Develop Reference

certbot modifies the default nginx config

I am following a mini-tutorial to install letsencrypt certificates. OS is ubuntu 22.04.
I had already installed nginx, and my own example.com config file to /etc/nginx/sites-available
/etc/nginx/sites-available/example.com
I left the /etc/nginx/sites-available/default unchanged.
I removed the pre-installed certbot
sudo apt remove certbot
Then I installed snap and classic certbot:
sudo apt install snapd
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
Then I ran
sudo nginx -t
sudo systemctl reload nginx
Then I did
sudo certbot --nginx -d example.com
I accept the agreement, entered my email, and hit return.
Instead of modifying /etc/nginx/sites-available/example.com, /etc/nginx/sites-available/default was modified.
What am I doing wrong?

Nginx use a custom domain name

I'm a beginner with nginx and I just created a server, I can access it through localhost\ on my browser but when I put my custom domain name it doesn't work, I just get the message "this site is not accessible", here are my server config and my Dockerfile
--- ft_server.conf ---
server {
autoindex on;
listen 80 default;
listen [::]:80 default;
root /var/www/ft_server/html;
index index.html;
server_name ft_server localhost;
location / {
try_files $uri $uri/ =404;
}
}
--- Dockerfile ---
FROM debian:buster
ARG SHARED=/var/www/ft_server
RUN mkdir -p ${SHARED}
RUN apt-get update && apt-get upgrade -y && apt-get install -y wget tar
RUN apt-get install -y nginx
RUN mkdir -p /var/www/ft_server/html
RUN chown -R $USER:$USER /var/www/ft_server/html
ADD /srcs/conf/ft_server.conf /etc/nginx/sites-available
RUN ln -s /etc/nginx/sites-available/ft_server.conf /etc/nginx/sites-enabled/
ADD /srcs/conf/nginx.conf /etc/nginx
RUN rm -f /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
I'm running my container by doing:
docker build -t ft_server .
docker run -ti -p 80:80 ft_server:latest
then inside of my container:
service nginx start
When I see nginx tutorials it seems like it's supposed to work for custom domain names but I don't know why it doesn't for me, thanks for your help

Nginx 403 permission denied, chown/chmod don't seem to work

I can't get my nginx working, I am getting permission denied.
Tried:
sudo chmod o+x /home
sudo chmod o+x /home/path-to-www
sudo chown -R nginx:nginx /home/path-to-www/www
sudo chmod -R 755 /home/path-to-www/www/
service nginx restart
The above did not work.
So I tried:
sudo chown -R path-to-www:path-to-www /home/path-to-www/www
plus:
setting the nginx user to path-to-www and retarting again.
This didn't work as well.
I am out of ideas. Anyone?

Solved: It was Selinux. I disabled it and rebooted and it worked.

In vagrant can not access to the default keystone site with nginx

The vagrant server I configure with the following script still serve the default nginx page instead of the default keystone page.
Here the scripts I use:
The vagrant file:
Vagrant.configure("2") do |config|
config.vm.box = "centos/7"
config.vm.network "private_network", ip: "192.168.1.10"
config.vm.provider "virtualbox" do |vb|
config.vm.provision "file", source: "mongodb-org-3.2.repo", destination: "~/mongodb-org-3.2.repo"
config.vm.provision "shell", path: "provision.sh"
end
The provision file:
sudo yum -y update
sudo hostnamectl set-hostname melanie
echo "given hostname :"
hostnamectl status --static
echo -e "\e[1;34m
***************************************************
add host names
***************************************************"
sudo cp /etc/hosts /etc/hosts.origin
echo "192.168.1.10 melanie.misite.com melanie" | sudo tee -a /etc/hosts > /dev/null
echo -e "\e[1;34mIP, FQDN and Server name setted in /etc/hosts:"
cat /etc/hosts
echo -e "\e[1;34m
***************************************************
set timezone
***************************************************"
sudo timedatectl set-timezone America/Guayaquil
echo -e "\e[1;34msetted time zone:"
timedatectl | grep "Time zone"
echo -e "\e[1;34m
***************************************************
add automatic security update
***************************************************"
sudo yum -y install yum-cron
sudo sed -i.bak 's/.*update_cmd =.*/update_cmd = security/' /etc/yum/yum-cron.conf
sudo sed -i.bak 's/.*apply_updates =.*/apply_updates = yes/' /etc/yum/yum-cron.conf
sudo sed -n /update_cmd/p /etc/yum/yum-cron.conf
sudo sed -n /apply_updates/p /etc/yum/yum-cron.conf
sudo systemctl status yum-cron
sudo systemctl start yum-cron
echo -e "\e[1;34m
***************************************************
create limited user account
***************************************************"
sudo useradd me
sudo echo me:admin | chpasswd
echo -e "\e[1;34m
***************************************************
SSH Dameon Options
***************************************************"
sudo sed -i.bak 's/.*PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
echo yum-cron.conf modified parameters:
sudo sed -n /PermitRootLogin/p /etc/ssh/sshd_config
systemctl restart sshd
echo -e "\e[1;34m
***************************************************
installing fail2ban
***************************************************"
sleep 15 #put sleep hoping it will help to fail2ban to be installed => do not work
sudo yum -y install fail2ban
sudo yum -y install sendmail
sudo systemctl start fail2ban
sudo systemctl enable fail2ban
systemctl start sendmail
systemctl enable sendmail
cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sed 's/.*backend =*/backend = systemd./' /etc/fail2ban/jail.local
echo -e "\e[1;34m
***************************************************
installing nginx
***************************************************"
sudo yum -y install epel-release
sudo yum -y install nginx
sudo systemctl start nginx
echo -e "\e[1;34m
***************************************************
configure nginx
***************************************************"
cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backup
sudo mkdir /etc/nginx/sites-available
sudo mkdir /etc/nginx/sites-enabled
sudo mkdir /var/www/misite.com/logs
sudo cp /home/vagrant/misite.conf /home/vagrant/misite.com
sudo mv /home/vagrant/misite.com /etc/nginx/sites-available > /dev/null
sudo ln -s /etc/nginx/sites-available/misite.com /etc/nginx/sites-enabled
sudo rm -rf /etc/nginx/sites-available/default
sudo chown -R nginx:nginx /var/www
sudo service nginx restart > /dev/null
echo -e "\e[1;34m
***************************************************
installing nodejs
***************************************************"
sudo yum -y install npm
sudo yum -y install nodejs
node --version
echo -e "\e[1;34m
***************************************************
installing mongoDB
***************************************************"
sudo mv /home/vagrant/mongodb-org-3.2.repo /etc/yum.repos.d/mongodb-org-3.2.repo
sudo yum -y install mongodb-org
systemctl start mongod
systemctl status mongod
echo -e "\e[1;34m
***************************************************
installing keystone
***************************************************"
sudo npm install -g yo
sudo mkdir /var/www
sudo mkdir /var/www/misite.com
cd /var/www/misite.com
sudo npm install -g generator-keystone
sudo chown -R vagrant:vagrant /var/www/
The nginx server conf file (/etc/nginx/sites-available/misite.com):
Here the keystone site should be redirect to the port 80 of the vagrant server (I think the mistake is in this file but can not see where)
# IP which nodejs is running on
upstream app_misite.com {
server 0.0.0.0:3000;
}
# nginx server instance
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name localhost;
access_log /var/www/misite.com/logs/access.log;
error_log /var/www/misite.com/logs/error.log;
location / {
root /var/www/misite.com;
index index.html index.htm;
try_files $uri $uri/ #node;
}
location #node {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://app_misite.com;
}
}
I also remove the default keyword from the /etc/nginx/nginx.conf
Then:
vagrant ssh
[vagrant#melanie ~]$cd /var/www/misite.com
[vagrant#melanie misite.com]$ yo keystone
[vagrant#melanie misite.com]$ node keystone
And I have keystone js running:
------------------------------------------------
KeystoneJS Started:
My Site is ready on http://0.0.0.0:3000
------------------------------------------------
But still see the default nginx page from http://192.168.1.10/
Any help will be appreciate.

Disclaimer: I'm not familiar with Nginx, I'm trying to see if it may be settings with Keystone that are affecting the port it is running on versus Nginx.
Keystone defaults to port 3000 (more specifically, process.env.PORT || 3000), unless you specify another one. If you can set the environment variable of port to whatever value you want (80 in this case), that should make it work on http://192.168.1.10:80/.
process.env.PORT = 3000
Looking at your nginx server conf file also shows this:
upstream app_misite.com {
server 0.0.0.0:3000;
}
Try changing :3000 to :80.

I think you have cupple of issues :
nginx installed on centos has a default nginx.conf file with a server directive so you cannot override this directive in your config misite file.
You need to remove the server default declaration in /etc/nginx/nginx.conf file or you can just use your provisioning script to copy a new default conf file without server declaration
I am also not even sure if the default file has an include directive on sites-available directory (look if you have include /etc/nginx/sites-enabled/*; in your conf file)
when you create the keystone app, it does not contain the /var/www/misite.com/logs/ directory and log file, I do not see you create them in your script so nginx will fail on this (btw you can create a directory structure with mkdir -pv single command)
The keystone app you created is owned by vagrant. Make sure vagrant is added to nginx group otherwise you might get a Forbidden exception when accessing your site
can help on centos if you dont want to fight with SELinux, just disabled it on a dev instance. edit the /etc/sysconfig/selinux and just set SELINUX=disabled

"configuration file /etc/nginx/nginx.conf test failed": How do I know why this happened?

I'm an nginx noob trying out this this tutorial on nginx 1.1.19 on ubuntu 12.04. I have this nginx config file.
When I run this command the test fails:
$ sudo service nginx restart
Restarting nginx: nginx: [crit] pread() "/etc/nginx/sites-enabled/csv" failed (21: Is a directory)
nginx: configuration file /etc/nginx/nginx.conf test failed
How do I know why the nginx.conf test failed?

sudo nginx -t should test all files and return errors and warnings locations

This particular commands worked for me.
sudo apt-get remove --purge nginx nginx-full nginx-common
and
sudo apt-get install nginx
credit to this answer on stackexchnage

The first solution is to test nginx conf using the basic
sudo nginx -t
Secondly, if you've changed the file yourself, copy/pasted json from one to another, there's a high chance that there's an encoding issue.
For example: " is not the same as
``
Try to write configurations by yourself. Check commas, colon and braces. Don't forget to reload the nginx.
sudo systemctl reload nginx

If you want to check syntax error for any nginx files, you can use the -c option.
[root#server ~]# sudo nginx -t -c /etc/nginx/my-server.conf
nginx: the configuration file /etc/nginx/my-server.conf syntax is ok
nginx: configuration file /etc/nginx/my-server.conf test is successful
[root#server ~]#

Show file and track error
systemctl status nginx.service