I have my app hosted in the base URL: https://myapp.com/
Now I want to add re-directions from "www" to "non www" / "http" to "https", where:
https://myapp.com/
https://www.myapp.com/
http://myapp.com/
http://www.myapp.com/
Last 3 URLs should 301 redirect to the first one.
Right now second URL is not redirected and the last 2 are redirected using a 307 redirection instead of 301.
Here is my nginx configuration:
server {
listen 80;
server_name myapp.com www.myapp.com;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name myapp.com www.myapp.com;
server_tokens off;
ssl_certificate /etc/nginx/conf.d/self-signed-fullchain.pem;
ssl_certificate_key /etc/nginx/conf.d/self-signed-privkey.pem;
include /etc/nginx/conf.d/options-ssl-nginx.conf;
ssl_dhparam /etc/nginx/conf.d/ssl-dhparams.pem;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
location ~ ^/(api)/ {
proxy_pass http://myapp:3000;
}
}
So how can I actually do this?
Just add one more server block with server_name www.myapp.com;, and add redirect:
return 301 https://myapp.com$request_uri;
Edit main server block to server_name myapp.com;
Should be something like that:
server {
listen 80;
server_name myapp.com www.myapp.com;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name www.myapp.com;
server_tokens off;
ssl_certificate /etc/nginx/conf.d/self-signed-fullchain.pem;
ssl_certificate_key /etc/nginx/conf.d/self-signed-privkey.pem;
include /etc/nginx/conf.d/options-ssl-nginx.conf;
ssl_dhparam /etc/nginx/conf.d/ssl-dhparams.pem;
return 301 https://myapp.com$request_uri;
}
server {
listen 443 ssl;
server_name myapp.com;
server_tokens off;
ssl_certificate /etc/nginx/conf.d/self-signed-fullchain.pem;
ssl_certificate_key /etc/nginx/conf.d/self-signed-privkey.pem;
include /etc/nginx/conf.d/options-ssl-nginx.conf;
ssl_dhparam /etc/nginx/conf.d/ssl-dhparams.pem;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
location ~ ^/(api)/ {
proxy_pass http://myapp:3000;
}
}
Related
I've been trying to rewrite some Nginx location urls but can't get it to work.
For the directory structure /dir1/dir2/index.html, where I will have several different dir2 directories and dir1 is just for organizational purposes, I want to rename the urls to:
mysite.com/dir2
This is my best guess.
location ~ /dir1.*$ {
rewrite ^/dir1/(.*)/.*$ mysite.com/$1 break;
}
I've tried several variations on this, and I can't get anything to change at all. Clicking on the link just results in:
mysite.com/dir1/dir2/index.html
Here is the full config:
server {
root /var/www/website;
index index.html;
server_name mysite.com www.mysite.com;
location / {
try_files $uri $uri/ =404;
}
location ~ ^/dir1.*$ {
rewrite ^/dir1/(.*)/.*$ mysite.com/$1 break;
}
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
if ($host = www.mysite.com) {
return 301 https://$host$request_uri;
}
if ($host = mysite.com) {
return 301 https://$host$request_uri;
}
listen 80;
listen [::]:80;
server_name mysite.com www.mysite.com;
return 404;
}
I check and restart Nginx every time. Maybe the Certbot config is interfering. What am I doing wrong?
I got 2 domains and its supposed to work from same directory. While redirecting from http with/without www works perfectly, https www to non www don't work. Here is my config file:
server {
listen 80;
server_name domain1.com www.domain1.com;
return 301 https://domain1.com$request_uri;
}
server {
listen 80;
server_name domain2.com www.domain2.com;
return 301 https://domain2.com$request_uri;
}
server {
listen 443 ssl;
server_name www.domain1.com;
return 301 https://domain1.com$request_uri;
ssl_certificate /etc/letsencrypt/live/domain1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain1.com/privkey.pem;
}
server {
listen 443 ssl;
server_name www.domain2.com;
return 301 https://domain2.com$request_uri;
ssl_certificate /etc/letsencrypt/live/domain1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain1.com/privkey.pem;
}
server {
listen 443 ssl;
server_name domain1.com;
root /var/www/domain1.com;
index index.php index.html index.htm;
ssl_certificate /etc/letsencrypt/live/domain1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain1.com/privkey.pem;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
}
}
server {
listen 443 ssl;
server_name domain2.com;
root /var/www/domain1.com;
index index.php index.html index.htm;
ssl_certificate /etc/letsencrypt/live/domain1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain1.com/privkey.pem;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
}
}
Can you tell me what could be wrong with it? SSL certificate domain1.com have got inside certificates for all domains, include with/without WWW.
In case if someone will face to same issue, removal of "ssl" abbreviate fixed it. So instead of listen 443 ssl; in 301 server blocks change to listen 443;
I manage a dozen or so domains with SSL certs that I have generated via lets-encrypt, and I use nginx to manage the web services for these domains.
It turns out that all of these domains need to have the same nginx configuration: i.e., the same location blocks, the same root, the same site parameters, etc.
The only thing which differs for each domain are the settings for ssl_certificate, ssl_certificate_key, and ssl_trusted_certificate.
The way I have handled this is to have a dozen or so server {} blocks within my nginx configuration, each of them containing almost the same data, except for those three SSL parameters.
For example ...
server {
error_log /var/log/nginx/error.log debug;
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl http2;
server_name example-domain0.com;
ssl_certificate /etc/letsencrypt/live/example-domain0.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example-domain0.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/example-domain0.com/chain.pem;
ssl_session_cache shared:SSL:128m;
add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
ssl_stapling on;
ssl_stapling_verify on;
root /usr/share/nginx/html;
index index.php index.html index.htm;
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
location / {
try_files $uri $uri/ =404;
}
location ~ \.json {
add_header Content-Type text/plain;
}
location ~ ^/(t)($|/.*) {
alias $1$2;
include uwsgi_params;
uwsgi_pass unix:/var/run/uwsgi/flask/$1.sock;
}
location ~ ^/(css|static|hm|cy|img|sq|rc|rl|oc|m|js)($|/.*) {
root /usr/share/nginx;
}
location ~ ^/(junk)($|/.*) {
root /usr/share/nginx/html;
allow all;
autoindex on;
}
location ~ \.php$ {
include phpsite_params;
}
}
server {
error_log /var/log/nginx/error.log debug;
listen 80;
listen [::]:80;
listen 443 ssl http2;
server_name example-domain1.com;
ssl_certificate /etc/letsencrypt/live/example-domain1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example-domain1.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/example-domain01.com/chain.pem;
ssl_session_cache shared:SSL:128m;
add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
ssl_stapling on;
ssl_stapling_verify on;
root /usr/share/nginx/html;
index index.php index.html index.htm;
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
location / {
try_files $uri $uri/ =404;
}
location ~ \.json {
add_header Content-Type text/plain;
}
location ~ ^/(t)($|/.*) {
alias $1$2;
include uwsgi_params;
uwsgi_pass unix:/var/run/uwsgi/flask/$1.sock;
}
location ~ ^/(css|static|hm|cy|img|sq|rc|rl|oc|m|js)($|/.*) {
root /usr/share/nginx;
}
location ~ ^/(junk)($|/.*) {
root /usr/share/nginx/html;
allow all;
autoindex on;
}
location ~ \.php$ {
include phpsite_params;
}
}
... and then a dozen or so blocks for example-domain2.com, example-domain3.com, etc. which are identical except for the domain names and the values of those SSL parameters.
This causes lots of problems if I ever want to make site configuration changes, because then I have to make identical changes in more than a dozen places within this configuration file, and sometimes that leads to errors.
Since each SSL domain requires its own ssl_certificate, ssl_certificate_key, and ssl_trusted_certificate, I'd like to create smaller server {} blocks with only that SSL configuration info, and then factor out the other, common configuration information and only keep it in one place.
Is that possible?
Thank you very much in advance.
Oh, I didn't realize that I could use the include directive outside of a location block.
The solution to my problem is this:
server {
error_log /var/log/nginx/error.log debug;
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl http2;
server_name example-domain0.com;
ssl_certificate /etc/letsencrypt/live/example-domain0.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example-domain0.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/example-domain0.com/chain.pem;
include common/site-parms.conf;
}
server {
error_log /var/log/nginx/error.log debug;
listen 80;
listen [::]:80;
listen 443 ssl http2;
server_name example-domain1.com;
ssl_certificate /etc/letsencrypt/live/example-domain1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example-domain1.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/example-domain1.com/chain.pem;
include common/site-parms.conf;
}
... and another dozen similar server {} blocks, with all the common stuff contained in /etc/nginx/common/site-parms.conf.
My problem statement :
my domain : example.com
sub-domain : main.example.com
when we will access:
1. http://main.example.com/xyz or https://main.example.com/xyz :
It must be redirect to https://main.example.com/xyz
http://main.example.com or https://main.example.com :
It must be redirect to https://www.example.com
I am using nginx. What will be configuration file for Nginx server?
My current setting is :
server{
listen 443;
ssl on;
ssl_certificate /var/www/html/demo.crt;
ssl_certificate_key /var/www/html/demo.key;
server_name main.example.com$request_uri;
location / {
root /var/www/html;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
}
server {
listen 80;
server_name main.example.com$request_uri;
return 301 https://main.example.com$request_uri;
}
server {
listen 80;
server_name main.example.com;
return 301 https://www.example.com;
}
server {
listen 443;
server_name main.example.com;
return 301 https://www.example.com;
}
Try
server{
listen 80;
listen 443 ssl;
server_name main.example.com;
ssl_certificate /var/www/html/demo.crt;
ssl_certificate_key /var/www/html/demo.key;
location / {
proxy_pass https://www.example.com;
}
location ~ ^(/.+) {
return 301 https://main.example.com$1;
}
}
http://nginx.org/en/docs/http/configuring_https_servers.html#single_http_https_server
I have a wordpress website with https protocol by configuring the nginx 301 redirect:
server {
listen 80;
server_name xxx.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name xxx.com;
ssl_certificate conf.d/xxx.crt;
ssl_certificate_key conf.d/xxx.key;
}
And my article has some image links with static server like:
http://yyy.com/1.png
But when i access this article: it will be https://yyy.com/1.png, How do I configure the nginx that can still use http for the image static server?
You would do that using below config
server {
listen 80;
server_name xxx.com;
location ~* \.(png|ico|jpeg)$ {
root <your root folder>;
try_files $uri =404;
}
location / {
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 ssl;
server_name xxx.com;
ssl_certificate conf.d/xxx.crt;
ssl_certificate_key conf.d/xxx.key;
}