I have two static (angular) sites on the same server where nginx is running and I would like to load balance between them. For example:
/home/user/app-1
/home/user/app-2
All examples of load balancing seem to be pointing to other servers or services running on ports vs. multiple locations. My current nginx config for a single site:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name domain.com *.domain.com;
location / {
root /home/user/app-1;
index index.html;
try_files $uri $uri/ /index.html?$args;
}
}
How can this be achieved?
upstream backend {
least_conn;
server 127.0.0.1:5001 weight=1;
server 127.0.0.1:5002 weight=1;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name domain.com *.domain.com;
location / {
proxy_pass http://backend;
}
}
server {
listen 5001 ssl http2;
listen [::]:5001 ssl http2;
server_name 127.0.0.1;
location / {
root /home/user/app-1;
index index.html;
try_files $uri $uri/ /index.html?$args;
}
}
server {
listen 5002 ssl http2;
listen [::]:5002 ssl http2;
server_name 127.0.0.1;
location / {
root /home/user/app-2;
index index.html;
try_files $uri $uri/ /index.html?$args;
}
}
Related
I am having issues with Nginx not working with multiple domains pointing to the same IP address. When accessing either domain, they both default to "catacombsfellowship.org.cnf". When accessing edmunddesoto.com, it acts as if it is catacombsfellowship.org and I get an SSL cert error where the cert is for catacombsfellowship.org.
When I run either domain by themselves, they work fine. However, they don't work seamlessly together. What am I doing wrong?
Examples:
File: edmunddesoto.com.cnf
server {
listen 80;
listen [::]:80;
server_name edmunddesoto.com default_server;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name edmunddesoto.com default_server;
root /var/www/html/edmunddesoto.com/live;
index index.php index.html index.htm index.nginx-debian.html;
ssl_certificate /etc/ssl/certs/edmunddesoto.com.crt;
ssl_certificate_key /etc/ssl/private/edmunddesoto.com.key;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
File: catacombsfellowship.org.cnf
server {
listen 80;
listen [::]:80;
server_name catacombsfellowship.org default_server;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name catacombsfellowship.org default_server;
root /var/www/html/catacombsfellowship.org/live;
index index.php index.html index.htm index.nginx-debian.html;
ssl_certificate /etc/ssl/certs/catacombsfellowship.org.crt;
ssl_certificate_key /etc/ssl/private/catacombsfellowship.org.key;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php5.6-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
Ok, I figured it out. The issue was somehow it was redirecting to the www.* domains and those were not set in the server_name directive. So, by adding the www.* to the server_name directive, it fixed it.
I got 2 domains and its supposed to work from same directory. While redirecting from http with/without www works perfectly, https www to non www don't work. Here is my config file:
server {
listen 80;
server_name domain1.com www.domain1.com;
return 301 https://domain1.com$request_uri;
}
server {
listen 80;
server_name domain2.com www.domain2.com;
return 301 https://domain2.com$request_uri;
}
server {
listen 443 ssl;
server_name www.domain1.com;
return 301 https://domain1.com$request_uri;
ssl_certificate /etc/letsencrypt/live/domain1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain1.com/privkey.pem;
}
server {
listen 443 ssl;
server_name www.domain2.com;
return 301 https://domain2.com$request_uri;
ssl_certificate /etc/letsencrypt/live/domain1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain1.com/privkey.pem;
}
server {
listen 443 ssl;
server_name domain1.com;
root /var/www/domain1.com;
index index.php index.html index.htm;
ssl_certificate /etc/letsencrypt/live/domain1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain1.com/privkey.pem;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
}
}
server {
listen 443 ssl;
server_name domain2.com;
root /var/www/domain1.com;
index index.php index.html index.htm;
ssl_certificate /etc/letsencrypt/live/domain1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain1.com/privkey.pem;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
}
}
Can you tell me what could be wrong with it? SSL certificate domain1.com have got inside certificates for all domains, include with/without WWW.
In case if someone will face to same issue, removal of "ssl" abbreviate fixed it. So instead of listen 443 ssl; in 301 server blocks change to listen 443;
I've tired to configure an Nginx server with SSL but the site is not open but with https:// it's open normally.
Here is my Nginx configuration:
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
client_max_body_size 20M;
root /var/www/mysite.in/site;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm;
server_name _;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# pass PHP scripts to FastCGI server
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
}
listen 443;
listen [::]:443;
server_name www.mysite.com;
#ssl on;
ssl_certificate /etc/nginx/ssl/mysite.com.chained.crt;
ssl_certificate_key /etc/nginx/ssl/main_private.key;
}
The SSL was generated in GoDaddy, I've found lots of solutions, but so far none of them are working.
How can I resolve this error?
You have to create two servers(http and https) in your config and create redirect from http to https:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name www.mysite.com;
return 301 https://$host$request_uri;
}
server {
listen 443;
listen [::]:443;
server_name www.mysite.com;
client_max_body_size 20M;
root /var/www/mysite.in/site;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm;
server_name _;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# pass PHP scripts to FastCGI server
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
}
ssl on;
ssl_certificate /etc/nginx/ssl/mysite.com.chained.crt;
ssl_certificate_key /etc/nginx/ssl/main_private.key;
}
I need to use two different ssl certs with nginx pointing to the same app.
https://domain1.com points to 1.1.1.1
https://domain2.com points to 1.1.1.1
.
.
.
.
https://domainN.com points to 1.1.1.1
Tried the following:
server {
listen 80;
server_name domain1.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name domain1.com;
root /app/dist;
index index.html;
ssl_certificate /etc/nginx/ssl/d1/certificate.crt;
ssl_certificate_key /etc/nginx/ssl/d1/private.key;
location / {
try_files $uri $uri/ /index.html;
}
}
server {
listen 80;
server_name domain2.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name domain2.com;
root /app/dist;
index index.html;
ssl_certificate /etc/nginx/ssl/d2/certificate.crt;
ssl_certificate_key /etc/nginx/ssl/d2/private.key;
location / {
try_files $uri $uri/ /index.html;
}
}
This doesn't work, it just loads the first cert resulting in invalid cert when accessed using the second domain.
The domain certs can't be combined.
I can't spin two different instances for nginx as the case needs to help me out with n-Domains pointing to same IP preferably using one nginx server.
Is there a way out?
Thanks to Richard Smith for pointing out just the right stuff!
So, to setup nginx to use different cert-key pair for domains pointing to the same nginx we have to rely on TLS-SNI (Server Name Indication), where the domain name is sent un-encrypted text as a part of the handshake. This helps nginx to decide which cert-key pair to use for the incoming secure request.
More can be read about SNI here.
Moving on to the configuration.
server {
listen 80;
server_name domain1.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name domain1.com;
root /app/dist;
index index.html;
ssl_certificate /etc/nginx/ssl/d1/certificate.crt;
ssl_certificate_key /etc/nginx/ssl/d1/private.key;
location / {
try_files $uri $uri/ /index.html;
}
}
server {
listen 80;
server_name domain2.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name domain2.com;
root /app/dist;
index index.html;
ssl_certificate /etc/nginx/ssl/d2/certificate.crt;
ssl_certificate_key /etc/nginx/ssl/d2/private.key;
location / {
try_files $uri $uri/ /index.html;
}
}
The above config forwards HTTP (80) for both domain1 and domain2 to respective HTTPS (443) server blocks, where respective cert-key pairs are loaded.
The HTTPS (443) request is handled directly.
nginx decides which block to hit by picking the server name using SNI.
I have a wordpress website with https protocol by configuring the nginx 301 redirect:
server {
listen 80;
server_name xxx.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name xxx.com;
ssl_certificate conf.d/xxx.crt;
ssl_certificate_key conf.d/xxx.key;
}
And my article has some image links with static server like:
http://yyy.com/1.png
But when i access this article: it will be https://yyy.com/1.png, How do I configure the nginx that can still use http for the image static server?
You would do that using below config
server {
listen 80;
server_name xxx.com;
location ~* \.(png|ico|jpeg)$ {
root <your root folder>;
try_files $uri =404;
}
location / {
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 ssl;
server_name xxx.com;
ssl_certificate conf.d/xxx.crt;
ssl_certificate_key conf.d/xxx.key;
}