proxy_pass http://localhost:2368;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}
In the above configuration file, I have no redirects written, but still the website redirects to HTTPS.
According to nginx - Disable http to https redirect?, they have disabled listen 443 but I want to have the 443 as an option.
Is there any way to keep both options?