I have an Nginx reverse proxy and I want to proxy pass domain abcd.com to example.com subdirectory but sometimes It redirects domain abcd.com to abcd.com/newsite. how can prevent this redirection?
server {
listen 443 ssl http2;
server_name abcd.com www.abcd.com;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_certificate /etc/nginx/ssl/abcd.com/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/abcd.com/privkey.pem;
location / {
include /etc/nginx/proxy_params;
include /etc/nginx/headers.conf;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;preload" always;
proxy_pass http://example.com/newsite/;
}
}
Related
I'm currently trying to redirect all access from http to https on a nginx serv in VirtualBox.
When using a test machine in VirtualBox, everything is working perfectly.
My issue is with port redirection on VirtualBox.
I want to be redirect directly from my host machine.
For the moment when I access https it's fine, but when I try to access the http, I'm redirected to the nginx serv address in Virtualbox.
My ssl conf is :
server {
listen 443 http2 ssl;
server_name _;
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
root /var/www/html;
location {
proxy_pass http://loadbalancing;
try_files $uri $uri/ =404
}
server {
listen 80;
server_name _;
return 301 https://srv.dmz.lan
}
upstream loadbalancing {
server srv1;
server srv2;
}
}
Dmz is a NAT network under VirtualBox with those redirections:
I've a webserver nginx on the host of my vps with a simple html site on main root (example: domain.com).
I want to redirect an endpoint of this webserver to a docker container with wordpress at port 8080.
The endpoint must be /blog.
I've this configuration on nginx's virtual host (including redirect to 443 port):
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
root /var/www/http/domain.com/public;
index index.html index.htm index.nginx-debian.html;
server_name domain.com www.domain.com;
#headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
#ssl
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ecdh_curve secp384r1;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384 OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 OLD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
ssl_prefer_server_ciphers on;
ssl_certificate /etc/ssl/private/domain.com.crt;
ssl_certificate_key /etc/ssl/private/domain.com.key;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
location /blog {
include /etc/nginx/mime.types;
#proxy
proxy_pass http://localhost:8080;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name domain.com www.domain.com;
return 301 $scheme://$server_name$request_uri;
}
server {
listen 80;
listen [::]:80;
server_name domain.com www.domain.com;
location /blog {
include /etc/nginx/mime.types;
proxy_pass http://localhost:8080;
}
return 301 https://$server_name$request_uri;
}
It doesn't work.
I tried to set another virtual host with name blog.domain.com, but some features how wp-login and wp-admin don't works (neither css, javascript, ssl certificate).
Thank you.
Using command: docker inspect container_id of Wordpress container get IP address of container ID, then:
proxy_pass http://ipaddress_of_container_ID:8080;
I'm trying to rewrite from short name to FQDN.
My nginx version is
nginx version: nginx/1.13.4
server {
listen 80;
server_name foo foo.bar.com;
rewrite_log on;
rewrite ^ https://foo.bar.com/ permanent;
include includes/web-site;
include includes/files-site;
}
server {
listen 443 ssl;
server_name foo.bar.com
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_session_cache shared:SSL:10m;
ssl_certificate foobar.crt;
ssl_certificate_key foobar.key;
add_header Strict-Transport-Security "max-age=31536000";
include includes/web-site;
include includes/files-site;
}
No effect. Any advise?
Maybe you just want to redirect non-ssl traffic to ssl server. if so, you can try this
server {
listen 80;
server_name foo.bar.com;
rewrite ^ https://$server_name$request_uri? permanent;
}
refer https://serverfault.com/questions/250476/how-to-force-or-redirect-to-ssl-in-nginx
So I am trying to achieve 4 things:
support both ip-v4 and ip-v6
support letsencrypt ssl certificates (the acme-challenge location in http)
redirect www to non www
redirect http to https
I have come up with a config, but it seems not to work. I get a "page does not exist" when trying to access http://www.MY_DOMAIN.COM.
Due to the hsts setting, this does work after having visited the https non-www version once.
Note that I have ssl certificates for both the with and without www domain.
How can I achieve this / what am I doing wrong in my config:
# HTTP server
#
server {
listen [::]:80;
server_name MY_DOMAIN.COM www.MY_DOMAIN.COM;
location /.well-known/acme-challenge {
root /var/www/letsencrypt;
try_files $uri $uri/ =404;
}
location / {
return 301 https://MY_DOMAIN.COM$request_uri;
}
}
# HTTPS server
#
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name www.MY_DOMAIN.COM;
ssl on;
ssl_certificate /etc/letsencrypt/live/www.MY_DOMAIN.COM/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.MY_DOMAIN.COM/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/www.MY_DOMAIN.COM/fullchain.pem;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security "max-age=86400; includeSubDomains";
return 301 https://MY_DOMAIN.COM$request_uri;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server ipv6only=on;
server_name MY_DOMAIN.COM;
ssl on;
ssl_certificate /etc/letsencrypt/live/MY_DOMAIN.COM/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/MY_DOMAIN.COM/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/MY_DOMAIN.COM/fullchain.pem;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security "max-age=86400; includeSubDomains";
root /var/www/MY_DOMAIN.COM;
index index.html;
}
Also, I do not find the copy-paste nature of the two server blocks very nice.
As #RichardSmith notes; I was not listening to the ipv4 version of the http://www variant. Hence, the redict was not triggered at all.
After fixing this, the setup is working.
I deployed a website on digitalocean with nginx as a proxypass. The Site works but sometimes I have to refresh to reach the site. I am afraid that my nginx or my dns configuration is wrong, since I'm doing this the first time.
Here is my nginx config: (the server should run only on https)
server {
listen 80;
server_name <site_name>.com;
return 301 https://www.<site_name>.com$request_uri;
}
server {
listen 80;
server_name www.<site_name>.com;
return 301 https://www.<site_name>.com$request_uri;
}
server {
listen 443 ssl;
server_name <site_name>.com;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/certs/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/certs/private.key;
return 301 $scheme://www.<site_name>.com$request_uri;
}
server {
listen 443;
server_name www.<site_name>f.com;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
ssl on;
ssl_certificate /etc/nginx/ssl/certs/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/certs/private.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
location / {
proxy_pass http://localhost:8000;
}
}
Here are my dns settings:
A Record host:# value: TTL: automatic
A Record host:www value: TTL: 1 min
Any idea what is going wrong?
Thx!
When the site fails to load what is the error message, if any? I doubt this is a DNS issue, since it works sometimes.