I have a web2py application running using wsgi and nginx is on front, but http traffic is not getting redirected to https , i have been trying to resolve it since days, must needed help. i have also used lets encrypt for SSL
here is my nginx config :
server {
listen 80;
server_name some-domain.com;
###to enable correct use of response.static_version
location ~* ^/(\w+)/static(?:/_[\d]+\.[\d]+\.[\d]+)?/(.*)$ {
alias /home/www-data/web2py/applications/$1/static/$2;
expires max;
}
location / {
uwsgi_pass 127.0.0.1:9001;
include uwsgi_params;
uwsgi_param UWSGI_SCHEME $scheme;
uwsgi_param SERVER_SOFTWARE nginx/$nginx_version;
uwsgi_read_timeout 120s;
uwsgi_send_timeout 120s;
}
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/ some-domain.com;.my/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ some-domain.com.my/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/ some-domain.my/chain.pem; # added by skipperz
}
server {
if ($host = some-domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
Related
My application runs on 2 ports client (3000) and server (8080). I was able to set up ssl for the client but cannot for the server. As a result, I am having problems, I cannot make requests from the https client to the http server.
Server accepts api requests along the route / api / *, and gives images along the route to this / products / {id} / *.
that is, I execute all requests to the server like this host:8080/api/* or host:8080/products/{id}/{name}.jpg
Config nginx:
server {
server_name xxx www.xxx;
root /var/www/xxx;
index index.html index.htm index.php;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/xxx/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/xxxu/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = xxx) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name xxx www.xxx
return 404; # managed by Certbot
}
I tried searching the internet for information and supplementing the config, but it didn't work.
server {
server_name xxx www.xxx;
root /var/www/xxx;
index index.html index.htm index.php;
listen 8080 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/xxx/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/xxxu/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
Sorry, I am not an expert in this area and I am asking for your help.
I solved the problem by adding proxying from localhost: 8080 / api to domain / api and domain / products from localhost: 8080 / products
I have a subdomain https://test.shop.com, I'm running a Nginx server and it's working fine. But I have to accept the request with https://test.shop.com:8080/graphql/ and redirect to http://127.0.0.1:8000 to the same machine. I've added this block
location /graphql/ {
proxy_pass http://127.0.0.1:8000;
}
But when I try to access https://test.shop.com:8080/graphql/ from the browser it shows me This site can’t be reached seems something to do with dns. Although I can access https://test.shop.com/graphql/ and it works fine.
My whole config file is
server {
server_name test.shop.com;
root /var/www/html/test;
index index.html;
location / {
try_files $uri $uri/ /index.html?$args;
}
# dashboard app
location /dashboard/ {
try_files $uri $uri/ /dashboard/index.html?$args;
}
location /graphql/ {
proxy_pass http://127.0.0.1:8000;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/test.shop.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/test.shop.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = test.shop.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name test.shop.com;
return 404; # managed by Certbot
}
You must create new virtualhost and listen that virtualhost to port 8080.
server {
listen 8080 ssl;
server_name test.shop.com;
root /var/www/html/test;
index index.html;
location /graphql/ {
proxy_pass http://127.0.0.1:8000;
}
ssl_certificate /etc/letsencrypt/live/test.shop.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/test.shop.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
I run websocket server on local php artisan websocket:serve.
My nginx server configration is
server {
root /var/www/laravel/public;
index index.html index.htm index.php;
server_name testingdomain.com;
location / {
try_files $uri $uri/ /index.php?$query_string ;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
# With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
# With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
location ~ /\.ht {
deny all;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/testingdomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/testingdomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = testingdomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name testingdomain.com;
return 404; # managed by Certbot
}
I tried like this.
by adding location /ws {---} but not working.
server {
root /var/www/laravel/public;
index index.html index.htm index.php;
server_name testingdomain.com;
location / {
try_files $uri $uri/ /index.php?$query_string ;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
# With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
# With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
location ~ /\.ht {
deny all;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/testingdomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/testingdomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location /ws {
proxy_pass http://127.0.0.1:6001;
proxy_set_header Host $host;
proxy_read_timeout 60;
proxy_connect_timeout 60;
proxy_redirect off;
# Allow the use of websockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
server {
if ($host = testingdomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name testingdomain.com;
return 404; # managed by Certbot
}
My client side js is
const token = window.localStorage.getItem('access_token');
import Echo from 'laravel-echo';
window.Pusher = require('pusher-js');
window.Echo = new Echo({
broadcaster: 'pusher',
key: process.env.MIX_PUSHER_APP_KEY,
wsHost: window.location.hostname,
wsPort: 6001,
wssPort: 6001,
forceTLS: false,
disableStats: true,
enabledTransports: ['ws','wss'],
auth:{
headers:{
Authorization: `Bearer ${token}`
}
}
});
window.Echo.channel('channelname')
.listen('.channelevent',(e)=>{
console.log(e);
});
But not working
I get an error like this.
WebSocket connection to 'wss://testingdomain.com/app/any_key?
protocol=7&client=js&version=7.0.3&flash=false' failed:
Error during WebSocket handshake: Unexpected response code: 404
My project is all fine on local. But, When I deploying, I am getting websocket connection error. How can I config and fix it?
I have installed nginx in my server and it is serving a Hello World website using SSL. I have also installed gitweb and I have configured it as shown in the setting up Nginx for serving Git repositories over HTTP using Gitweb tutorial and it is working fine on port 4321. I can access my Hello World website with www.my-website.com and gitweb with www.my-website.com:4321 having two nginx sites-enabled:
my-website
server {
# SSL configuration
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/my-website.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/my-website.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
# Server
server_name my-website.com www.my-website.com;
# Landing Page
root /var/www/my-website.com/html;
# Basic Authentication
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
}
server {
if ($host = www.my-website.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = my-website.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name my-website.com www.my-website.com;
return 404; # managed by Certbot
}
And gitweb
server {
# Git repos are browsable at http://my-website.com:4321/
listen 4321;
# Basic Authentication
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
location /index.cgi {
root /usr/share/gitweb/;
include fastcgi_params;
gzip off;
fastcgi_param SCRIPT_NAME $uri;
fastcgi_param GITWEB_CONFIG /etc/gitweb.conf;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
}
location / {
root /usr/share/gitweb/;
index index.cgi;
}
}
I want to configure nginx to access the Hello World website as I normally do, with www.my-website.com, and gitweb with www.my-website.com/git but I haven't been able to do that.
This question, How to serve GIT through HTTP via NGINX with user/password?, is almost perfect. The problem is that in there it is explained how to substitute the landing page by gitweb. If I configure nginx with the information from the answer to that question, then I can access gitweb just fine, as well as all individual projects, but I lose the Hello World page that I also need.
I then learned about Reverse Proxying and try to combine what I have with the setting up Nginx for serving Git repositories over HTTP using Gitweb tutorial to have the following nginx configuration:
server {
# SSL configuration
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/my-website.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/my-website.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
# Server
server_name my-website.com www.my-website.com;
# Landing Page
root /var/www/my-website.com/html;
# Basic Authentication
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# Attempt to access gitweb without the port number
location /git {
proxy_pass http://localhost:4321/;
}
}
server {
if ($host = www.my-website.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = my-website.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name my-website.com www.my-website.com;
return 404; # managed by Certbot
}
That helped a little. Now the main gitweb page is shown when I enter www.my-website.com/git
BUT when I click on any of my projects, instead of opening them, I get this:
I have looked into other options like the NGINX Configuration for Gitweb and git-http-backend tutorial but that also substitutes the Hello World web page and also is meant to configure to have HTTPS access to the repos which is something I definitely don't want. I clone them through ssh with PKI. Gitweb access is only for visualization, not cloning.
I also tried with Configure nginx to serve two websites which seem promising since the question is similar to mine, but I get a 404 Not Found when substituting location /git { with:
location /git {
root /usr/share/gitweb/;
index index.cgi;
try_files $uri $uri/ =404;
}
I think my "combined approach", the one mentioned before is the right way to go, or is it? Should I add, remove, or modify something to not get the about:blank#blocked? or am I completely lost?
Try this:
server {
# SSL configuration
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/my-website.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/my-website.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
# Server
server_name my-website.com www.my-website.com;
location / {
# Landing Page
root /var/www/my-website.com/html;
# Basic Authentication
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location /git/ {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_pass http://127.0.0.1:4321/;
}
}
server {
if ($host = www.my-website.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = my-website.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name my-website.com www.my-website.com;
return 404; # managed by Certbot
}
I have the following nginx server block for my domain name example.com. I want to redirect non www to www for the SEO.
Update
According to this answer I used the following server block. But when I test it, I got the following
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:80, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
So, I have the doubt is it correct or not and Whether it actually redirects the non www to www, please.
/etc/nginx/sites-available/example.com
server {
server_name www.example.com;
rewrite ^(.*) https://www.example.com$1 permanent;
}
server {
root /var/www/abc-company-website/public;
index index.php index.html index.htm index.nginx-debian.html;
server_name example.com;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
#Cache-Control
location ~* \.(?:ico|ttf|png|svg|jpg|jpeg|js)$
{
expires 7d;
add_header Pragma public;
add_header Cache-Control "public";
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name example.com www.example.com;
return 404; # managed by Certbot
}
How can I change the above server block to redirect, please?
It's in the best practices of nginx not to use if (even more of a reason if you are using it for $host), it's better to use server brackets with different server_name.
server {
listen 80;
server_name example.org www.example.org;
return 301 https://www.example.org$request_uri;
}
This will send HTTP www and HTTP non-www to HTTPS www
If you have a cert for non-www set a server bracket and redirect to www:
server{
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
return 301 https://www.example.com$request_uri;
}
And finally you can do whatever you want in the https www.example.com bracket:
server {
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
server_name www.example.com;
# Do whatever you want to do here to get to your application
}
It's better to read the documentation and best practices of nginx, and try to make clean configurations so the next one that comes can understand it on first sight :D
If you've got any question just ask it. (looks like you didn't understand the duplicates given in the comments, so I decided to explain it 1 by 1 for your case)