Nginx responds to
subdomain.example.com
as it would to
example.com
when I specified only to listen to example.com and www.example.com
Here is my config:
server {
listen 443 ssl;
server_name example.com;
server_name www.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://internal_server:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
where example.com is replaced with the actual domain and internal_server is replaced with the internal server
Related
Here is my nginx config setting.
server {
listen 80;
server_name _;
return 301 https://example.com;
}
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
proxy_pass http://localhost:3000;
proxy_set_header Accept-Encoding "";
proxy_set_header Host $http_host;
proxy_set_header X-M-Secure "true";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Front-End-Https on;
proxy_max_temp_file_size 0;
}
}
Can someone help? On firefox www.example.com works and opens https://www.example.com
But not on chrome
And example.com redirection to https://example.com works on both chrome and firefox.
I'v set up a server that run with nginx as reverse proxy for an express app. I want the server to run on https, but when I access it via http, it doesn't redirect to https. Here is my config:
server {
listen 80;
server_name *.site.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl default_server;
server_name *.site.com;
ssl_certificate /etc/letsencrypt/live/site.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site.com/privkey.pem;
access_log /var/log/nginx/access.log;
location / {
proxy_pass http://57.52.110.112:4000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
}
}
I can't find out why this isn't redirecting me to https. How can I make it work? thanks.
in amazon route53 for example.com and forum.example.com I have records A with ip address to my server.
Nginx config:
server {
server_name example.com;
return 301 https://example.com$request_uri;
}
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name example.com;
client_max_body_size 50M;
# RSA
ssl_certificate /etc/letsencrypt/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/example.com/private.key;
# ECDSA
ssl_certificate /etc/letsencrypt/example.com_ecc/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/example.com_ecc/private.key;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:4567;
proxy_redirect off;
# Socket.IO Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /ads.txt {
root /var/www/nodebb/public/;
}
location /loaderio-a92c8d2496979eca3c119f44e27ee2f6.txt {
root /var/www/nodebb/public/;
}
}
How can I redirect forum.example.com to example.com ? So that url in browser will be example.com.
I tried to add
server {
listen 443;
server_name forum.example.com;
return 301 https://example.com$request_uri;
}
but then nothing works ;) probably port blocked or smth.
Ok I see,
I saw error logs from nginx and realized that I am missing certs for this redirection
server{
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name app.webdomain.ltd;
ssl on;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_certificate /etc/letsencrypt/live/site.ltd/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site.ltd/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
location / {
proxy_pass http://127.0.0.1:3000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
}
How would I go about making the normal https://site.ltd access /var/www/html where app.site.ltd accesses 127.0.0.1:3000
It's a reverse proxy to the port, as a client runs off the port so I need https://app.site.ltd to show what would be on the port, where as https://site.ltd to show whats in /var/www/html
Try changing server_name app.webdomain.ltd; to server_name app.webdomain.ltd webdomain.ltd;
This shall start working as exactly your subdomain.
My current configuration for Nginx is
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/html;
index index.html index.html;
server_name url.tdl;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://localhost:2368;
}
}
server {
listen 443 ssl;
server_name url.tdl; # Replace with your domain
root /usr/share/nginx/html;
index index.html index.htm;
ssl on;
ssl_certificate /root/url.tdl.chained.crt;
ssl_certificate_key /url.tdl.me.key;
client_max_body_size 10G;
location / {
proxy_pass http://localhost:2368;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}
In the above configuration file, I have no redirects written, but still the website redirects to HTTPS.
According to nginx - Disable http to https redirect?, they have disabled listen 443 but I want to have the 443 as an option.
Is there any way to keep both options?