Hi guys i have a question.
When i check the logs from graylog i noticed something weird. My nginx web server responds domain names that are not in my server. Like google.com or some ips.
How can i solve the problem?
# HTTP Server
server {
listen 80;
server_name x.com.tr www.x.com.tr;
rewrite ^ https://$server_name$request_uri permanent;
}
# HTTPS Server
server {
listen 443;
server_name x.com.tr www.x.com.tr;
root /var/www/html/xcom;
index index.php;
ssl on;
ssl_certificate /etc/nginx/ssl/xcomtr.crt;
ssl_certificate_key /etc/nginx/ssl/xcomtr.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # do not use SSLv3 ref: POODLE
if (!-e $request_filename) { rewrite ^.* /index.php break; }
client_max_body_size 100M;
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~/\.ht {
deny all;
}
location ~ ^/(wp-admin|wp-login\.php) {
allow x/24;
allow y/24;
allow z/24;
deny all; }
}
I had to hide my website name and ip's because it's govermantal project :)
Thank you all for your answers
Related
in sites-enabled file test.com.conf:
map $http_host $blogid {
default 0;
test.com 1;
}
server {
listen 5.187.1.93:80;
server_name test.com *.test.com;
root /home/fornex/wordpress;
access_log /var/log/nginx/test.com-access.log;
error_log /var/log/nginx/test.com-error.log;
include conf.d/restrictions.conf;
# include /home/fornex/wordpress/nginx.conf;
include conf.d/wordpress-mu.conf;
}
file site.com.conf:
server {
listen 5.187.1.93:80;
server_name site.com *.site.com;
return 301 https://$host$request_uri;
}
server {
listen 5.187.1.93:443 ssl;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_certificate /etc/letsencrypt/live/site.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site.com/privkey.pem;
server_name site.com *.site.com;
root /home/fornex/site.com;
index index.php;
client_max_body_size 7m;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~* /\. {
deny all;
}
location ~*\.(php)$ {
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
when I open test.com(It should be a wordpress installation) - site.com opens. What is wrong? How can I make them separate sites? I searched a lot in WEB but didn't find anything that helps in my situation. Adding *.test.com didn't help.
I know that there's a lot of similar questions here, but none of them didn't help me, so here's my problem.
I need to redirect all requests from my server ip to my domain.
I tried the return 301 method, it kinda worked, but got me "Too many redirects error".
It wasn't me who wrote the config originally and I'm afraid to break it, it's a live server, so I don't have much time to test things.
Here's my config:
server {
listen xxx.xxx.xxx.xxx:443 ssl;
index index.php;
server_name example.com;
error_log /var/log/nginx/error_example_com.log;
access_log /var/log/nginx/access_example_com.log;
root /var/www/prod/frontend/web;
client_max_body_size 50m;
ssl on;
ssl_certificate /var/lib/dehydrated/certs/example.com/fullchain.pem;
ssl_certificate_key /var/lib/dehydrated/certs/example.com/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1.2;
ssl_ciphers EECDH:+AES256:-3DES:RSA+AES:RSA+3DES:!NULL:!RC4;
add_header Strict-Transport-Security "max-age=31536000";
ssl_prefer_server_ciphers on;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location /images {
alias /var/www/prod/frontend/web/images;
}
location /assets {
expires 1d;
}
location /upload {
expires 1d;
alias /var/www/prod/frontend/web/uploads;
}
location /plugins/Global/scripts {
alias /var/www/prod/frontend/web/js2;
}
location /plugins/Global/images {
alias /var/www/prod/frontend/web/images;
}
location /plugins/Global/css {
alias /var/www/prod/frontend/web/css;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/comn/php/php7.3-fpm.sock;
}
location /.well-known/acme-challenge {
alias /var/lib/dehydrated/acme-challenges;
}
}
server {
listen 443 ssl;
ssl_certificate /var/lib/dehydrated/certs/example.com/fullchain.pem;
ssl_certificate_key /var/lib/dehydrated/certs/example.com/privkey.pem;
server_name www.example.com;
location / {
return 301 https://example.com$request_uri;
}
location ~ /.git/ {
deny all;
}
}
server {
listen xxx.xxx.xxx.xxx:80;
location / {
return 301 https://example.com$request_uri; # enforce https
}
location /.well-known/acme-challenge {
alias /var/lib/dehydrated/acme-challenges;
}
}
Redirecting from http://xxx.xxx.xxx.xxx to https://example.com works just fine, but I can't figure out how to get https redirecting working. What am I missing?
Also there's an admin panel to this site, it's config stored in another file, not sure if it has to be posted as well.
Strangely adding this on top of my config worked, where even default_server was ignored..
server {
listen 443 ssl http2;
server_name example.com;
return 301 https://example.com$request_uri;
}
Still not sure what is wrong with my setup, but at least it's working now.
nginx/1.14.2
I'm currently working on creating a dockerized server with two sites. I want them both to run over port 443. So far, I've managed to get one of them running on their own using the nginx reverse proxy, but when I try to do both, it seems to be totally ignoring my server.
stream {
upstream shop_local_xposi_com {
server 127.0.0.1:9000;
}
upstream sockets_local_xposi_com {
server 127.0.0.1:9001;
}
map $ssl_preread_server_name $upstream {
shop.local.xposi.com shop_local_website_com;
socket.local.xposi.com sockets_local_website_com;
}
# SHOP webserver
server {
# SSL
listen 127.0.0.1:9000 ssl;
ssl_certificate /etc/nginx/certs/website.com.crt;
ssl_certificate_key /etc/nginx/certs/website.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
index index.php index.html;
root /var/www/public;
location / {
try_files $uri /index.php?$args;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass app:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
# SOCKET webserver
server {
# SSL
listen 127.0.0.1:9001 ssl;
ssl_certificate /etc/nginx/certs/website.com.crt;
ssl_certificate_key /etc/nginx/certs/website.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
index index.php index.html;
root /var/www/public;
location / {
try_files $uri /index.php?$args;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass socket:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
server {
listen 443;
ssl_preread on;
proxy_pass $upstream;
}
}
When running just one server, this config gile was just one of the larger server sections, which worked perfectly. But when trying to create the set up I'm trying to create (diagram below), it instantly redirects to the API on my accept environment. My guess as to why this specific api is because it's the next available line with the same domain in my window's hosts file, so the browser gets told to go there(?).
For any further information that I forgot to give, please ask.
I have similar function but I do have different "servers" listening to different server_name configuration
server {
listen 80 ; (or listen 443 ;)
server_name shop-local.website.com ;
location / {
... some code
proxy_pass http://shoplocalwebsiteIP:port;
}
}
server {
listen 80 ; (or listen 443 ;)
server_name socket-local.website.com ;
location / {
... some code
proxy_pass http://socketlocalwebsiteIP:port;
}
}
You could encapsulate the server name inside the desired block and then set the correct proxy_pass to backend.
{
server {
listen 80;
server_name www.example.com example.com;
return 301 https://www.example.com$request_uri;
}
server { #Redirect https, non-www to https, www
listen 443 ssl spdy;
server_name example.com;
ssl_certificate /var/www/web/example_com.crt;
ssl_certificate_key /var/www/web/www.expample.com.key;
return 301 https://www.example.com$request_uri;
}
server {
# SSL configuration
listen 443 ssl spdy;
server_name www.example.com;
ssl on;
ssl_certificate /var/www/web/example_com.crt;
ssl_certificate_key /var/www/web/www.expample.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # do not use SSLv3 ref: POODLE
root /var/www/web;
client_max_body_size 20M;
index index.php;
location / {
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
}
location ~ ^/(protected|framework|themes/\w+/views) {
deny all;
}
#avoid processing of calls to unexisting static files by yii
location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
try_files $uri =404;
}
location #bo {
rewrite ^/bo(.*) /bo/index.php?q=$1;
}
location /bo {
index index.php;
try_files $uri $uri/ #bo;
alias /var/www/web/bo;
}
location #app {
rewrite ^/app(.*) /app/index.php?q=$1;
}
location /app {
index index.php;
try_files $uri $uri/ #app;
alias /var/www/web/app;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
include fastcgi_params;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME /var/www/web$fastcgi_script_name;
}
# prevent nginx from serving dotfiles (.htaccess, .svn, .git, etc.)
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
location ~ /\.ht {
deny all;
}
if (!-e $request_filename) {
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 last;
rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ $1 last;
}
}
server {
listen 80;
listen [::]:80;
server_name supp.example.com;
access_log /var/log/nginx/supp.example.com.access.log;
error_log /var/log/nginx/supp.example.com.error.log;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:3001;
proxy_redirect off;
}
}
I had a server on OVH and I migrated to azure, inside the app I had a wordpress that is in the main root, a subfolder with an app on Yii2 and another subfolder with an app on CodeIgniter, When I test the config, everything works fine, I used the testnew.example.com for test it, when I do the deploy and use www.example.com, I got Moved permantly 301 on main root (Wordpress site), the rest of apps works good.
I need help with some nginx configuration. So please help. So here is my situation.
my domain: rtechmedia.com
1) I want all the request of http:// www.rtechmedia.com redirect to https:// www.rtechmedia.com
2) I want all the request of https:// rtechmedia.com to https:// www.rtechmedia.com
3) But i want that the style folder and its content located at www.rtechmedia.com/styles/* should redirect to http:// www.rtechmedia.com/styles/* instead of https:// www.rtechmedia.com/styles/*
I am noob in nginx so please give in details. And note i put space in url because of low reputation. So ignore it
I am able to achieve 1) and 2) but not 3 so help me with that.
server {
listen 80;
server_name www.rtechmedia.com;
return 301 https://www.rtechmedia.com$request_uri;
}
server {
listen 80;
server_name rtechmedia.com;
return 301 https://www.rtechmedia.com$request_uri;
}
server {
listen 443 ssl;
server_name www.rtechmedia.com;
root /home/forge/www.rtechmedia.com;
ssl_certificate /etc/nginx/ssl/www.rtechmedia.com/11369/server.crt;
ssl_certificate_key /etc/nginx/ssl/www.rtechmedia.com/11369/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/www.rtechmedia.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}