I am configuring Nginx to serve two different locations. Idea is to serve the localhost:3000 as default and if the page not found in that location then try to use the other location as a fallback. But is not working. Any help will be appreciated. Thanks
server {
listen 80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name server.in;
ssl_certificate /junk/server.crt;
ssl_certificate_key /junk/server.key;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
index index.html;
recursive_error_pages on;
proxy_intercept_errors on;
location / {
proxy_pass http://localhost:3000;
error_page 404 = #fallback;
}
location #fallback {
proxy_pass http://localhost:9000;
}
}
Related
I'm doing a proxy server with NGINX to redirect all traffic from port 80 to port 443 and then all traffic from port 443 to an app in one of my servers. I managed to make it work but only redirecting to my main IP 192.168.1.201:8006. When I try to point to my app (192.168.1.201:8006/customerSite/)the page gives me the error TOO MANY REDIRECTS.
Here is my .conf:
server {
listen 80;
listen [::]:80;
return 301 https://$host$request_uri;
}
This is my ssl.conf:
server {
listen 443;
listen [::]:443;
server_name mydomain.com;
ssl on;
ssl_certificate /.../certificate.crt;
ssl_certificate_key /.../clientsmydomain.key;
large_client_header_buffers 4 10k;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /.../certificate.crt;
location / {
proxy_set_header Host $host;
proxy_pass http://192.168.1.201:8060;
}
location /weights {
root /var/www/virtual/server;
try_files $URI $uri/ = 404;
}
}
Thank you all for your time.
I am using centos6 linux vps and i have installed nginx on my server. I have installed letsencrypt SSL certificate . But the thing is that when i go to my website www.mywebsite.com ,it shows SECURE but when i go to www.mywebsite.com/otherpages ,it shows Insecure and letsencrypt certificate invalid.
The configuration of "/etc/nginx/conf.d/default.conf"
server {
listen 80 default_server;
# listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
the configuration of /etc/nginx/sites-available/quiznou.com.conf
server {
listen 80 ;
server_name quiznou.com www.quiznou.com;
return 301 https://$server_name$request_uri;
}
server{
listen 443 ssl http2;
server_name quiznou.com www.quiznou.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/quiznou.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/quiznou.com/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
location / {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location ~ /.well-known {
allow all;
}
location /.well-known/acme-challenge/ {
root /var/www/quiznou.com;
}
}
this my own configuration files of NGINX as a revers_proxy: but I'm using configuration to proxy some docker. I modified directly the /etc/nginx/default.conf ,to proxy an apache web page I've created a VHost in nginx.
If it could help you.
server {
listen 80;
listen 443 ssl;
server_name some.name.com;
server_tokens off;
## Certificates
ssl_certificate /etc/letsencrypt/live/some.name.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/some.name.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/some.name.com/chain.pem;
if ($scheme = http){
return 301 https://$server_name$request_uri;
}
location / {
proxy_pass http://IP_du_serveur:port;
}
## Protocol
ssl_protocols TLSv1.2;
## Diffie-Hellman
ssl_ecdh_curve secp384r1;
## Ciphers
ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;
ssl_prefer_server_ciphers on;
# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
## TLS parameters
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_session_tickets off;
## HSTS
add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
}
I am trying to serve a static index html and would upgrade http request to https. Let's say that the file below is bursan. Weirdly so when I have another file, pointing to another domain name, siosan but I managed to get it working. For bursan, I keep getting 301s.
server {
listen 80;
server_name bursan.co.uk;
return 301 https://bursan.co.uk$request_uri;
}
server {
listen 443 ssl;
root /var/www/html/bursan;
index index.html;
server_name bursan.co.uk;
ssl_certificate /etc/nginx/ssl/bursan.crt;
ssl_certificate_key /etc/nginx/ssl/bursan.key;
add_header Strict-Transport-Security "max-age=31536000";
# Set up preferred protocols and ciphers. TLS1.2 is required for HTTP/2
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
# This is a cache for SSL connections
ssl_session_cache shared:SSL:2m;
ssl_session_timeout 60m;
location / {
try_files $uri $uri/ /index.html;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
What if you try
listen 443 ssl default_server;
instead of
listen 443 ssl;
(don't forget to reload the conf and to test it with incognito window to avoid cache issues)
I have a website running on EC2 machine behind an Amazon ELB.
I have configured SSL on ELB hence its handling http as well as https for me.
All requests on https works perfectly. But I want to force(redirect) http requests to https. For some reason, it does not work
I have added redirect rule in nginx but whenever I enable that rule, the nginx server stops responding.
server {
listen 80;
server_name domain1.com;
gzip on;
gzip_proxied any;
gzip_types text/plain text/xml text/css application/x-javascript;
gzip_vary on;
access_log /var/log/nginx/domain1.access.log;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:4000/;
### Redirect http to https ####
if ($http_x_forwarded_proto != "https") {
rewrite ^(.*)$ https://$server_name$1 permanent;
}
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;";
}
}
Here is the configuration of Load Balancer:
Please help me where I am going wrong with the configuration.
TIA.
Try the following:
server {
listen 80;
listen [::]:80;
server_name domain1.com;
return 301 https://$host$request_uri;
}
I propose this code. Teste on my VPS, but not Amazon ELB
server {
server_name example.com www.example.com;
listen 80;
return 301 https://example.com$request_uri;
}
server {
server_name example.com;
root /home/user/www/example/;
include global.conf;
include php.conf;
include ssl.conf;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
}
server{
server_name www.example.com;
include ssl.conf;
return 301 https://example.com$request_uri;
ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;
}
File ssl.conf containt:
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AES$
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;
I'm deploying a Rails application on personal server using Nginx, phusion_passenger. I've site configuration file with following server blocks. With this configuration my https://192.168.1.121 service works but my connection doesn't redirect from http://192.168.1.121. What am I doing wrong? I really appreciate any help, please.
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
# Make site accessible from http://localhost/
#server_name 192.168.1.121;
server_name mydomain.com www.mydomain.com
return 301 https://$server_name$request_uri;
}
server {
# Make site accessible from http://localhost/
listen 443 ssl default;
#server_name 192.168.1.121;
server_name mydomain.com www.mydomain.com
# Certificate details
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
passenger_enabled on;
rails_env production;
root /home/deploy/www/myapplication/current/public;
index index.html index.htm;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
semi-colon is missing at end of server_name variable for http as well as https:
server_name mydomain.com www.mydomain.com;