I have setup an NGINX server with multiple server blocks. I have configured 2 simple websites to run on the same server. They point to two different root paths specified in the respective server block file.
I have updated the DNS details for both the domains:
Name Servers: updated details as per registrar
A records: updated same static IP address
However, when I test with domain2.com in the browser, it redirects to domain1.com. What am I doing wrong? I have already restarted the nginx server using:
sudo systemctl restart nginx
This is how my server block looks like:
# Default server configuration
#
server {
root /var/www/domain1.com/html;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name domain1.com www.domain1.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php?q=$uri&$args;
}
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain1.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain1.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.domain1.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = domain1.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name domain1.com www.domain1.com;
return 404; # managed by Certbot
}
This is my second server block file:
# Default server configuration
#
server {
listen 80;
listen [::]:80;
root /var/www/domain2.com/html;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name domain2.com www.domain2.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php?q=$uri&$args;
}
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
Your server block configuration files are perfect. Do not change anything. Let me explain what is happening. Your server block indicates that you installed certbot, probably for deploying Lets Encrypt SSL certificates for domain1.com whereas the server block for domain2.com does not have any entry managed by certbot yet. This probably means that you are using ssl certificates for domain1.com but not for domain2.com.
At the time of configuring SSL certificates for domain1.com, you probably selected the option of redirecting all traffic to SSL. Whats happening is that when the dns servers send a request for domain2.com to your web server, it expects an SSL certificate for that domain but finds none. It then redirects all traffic to the existing domain which has a valid SSL certificate installed.
However, the domain name on the certificate (domain1.com) shall not match the information passed on by the DNS server for domain2.com. Hence, it shall, in all likelihood, throw an error or warning message regarding invalid SSL certificates.
Solution: Install a new SSL certificate for domain2.com just like you did for domain1.com and everything should work fine.
Let me know if it works.
Related
This is my config as of now, trying to set this site up with ssl certificate.
server {
listen [::]:443 ssl domain.io, *.domain.io;
ssl on;
ssl_certificate /etc/ssl/certs/domain.io.pem;
ssl_certificate_key /etc/ssl/certs/domain.io.key;
root /var/www/html/domain.io/;
# Add index.php to the list if you are using PHP
index index.html;
server_name domain.io;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
When I restart nginx it complains about this:
nginx: [emerg] invalid parameter "domain.io," in /etc/nginx/sites-enabled/domain.io:3
What am I missing? I am for the moment config-blind. :)
Sp be kind I toting out my dead simple error.
Trying to see what simple error I have made and failed.
I don't really see listen directive accepting a domain name.
https://docs.nginx.com/nginx/admin-guide/web-server/web-server/
I would try this:
server {
listen [::]:443 ssl;
ssl on;
ssl_certificate /etc/ssl/certs/domain.io.pem;
ssl_certificate_key /etc/ssl/certs/domain.io.key;
root /var/www/html/domain.io/;
# Add index.php to the list if you are using PHP
index index.html;
server_name domain.io *.domain.io;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
I have a droplet on digitalOcean and I setup my app there via docker. I have also connected it to a domain and it runs when I go to wwww.myDomain.com:3000.
I want to get rid of the "3000" part and during research I found nginx which I am trying to configure. The problem I have been facing is that I have found alot of articles but none of them give me a straight answer.
I connected to my ubuntu on digitalOcean and I am here right now:
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/myDomain.com;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _; myDomain.com
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
Which is the template. I have changed the serverName and root to "myDomain.com" but as far as the rest Im a bit over my head as of now and I honestly don't know what more to change to get this to work.
The next step is to setup SSL but I need some help geting this right and perhaps a link or two to some good tutorials/articles.
I have an NGINX web server with two domains and it also runs phpMyAdmin.
phpMyAdmin is working fine and I access it through the below non-https url:
public-ip-address/phpMyAdmin
This is how the symbolic link was setup:
sudo ln -s /usr/share/phpmyadmin/ /var/www/html
Is there a way I can point phpMyAdmin to a website's subdirectory?
For example, I would like to access the phpMyAdmin login page by accessing the following URL:
domain1.com/phpMyAdmin/
How can I achieve this? domain1.com has https enabled. So it would also secure my phpMyAdmin login.
The server block is the same as the default block for NGINX. I have created a new config file by copying it to domain.com in the /etc/NGINX/sites-available folder.
The only changes are in the server and root path tags. Rest everything is default.
server domain1.com www.domain1.com;
root /var/www/domain1.com/html/
I am using certbot for Let's Encrypt SSL certificates. My server block config is shared below:
# Server Block Config for domain1.com
server {
root /var/www/domain1.com/html;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name domain1.com www.domain1.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php?q=$uri&$args;
}
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain1.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain1.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.domain1.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = domain1.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name domain1.com www.domain1.com;
return 404; # managed by Certbot
}
Contents of /etc/nginx/snippets/fastcgi-php.conf:
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# Check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;
# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
fastcgi_index index.php;
include fastcgi.conf;
Here is the location block that should work for you (at least the similar config works for me):
location ~* ^/phpmyadmin(?<pmauri>/.*)? {
alias /usr/share/phpmyadmin/;
index index.php;
try_files $pmauri $pmauri/ =404;
location ~ \.php$ {
include fastcgi.conf;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$pmauri;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
}
Place it before the default PHP handler location block, or the default PHP handler block will take precedence and this configuration won't work!
You can simply add another symlink to the domain1.com root, while keeping everything else same, like you did for the default domain.
sudo ln -s /usr/share/phpmyadmin/ /var/www/domain1.com/html
Am I missing something?
I came to this thread while looking for a solution to another problem (Nginx alias breaks due to try_files $uri alias bug) but since you are already using symlink to phpmyadmin for the site you access through IP, you can do the same for any domain.
I was already using nginx default configuration settings along with wsgi for flask deployment.
Now , I am trying to handle https requests on production server. For this had mapped IP to a domain(lets say www.server_name.co) and followed how-to-install-nginx-on-ubuntu-18-04 to do the necessary configuration as per.
While testing configuration using sudo nginx -t it gives following error.
ginx: [warn] conflicting server name "www.server_name.co" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.server_name.co" on [::]:80, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Followed various link related to this issue on stack overflow and also checked the default configuration /etc/nginx/sites-available/default and commended default server blocks and restarted the nginx server and tested again sudo nginx -t . Still it is giving same error.
Here is my configuration files of /etc/nginx/sites-available/default after adding configuration for www.server_name.co
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
#index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
server {
listen 80 ;
listen [::]:80 ;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name www.server_name.co; # managed by Certbot
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.server_name.co/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.server_name.co/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
Can anybody help me setup https nginx deployments? Any leads highly appreciated. Thanks.
While setting up my website using Nginx, and following some instructions from an article, I managed to get the main domain to work. (by typing example.com). My website has also a subdomain (forum.example.com) which instead of launching the forum webpage, it download the main php file instead to which is executed as soon as a request is sent to my server.
This problem also occurs when I type www.forum.example.com but not when I include the https:// prefix for both www.forum.example.com and forum.example.com.
I am not entirely sure why the exampe.com request is working while forum.example.com doesn't. Is there anything I am missing?
I use certbot (let's encrypt) to enable secure connection. Below I am listing the server blocks from the site-enabled directory:
example.com
server {
if ($host = example.com) {
return 301 https://www.example.com$request_uri;
} # managed by Certbot
server_name www.example.com example.com www.forum.example.com forum.example.com;
root /var/www/example/public;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php?$uri&$args;
}
listen [::]:443 ssl http2 ipv6only=on; # managed by Certbot
listen 443 ssl http2; # managed by Certbot
index index.php index.html index.htm;
location ~ \.php$ {
try_files $uri /index.php?q=$uri&$args =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
# With php5-cgi alone:
#fastcgi_pass 127.0.0.1:9000;
# With php5-fpm:
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
}
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://www.example.com$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://www.example.com$request_uri;
} # managed by Certbot
# listen 80 default_server;
server_name localhost;
return 404; # managed by Certbot
}
And the default file:
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
#root /var/www/html;
root /var/www/example/public;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name example.com www.example.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
# proxy_pass http://localhost:8080;
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection 'upgrade';
# proxy_set_header Host $host;
# proxy_cache_bypass $http_upgrade;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php7.0-fpm:
# fastcgi_pass unix:/run/php/php7.0-fpm.sock;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
Things I tried include:
changing the order of the server_name values, so by starting with
forum.example.com instead of example.com.
On the first server block, adding an extra if statement in the beginning:
if ($host = forum.example.com) {
return 301 https://forum.example.com$request_uri;
} # managed by Certbot
Another issue I faced was from whichever article I was visiting, they would just tell you to paste the code without really explaining what each method/code block is doing, so I didn't really gain a basic understanding of what is going on. If someone has extra time to explain and help me understand how the requests are being handled and why this error occurs would be much more helpful.
Sidenode: The website is hosted on a VPS server and when I attempt to send a request from the machine I am using right now (example.com) I am seeing the following from Chrome, Firefox and Safari, but when I access example.com from my other devices (iphone, other laptops/computers) I am able to access my website. This assumes all data and cache is cleared from my machine every time I attempt to access my website and from incognito mode.
Please, let me know if more info is needed for me to provide.
Help will be much appreciated!