is it possible to config nginx certificate in public file - nginx

Now this is my nginx server config:
server{
listen 443;
ssl_certificate /etc/nginx/conf.d/cert/example.com/fullchain1.pem;
ssl_certificate_key /etc/nginx/conf.d/cert/example.com/privkey1.pem;
server_name super.example.com;
#rewrite ^(.*)$ https://${server_name}$1 permanent;
root /usr/share/nginx/html/pc-super-frontend-fat;
location / {
try_files $uri /index.html;
index index.html index.htm;
}
location ^~ /service/ {
proxy_pass http://k8s-edge-node/;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
in every server config file, it contains certificate config:
ssl_certificate /etc/nginx/conf.d/cert/example.com/fullchain1.pem;
ssl_certificate_key /etc/nginx/conf.d/cert/example.com/privkey1.pem;
because I have more than 50 sub domains, if change the certificate, it should change more than 100 files config(80 + 443). is it possible to make the certificate config to a seperate file and just reference it in server config file?

Related

Nginx - location block misconfigured?

I have a location block inside of my sites-enabled example.conf that should be routing /testing to a 503 error html page but instead for some reason its hitting my app instead of nginx
[2020-06-30T20:36:13.821768 #6059] FATAL -- : [fc9cb972-f314-4a87-89d9-8334521767b3] ActionController::RoutingError (No route matches [GET] "/testing"):
that is a log line from my actual rails app - why is it even getting this far vs nginx routing to where I thought I told it to???
my nginx .conf
server { listen 443 ssl;
server_name status.* www.status.*;
# SSL
ssl_certificate_key /etc/nginx/ssl/server_example.com.key;
# logging
access_log /var/log/nginx/status.access.log;
error_log /var/log/nginx/status.error.log;
# security
include security.conf;
# reverse proxy
location / {
if (-f /opt/staytus/staytus/maint.on) {
return 503;
}
port_in_redirect off;
proxy_pass http://example.com:8787/;
}
error_page 503 #maintenance;
location #maintenance {
root /usr/share/nginx/html
rewrite ^(.*)$ /Performing-Maintenace.html;
}
location = /testing/ {
return 500;
}
}
server {
listen 80;
server_name www.status.* status.* 11.22.123.456;
root /opt/staytus/staytus/public;
client_max_body_size 50M;
# SSL
ssl_certificate_key /etc/nginx/ssl/example.com.key;
port_in_redirect off;
return 301 https://example.com$request_uri;
location #puma {
proxy_intercept_errors on;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://example.com:8787;
}
}

NginX won't serve static file index.html before go web app

I am using nginx to serve a go web app running on an Ubuntu 18.04 server. I want it to respond to the index directive first when I go to mydomain.com but in the nginx config I have below it is going straight to the web app and ignoring my index.html file. It does work if I get mydomain.com/index.html but won't get that file from index. /var/log/nginx/error.log has no errors.
The static files are chown'ed to root:www-data with chmod 640.
My static files are at /srv/static/ and my go web server is at /srv/web/
Here is my sites-available config file:
server {
listen 80;
server_name mydomain.com;
return 301 https://$server_name$request_uri;
}
server {
server_name mydomain.com;
listen 443 ssl;
ssl on;
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
root /srv/static;
index index.html;
location / {
try_files $uri #proxy;
}
location #proxy {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8000;
}
}
location / {
try_files $uri $uri/ #proxy; # add $uri/ here
}

nginx reverse proxy multidomain

i have some problem with my nginx configuration. I am new with nginx by the way ..
I want to host multiple websites on one single server. Ubuntu 16.04 installed.
Example:
www.myDomain.com - should point to a normal webroot equ: /var/www/html
wiki.myDomain.com - should reverse-proxy to my confluence application at localhost:8090
blog.myDomain.com - should point to another webroot equ: /var/www/blog
I tried to configure the base url = www.myDomain.com and the wiki reverse proxy.
My files look like this:
default:
server {
listen 80 default_server;
# listen [::]:80 default_server;
server_name myDomain.com www.myDomain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name myDomain.com www.myDomain.com
include snippets/ssl-www.myDomain.com.conf;
include snippets/ssl-params.conf;
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name myDomain.com www.myDomain.com;
location / {
allow all;
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location /phpmyadmin {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
}
my wiki.myDomain.com witht the reverse proxy:
server {
listen 80;
# listen [::]:80;
server_name wiki.myDomain.com;
return 301 https://$server_name$request_uri;
}
server {
listen wiki.myDomain.com:443 ssl;
# listen [::]:443;
add_header Strict-Transport-Security "max-age=31536000";
include snippets/ssl-wiki.myDomain.com.conf;
include snippets/ssl-params.conf;
# root /var/www/wiki.myDomain.com;
location /.well-known {
root /var/www/wiki.myDomain.com/;
# default_type text/plain;
}
location / {
client_max_body_size 100m;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8090;
}
location /synchrony {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8091/synchrony;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
So here my problem:
Wiki.myDomain.com is working fine !
www.eida.at is allways auto forwarding to https://wiki.myDomain.com for some reason
with www.myDomain.com i want to have a separate website - no forward to the wiki. Seems that the reverse proxy part is used any time - doesnt matter which url i choose.
Thanks for help !

nginx proxy_pass static assets

I have the following nginx configuration
rewrite_log on;
server {
server_name greymarmita.no-ip.org;
listen 80;
rewrite ^(.*) https://$host$1 permanent;
}
server {
server_name greymarmita.no-ip.org;
listen 443 ssl;
error_log /var/log/nginx/main.error;
access_log /var/log/nginx/main.access;
ssl on;
ssl_certificate /etc/ssl/localcerts/autosigned.crt;
ssl_certificate_key /etc/ssl/localcerts/autosigned.key;
root /srv/www;
index index.html /index.html;
location /rasp/ {
proxy_pass http://192.168.2.6:81/;
}
location /cam/ {
proxy_pass http://192.168.2.4:8081;
}
location ^~ /router/ {
proxy_pass http://192.168.2.1/;
}
location /nas/ {
proxy_pass http://192.168.2.13/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
However when I try to access http://192.168.2.6/nas although the html files are served correctly, files under /web/ are not
GET https://greymarmita.no-ip.org/web/images/login.png 404 (Not Found)
The correct path for these assets should be https://greymarmita.no-ip.org/nas/web/images/login.png
You don't have a location to match that file, try adding this
location / {
try_files $uri $uri/;
}

cannot match a server with double Ip address

I have a server with two ip: when i use nginx as Reverse Proxy for jboss7,
in order to prevent direct access use ip address,(we have configured the dns),
i use configuration bellow:
# You may add here yourdefault_server;
# server {
#
server {
listen *:80;
server_name _;
return 404;
}
server {
listen 80;
listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/html;
index index.html index.htm;
server_name www.shikuaigou.com localhost;
charset utf-8;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_pass http://jboss;
}
location /doc/ {
alias /usr/share/doc/;
autoindex on;
allow 127.0.0.1;
allow ::1;
deny all;
}
}
server {
listen 80;
server_name example.com;
rewrite "^/(.*)$" http://www.example.com/$1 permanent;
}
server {
listen 12.34.56.78;
server_name www.example.com;
root /usr/share/nginx/html;
index index.html index.htm;
location / {
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_pass http://jboss;
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# try_files $uri $uri/ /index.html;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
}
but only on ip can matche the server whitch return 404,the other one cannot match the
configuration server_name _;
which cause this?
Because you have listen 12.34.56.78; so nginx chooses this server to process requests on 12.34.56.78, since it is more specific for that IP.
Please, also note that server_name _; actually means nothing, except an incorrect domain name.
Reference:
Server names
How nginx processes a request
The listen directive

Resources