Sorry for limited understanding on Nginx, Iam new to Nginx.
I have a webapp running on React and Nginx. Recently I received the SSL certificates for my website. I tried to configure the website and it worked partially. The problem is when I tried to open "https://example.com", the SSL certificates are visible here but its showing nginx default home page. While when I open "http://example.com" it shows all the webcontent.
I attempted to:
change the port from 80 to 443
Reinstall nginx.
But nothing seems to work. Here is my nginx confs at the moment:
/etc/nginx/sites-available/example.org
server {
listen 443;
listen [::]:443;
ssl on;
ssl_certificate /etc/nginx/ssl/bundle.cer;
ssl_certificate_key /etc/nginx/ssl/example.key
root /var/www/html;
server_name example.org;
location / {
try_files $uri $uri/ =404;
}
}
server {
listen 80;
listen [::]:80;
server_name _;
return 301 https://example.org;
}
/etc/nginx/conf.d/www/example.org.conf
server {
listen 80 default_server;
server www.example.org;
location / {
root /usr/share/nginx/html;
index index.htm; index.html;
}
}
Note: I reload nginx at every new attempt.
Please help where am I going wrong.
Keeping just 1 file for config works for the above problem. I kept the "default" conf at "/etc/nginx/sites-available"
Related
On our research project, we have an Ubuntu 20.04 LTS virtual machine running, which should serve via nginx multiple project related websites/apps on different subdomains.
The setup is supposed to be as following:
maindomain --> redirecting to our project info site hosted by our university
subdomain1.maindomain --> nextcloud for project management stuff served via nginx
subdomain2.maindomain --> serving app1 via nginx proxy and gunicorn (for django)
subdomain3.maindomain --> serving app2 via nginx proxy and express.js
What I did:
Added the IP address of the server to the A record of our German domain hoster Strato.
https://maindomain: configured nginx to redirect to university site
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /var/www/html;
server_name maindomain;
return 301 https://university-site;
ssl_certificate /etc/ssl/wildcard.crt;
ssl_certificate_key /etc/ssl/wildcard.key;
ssl_trusted_certificate /etc/ssl/wildcard.crt;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
}
configured nginx to serve nextcloud stuff in /etc/nginx/sites-available/subdomain1.maindomain
server {
listen 80;
#listen [::]:80;
server_name subdomain1.maindomain;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /var/www/nextcloud;
index index.html index.php /index.php$request_uri;
server_name subdomain1.maindomain;
ssl_certificate /etc/ssl/wildcard.crt;
ssl_certificate_key /etc/ssl/wildcard.key;
ssl_trusted_certificate /etc/ssl/wildcard.crt;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
... lot's of nextcloud related stuff ...
}
up to this point: everything is working fine for some time now
What I tried:
Now it was time to start deploying the next app on subdomain2.maindomain. In my naive thinking I thought just to copy /etc/nginx/sites-available/subdomain1.maindomain to subdomain2.maindomain and change "subdomain1.maindomain" to "subdomain2.maindomain" in the config file (of course: getting rid of all the nextcloud stuff, too).
First I experimented with just serving a static index.html page to see if everything is working:
server {
listen 80;
server_name subdomain2.maindomain;
root /var/www/subdomain2;
index index.html index.php /index.php$request_uri;
# return 301 https://$server_name$request_uri;
}
added a static index.html into /var/www/subdomain2
restarted nginx (feels like a 1000 times actually... :-))
Now when I try to navigate to "http://subdomain2.maindomain" it throws the error: DNS_PROBE_FINISHED_NXDOMAIN
For testing purposes I added our IP address to the configuration /etc/nginx/sites-available/subdomain2.maindomain, resulting in:
server {
listen 80;
server_name subdomain2.maindomain IP_ADDRESS;
root /var/www/subdomain2;
index index.html index.php /index.php$request_uri;
# return 301 https://$server_name$request_uri;
}
Now, when I browse to IP_ADDRESS the static index.html page is served just as expected, but browsing to subdomain2.maindomain still fails.
What can I do next?
I have two sites-enabled for nginx.
I have the default server:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
try_files $uri $uri/ =404;
}
}
and I have a FQDN with a redirect for https:
server {
listen SERVER-IP:80 ;
listen [::]:80;
server_name FQDN;
location / {
return 301 https://$host$request_uri;
}
}
My issue is that if I try to access my server using a different domain name or using the IP address, using http on port 80, I will always be redirected to https on port 443. I cannot seem to get the default server to respond at all.
I even created another server block that begins:
server {
listen 80;
listen [::]:80;
server_name OTHER-FQDN;
And even when I try to load http://OTHER-FQDN I get redirected to https port 443 with a certificate of FQDN.
Why?
Or better: how can I gain insight into which server block is being used for which request? Clearly only the block with FQDN is ever accessed even though I have another OTHER-FQDN that matches or a default_server that should match.
I am frustrated because the inner working of nginx in this case seem so opaque to me and counter to exectation.
I'm using the docker image from linuxserver called swag which contains an nginx reverse proxy and a Let's encrypt certbot. Quite some dockerized apps are not designed to be accessed via subdirectory proxying but instead need to be proxied to a subdomain (because otherwise js and css files are requested from the domain, not the subdirectory).
My goal is to make a service at 1.test.example.com available at example.com/1
The config for the subdomain looks like this and works fine:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /config/www;
index index.html index.htm index.php;
server_name 1.test.*;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# some app
location / {
include /config/nginx/proxy.conf;
proxy_pass http://172.2.0.2:1234/;
}
}
My try for proxying to the subdomain looks like this but doesn't work as my browser returns "400 Bad request":
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /config/www;
index index.html index.htm index.php;
server_name _;
include /config/nginx/ssl.conf;
client_max_body_size 0;
# proxy to some app
location /1/ {
include /config/nginx/proxy.conf;
proxy_pass https://1.test.example.com;
proxy_set_header Host 1.test.example.com;
}
}
What is the correct way to do this using proxy_pass and without using rewrite?
I have a nginx 1.14.0 on Ubuntu 18.04.3. I have some trouble with a punycode domain, it works only with subdomains, e.g. www.xn--bratwrste-u9a.de but not with the domain only e.g xn--bratwrste-u9a.de
Other domains e.g. example.com are working as expected.
My default server config:
server {
listen 1.2.3.4:443 ssl http2 default_server;
listen 5.6.7.8:443 ssl http2 default_server;
ssl_certificate /ssl/sslcert.pem;
ssl_certificate_key /ssl/privkey.pem;
server_name _;
root /var/www/foo;
index index.html index.php;
}
And here the virtual server config:
server {
listen 5.6.7.8:443 ssl http2;
server_name .xn--bratwrste-u9a.de;
ssl_certificate /ssl/sslcert.pem;
ssl_certificate_key /ssl/privkey.pem;
root /var/www/bar;
index index.html index.php;
}
The log looks good:
"GET /foo.bar HTTP/2.0" 200 247 "https://xn--bratwrste-u9a.de/"
Also there is no error in the error.log
The documentation of nginx gave me no answser to my question and also listing the servername individually makes no different.
Thanks for any suggestion.
EDIT:
A workaround:
Add rewrite rule to the default server:
if ($host = xn--bratwrste-u9a.de) {
rewrite (.*) https://www.xn--bratwrste-u9a.de$1;
}
Strange that this works, but the server_name not...
I want to redirect all http requests to https with NginX, but I have some difficulties with it.
Here is my vhost file :
server {
gzip off;
listen 80;
listen [::]:80;
server_name mydomain.fr www.mydomain.fr sub.otherdom.fr otherdom.fr;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /usr/share/nginx/html;
index index.html index.htm;
ssl on;
server_name mydomain.fr www.mydomain.fr sub.otherdom.fr otherdom.fr;
ssl_certificate /root/tmp/live-ecdsa/mydomain.fr/0001_chain.pem;
ssl_certificate_key /root/tmp/live-ecdsa/mydomain.fr/privkey-p384.pem;
access_log /var/log/nginx/default.access.log;
charset utf-8;
location / {
try_files $uri $uri/ /index.html;
}
}
Trying to access these domain over plain http with different browsers results in the following :
Chrome/Firefox : downloading a file filled with bytes data
Edge : displays a blank page with €ÿÿÿÿ
A curl -I mydomain.fr outputs ▒▒
Accessing these domains directly over https works.
I have already tried with both return 301 https://$host$request_uri; and return 301 https://$server_name$request_uri;
I suspect it has something to do with the fairly large number of server names you are declaring in the one server name field inside a pretty locally scoped context. Although, if I'm honest thats a fairly unfounded assertion based on habits I've become user to.
I'd suggest a few things, although generally most of this wont fix your problem, it might make it easier to work out whats happening:
split your config into purposed files. Ie. Create a ssl.conf in another folder which contains all youe cert settings, cipher suites etc. Then add an include /path/to/ssl.conf in your config.
dont use $host, this variable can be set by the use so probably a less than great idea
Assuming you have all the other relevant ssl/tls settings referenced from somewhere else then the below should roughly work.
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name mydomain.fr;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
root /usr/share/nginx/html;
$server_name mydomain.fr
location / {
try_files $uri $uri/ /index.html;
}
}
Well, although user6788523 response helped me with the debugging, the fault was on my side.
I had several other vhost files with the http2 directive associated with the http port 80 (listen [::]:80 http2;). Removing the http2 directive resolved the problem.
This setting must be used only with ssl enabled server block