Error in multiple domains with nginx when add certboot certificate - nginx

I have an Ubuntu 20.04 server on Azure, with Nginx, PHP-FPM and actualy two websites.
The sites are example.com and sub.example.com and They are with the certificate issued by certboot and working fine.
I added a third site with a diferente domain example2.com and it worked fine. But when I add certboot to this third site, they all stop working, and Nginx don’t stop and don't show any error.
I added the certificates using this
sudo certbot --nginx -d example.com -d www.example.com
sudo certbot --nginx -d sub.example.com
Until here ok, sites working fine last five months
Then I add a new website and worked fine two, but when a I add certbot, all of them stop to work, but nginx still running withou erros
sudo certbot --nginx -d example2.com -d www.example2.com
sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Sites only work again if I remove the certificate from the third site
sudo sudo certbot delete --cert-name example2.com
sorry for my english
Server block Site 1
server {
root /var/www/example.com/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name example.com www.example.com;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name example.com www.example.com;
return 404; # managed by Certbot
}
Server block Site 2 (subdomain site 1)
server {
root /var/www/sub.example.com/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name sub.example.com;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/sub.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/sub.example.com/privkey.pem; # managed by Certbot
# include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = sub.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name sub.example.com;
return 404; # managed by Certbot
}
Server block Site 3
server {
root /var/www/example2.com/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name example2.com www.example2.com;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example2.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example2.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.example2.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example2.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name example2.com www.example2.com
return 404; # managed by Certbot
}

Related

Nginx redirect to non-www not working for laravel application

I have my Laravel app configured on Ubuntu 16.04.6 x64 with nginx and I keep getting a 404 page when I try to load the site with the “www” prefix
It all works perfect at https://example.com, but https://www.example.com will cause a 404 error
I have A records setup for both the www.example.com and example.com pointing to the same IP address
Ideally I would like to redirect all https://www.example.com traffic to https://example.com
The nginx conf file is below, would appreciate some help debugging
I’ve tried adding a 301 redirect at the start and end of the file but it doesn’t seem to work
Interestingly I can access static files fine at www, it’s any of the laravel paths that seem to trigger a 404
server {
root /var/www/example.com/web/public;
error_log /var/www/example.com/errors.log;
access_log /var/log/nginx/example.comaccess_log.log;
index index.php index.html;
server_name example.com www.example.com;
client_max_body_size 80m;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 365d;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.3-fpm.sock;
}
location ~ /\.ht {
deny all;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://example.com$request_uri;
} # managed by Certbot
if ($host = example.co) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name example.com www.example.com;
listen 80;
return 404; # managed by Certbot
}
server {
server_name www.example.com;
return 301 $scheme://example.com$request_uri;
}
Something to this effect should do it. If you go to http://www.example.com, you should be redirected to https://www.example.com, which intern redirects to https://example.com.
server {
root /var/www/example.com/web/public;
error_log /var/www/example.com/errors.log;
access_log /var/log/nginx/example.comaccess_log.log;
index index.php index.html;
server_name example.com;
client_max_body_size 80m;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 365d;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.3-fpm.sock;
}
location ~ /\.ht {
deny all;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
# Force all HTTP traffic to SSL
listen 80;
return 301 https://$host$request_uri;
}
server {
# Redirect www.example.com to example.com
listen 443 ssl;
# This needs to be the cert for www.example.com or *.example.com
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
# Remember, if nginx doesnt find the server_name, it uses the first vhost.
server_name www.example.com;
return 301 https://example.com$request_uri;
}

NGINX - Wordpress infinite redirect loop

I'm new to using nginx. Up until now I was using as an hosting engine APACHE2, and because of it I have an issue with my website migration
here is my VHOST config file:
server {
root /var/www/html/domain_com/web/;
index index.php index.html index.htm;
server_name domain.com www.domain.com;
error_log /var/www/html/domain_com/log/error.log;
access_log /var/www/html/domain_com/log/nginx-access.log;
try_files $uri $uri/ /index.php?$args;
location ~* \.php$ {
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
}
include /var/www/html/domain_com/web/nginx.conf;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name domain.com www.domain.com;
return 404; # managed by Certbot
}
with config like this when I call the website it returns me error "too many redirects", but if I will add listen 80; at the top of first server block everything works just fine, but certbot while adding certs for next domain displays warning about that server name already exists and information that the warning was ignored.
what can i do, to solve this problem? :)
server {
listen 80;
server_name domain.com www.domain.com;
rewrite ^ https://$server_name$request_uri permanent;
}
server {
listen 443 ssl; # managed by Certbot
root /var/www/html/domain_com/web/;
index index.php index.html index.htm;
server_name domain.com www.domain.com;
error_log /var/www/html/domain_com/log/error.log;
access_log /var/www/html/domain_com/log/nginx-access.log;
try_files $uri $uri/ /index.php?$args;
location ~* \.php$ {
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
}
include /var/www/html/domain_com/web/nginx.conf;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

NGINX redirecting non secure subdomain to main domain

I have 2 domain hosted on the same server let's say testwebsite.com and staging.testwebsite.com. I have added the nginx configuration in which there is one problem subdomain is getting redirected to main domain only on non secure protocol.
http://testwebsite.com -> https://testwebsite.com = OK
https://testwebsite.com -> https://testwebsite.com = OK
http://staging.testwebsite.com -> https://testwebsite.com = NOT OK
https://staging.testwebsite.com -> https://staging.testwebsite.com = OK
testwebsite.com
server {
root /var/www/testwebsite.com/live;
index index.html index.php index.htm index.nginx-debian.html;
server_name testwebsite.com www.testwebsite.com;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/testwebsite.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/testwebsite.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
listen 80;
listen [::]:80;
server_name testwebsite.com www.testwebsite.com;
return 301 https://testwebsite.com$request_uri;
}
staging.testwebiste.com
server {
root /var/www/testwebsite.com/staging;
index index.html index.php index.htm index.nginx-debian.html;
server_name staging.testwebsite.com www.staging.testwebsite.com;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/staging.testwebsite.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/staging.testwebsite.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
listen 80;
listen [::]:80;
server_name staging.testwebsite.com www.staging.testwebsite.com;
return 301 https://staging.testwebsite.com$request_uri;
}
Can anyone please help what went wrong with the config?
The config looks OK to me.
Are you sure that it is not your browser caching the redirect? Browsers tend to cache 301 redirects very aggressively.

ngnix www to no-www on config file generated by certbot

I am trying to get requests to example.com as well as www.example.com to go to https://example.com in the configuration file shown below. The file is exactly as generated by certbot.
Changing the two return 301 statements to
return 301 https://example.com$request_uri;
did not work as https://www.example.com still goes to https://www.example.com and not the desired https://example.com
Would appreciate if someone could point out the exact changes needed to get the desired result. Simplified instructions would be a bonus as I am quite new to both nginx and certbot. Thanks.
server {
root /var/www/html/drupal;
index index.php index.html index.htm;
server_name example.com www.example.com;
location / {
try_files $uri /index.php?$query_string;
}
location #rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location ~ [^/]\.php(/|$) {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ ^/sites/.*/files/styles/ {
try_files $uri #rewrite;
}
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name example.com www.example.com;
return 404; # managed by Certbot
}
Open the brackets for a clearer way.
Instead of one 443 listener, create 2. Same with the 80 ones.
Like that it's much easier for you to know what is doing what, one configuration for each pair of host and schema.
server {
listen 80;
listen [::]:80;
server_name www.example.com; #this will only listen to http://www.example.com
location / {
return 301 https://example.com$request_uri; #and will upgrade to https
}
#we don't want that many redirects, so this will go directly to example.com
}
server {
listen 80;
listen [::]:80;
server_name example.com; #this will only listen to http://example.com
location / {
return 301 https://$host$request_uri; #and will upgrade to https
}
}
server {
server_name www.example.com;
location / {
return 301 https://example.com$request_uri #this redirects to non-www
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server{
#same server configuration as your first server bracket, only accepting https://example.com and not www.
}
I see that you are sending the arriving connection to a Drupal so think that the Drupal has a variable $base_url that any redirect that it makes it's made to that host, so if it's set to www.example.com, it won't matter you nginx conf, as Drupal itself can also make redirects.
Hope it helped, comment for any question.
Its working now, #flaixman. I made one change from your suggestion - which was to make just one block for 80, since they both did exactly the same thing. So, here's the final version : (I have hopefully not messed up something which might cause a problem later.)
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
location / {
return 301 https://example.com$request_uri;
}
}
server {
server_name www.example.com;
location / {
return 301 https://example.com$request_uri;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server{
root /var/www/html/d8;
index index.php index.html index.htm;
server_name example.com;
location / {
try_files $uri /index.php?$query_string;
}
location #rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location ~ [^/]\.php(/|$) {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ ^/sites/.*/files/styles/ {
try_files $uri #rewrite;
}
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

NGINX rewrite issue for index.php

I have an issue as given below.
Say I have a site example.com and I have made modifications to the rewrite logic to remove .php extensions. The code given below works fine in all the cases except for index.php
https://example.com --> Not accessible. This is not correct. It should display contents from index.php page.
https://example.com/index.php --> Displays 404 page. This is correct.
https://example.com/index --> Displays index page. This is not correct.
server {
root /usr/share/nginx/html;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm;
server_name example.com www.example.com;
error_page 404 /error/custom_404;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
index index.php index.html index.htm;
try_files $uri $uri/ #missing;
}
location ~* \.(jpg|jpeg|png|gif|ico|css|js|svg)$ {
expires 365d;
}
location ~* (\.php$|myadmin) {
return 404;
}
location #missing {
if (!-f $document_root$uri.php) { return 404; }
fastcgi_param SCRIPT_FILENAME "$document_root$uri.php";
fastcgi_param PATH_TRANSLATED "$document_root$uri.php";
fastcgi_param QUERY_STRING $args;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~* \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name example.com www.example.com;
return 404; # managed by Certbot
}
Can someone point to where I am doing wrong?
Thanks

Resources