I have an issue with redirecting from www to non-www.
My expected behaviour: all requests on port 80 and 443 should be redirected to non-www.
I also have a subdomain dev.example.com requests on this subdomain should also be redirected to non-www.
All is working fine with my current configuration except one thing:
If I request http://example.com then i'll be redirected to https://dev.example.com and i cannot find the reason for that.
Can anyone tell me what i did wrong?
I have 3 conf files in my nginx sites-enabled directory linked:
first :
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name example.com www.* dev.*;
return 301 https://$host$request_uri;
}
server {
listen 443 default_server ssl;
listen [::]:443 ssl;
server_name example.com;
root /var/www/my-site/public;
# Path of the SSL certificate
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# Use the file generated by certbot command.
include /etc/letsencrypt/options-ssl-nginx.conf;
# Define the path of the dhparam.pem file.
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
disable_symlinks off;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
index index.php index.html;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php8.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
second:
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name dev.example.com;
root /var/www/my-dev-site/public;
# Path of the SSL certificate
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# Use the file generated by certbot command.
include /etc/letsencrypt/options-ssl-nginx.conf;
# Define the path of the dhparam.pem file.
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
disable_symlinks off;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
index index.php index.html;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php8.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
third(for mailserver):
server {
if ($host = autoconfig.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = autodiscover.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = mail.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name mail.example.com autodiscover.* autoconfig.*;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mail.example.com autodiscover.* autoconfig.*;
# Path of the SSL certificate
ssl_certificate /etc/letsencrypt/live/steamangel.de/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/steamangel.de/privkey.pem; # managed by Certbot
# Use the file generated by certbot command.
include /etc/letsencrypt/options-ssl-nginx.conf;
# Define the path of the dhparam.pem file.
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location /Microsoft-Server-ActiveSync {
proxy_pass http://127.0.0.1:8080/Microsoft-Server-ActiveSync;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 75;
proxy_send_timeout 3650;
proxy_read_timeout 3650;
proxy_buffers 64 256k;
client_body_buffer_size 512k;
client_max_body_size 0;
}
location / {
proxy_pass http://127.0.0.1:8080/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 0;
}
}
Related
I accidently deleted my default.conf file. Luckily, I copied and pasted the original text into another file. My problem is, when I try to start NGINX after creating a new default.conf file and pasting in the text using nano editor, I get the following error:
unknown directive " " in /etc/nginx/conf.d/default.conf:3
I suspect the pasted text is injecting some unneeded stuff. If I'm correct, how do I identify that and clear it out?
Here's what I'm adding to the default.conf file:
server {
#listen 80;
server_name xr7tsi.com www.xr7tsi.com;
access_log /home/ubuntu/client/server_logs/host.access.log main;
location / {
root /home/ubuntu/client/build;
index index.html index.htm;
try_files $uri /index.html;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
}
large_client_header_buffers 4 64k;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
server_tokens off;
location ~ /\.ht {
deny all;
}
location /api {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:5000;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/xr7tsi.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/xr7tsi.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.xr7tsi.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = xr7tsi.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name xr7tsi.com www.xr7tsi.com;
return 404; # managed by Certbot
}
I have just set up Laravel octane and its working as expected but all of the links are shown in http but the site is over HTTPS.
For example when trying to login. The user will be warned by the web browser.
This is what Firefox says:
The information entered will be transmitted in clear (without encryption). They can therefore possibly be intercepted and read during their routing.
The config for nginx taken from laravel's website and added ssl cert.
My question is: How can i serve everything over only Https ?
Link to the config: this
My nignx config :
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
server_name mysite.com;
server_tokens off;
root /var/www/site/public;
index index.php;
charset utf-8;
location /index.php {
try_files /not_exists #octane;
}
location / {
try_files $uri $uri/ #octane;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/mysite.com-error.log error;
#error_page 404 /index.php;
location #octane {
set $suffix "";
if ($uri = /index.php) {
set $suffix ?$query_string;
}
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header Scheme $scheme;
proxy_set_header SERVER_PORT $server_port;
proxy_set_header REMOTE_ADDR $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_pass http://127.0.0.1:900$suffix;
}
listen [::]:443 ssl ipv6only=on http2; # managed by Certbot
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mysite-0002/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mysite.com-0002/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = mysite.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name _;
return 444; # managed by Certbot
}}
I have an Ubuntu 20.04 LTS server with NGINX, Wordpress and GeoServer (deployed on Tomcat) installed.
I would like to have the Wordpress site available on the URL root foo.bar.com/ and have the GeoServer available on a subpath foo.bar.com/geoserver. The Wordpress site is working and shows up on foo.bar.com/, but the GeoServer isn't working correctly on foo.bar.com/geoserver, see screenshot below.
I have the following NGINX configuration:
server {
server_name foo.bar.com;
root /var/www/site;
index index.html index.htm index.php;
location /geoserver/ {
proxy_pass http://localhost:8080/geoserver/;
proxy_pass_header Set-Cookie;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
listen 443 ssl; # managed by Certbot
ssl_certificate ***; # managed by Certbot
ssl_certificate_key ***; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = foo.bar.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name foo.bar.com;
return 404; # managed by Certbot
}
I did set the proxy base URL in the GeoServer global settings and did configure CSRF protection conform this document.
Am i still missing some configuration in NGINX?
I run websocket server on local php artisan websocket:serve.
My nginx server configration is
server {
root /var/www/laravel/public;
index index.html index.htm index.php;
server_name testingdomain.com;
location / {
try_files $uri $uri/ /index.php?$query_string ;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
# With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
# With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
location ~ /\.ht {
deny all;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/testingdomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/testingdomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = testingdomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name testingdomain.com;
return 404; # managed by Certbot
}
I tried like this.
by adding location /ws {---} but not working.
server {
root /var/www/laravel/public;
index index.html index.htm index.php;
server_name testingdomain.com;
location / {
try_files $uri $uri/ /index.php?$query_string ;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
# With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
# With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
location ~ /\.ht {
deny all;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/testingdomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/testingdomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location /ws {
proxy_pass http://127.0.0.1:6001;
proxy_set_header Host $host;
proxy_read_timeout 60;
proxy_connect_timeout 60;
proxy_redirect off;
# Allow the use of websockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
server {
if ($host = testingdomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name testingdomain.com;
return 404; # managed by Certbot
}
My client side js is
const token = window.localStorage.getItem('access_token');
import Echo from 'laravel-echo';
window.Pusher = require('pusher-js');
window.Echo = new Echo({
broadcaster: 'pusher',
key: process.env.MIX_PUSHER_APP_KEY,
wsHost: window.location.hostname,
wsPort: 6001,
wssPort: 6001,
forceTLS: false,
disableStats: true,
enabledTransports: ['ws','wss'],
auth:{
headers:{
Authorization: `Bearer ${token}`
}
}
});
window.Echo.channel('channelname')
.listen('.channelevent',(e)=>{
console.log(e);
});
But not working
I get an error like this.
WebSocket connection to 'wss://testingdomain.com/app/any_key?
protocol=7&client=js&version=7.0.3&flash=false' failed:
Error during WebSocket handshake: Unexpected response code: 404
My project is all fine on local. But, When I deploying, I am getting websocket connection error. How can I config and fix it?
I have two nginx files in my sites-available. One is for a https domain and another for and http domain. I have the routing for the https domain to route domain1.com to https://www.domain1.com, but instead, it routes to the http domain I have set up, http://www.domain2.com. Can anybody help me out? I've tried google the issue but nothing has help so far.
domain1 setup
server{
server_name http://domain1.com
return 301 https://www.domain1.com$request_uri;
}
server {
listen 443 ssl;
server_name www.domain1.com;
ssl_certificate /home/node/www.domain1.com.crt;
ssl_certificate_key /home/node/www.domain1.com.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_redirect off;
access_log /var/log/nginx/mainacc.log;
proxy_pass http://127.0.0.1:3000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
}
}
domain2 setup
server {
listen 80;
listen [::]:80;
server_name domain2.com www.domain2.com;
root /var/www/html;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php?q=$uri&$args;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}
You are missing the listen 80 directive at top of your domain1 setup block
this should work
server {
listen 80 ;
listen [::]:80 ;
server_name domain1.com, www.domain1.com;
# return 301 https://www.domain1.com$request_uri;
rewrite ^/(.*) https://www.domain1.com/$1 permanent;
}
Did this do the trick ?