This is driving me mad, hopefully someone can help. I have the following warning: But the 403 page is not friendly to blocked countries, I want to redirect people who are blocked to a custom 403 page.
map $geoip2_data_country_code $allowed_country {
default no;
AU yes;
CA yes;
GB yes;
NZ yes;
US yes;
}
server {
location / {
if ($allowed_country = no) {
return 403;
}
index index.php index.html;
try_files $uri $uri/ /index.php?$args;
}
}
My custom file lives in /var/www/sitename/403/index.html. I have tried numerous suggestions but non have worked :(
Here is my Full Configuration of the vhost file.
##################################
# WORDPRESS NGINX CONFIGURATIONS
##################################
map $geoip2_data_country_code $allowed_country {
default no;
AU yes;
CA yes;
GB yes;
NZ yes;
US yes;
}
server {
root /var/www/example;
server_name www.example.com example.com;
access_log /var/log/nginx/wp_client_access.log;
error_log /var/log/nginx/wp_client_error.log;
if ($allowed_country = no) {
return 403;
}
location / {
index index.php index.html;
try_files $uri $uri/ /index.php?$args;
}
# Specify a charset
charset utf-8;
# GZIP
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types application/javascript application/rss+xml application/vnd.ms-fontobject application/x-font application/x-font-opentype application/x-font-otf application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/opentype font/otf font/ttf image/svg+xml image/x-icon text/css text/javascript text/plain text/xml;
# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
# Prevents hidden files (beginning with a period) from being served
location ~ /\. {
access_log off;
log_not_found off;
deny all;
}
###########
# SEND EXPIRES HEADERS AND TURN OFF 404 LOGGING
###########
location ~* ^.+.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off;
log_not_found off;
expires max;
}
# Pass all .php files onto a php-fpm or php-cgi server
location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_read_timeout 3600s;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 128k;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/run/php/php7.3-fpm.sock;
#fastcgi_pass unix:/run/php/php7.2-fpm.sock;
#fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
}
# ROBOTS
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
#rewrite rules for AIOSEOP XML Sitemap v3.1
rewrite ^/sitemap.xml$ /index.php?aiosp_sitemap_path=root last;
rewrite ^/sitemap.xml.gz$ /index.php?aiosp_sitemap_path=root last;
rewrite ^/(.+)-sitemap.xml$ /index.php?aiosp_sitemap_path=$1 last;
rewrite ^/(.+)-sitemap.xml.gz$ /index.php?aiosp_sitemap_path=$1 last;
rewrite ^/(.+)-sitemap(\d+).xml$ /index.php?aiosp_sitemap_path=$1&aiosp_sitemap_page=$2 last;
rewrite ^/(.+)-sitemap(\d+).xml.gz$ /index.php?aiosp_sitemap_path=$1&aiosp_sitemap_page=$2 last;
# RESTRICTIONS
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/guidinglightpsychics.com.au-0002/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/guidinglightpsychics.com.au-0002/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name www.example.com example.com;
listen 80;
return 404; # managed by Certbot
}
Try this changes to your configuration:
server {
...
error_page 403 /403/;
location /403/ {
internal;
root /var/www/sitename;
}
location / {
if ($allowed_country = no) {
return 403;
}
...
}
}
Related
I'm looking for a solution with Prestahop 1.7.2 with Nginx server.
I tried dozens of possible solutions, including the official, but all stop working at the time I activate the store with more than one language.
2.137.128.33 - - [21/May/2019:11:34:52 +0200] "GET /en/women/2-9-brown-bear-printed-sweater.html HTTP/1.1" 404 6876 "http://tamainut.info/en/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36 OPR/60.0.3255.95"
I use a official nginx.conf.dist with adaptations to Plesk interface, because Plesk is a intrusive panel. This use a nginx.conf with call to vhost_nginx.conf (content below) in my test site, tamainut.info
index index.php;
# Redirect 404 errors to prestashop
error_page 404 /index.php?controller=404;
# Gzip Settings, convert all types.
gzip on;
gzip_vary on;
gzip_proxied any;
# Can be enhance to 5, but it can slow you server
# gzip_comp_level 5;
# gzip_min_length 256;
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
# HSTS (Force clients to interact with your website using HTTPS only)
# For enhanced security, register your site here: https://hstspreload.org/
# WARNING: Don't use this if your site is not fully on HTTPS!
# add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" preload; always;
# Cloudflare / Max CDN fix
location ~* \.(eot|otf|ttf|woff(?:2)?)$ {
add_header Access-Control-Allow-Origin *;
}
# Do not save logs for these
location = /favicon.ico {
auth_basic off;
allow all;
log_not_found off;
access_log off;
}
location = /robots.txt {
auth_basic off;
allow all;
log_not_found off;
access_log off;
}
# [REQUIRED EDIT IF MULTILANG]
rewrite ^/es$ /es/ redirect;
rewrite ^/es/(.*) /$1;
rewrite ^/en$ /en/ redirect;
rewrite ^/en/(.*) /$1;
# Images
rewrite ^/([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$1$2$3.jpg last;
rewrite ^/([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$1$2$3$4.jpg last;
rewrite ^/([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$1$2$3$4$5.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg last;
rewrite ^/c/([0-9]+)(-[.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+.jpg$ /img/c/$1$2$3.jpg last;
rewrite ^/c/([a-zA-Z_-]+)(-[0-9]+)?/.+.jpg$ /img/c/$1$2.jpg last;
# AlphaImageLoader for IE and fancybox
rewrite ^images_ie/?([^/]+)\.(jpe?g|png|gif)$ js/jquery/plugins/fancybox/images/$1.$2 last;
# Web service API
rewrite ^/api/?(.*)$ /webservice/dispatcher.php?url=$1 last;
# Installation sandbox
rewrite ^(/install(?:-dev)?/sandbox)/(.*) /$1/test.php last;
# [REQUIRED EDIT] Change this block to your admin folder
location /Backoffice/ {
if (!-e $request_filename) {
rewrite ^/.*$ /Backoffice/index.php last;
}
}
# File security
# .htaccess .DS_Store .htpasswd etc
location ~ /\. {
deny all;
}
# Source code directories
location ~ ^/(app|bin|cache|classes|config|controllers|docs|localization|override|src|tests|tools|translations|travis-scripts|vendor|var)/ {
deny all;
}
# Prevent exposing other sensitive files
location ~ \.(yml|log|tpl|twig|sass)$ {
deny all;
}
# Prevent injection of php files
location /upload {
location ~ \.php$ {
deny all;
}
}
location /img {
location ~ \.php$ {
deny all;
}
}
This works for me:
location ~ (/fr|/en)/index\.php$ {
try_files $uri $uri/ /index.php?$args;
}
Here's the full configuration file, just in case:
server {
server_name myshop.com www.myshop.com;
root /var/www/myshop.com/;
index index.php index.html;
access_log /var/log/nginx/myshop.com.access_log;
error_log /var/log/nginx/myshop.com.error_log;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
auth_basic off;
allow all;
log_not_found off;
access_log off;
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;
rewrite ^/api/?(.*)$ /webservice/dispatcher.php?url=$1 last;
rewrite ^/([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$1$2.jpg last;
rewrite ^/([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$1$2$3.jpg last;
rewrite ^/([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$1$2$3$4.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9.jpg last;
rewrite ^/c/([0-9]+)(-[_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$ /img/c/$1$2.jpg last;
rewrite ^/c/([a-zA-Z-]+)(-[0-9]+)?/.+\.jpg$ /img/c/$1.jpg last;
rewrite ^/([0-9]+)(-[_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$ /img/c/$1$2.jpg last;
location ~ (/fr|/en)/index\.php$ {
try_files $uri $uri/ /index.php?$args;
}
try_files $uri $uri/ /index.php?$args;
location /backoffice/ {
if (!-e $request_filename) {
rewrite ^/.*$ /backoffice/index.php last;
}
}
location ~ .php$ {
fastcgi_split_path_info ^(.+.php)(/.*)$;
#try_files $uri =404;
fastcgi_keep_conn on;
include /etc/nginx/fastcgi_params;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_read_timeout 3000;
fastcgi_param PHP_VALUE open_basedir="/var/www/myshop.com/:/tmp/";
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.myshop.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.myshop.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = myshop.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = www.myshop.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen [::]:80;
listen 80;
server_name myshop.com www.myshop.com;
return 404; # managed by Certbot
}
I hope this helps!
After see response from Bruno Leveque adapt solution to scenario:
In form text of Plesk for Nginx directives put this:
set $admin_dir /Backoffice;
index index.php;
# Redirect 404 errors to prestashop
error_page 404 /index.php?controller=404;
# Gzip Settings, convert all types.
gzip on;
gzip_vary on;
gzip_proxied any;
# Can be enhance to 5, but it can slow you server
# gzip_comp_level 5;
# gzip_min_length 256;
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
# HSTS (Force clients to interact with your website using HTTPS only)
# For enhanced security, register your site here: https://hstspreload.org/
# WARNING: Don't use this if your site is not fully on HTTPS!
# add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" preload; always;
# Cloudflare / Max CDN fix
location ~* \.(eot|otf|ttf|woff(?:2)?)$ {
add_header Access-Control-Allow-Origin *;
}
# Do not save logs for these
location = /favicon.ico {
auth_basic off;
allow all;
log_not_found off;
access_log off;
}
location = /robots.txt {
auth_basic off;
allow all;
log_not_found off;
access_log off;
}
# [REQUIRED EDIT IF MULTILANG]
rewrite ^/es$ /es/ redirect;
rewrite ^/es/(.*) /$1;
rewrite ^/en$ /en/ redirect;
rewrite ^/en/(.*) /$1;
rewrite ^/zh$ /zh/ redirect;
rewrite ^/zh/(.*) /$1;
# Images
rewrite ^/([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$1$2$3.jpg last;
rewrite ^/([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$1$2$3$4.jpg last;
rewrite ^/([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$1$2$3$4$5.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg last;
rewrite ^/c/([0-9]+)(-[.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+.jpg$ /img/c/$1$2$3.jpg last;
rewrite ^/c/([a-zA-Z_-]+)(-[0-9]+)?/.+.jpg$ /img/c/$1$2.jpg last;
location ~ (/es|/en|/zh)/index\.php$ {
try_files $uri $uri/ /index.php?$args;
}
try_files $uri $uri/ /index.php?$args;
# Symfony controllers Specific for 1.7
location ~ /(international|_profiler|module|product|combination|specific-price)/(.*)$ {
try_files $uri $uri/ /index.php?q=$uri&$args $admin_dir/index.php$is_args$args;
}
# AlphaImageLoader for IE and fancybox
rewrite ^images_ie/?([^/]+)\.(jpe?g|png|gif)$ js/jquery/plugins/fancybox/images/$1.$2 last;
# Web service API
rewrite ^/api/?(.*)$ /webservice/dispatcher.php?url=$1 last;
# Installation sandbox
rewrite ^(/install(?:-dev)?/sandbox)/(.*) /$1/test.php last;
# [REQUIRED EDIT] Change this block to your admin folder
location /Backoffice/ {
if (!-e $request_filename) {
rewrite ^/.*$ /Backoffice/index.php last;
}
}
# File security
# .htaccess .DS_Store .htpasswd etc
location ~ /\. {
deny all;
}
# Source code directories
location ~ ^/(app|bin|cache|classes|config|controllers|docs|localization|override|src|tests|tools|translations|travis-scripts|vendor|var)/ {
deny all;
}
# Prevent exposing other sensitive files
location ~ \.(yml|log|tpl|twig|sass)$ {
deny all;
}
# Prevent injection of php files
location /upload {
location ~ \.php$ {
deny all;
}
}
location /img {
location ~ \.php$ {
deny all;
}
}
#location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
# expires 30d;
# add_header Cache-Control "public, no-transform";
#}
#location ~* \.(jpg|jpeg|gif|png)$ {
# expires 365d;
#}
#location ~* \.(pdf|css|html|js|swf)$ {
# expires 2d;
#}
location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
expires 30d;
add_header Pragma public;
add_header Cache-Control "public";
}
Solution explained in Spanish
I need to redirect my website from https://MY_SITE.com to https://www.MY_SITE.com.
I added another "server" instruction at the beginning of my .conf file. Here is the content of the file :
server {
listen 443;
server_name MY_SITE.com;
return 301 https://www.MY_SITE.com$request_uri;
}
server {
# Ipv4
# IPv6
# listen [::]:80;
# SSL Ipv4 & v6
# listen 443 default_server ssl;
# listen [::]:443 ssl;
# ssl_session_timeout 24h;
# ssl_session_cache shared:SSL:10m;
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:RSA+3DES:AES128-SHA:!ADH:!AECDH:!MD5;
# ssl_prefer_server_ciphers on;
# Do not forget to create this file before with OpenSSL : "openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048"
# ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# Your domain names here
server_name www.MY_SITE.com MY_SITE.com 195.xxx.xxx.xxx;
index index.php index.html index.htm;
root /var/www/MY_SITE.com/public_html;
# Your admin folder
set $admin_dir /admin274fjp1q;
# Gzip Settings, convert all types.
gzip on;
gzip_vary on;
gzip_proxied any;
# Can be enhance to 5, but it can slow you server
# gzip_comp_level 5;
# gzip_min_length 256;
gzip_types
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
# Supposed to be the case but we never know
# text/html;
# Global rewrite not depending on languages
rewrite ^/api/?(.*)$ /webservice/dispatcher.php?url=$1 last;
rewrite "^/c/([0-9]+)(\-[_a-zA-Z0-9-]*)/(.*)\.jpg$" /img/c/$1$2.jpg last;
rewrite "^/c/([_a-zA-Z-]+)/(.*)\.jpg$" /img/c/$1.jpg last;
rewrite "^/([a-z0-9]+)\-([a-z0-9]+)(\-[_a-zA-Z0-9-]*)/(\P{M}\p{M}*)*\.jpg$" /img/p/$1-$2$3.jpg last;
rewrite "^/([0-9]+)\-([0-9]+)/(\P{M}\p{M}*)*\.jpg$" /img/p/$1-$2.jpg last;
rewrite "^/([0-9])(\-[_a-zA-Z0-9-]*)?/(\P{M}\p{M}*)*\.jpg$" /img/p/$1/$1$2.jpg last;
rewrite "^/([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?/(\P{M}\p{M}*)*\.jpg$" /img/p/$1/$2/$1$2$3.jpg last;
rewrite "^/([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?/(\P{M}\p{M}*)*\.jpg$" /img/p/$1/$2/$3/$1$2$3$4.jpg last;
rewrite "^/([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?/(\P{M}\p{M}*)*\.jpg$" /img/p/$1/$2/$3/$4/$1$2$3$4$5.jpg last;
rewrite "^/([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?/(\P{M}\p{M}*)*\.jpg$" /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6.jpg last;
rewrite "^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?/(\P{M}\p{M}*)*\.jpg$" /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7.jpg last;
rewrite "^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?/(\P{M}\p{M}*)*\.jpg$" /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8.jpg last;
rewrite "^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?/(\P{M}\p{M}*)*\.jpg$" /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9.jpg last;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
# Symfony controllers
location ~ /(AdminDashboard|international|_profiler|module|product|feature|attribute|supplier|combination|specific-price|configure)/(.*)$ {
try_files $uri $uri/ /index.php?q=$uri&$args $admin_dir/index.php$is_args$args;
}
# Redirect needed to "hide" index.php
location / {
#try_files $uri $uri/ /index.php$uri&$args;
try_files $uri $uri/ /index.php?$args;
# Old image system ?
rewrite ^/([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$1$2$3.jpg last;
rewrite ^/([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$1$2$3$4.jpg last;
rewrite ^/([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$1$2$3$4$5.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg$
rewrite ^/c/([0-9]+)(-[.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+.jpg$ /img/c/$1$2$3.jpg last;
rewrite ^/c/([a-zA-Z_-]+)(-[0-9]+)?/.+.jpg$ /img/c/$1$2.jpg last;
}
error_page 404 /index.php?controller=404;
# Static assets delivery optimisations
add_header Strict-Transport-Security max-age=31536000;
# Cloudflare / Max CDN fix
location ~* \.(eot|otf|ttf|woff|woff2)$ {
add_header Access-Control-Allow-Origin *;
}
location ~* \.(css|js|docx|zip|pptx|swf|txt|jpg|jpeg|png|gif|swf|webp|flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac)$ {
expires max;
log_not_found off;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
# Deny access to .htaccess .DS_Store .htpasswd etc
location ~ /\. {
deny all;
}
# PHP 7 FPM part
location ~ [^/]\.php(/|$) {
fastcgi_index index.php;
# Switch if needed
include /etc/nginx/fastcgi_params;
#include fcgi.conf;
# Do not forget to update this part if needed
fastcgi_pass 127.0.0.1:9000;
#fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_keep_conn on;
fastcgi_read_timeout 300s;
fastcgi_send_timeout 300s;
# In case of long loading or 502 / 504 errors
# fastcgi_buffer_size 256k;
# fastcgi_buffers 256 16k;
# fastcgi_busy_buffers_size 256k;
client_max_body_size 10M;
# Temp file tweak
fastcgi_max_temp_file_size 0;
fastcgi_temp_file_write_size 256k;
}
# Allow access to robots.txt but disable logging every access
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Prevent injection of php files in directories a user can upload stuff
location /upload {
location ~ \.php$ { deny all; }
}
location /img {
location ~ \.php$ { deny all;}
}
# Ban access to source code directories
location ~ ^/(app|bin|cache|classes|config|controllers|docs|localization|override|src|tests|tools|translations|travis-scripts|vendor)/ {
deny all;
}
# Banned file types
location ~ \.(htaccess|yml|log|twig|sass|git|tpl)$ {
deny all;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/MY_SITE.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/MY_SITE.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.MY_SITE.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = MY_SITE.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name www.MY_SITE.com MY_SITE.com;
listen 80;
return 404; # managed by Certbot
}
The "Certbot" sections has been generated with Certbot ("certbot --nginx").
So with this configuration I get an error:
"This page can't be reached"
I have look into other posts, and it seems to correspond to a loop but I can't find where, in the conf file, this loop is created.
Thanks for your help
P.S:
Here are my DNS records (few words in french but understandable I hope):
DNS_RECORDS
I have an NGINX server where I have enabled caching for my laravel website. I also have phpmyadmin on the server as well. Since I have enabled the caching, none of the images from phpmyadmin Return when I view it. Below, please find the server code. thank you for your help in advance.
/phpmyadmin/themes/dot.gif 404 (Not Found)
NGINX configuration
server {
if ($host = www.xx.com) { return 301 https://$host$request_uri; }
if ($host = xx.com) { return 301 https://$host$request_uri; }
listen 80;
listen [::]:80;
server_name xx.com www.xx.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
root /var/www/yyyy;
gzip on;
gzip_vary on;
gzip_disable "msie6";
gzip_comp_level 6;
gzip_min_length 1100;
gzip_buffers 16 8k;
gzip_proxied any;
gzip_types
text/plain
text/css
text/js
text/xml
text/javascript
application/javascript
application/x-javascript
application/json
application/xml
application/xml+rss;
#css|js
location ~* \.(jpg|jpeg|png|gif|ico)$ { expires 30d; }
location ~* \.(pdf)$ { expires 30d; }
ssl_certificate /xxx/fullchain.pem; # managed by x
ssl_certificate_key /xxx/privkey.pem; # managed by xx
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "xxx";
ssl_session_cache shared:SSL:10m;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
index index.php index.html index.htm;
server_name xx.com www.xx.com;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location /phpmyadmin {
root /usr/share/;
index index.php;
try_files $uri $uri/ =404;
location ~ ^/phpmyadmin/(doc|sql|setup)/ {
deny all;
}
location ~ /phpmyadmin/(.+\.php)$ {
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
include snippets/fastcgi-php.conf;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_read_timeout 240;
}
}
}
In Nginx regex match beats prefix match. So this directive is considered a better match for anything ending gif etc
location ~* \.(jpg|jpeg|png|gif|ico)$ { expires 30d; }
than this one
location /phpmyadmin {
So your images all get processed by the top location directive, even the ones beginning /phpmyadmin, and the first directive has a different root directory to your phpmyadmin location so Nginx can't find the files in there
As the title says, I am getting redirect from the back office of Prestashop 1.7 whenever I try to access one of the subpages. However, I can access some of the pages, but when I try to access the Advanced>Preferences or Modules pages, it redirects me to the main page.
I am running the project through Homestead(Ubuntu) VM from Windows.
My guess is that the issue is with nginx config file. Could someone tell me what am I doing wrong?
> server {
# Ipv4
listen 80;
# IPv6
# listen [::]:80;
# SSL Ipv4 & v6
# listen 443 ssl;
# listen [::]:443 ssl;
# ssl_session_timeout 24h;
# ssl_session_cache shared:SSL:10m;
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:RSA+3DES:AES128-SHA:!ADH:!AECDH:!MD5;
# ssl_prefer_server_ciphers on;
# Do not forget to create this file before with OpenSSL : "openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048"
# ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# Your domain names here
server_name example.com www.example.com;
#Your website root location
root /Code/PrestaShopMarket/;
# Your admin folder
set $admin_dir /admin3085ixto1;
# Gzip Settings, convert all types.
gzip on;
gzip_vary on;
gzip_proxied any;
# Can be enhance to 5, but it can slow you server
# gzip_comp_level 5;
# gzip_min_length 256;
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
# Supposed to be the case but we never know
# text/html;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
# Symfony controllers
location ~ /(international|_profiler|module|product|feature|attribute|supplier|combination|specific-price)/(.*)$ {
try_files $uri $uri/ /index.php?q=$uri&$args $admin_dir/index.php$is_args$args;
}
# Redirect needed to "hide" index.php
location / {
try_files $uri $uri/ /index.php$uri&$args;
# Old image system ?
rewrite ^/([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$1$2$3.jpg last;
rewrite ^/([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$1$2$3$4.jpg last;
rewrite ^/([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$1$2$3$4$5.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg last;
rewrite ^/c/([0-9]+)(-[.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+.jpg$ /img/c/$1$2$3.jpg last;
rewrite ^/c/([a-zA-Z_-]+)(-[0-9]+)?/.+.jpg$ /img/c/$1$2.jpg last;
}
location /admin3085ixto1/ { #Change this to your admin folder
if (!-e $request_filename) {
rewrite ^/.*$ /admin3085ixto1/index.php last; #Change this to your admin folder
}
}
error_page 404 /index.php?controller=404;
# Static assets delivery optimisations
add_header Strict-Transport-Security max-age=31536000;
# Cloudflare / Max CDN fix
location ~* \.(eot|otf|ttf|woff|woff2)$ {
add_header Access-Control-Allow-Origin *;
}
location ~* \.(css|js|docx|zip|pptx|swf|txt|jpg|jpeg|png|gif|swf|webp|flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac)$ {
expires max;
log_not_found off;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
# Deny access to .htaccess .DS_Store .htpasswd etc
location ~ /\. {
deny all;
}
# PHP 7 FPM part
location ~ [^/]\.php(/|$) {
fastcgi_index index.php;
# Switch if needed
# include /etc/nginx/fastcgi_params;
include fcgi.conf;
# Do not forget to update this part if needed
# fastcgi_pass 127.0.0.1:9000;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_keep_conn on;
fastcgi_read_timeout 30s;
fastcgi_send_timeout 30s;
# In case of long loading or 502 / 504 errors
# fastcgi_buffer_size 256k;
# fastcgi_buffers 256 16k;
# fastcgi_busy_buffers_size 256k;
client_max_body_size 10M;
# Temp file tweak
fastcgi_max_temp_file_size 0;
fastcgi_temp_file_write_size 256k;
}
# Allow access to robots.txt but disable logging every access
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Prevent injection of php files in directories a user can upload stuff
location /upload {
location ~ \.php$ { deny all; }
}
location /img {
location ~ \.php$ { deny all;}
}
# Ban access to source code directories
location ~ ^/(app|bin|cache|classes|config|controllers|docs|localization|override|src|tests|tools|translations|travis-scripts|vendor)/ {
deny all;
}
# Banned file types
location ~ \.(htaccess|yml|log|twig|sass|git|tpl)$ {
deny all;
}
}
You will need to switch to apache instead of nginx and use PHP7.0 to do so use below code in your Homestead.yaml file (remember to change domain and path)
- map: presta.shop
to: /home/vagrant/htdocs/prestashop_1.7.3.3
php: "7.0"
type: apache
after that halt vagrant:
vagrant halt
and reload with provision - will take some time:
vagrant reload --provision
this should help - it does for me
EDIT
In PS version: 1.7.6.7 i was forced to uncoment those two lines in .htaccess located in admin folder:
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^index\.php(/(.*)) %{ENV:BASE}/$2 [R=301,L]
Before that for links like: http://presta17.shop/admin466vvxojo/improve/modules/manage?_token=ZrnM85TEsROusexXinPySyjZQghmfHO7d7sSFI3Tgm4
with /index.php/ i get only: Access denied.
I have set up letsEncrypt free ssl with certbot on ubuntu 14.04 from digitalocean tutorial.
If anyone tries to access the page on 80 ( http://gw2axiom.com ) , it shows 404 not found.
If you try https://gw2axiom.com it will work normally. After that, http will redirect to 443.
What could be the reason?
My nginx config file is the following :
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/gw2axiom.com/before/*;
server {
listen 443 ssl;
server_name gw2axiom.com www.gw2axiom.com;
root /home/forge/gw2axiom.com/public;
ssl_certificate /etc/letsencrypt/live/gw2axiom.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/gw2axiom.com/privkey.pem;
# FORGE SSL (DO NOT REMOVE!)
# ssl_certificate;
# ssl_certificate_key;
location /forum/ { try_files $uri $uri/ /forum/index.php?$query_string; }
location /forum/api { try_files $uri $uri/ /forum/api.php?$query_string; }
location ~ /.well-known {
allow all;
}
location /forum/admin { try_files $uri $uri/ /forum/admin.php?$query_string; }
location /flarum {
deny all;
return 404;
}
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/gw2axiom.com/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/gw2axiom.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
}
location ~* \.html$ {
expires -1;
}
location ~* \.(css|js|gif|jpe?g|png)$ {
expires 1M;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
gzip on;
gzip_http_version 1.1;
gzip_vary on;
gzip_comp_level 6;
gzip_proxied any;
gzip_types application/atom+xml
application/javascript
application/json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/svg+xml
image/x-icon
text/css
text/plain
text/xml;
gzip_buffers 16 8k;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
location ~ /\.ht {
deny all;
}
}
server {
listen 80;
server_name www.gw2axiom.com gw2axiom.com;
return 301 https://$server_name$request_uri;
}
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/gw2axiom.com/after/*;
Put this before your current server entry:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name gw2axiom.com;
return 301 https://$server_name$request_uri;
}
After that restart your nginx webserver and everything should work fine.