Hey everyone!
I'm having a really hard time figuring this out, when i run my website with apache, everything works as intended, however i recently switched to nginx, when i run my website on nginx and access the joomla backend i get an Error 520 from Cloudflare, i can't find out the difference in the two webservers, but it seems related to SSL, running without SSL works fine.
I'm out of luck i did a lot of testing and still the same issue.
Something that Cloudflare cannot understand is happening when using Nginx.
This is my Nginx Config
server {
listen 443 ssl http2;
listen 80;
server_name websitename.com www.websitename.com;
root /var/www/html;
ssl_certificate websitename.com.crt;
ssl_certificate_key websitename.com.key;
index index.php index.html index.htm default.html default.htm;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
return 403;
error_page 403 /403_error.html;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi.conf;
}
location ~* \.(ico|pdf|flv)$ {
expires 1y;
}
location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ {
expires 14d;
}
}
Finally i solved it.
Finally i found out that somehow the Cloudflare Railgun isn't behaving right with Nginx
I went to Cloudflare and navigated to "Speed->Optimizations" I disabled the Railgun
and i no longer have 520 Errors.
Hope this helps anyone with the same issue, been 3 days stuck on this.
Related
The environment is as follows:
I have https://website.com and a blog at https://website.com/blog
The root path points to a Passenger-hosted Rails app, and the blog subdirectory points to a WordPress app via php-fpm
Everything works fine with my Nginx config, but when I try to change the permalink structure to anything other than "Plain", I get a 404 page from the Rails app as if the location blocks aren't utilized. I tried looking at the error log in debug mode, and I do see it attempting to try_files, but ultimately it fails with the Rails 404 page.
It may be worth noting that the entire site is behind Cloudflare. Not sure if it could be something with that, though I kind of doubt it.
Here is the almost-working Nginx config I'm using:
server {
listen 80 default_server;
server_name IP_ADDRESS;
passenger_enabled on;
passenger_app_env production;
passenger_ruby /home/ubuntu/.rbenv/shims/ruby;
root /web/rails/public;
client_max_body_size 20M;
location ^~ /blog {
passenger_enabled off;
alias /web/blog;
index index.php index.htm index.html;
# Tried the commented line below, but then nothing works.
# try_files $uri $uri/ /blog/index.php?$args;
# The line below works, but peramlinks don't.
try_files $uri $uri/ /blog/index.php?q=$uri&$args;
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/run/php/php7.3-fpm.sock;
# Tried the commented line below, but then nothing works
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# The line below works, but peramlinks don't.
fastcgi_param SCRIPT_FILENAME $request_filename;
}
}
}
I wanted to comment in short but I don't have enough reputation for that.
I used the following block and worked for me. I added an add_header directive just to debug that if my request is reaching the correct block.
location ^~ /blog {
try_files $uri $uri/ /index.php?$args;
add_header reached blog;
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass php;
}
}
If your server is behind CloudFlare, you can try with /etc/hosts entry on your local machine if you're using Ubuntu/Mac. Which will stop the DNS lookup and site will directly be accessed from the IP address.
Check if any redirects are happening due to any other Nginx configuration.
Also, you have mentioned in the question that site is https:// while your server block has only listen 80 meaning non HTTPS.
Check for the response headers with
curl -XGET -IL site-name.tld
which may help you more debugging the situation.
Difference between alias and root directives https://stackoverflow.com/a/10647080/12257950
I have a wordpress site set up on NGINX with a valid certificate from certbot where I am able to see it from every IP except my home IP. When I use proxies or a different internet connection, the wordpress site is displayed correctly. I can also access the site with just HTTP and can see it from every IP except my home IP. I bypassed wordpress and made a simple echo PHP file to make sure that no plugin was causing the problem. Still, the echo shows up everywhere except from my home IP address. My conclusion is that Nginx is somehow restricting my IP, but I have no idea of where to start looking for this at. Are there any ideas about what might be going on? I do not have fail2ban installed nor do I have any known firewall rules that would cause this. Any ideas as to what is going on?
In the nginx log, the error states:
access forbidden by rule, client: xxxx:xxxx:xxxx:xxxx
However, there are no set rules for something like this in the config that i see:
server {
listen 80;
index index.php index.html index.htm index.nginx-debian.html;
server_name <redacted>;
root /var/www/<redacted>;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
include fastcgi_params;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
listen 443 ssl;
ssl_certificate <redacted>;
ssl_certificate_key <redacted>;
include <redacted>;
ssl_dhparam <redacted>;
}
I am developing a website, and I just installed ssl on the production website (I have never done this before). When I load the development website the page redirects to https and breaks because https isn't installed on the development site.
Development url: http://local.ezel.io
Production url: https://ezel.io
The Nginx (production):
server{
listen 80;
server_name ezel.io;
root /var/www/ezel.io/public;
location ~ /.well-known {
allow all;
}
rewrite ^ https://$server_name$request_uri? permanent;
}
The Nginx (development):
server {
listen 80;
server_name local.ezel.io;
root /home/ryan/Documents/www/ezel.io/public;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
On my development machine, I also have the following in my hosts file:
127.0.0.1 local.ezel.io
What would be causing me to go from http://local.ezel.io to https://local.ezel.io?
I think the problem is that you enabled https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security once and now your browser insists on trying HTTPS.
Try this: http://classically.me/blogs/how-clear-hsts-settings-major-browsers
Also, try pinging local.ezel.io to ensure it's really your localhost and not actually ezel.io.
finally i switched to the nginx webserver. But everytime i access for example http://mywebsite.com it redirects me to https://mywebsite.com. I dont have any ssl options in my server block (vhost). Here a stripped down version (only removed help comments):
server {
listen 80;
root /usr/share/nginx/www/mywebsite/htdocs;
index index.php index.html index.htm;
server_name mywebsite.com;
location / {
try_files $uri $uri/ /index.html;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param CONTEXT Staging;
include fastcgi_params;
}
}
I don't really know if i am on the correct place to search for the bug?!
PS: PHP returns me ["SERVER_PROTOCOL"]=> string(8) "HTTP/1.1"
Thanks in advice!
Got it! I've found in my /etc/nginx/fastcgi_params that line fastcgi_param HTTPS $https; which i commented out. Now, it works fine. Hope that helps someone else.
I am replacing lighttpd with nginx on my development server. I got it working with PHP and SSL, but I'm stumped by what should be a simple rewrite. I need to rewrite URLs from
http[s]://dev.foo.com/signup/123456
to
http[s]://dev.foo.com/signup/index.php?attcode=123456
The rule I am using is:
rewrite ^/signup/([0-9]+)$ /signup/index.php?attycode=$1 last;
I have tried numerous variations on this, moved it around, put it inside a location block. What happens is the URL is rewritten to:
http://dev.foo.com/dev.foo.com/signup/123456
The hostname is inserted, and it seems to always lose https and go to http.
My nginx.com server section is below. I have read and re-read the nginx docs (as they are) and searched the nginx mailing list, but nothing I've tried has solved this problem.
Ubuntu 8.0.4 LTS in case that matters.
Thanks.
server {
listen 80;
listen 443 default ssl;
server_name dev.foo.com dev.bar.com localhost;
root /var/www/foo;
index index.php index.html;
# ssl cert stuff omitted
charset utf-8;
access_log /var/log/www/dev.access.log main;
location ~ /\. {
deny all;
}
location ~* ^.+\.(inc|tpl|sql|ini|bak|sh|cgi)$ {
deny all;
}
location ~* ^/(scripts|tmp|sql)/ {
deny all;
}
rewrite ^/robots.txt$ /robots_nocrawl.txt break;
rewrite ^/signup/([0-9]+)$ /signup/index.php?attycode=$1 last;
location / {
try_files $uri $uri/ /error_404.php;
}
location ~ \.php$ {
fastcgi_pass localhost:51115;
fastcgi_index index.php;
fastcgi_intercept_errors on;
include fastcgi_params;
fastcgi_param SERVER_NAME $http_host;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
error_page 404 /error_404.php;
}
Don't put HTTP and HTTPS in the same server block. Separate them into two almost-identical server blocks, one for HTTP and one for HTTPS. Otherwise you will confuse all kinds of Nginx internals.