As this block would work perfectly for health check:
server {
listen 80 default_server;
location /health-check {
access_log off;
return 200;
add_header Content-Type text/plain;
}
}
I am not sure if this would cause any issues on other server blocks that uses the same port, like for example:
server {
listen 80 my-domain.com;
...
...
}
would the above server block still working? or that server tag is not additive?
**you not user duplicate server name or ip/
diffent serve block same port can not run
you give server name in config block
**
server {
listen 80;
listen [::]:80;
root /var/www/example.com/html;
index index.html index.htm index.nginx-debian.html;
server_name example.com www.example.com;
location / {
try_files $uri $uri/ =404;
}
}
you can genrate your nginx config using this tools https://www.digitalocean.com/community/tools/nginx
Related
I am struggling to implement an automatic nginx redirect from non index pages to my index page, with the exception of /admin
For instance, example.com/test should redirect to example.com, but example.com/admin should not redirect to example.com
This is my current nginx configuration file:
upstream app_server {
server unix:/tmp/mysite.sock;
}
proxy_cache_path /var/www/example.com/cache levels=1:2 keys_zone=my_cache:10m max_size=10g inactive=60m use_temp_path=off;
server {
listen 80;
server_name www.example.com example.com;
# redirects both www and non-www to https
return 301 https://www.example.com$request_uri;
}
server {
listen 443;
server_name example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name www.example.com;
ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;
charset utf-8;
client_max_body_size 75M;
location /media {
alias /var/www/example.com/media;
}
location /static {
alias /var/www/example.com/static;
}
location / {
proxy_cache my_cache;
include proxy_params;
proxy_pass http://app_server;
proxy_ssl_server_name on;
}
}
I have tried adding a try_files statetement within my location / block, and other things, but none seem to work. Am I missing something?
You are trying to mix proxy_pass with try_files, it won't work within the same location block. You can use named location instead and rewrite any URI that doesn't start with /admin to a root one using negative regex assertion:
location / {
try_files $uri #app;
}
location #app {
rewrite ^(?!/admin) / break;
proxy_cache my_cache;
include proxy_params;
proxy_pass http://app_server;
}
You don't need the separate location /media { ... } or location /static { ... } blocks, because as nginx documentation states:
When location matches the last part of the directive’s value:
location /images/ {
alias /data/w3/images/;
}
it is better to use the root directive instead:
location /images/ {
root /data/w3;
}
Instead you just need to define the common server root (outside of any location blocks):
root /var/www/example.com;
You are also don't need to use the proxy_ssl_server_name directive since you are not proxying your request to the upstream with HTTPS protocol.
I want to add new port number to nginx server or how to add new server block to nginx server.
Create a new file in the Nginx directory /etc/nginx/sites-enabled and add a new server block here (example shown below).
server {
# Change me to change my port number
listen 8080;
server_name example.com;
root /var/www/example.com;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
What you probably want is multiple "server" stanzas, each with a different port. You may want to read more into the documentation here.
Example:
server {
listen 80;
server_name example.org www.example.org;
root /var/www/port80/
}
server {
listen 81;
server_name *.example.org;
root /var/www/port81/
}
You can use the same server_name, serving the "different" content appropriately within each one. If you want to have the same server_name and root, but multiple ports, another solution would be this:
server {
listen 80;
listen 81;
server_name example.org;
root /var/www/;
}
Cheers!
I need to use two different ssl certs with nginx pointing to the same app.
https://domain1.com points to 1.1.1.1
https://domain2.com points to 1.1.1.1
.
.
.
.
https://domainN.com points to 1.1.1.1
Tried the following:
server {
listen 80;
server_name domain1.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name domain1.com;
root /app/dist;
index index.html;
ssl_certificate /etc/nginx/ssl/d1/certificate.crt;
ssl_certificate_key /etc/nginx/ssl/d1/private.key;
location / {
try_files $uri $uri/ /index.html;
}
}
server {
listen 80;
server_name domain2.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name domain2.com;
root /app/dist;
index index.html;
ssl_certificate /etc/nginx/ssl/d2/certificate.crt;
ssl_certificate_key /etc/nginx/ssl/d2/private.key;
location / {
try_files $uri $uri/ /index.html;
}
}
This doesn't work, it just loads the first cert resulting in invalid cert when accessed using the second domain.
The domain certs can't be combined.
I can't spin two different instances for nginx as the case needs to help me out with n-Domains pointing to same IP preferably using one nginx server.
Is there a way out?
Thanks to Richard Smith for pointing out just the right stuff!
So, to setup nginx to use different cert-key pair for domains pointing to the same nginx we have to rely on TLS-SNI (Server Name Indication), where the domain name is sent un-encrypted text as a part of the handshake. This helps nginx to decide which cert-key pair to use for the incoming secure request.
More can be read about SNI here.
Moving on to the configuration.
server {
listen 80;
server_name domain1.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name domain1.com;
root /app/dist;
index index.html;
ssl_certificate /etc/nginx/ssl/d1/certificate.crt;
ssl_certificate_key /etc/nginx/ssl/d1/private.key;
location / {
try_files $uri $uri/ /index.html;
}
}
server {
listen 80;
server_name domain2.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name domain2.com;
root /app/dist;
index index.html;
ssl_certificate /etc/nginx/ssl/d2/certificate.crt;
ssl_certificate_key /etc/nginx/ssl/d2/private.key;
location / {
try_files $uri $uri/ /index.html;
}
}
The above config forwards HTTP (80) for both domain1 and domain2 to respective HTTPS (443) server blocks, where respective cert-key pairs are loaded.
The HTTPS (443) request is handled directly.
nginx decides which block to hit by picking the server name using SNI.
If the server ip is 10.0.0.0, but I'm mapping it to make it to have www.example.com, is the below config the correct way to do it?
server {
listen 80;
server_name 10.0.0.0 example.com;
access_log /var/log/nginx/example.log;
No, if you want to restrict a server to a single interface address, it needs to go with the listen directive:
server {
listen 10.0.0.0:80;
server_name example.com;
access_log /var/log/nginx/example.log;
...
}
above answer, or you can just setup a basic server block
server {
listen 80;
listen [::]:80;
root /var/www/folderName/htdocs; // where you have your project folder and public directory
index index.html index.htm; // add index.php here if using php files
server_name test.com www.test.com; // desired url goes here
location / {
try_files $uri $uri/ =404;
}
}
the tutorials from digital ocean are pretty nice - https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-server-blocks-virtual-hosts-on-ubuntu-14-04-lts
I have nginx acting as a reverse proxy to apache. I now need to add a new subdomain
that will serve files from another directory, but at the same time I want all location and proxy_pass directives that I have for the default host to apply to the subdomain also.
I know that if I copy the rules from the default host to the new subdomain it will work, but is there a way for the subdomain to inherit the rules?
Below is a sample configuration
server {
listen 80;
server_name www.somesite.com;
access_log logs/access.log;
error_log logs/error.log error;
location /mvc {
proxy_pass http://localhost:8080/mvc;
}
location /assets {
alias /var/www/html/assets;
expires max;
}
... a lot more locations
}
server {
listen 80;
server_name subdomain.somesite.com;
location / {
root /var/www/some_dir;
index index.html index.htm;
}
}
Thanks
You could move the common parts to another configuration file and include from both server contexts. This should work:
server {
listen 80;
server_name server1.example;
...
include /etc/nginx/include.d/your-common-stuff.conf;
}
server {
listen 80;
server_name another-one.example;
...
include /etc/nginx/include.d/your-common-stuff.conf;
}
Edit: Here's an example that's actually copied from my running server. I configure my basic server settings in /etc/nginx/sites-enabled (normal stuff for nginx on Ubuntu/Debian). For example, my main server bunkus.org's configuration file is /etc/nginx/sites-enabled and it looks like this:
server {
listen 80 default_server;
listen [2a01:4f8:120:3105::101:1]:80 default_server;
include /etc/nginx/include.d/all-common;
include /etc/nginx/include.d/bunkus.org-common;
include /etc/nginx/include.d/bunkus.org-80;
}
server {
listen 443 default_server;
listen [2a01:4f8:120:3105::101:1]:443 default_server;
include /etc/nginx/include.d/all-common;
include /etc/nginx/include.d/ssl-common;
include /etc/nginx/include.d/bunkus.org-common;
include /etc/nginx/include.d/bunkus.org-443;
}
As an example here's the /etc/nginx/include.d/all-common file that's included from both server contexts:
index index.html index.htm index.php .dirindex.php;
try_files $uri $uri/ =404;
location ~ /\.ht {
deny all;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location ~ /(README|ChangeLog)$ {
types { }
default_type text/plain;
}