My application runs on 2 ports client (3000) and server (8080). I was able to set up ssl for the client but cannot for the server. As a result, I am having problems, I cannot make requests from the https client to the http server.
Server accepts api requests along the route / api / *, and gives images along the route to this / products / {id} / *.
that is, I execute all requests to the server like this host:8080/api/* or host:8080/products/{id}/{name}.jpg
Config nginx:
server {
server_name xxx www.xxx;
root /var/www/xxx;
index index.html index.htm index.php;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/xxx/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/xxxu/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = xxx) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name xxx www.xxx
return 404; # managed by Certbot
}
I tried searching the internet for information and supplementing the config, but it didn't work.
server {
server_name xxx www.xxx;
root /var/www/xxx;
index index.html index.htm index.php;
listen 8080 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/xxx/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/xxxu/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
Sorry, I am not an expert in this area and I am asking for your help.
I solved the problem by adding proxying from localhost: 8080 / api to domain / api and domain / products from localhost: 8080 / products
Related
I have a nodejs server running with nginx as a reverse proxy. https://example.com and http://example.com run correctly with http://example.com redirecting to https, but http://www.example.com gives an nginx error 404 Not Found. https://www.example.com does work, though.
This is my server block configuration:
server {
root /var/www/partyshare.shop/html;
index index.html index.htm index.nginx-debian.html;
server_name partyshare.shop www.partyshare.shop;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/partyshare.shop/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/partyshare.shop/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = partyshare.shop) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name partyshare.shop www.partyshare.shop;
return 404; # managed by Certbot
I believe the error is on the second server block, where $host = www.partyshare.shop when requesting the http version, so it skips past the redirect and returns a 404 error. I tried adding an if statement for the www version, but it errored out, and wouldn't recognize my SSL certificate as the http was crossed out in red, so if anybody could help that would be great.
You should update the 2nd server block to do the same for both partyshare.shop and www.partyshare.shop, and not just partyshare.shop.
server {
listen 80;
listen [::]:80;
server_name partyshare.shop www.partyshare.shop;
return 301 https://$host$request_uri;
}
I have a web2py application running using wsgi and nginx is on front, but http traffic is not getting redirected to https , i have been trying to resolve it since days, must needed help. i have also used lets encrypt for SSL
here is my nginx config :
server {
listen 80;
server_name some-domain.com;
###to enable correct use of response.static_version
location ~* ^/(\w+)/static(?:/_[\d]+\.[\d]+\.[\d]+)?/(.*)$ {
alias /home/www-data/web2py/applications/$1/static/$2;
expires max;
}
location / {
uwsgi_pass 127.0.0.1:9001;
include uwsgi_params;
uwsgi_param UWSGI_SCHEME $scheme;
uwsgi_param SERVER_SOFTWARE nginx/$nginx_version;
uwsgi_read_timeout 120s;
uwsgi_send_timeout 120s;
}
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/ some-domain.com;.my/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ some-domain.com.my/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/ some-domain.my/chain.pem; # added by skipperz
}
server {
if ($host = some-domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
I have installed nginx in my server and it is serving a Hello World website using SSL. I have also installed gitweb and I have configured it as shown in the setting up Nginx for serving Git repositories over HTTP using Gitweb tutorial and it is working fine on port 4321. I can access my Hello World website with www.my-website.com and gitweb with www.my-website.com:4321 having two nginx sites-enabled:
my-website
server {
# SSL configuration
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/my-website.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/my-website.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
# Server
server_name my-website.com www.my-website.com;
# Landing Page
root /var/www/my-website.com/html;
# Basic Authentication
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
}
server {
if ($host = www.my-website.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = my-website.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name my-website.com www.my-website.com;
return 404; # managed by Certbot
}
And gitweb
server {
# Git repos are browsable at http://my-website.com:4321/
listen 4321;
# Basic Authentication
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
location /index.cgi {
root /usr/share/gitweb/;
include fastcgi_params;
gzip off;
fastcgi_param SCRIPT_NAME $uri;
fastcgi_param GITWEB_CONFIG /etc/gitweb.conf;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
}
location / {
root /usr/share/gitweb/;
index index.cgi;
}
}
I want to configure nginx to access the Hello World website as I normally do, with www.my-website.com, and gitweb with www.my-website.com/git but I haven't been able to do that.
This question, How to serve GIT through HTTP via NGINX with user/password?, is almost perfect. The problem is that in there it is explained how to substitute the landing page by gitweb. If I configure nginx with the information from the answer to that question, then I can access gitweb just fine, as well as all individual projects, but I lose the Hello World page that I also need.
I then learned about Reverse Proxying and try to combine what I have with the setting up Nginx for serving Git repositories over HTTP using Gitweb tutorial to have the following nginx configuration:
server {
# SSL configuration
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/my-website.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/my-website.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
# Server
server_name my-website.com www.my-website.com;
# Landing Page
root /var/www/my-website.com/html;
# Basic Authentication
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# Attempt to access gitweb without the port number
location /git {
proxy_pass http://localhost:4321/;
}
}
server {
if ($host = www.my-website.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = my-website.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name my-website.com www.my-website.com;
return 404; # managed by Certbot
}
That helped a little. Now the main gitweb page is shown when I enter www.my-website.com/git
BUT when I click on any of my projects, instead of opening them, I get this:
I have looked into other options like the NGINX Configuration for Gitweb and git-http-backend tutorial but that also substitutes the Hello World web page and also is meant to configure to have HTTPS access to the repos which is something I definitely don't want. I clone them through ssh with PKI. Gitweb access is only for visualization, not cloning.
I also tried with Configure nginx to serve two websites which seem promising since the question is similar to mine, but I get a 404 Not Found when substituting location /git { with:
location /git {
root /usr/share/gitweb/;
index index.cgi;
try_files $uri $uri/ =404;
}
I think my "combined approach", the one mentioned before is the right way to go, or is it? Should I add, remove, or modify something to not get the about:blank#blocked? or am I completely lost?
Try this:
server {
# SSL configuration
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/my-website.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/my-website.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
# Server
server_name my-website.com www.my-website.com;
location / {
# Landing Page
root /var/www/my-website.com/html;
# Basic Authentication
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location /git/ {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_pass http://127.0.0.1:4321/;
}
}
server {
if ($host = www.my-website.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = my-website.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name my-website.com www.my-website.com;
return 404; # managed by Certbot
}
I had my website running but SSL was only working on non-www. After I reinstalled the let's encrypt SSL certificate the site crashed. I was able to make the front run but not the api.
I moved the site to a new droplet and installed Nginx, Pm2, and certbot with python on Ubuntu 18.04 with Nodejs.
The site is not loading and it is a bit frustrating. I think the issue was that certbot rewrited the ngix default file and I am not sure how to fix it.
This is the configuration I have on /etc/nginx/sites-available/default
upstream my_app {
server 127.0.0.1:3000;
}
server {
#listen 80;
listen [::]:80;
#listen 443 ssl;
#listen [::]:443 ssl;
if ($host = www.mysite.com) {
return 301 https://mysitehere$request_uri;
}
server_name roomies.es;
listen 443 ssl;
ssl on;
ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem;
if ($ssl_protocol = "") {
rewrite ^ https://$server_name$request_uri? permanent;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass https://mysite_app;
proxy_redirect off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location ~ /.well-known {
allow all;
}
}
```
I need the front to run on port 3000 and my api on port 4000.
Thanks in advance!
This is how I had to set up my NGINX configs after installing Let's Encrypt:
/etc/nginx/sites-enabled/default (which should be the same file as /etc/nginx/sites-available/default):
# Default server configuration
server {
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name example.com;
return 301 https://www.example.com$request_uri;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
To be clear, the return 301 is to ensure all non-www traffic is moved to the www version of the URL.
Remember to save your config on a notepad or something so you can quickly revert back to the original if this doesn't work.
I'm trying to redirect www to non-www but it doesn't work. I've tried various answers from similar questions but those haven't worked.
I have SSL cert using certbot for 3 domains example.com, www.example.com and admin.example.com.
This is my current config, which works for non-www and admin, however www.example.com doesn't work.
# HTTP - redirect all requests to HTTPS
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
# Redirect to non-www
server {
server_name www.example.com;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.se/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.se/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
return 301 https://example.com$request_uri;
}
# non-www
server {
server_name example.com;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.se/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.se/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
# CMS
server {
server_name admin.example.com;
location / {
proxy_pass http://localhost:1337;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.se/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.se/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
I use DigitalOcean where both admin & non-www points to my droplet and www.example.com has a CNAME record to example.com (non-www).
Firstly, the www.example.com and example.com should be in one server block.
Secondly, you need to add this in your #non-www server configuration blog
if ($host = 'www.example.com') {
return 301 https://example.com$request_uri;
}
Thirdly, to redirect all requests to HTTPS, server_name must be added in your # HTTP - redirect all requests to HTTPS block.
Finally, your NGINX Configuration file will look like this
# HTTP - redirect all requests to HTTPS
server {
server_name example.com www.example.com admin.example.com;
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
# non-www
server {
server_name example.com www.example.com;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
if ($host = 'www.example.com') {
return 301 https://example.com$request_uri;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.se/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.se/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
# CMS
server {
server_name admin.example.com;
location / {
proxy_pass http://localhost:1337;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.se/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.se/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
Once you update your NGINX configuration file, restart NGINX:
$ sudo systemctl restart nginx