nginx https ip address to domain redirect - nginx

My website is pretty messed up: it shows up as https://31.220.108.250/ in the google search results (https, not http). I want to redirect this to my domain (mosachi.ga), but when I couldn't figure out how to redirect https to my domain (I could only figure out how to redirect http). Here is my current nginx config file:
# Catchall configuration - redir to the domain for bare and invalid domain requests
server {
listen 80 default_server;
server_name _;
return 301 https://mosachi.ga$request_uri;
}
# HTTP handler to redirect to HTTPS for mosachi.ga
server {
listen 80;
server_name mosachi.ga;
return 301 https://mosachi.ga$request_uri;
}
# HTTPS for mosachi.ga
server {
listen 443 ssl;
server_name mosachi.ga;
ssl_certificate /etc/letsencrypt/live/mosachi.ga/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mosachi.ga/privkey.pem;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}

Can you please change your nginx file formate as below! and check whether it is working or not?
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
root your_root_folder_path;
ssl on;
ssl_certificate /etc/letsencrypt/live/mosachi.ga/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mosachi.ga/privkey.pem;
server_name mosachi.ga www.mosachi.ga;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
server {
listen 80;
server_name mosachi.ga;
return 301 https://mosachi.ga$request_uri;
}

Related

NGINX two domain in one server

I want to configure nginx on my ubuntu 20 for the main domain and subdomain.
server {
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
listen [::]:443 ssl ipv6only=on ;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/maindomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/maindomain.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
if ($host =maindomain) {
return 301 https://$host$request_uri;
}
listen 80 ;
listen [::]:80 ;
server_name maindomain.com
return 404;
}
And this domain works, but I want to launch another subdomain here, and here I already ran into a lot of problems (including cerbor 443 port, etc.) .
Both projects are located in the folder home/webdev/main domain and home/webdav/subdomain. Both projects are on next js . The database of the first project and the decker hung on port 3000, 5432:5432 and 8080:8080. Subdomain 3001 is the port I want , "5433:5433" and 8081:8081. I 'm new to nginx , tried it like this.
server {
location /subdomain {
root home/webDev;
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
Or
server {
# Binds the TCP port 80.
listen 81;
# Defines the domain or subdomain name.
# If no server_name is defined in a server block then
# Nginx uses the 'empty' name
server_name maindomain/subdomain.com;
# Redirect the traffic to the corresponding
# HTTPS server block with status code 301
return 301 https://$host$request_uri;
}

Nginx configuration like Synology reverse proxy

I am trying configuring nginx (based on bitname/nginx:latest) as equivalent of Synology reverse proxy. This is due to missing wild-card redirect at Synology. While doing so, I face many issues; therfore I am requesting help for proper nginx configuration.
requirements
HTTPS upgrade
Redirect any wild-card subdomain (443) to a port 30'000
Hide the redirect port from user visibility
WebSockets must be supported (At Synology following header: Upgrade $http_upgrade AND Connection $connection_upgrade)
Example
Browser calls http://app1.my-example.com/
re-direct to https://app1.my-example.com:30000/
Browser displays: https://app1.my-example.com/, resolving via Port 30000
Current Code (not working so far)
# Test
server {
listen 8080;
server_name ~^(.*)\.my\-example.com$;
access_log /opt/bitnami/nginx/logs/yourapp_access.log;
error_log /opt/bitnami/nginx/logs/yourapp_error.log;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HOST $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass https://$host:30000$request_uri/;
proxy_redirect off;
}
}
# Catch malicious requests
server {
listen 8080 default_server;
listen [::]:8080 default_server;
server_name _;
return 444;
}
I was able to solve my issue and would like to share the results. The only thing I do not get is, why redirect.my-example is OK as proxy_pass. It would hit the very same route (probably an endless-loop). Feedback/Improvement would be apreciated!
# custom code for hop by hop headers
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# Upgrade connection
server {
listen 8080 default_server;
listen [::]:8080 default_server;
server_name _;
return 301 https://$host$request_uri;
}
# Redirect Subdomains (incl. Web-Socket)
server {
listen 8443 ssl;
ssl_certificate /certs/server.crt;
ssl_certificate_key /certs/server.key;
server_name my-example.de portal.my-example.de;
access_log /opt/bitnami/nginx/logs/yourapp_access.log;
error_log /opt/bitnami/nginx/logs/yourapp_error.log;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HOST $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_pass https://redirect.my-example.de:30000;
proxy_redirect off;
}
}
# Catch malicious requests
server {
listen 8443 default_server;
listen [::]:8443 default_server;
ssl_certificate /certs/server.crt;
ssl_certificate_key /certs/server.key;
server_name _;
return 444;
}

Keycloak Admin Console behind Nginx configured to use HTTPS

I'm trying to set up Keycloak, however the tutorials expect me to visit http://localhost:8080, but I'm setting it up on a remote host and need to access the admin console externally. I've tried to expose it via Nginx. Keycloak Administration Console seems to work with the new domain name and port seamlessly, but it still tries to use the "http" urls instead of the "https" ones (I've the Nginx configured to redirect HTTP to HTTPS and I want to keep it that way for security reasons). I have found the problem is that it internally sets a variable:
var authServerUrl = 'http://example.com/auth';
While the correct url would be https://example.com/auth.
As a result, when I open https://example.com/auth/admin/master/console/ in the browser, I get the error:
Refused to frame 'http://example.com/' because it violates the following Content Security Policy directive: "frame-src 'self'".
How to fix that? The Nginx config I use is:
server {
server_name example.com;
listen 80;
listen [::]:80;
location / {
return 301 https://$server_name$request_uri;
}
}
ssl_session_cache shared:ssl_session_cache:10m;
server {
server_name example.com;
listen 443 ssl http2;
listen [::]:443 ssl http2;
# ... <SSL and Gzip config goes here> ...
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080;
client_max_body_size 16m;
}
}
You are doing SSL offloading in the nginx, but you need to forward information that https schema was used also to the Keycloak (X-Forwarded-Proto header). Try this:
server {
server_name example.com;
listen 80;
listen [::]:80;
location / {
return 301 https://$server_name$request_uri;
}
}
ssl_session_cache shared:ssl_session_cache:10m;
server {
server_name example.com;
listen 443 ssl http2;
listen [::]:443 ssl http2;
# ... <SSL and Gzip config goes here> ...
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:8080;
client_max_body_size 16m;
}
}

Nginx redirect forum.example.com to example.com

in amazon route53 for example.com and forum.example.com I have records A with ip address to my server.
Nginx config:
server {
server_name example.com;
return 301 https://example.com$request_uri;
}
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name example.com;
client_max_body_size 50M;
# RSA
ssl_certificate /etc/letsencrypt/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/example.com/private.key;
# ECDSA
ssl_certificate /etc/letsencrypt/example.com_ecc/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/example.com_ecc/private.key;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:4567;
proxy_redirect off;
# Socket.IO Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /ads.txt {
root /var/www/nodebb/public/;
}
location /loaderio-a92c8d2496979eca3c119f44e27ee2f6.txt {
root /var/www/nodebb/public/;
}
}
How can I redirect forum.example.com to example.com ? So that url in browser will be example.com.
I tried to add
server {
listen 443;
server_name forum.example.com;
return 301 https://example.com$request_uri;
}
but then nothing works ;) probably port blocked or smth.
Ok I see,
I saw error logs from nginx and realized that I am missing certs for this redirection

two servers on different machine with one IP

I have Nextcloud server running fine with ip 192.168.0.1
Installed collabora online server on another machine with IP 192.168.0.2
I have one public IP and two separate domains for those servers pointing at the same piblic IP
what I try to do is use nginx to distribute the traffic accordingly.
The configuration for the Nextcloud is working fine:
upstream php-handler {
server unix:/var/run/php/php7.0-fpm.sock;
}
server {
listen 80;
listen [::]:80;
server_name first.domain.com;
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name first.domain.com;
...
now I am putting second config for collabora server:
server {
listen 80;
listen [::]:80;
server_name second.domain.com;
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name second.domain.com;
ssl_certificate /etc/ssl/private/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;
ssl_password_file /etc/ssl/private/server.pass;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://second.domain.com;
}
}
I have added 192.168.0.2 second.domain.com to the hosts file
this server also has nginx running:
server {
listen 443 ssl;
server_name second.domain.com;
ssl_certificate /etc/ssl/private/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;
ssl_password_file /etc/ssl/private/server.pass;
# static files
location ^~ /loleaflet {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# main websocket
location ~ ^/lool/(.*)/ws$ {
proxy_pass https://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
# download, presentation and image upload
location ~ ^/lool {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# Admin Console websocket
location ^~ /lool/adminws {
proxy_pass https://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $http_host;
proxy_read_timeout 36000s;
}
}
the collabora window opens blank in nextcloud when i open a file
nginx on the nextcloud server gives response 400.
"GET /lool/https%3A%2F%2Ffirst.domain.com%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F6932_ocqfsn9n2v8v%3Faccess_token%3DOObPuPjPgz7ycgmvNAklYGo1clIANWXU%26access_token_ttl%3D0%26permission%3Dedit/ws?WOPISrc=https%3A%2F%2Ffirst.domain.com%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F6932_ocqfsn9n2v8v&compat=/ws HTTP/1.1" 400 0
So somehow I am not doing the redirection right. I need help with the nginx configurations. I know collabora server works because when I set second.domain.com 192.168.0.2 in the hosts file of the client and no redirection from nginx then it works fine

Resources