Nginx serving wrong certificate and site only when access from particular IP - nginx

I have a wordpress site set up on NGINX with a valid certificate from certbot where I am able to see it from every IP except my home IP. When I use proxies or a different internet connection, the wordpress site is displayed correctly. I can also access the site with just HTTP and can see it from every IP except my home IP. I bypassed wordpress and made a simple echo PHP file to make sure that no plugin was causing the problem. Still, the echo shows up everywhere except from my home IP address. My conclusion is that Nginx is somehow restricting my IP, but I have no idea of where to start looking for this at. Are there any ideas about what might be going on? I do not have fail2ban installed nor do I have any known firewall rules that would cause this. Any ideas as to what is going on?
In the nginx log, the error states:
access forbidden by rule, client: xxxx:xxxx:xxxx:xxxx
However, there are no set rules for something like this in the config that i see:
server {
listen 80;
index index.php index.html index.htm index.nginx-debian.html;
server_name <redacted>;
root /var/www/<redacted>;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
include fastcgi_params;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
listen 443 ssl;
ssl_certificate <redacted>;
ssl_certificate_key <redacted>;
include <redacted>;
ssl_dhparam <redacted>;
}

Related

Nginx Problem with Joomla Backend (Cloudflare Error 520)

Hey everyone!
I'm having a really hard time figuring this out, when i run my website with apache, everything works as intended, however i recently switched to nginx, when i run my website on nginx and access the joomla backend i get an Error 520 from Cloudflare, i can't find out the difference in the two webservers, but it seems related to SSL, running without SSL works fine.
I'm out of luck i did a lot of testing and still the same issue.
Something that Cloudflare cannot understand is happening when using Nginx.
This is my Nginx Config
server {
listen 443 ssl http2;
listen 80;
server_name websitename.com www.websitename.com;
root /var/www/html;
ssl_certificate websitename.com.crt;
ssl_certificate_key websitename.com.key;
index index.php index.html index.htm default.html default.htm;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
return 403;
error_page 403 /403_error.html;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi.conf;
}
location ~* \.(ico|pdf|flv)$ {
expires 1y;
}
location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ {
expires 14d;
}
}
Finally i solved it.
Finally i found out that somehow the Cloudflare Railgun isn't behaving right with Nginx
I went to Cloudflare and navigated to "Speed->Optimizations" I disabled the Railgun
and i no longer have 520 Errors.
Hope this helps anyone with the same issue, been 3 days stuck on this.

NGINX + Passenger w/ Rails + WordPress permalinks

The environment is as follows:
I have https://website.com and a blog at https://website.com/blog
The root path points to a Passenger-hosted Rails app, and the blog subdirectory points to a WordPress app via php-fpm
Everything works fine with my Nginx config, but when I try to change the permalink structure to anything other than "Plain", I get a 404 page from the Rails app as if the location blocks aren't utilized. I tried looking at the error log in debug mode, and I do see it attempting to try_files, but ultimately it fails with the Rails 404 page.
It may be worth noting that the entire site is behind Cloudflare. Not sure if it could be something with that, though I kind of doubt it.
Here is the almost-working Nginx config I'm using:
server {
listen 80 default_server;
server_name IP_ADDRESS;
passenger_enabled on;
passenger_app_env production;
passenger_ruby /home/ubuntu/.rbenv/shims/ruby;
root /web/rails/public;
client_max_body_size 20M;
location ^~ /blog {
passenger_enabled off;
alias /web/blog;
index index.php index.htm index.html;
# Tried the commented line below, but then nothing works.
# try_files $uri $uri/ /blog/index.php?$args;
# The line below works, but peramlinks don't.
try_files $uri $uri/ /blog/index.php?q=$uri&$args;
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/run/php/php7.3-fpm.sock;
# Tried the commented line below, but then nothing works
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# The line below works, but peramlinks don't.
fastcgi_param SCRIPT_FILENAME $request_filename;
}
}
}
I wanted to comment in short but I don't have enough reputation for that.
I used the following block and worked for me. I added an add_header directive just to debug that if my request is reaching the correct block.
location ^~ /blog {
try_files $uri $uri/ /index.php?$args;
add_header reached blog;
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass php;
}
}
If your server is behind CloudFlare, you can try with /etc/hosts entry on your local machine if you're using Ubuntu/Mac. Which will stop the DNS lookup and site will directly be accessed from the IP address.
Check if any redirects are happening due to any other Nginx configuration.
Also, you have mentioned in the question that site is https:// while your server block has only listen 80 meaning non HTTPS.
Check for the response headers with
curl -XGET -IL site-name.tld
which may help you more debugging the situation.
Difference between alias and root directives https://stackoverflow.com/a/10647080/12257950

Forge / Nginx DO WWW to non-WWW redirect issue

I just transferred a site to a DO server provisioned by Forge. I installed an SSL certificate and noticed that navigating to https://www.example.com results in a Server Not Found error, while http://example.com returns 200. I attempted to force non-WWW in the Nginx config file but cannot seem to make anything work. I also restarted Nginx after every attempt.
Here is my current Nginx config file:
server {
listen 80;
server_name example.com;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
server_name .example.com;
root /home/forge/default/current/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/default/56210/server.crt;
ssl_certificate_key /etc/nginx/ssl/default/56210/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/default-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
The server was set up with the default site - default, rather than example.com. I realized this after launching the site to production and installing the SSL cert, I am trying to avoid any downtime by trying to change this after the fact. I am not sure if the site being called default makes any difference here, but it's key to note.
So, https:// or http://example.com works fine. www.example.com returns a Server Not Found error on all browsers I've tested. I also noticed that there is a www.default file in /etc/nginx/sites-enabled, I tried changing it to the following and restarting nginx:
server {
listen 80;
server_name www.example.com;
return 301 $scheme://example.com/$request_uri;
}
Still receiving Server Not Found no matter what. Here is the error on Chrome:
The server at www.example.com can't be found, because the DNS lookup failed. DNS is the network service that translates a website's name to its Internet address. This error is most often caused by having no connection to the Internet or a misconfigured network. It can also be caused by an unresponsive DNS server or a firewall preventing Google Chrome from accessing the network.
Well, apparently I just needed to take a break. After I finished off my lunch, it occurred to me that Chrome was giving me the answer all along - it was a DNS issue. I added an A record for www pointing to my IP address on Digital Ocean, problem solved.
I believe www is missing by default on DO servers provisioned by Laravel Forge.

routing subdomain to subdirectory on nginx

Please help as explicitly as possible. I have set up a domain on a home server running nginx on Ubuntu 15, and I have the dns pointed to it. I can use the domain to access the site and if I append /subdirectory to it, I am able to launch the pages inside the subdirectories. What I am trying to do is get the subdomains to go directly to the correct root. Ie: mysite.com = /index.htm, subdomain.mysite.com = ./subdirectory where files are located.
I have tried every suggestion including those popular and those criticized, and either I get an error restarting Nginx or I get a "server not found" error. I´ve tried setting up cname aliases with my DNS server, and that doesn´t work either.
The working config file is below:
##
server {
server_name "~^(?<sub>.+)\.domain\.tld$";
index index.php index.html index.htm;
root //media/user/ednet/$sub;
ssl_certificate REMOVED FOR SECURITY
ssl_certificate_key REMOVED FOR SECURITYY
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!Anull:!md5;
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
# root //media/user/ednet;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm;
#=========================Locations=============================
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
# root /usr/share/nginx/html;
}
#============================================================PHP=========================================================
location ~ \.php$ {
try_files $uri =404;
# fastcgi_split_path_info ^(.+\.php) (/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
====================
I´ve tried proxies, redirects, and everything else I can think of--including reading the instructions in the Nginx manual and the wiki.
Thanks
A quick "server not found" by the browser suggests that DNS is not set up. Your subdomains need to resolve to your server's public IP address using either:
specific CNAME record pointing to the main domain specific A record
pointing to the server's IP address wild (catch-all) A record
pointing to the server's IP address
Changes to DNS can take many hours to propagate.
An error restarting nginx suggests a syntax error in the configuration file.
Your configuration file contains no obvious syntax errors, but there are a few strange elements:
root directive appears twice
index directive appears twice
root directive has two leading // where usually one will do
You have IPv4 and IPv6 configured which is fine if you have an IPv6 connection.
You have this server marked as a default_server which means that it will be used even if the server_name regex does not match. Therefore, if you present to the server with a subdomain that returns files from the root, this implies that the regex failed to match but the server block was used by default. In which case, check the regex.
In summary, the first priority is to fix the DNS. Nothing will work unless the subdomains resolve to the IP address of the server.

nginx rewrite mystery - duplicating hostname and losing https

I am replacing lighttpd with nginx on my development server. I got it working with PHP and SSL, but I'm stumped by what should be a simple rewrite. I need to rewrite URLs from
http[s]://dev.foo.com/signup/123456
to
http[s]://dev.foo.com/signup/index.php?attcode=123456
The rule I am using is:
rewrite ^/signup/([0-9]+)$ /signup/index.php?attycode=$1 last;
I have tried numerous variations on this, moved it around, put it inside a location block. What happens is the URL is rewritten to:
http://dev.foo.com/dev.foo.com/signup/123456
The hostname is inserted, and it seems to always lose https and go to http.
My nginx.com server section is below. I have read and re-read the nginx docs (as they are) and searched the nginx mailing list, but nothing I've tried has solved this problem.
Ubuntu 8.0.4 LTS in case that matters.
Thanks.
server {
listen 80;
listen 443 default ssl;
server_name dev.foo.com dev.bar.com localhost;
root /var/www/foo;
index index.php index.html;
# ssl cert stuff omitted
charset utf-8;
access_log /var/log/www/dev.access.log main;
location ~ /\. {
deny all;
}
location ~* ^.+\.(inc|tpl|sql|ini|bak|sh|cgi)$ {
deny all;
}
location ~* ^/(scripts|tmp|sql)/ {
deny all;
}
rewrite ^/robots.txt$ /robots_nocrawl.txt break;
rewrite ^/signup/([0-9]+)$ /signup/index.php?attycode=$1 last;
location / {
try_files $uri $uri/ /error_404.php;
}
location ~ \.php$ {
fastcgi_pass localhost:51115;
fastcgi_index index.php;
fastcgi_intercept_errors on;
include fastcgi_params;
fastcgi_param SERVER_NAME $http_host;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
error_page 404 /error_404.php;
}
Don't put HTTP and HTTPS in the same server block. Separate them into two almost-identical server blocks, one for HTTP and one for HTTPS. Otherwise you will confuse all kinds of Nginx internals.

Resources