I'm config a static website in nginx,but show 404 notfound on browser
nginx version: nginx/1.10.3 (Ubuntu)
nginx configuration:
upstream client {
server 127.0.0.1:8080;
}
upstream admin {
server 127.0.0.1:8090;
}
server {
listen 443;
server_name mp.example.com;
ssl on;
ssl_certificate /etc/nginx/conf.d/certificate/mp.example.com/1_mp.example.com_bundle.crt;
ssl_certificate_key /etc/nginx/conf.d/certificate/mp.example.com/2_mp.example.com.key;
ssl_session_timeout 4m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://client;
#Proxy Settings
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
location /admin {
proxy_pass http://admin;
#Proxy Settings
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
location /zp {
root /root/admin_ui/1.1.0;
index index.html;
}
location ^~ /assets/ {
expires 90d;
alias /root/www/assets/;
}
}
server{
listen 80;
server_name mp.example.com;
location / {
rewrite ^(.*) https://$host$1 permanent;
}
}
Broswer screehshots:
my static website path:
I want input https://xx.xxxx.com/zp show my website
I think https configuration's problem, but i not sure
Related
I have set up Nginx as a reverse proxy as well as using SSL, and everything is working fine except location maping.
When I call /api/public/contact it redirects me to: https://127.0.0.1/api/public/contact
but what I want is: http://127.0.0.3:1337/api/public/contact
I feel like after redirecting to https, the nginx is ignoring locations.
I'm testing on localhost. Below is my configuration. Any help will be appreciated :)
events{}
http {
include /etc/nginx/mime.types;
server {
listen 80;
listen [::]:80;
server_name test.com www.test.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
keepalive_timeout 70;
ssl_certificate /etc/nginx/cert.crt;
ssl_certificate_key /etc/nginx/keykey.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
server_name test.com www.test.com;
root /usr/share/nginx/html;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
location /api {
proxy_pass http://127.0.0.3:1337;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_read_timeout 90;
}
}
}
So I am trying to setup a nginx reverse proxy in my network to only have 2 external ports out to the world. I am taking in both http and https traffic and using HSTS to force https. I am able to reverse proxy to applications running on the standard port 80/443, but when I try to reverse proxy to a application running on a docker host it gets weird. In the address bar it changes from fireampersand.ca/website to fireampersand.ca:8050/website. Im not sure why. Im still fairly new to nginx so maybe it is something obvious. Any help would be appreciated.
nginx.conf
events {
}
http {
server {
listen 80 default_server;
server_name fireampersand.ca;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
return 301 https://$host;
}
server {
listen 443 ssl http2 default_server;
server_name fireampersand.ca;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
ssl_certificate "/etc/letsencrypt/live/fireampersand.ca-0001/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/fireampersand.ca-0001/privkey.pem";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers PROFILE=SYSTEM;
ssl_prefer_server_ciphers on;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
location ~* ^/owa { proxy_pass https://starscream.fireampersand.ca; }
location ~* ^/Microsoft-Server-ActiveSync { proxy_pass https://starscream.fireampersand.ca; }
location ~* ^/ecp { proxy_pass https://starscream.fireampersand.ca; }
location ~* ^/rpc { proxy_pass https://starscream.fireampersand.ca; }
location ~* ^/portainer { proxy_pass http://docker.fireampersand.ca:9000; }
location ~* ^/foodbank { proxy_pass https://docker.fireampersand.ca:8002; }
location ~* ^/website/ { proxy_pass http://docker.fireampersand.ca:8050; }
location / { root /usr/share/nginx/html;}
}
}
I am trying to redirect all the http traffic to https and my nginx conf looks like this:
upstream upstreamServer {
server upstream_serv:80;
}
server {
listen 80;
server_name ~^(([a-zA-Z0-9]+)|)test\.xy\.abc\.io$ ;
access_log /var/log/nginx/access.log backend;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name ~^(([a-zA-Z0-9]+)|)test\.xy\.abc\.io$ ;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_certificate /path/to/cert_chain.pem;
ssl_certificate_key /path/to/cert_key.pem;
ssl_trusted_certificate /path/to/cert_chain.pem;
access_log /var/log/nginx/access.log backend;
# Redirect all traffic in /.well-known/ to lets encrypt
location /.well-known/acme-challenge/ {
root /var/tmp;
index index.html index.htm;
}
location / {
proxy_pass http://upstreamServer;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_buffering off;
if ($uri ~* ".(js|png|jpg|jpeg|svg|gif|avi|mp3|mp4)$" ){
expires 1d;
add_header Cache-Control public;
}
proxy_pass_request_headers on;
}
}
But for some reason it doesn't work. I read about how the nginx chooses the server block and location block. The setup looks correct to me according to what I understand but still the site keeps loading on http when I hit the url http://test.xy.abc.io instead of redirecting me to https.
I also tried using only
return 301 https://$host$request_uri;
instead of
location / {
return 301 https://$host$request_uri;
}
but it doesn't work either.
Did I get right that your page is still loading the unencrypted http version? Did you reaload the service to load the changed config file? (sorry to ask that stupid question back)
nginx -t && nginx -s reload
I personally use in all nginx instances I maintain something like this:
server {
listen 80 default_server;
# no server_name means all
# For let's encrypt domains: .well-known/acme-challenge
location '/.well-known/acme-challenge' {
default_type "text/plain";
root /var/www/certbot;
}
# Redirect http -> https.
location / {
return 301 https://$host$request_uri$is_args$args;
}
}
The problem was there is a GCP loadbalancer before my nginx proxy. Which was forwarding all the requests on https to my nginx proxy no matter if the orignal reuquest was http or https. After searching the internet I found that loadbalancer can not force https on clients. So this what I had to do in my nginx location block.
if ($http_x_forwarded_proto = http) {
return 301 https://$host$request_uri;
}
and the complete solution looks like this:
server {
listen 80;
listen 443 ssl;
server_name ~^(([a-zA-Z0-9]+)|)test\.xy\.abc\.io$ ;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_certificate /path/to/cert_chain.pem;
ssl_certificate_key /path/to/cert_key.pem;
ssl_trusted_certificate /path/to/cert_chain.pem;
access_log /var/log/nginx/access.log backend;
# Redirect all traffic in /.well-known/ to lets encrypt
location /.well-known/acme-challenge/ {
root /var/tmp;
index index.html index.htm;
}
location / {
if ($http_x_forwarded_proto = http) {
return 301 https://$host$request_uri;
}
proxy_pass http://upstreamServer;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_buffering off;
if ($uri ~* ".(js|png|jpg|jpeg|svg|gif|avi|mp3|mp4)$" ){
expires 1d;
add_header Cache-Control public;
}
proxy_pass_request_headers on;
}
}
I am developing a plateform on node/meteorjs stack and I want to add a WordPress blog for our website as well.
https//www.XXXXXX.com --> go to meteor app
https//www.XXXXXX.com/blog --> go to blog
I've got a NGINX front with https certificate
My NGINX config is :
`
server {
listen 80;
server_name XXXX.ovh;
return 301 https://XXXX.ovh$request_uri;
}
upstream meteorapp {
server 127.0.0.1:3000;
}
upstream blog {
server 52.16.157.100;
}
server {
listen 80;
server_name www.XXXX.ovh;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name XXXX.ovh;
return 301 https://www.XXXX.ovh$request_uri;
}
server {
listen 443 ssl default_server;
root /var/www/html;
server_name www.XXXX.ovh;
ssl_certificate /etc/letsencrypt/live/XXXX.ovh/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/XXXX.ovh/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;
location /blog {
proxy_pass http://blog;
proxy_set_header Host $host;
}
location /wp-content {
proxy_pass http://blog;
proxy_set_header Host $host;
}
location /wp-admin {
proxy_pass http://blog;
proxy_set_header Host $host;
}
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# try_files $uri $uri/ =404;
proxy_pass http://meteorapp;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
location ~ /.well-known {
allow all;
}
}
My blog is hosted on other server and my meteor is in a docker container.
With this configuration, css and image of my blog doesn't work (i try to access the http ressources...
so I got some errors as :
Mixed Content: The page at 'https://www.cdispo.ovh/blog' was loaded over
HTTPS, but requested an insecure image 'http://www.XXXX.ovh/wp-content/themes/twentyseventeen/assets/images/header.jpg'. This content should also be served over HTTPS.
how can I do ?
You should instead use a subdomain in this manner "blog.myapp.com". Otherwise if the Meteor app controls the root ie "myapp.com" you will need to redirect all requests coming in to "myapp.com/blog" in your router.
my server use meteor, ssl, nginx
when called this url => https://example.com
i want auto change this url => https://example.com/main <- /main is start page
How can I change it?
don't search find it...
this is my config
upstream backend {
ip_hash;
least_conn ;
server localhost:9000;
server localhost:9002;
}
server {
listen 443;
server_name example.com;
access_log /var/log/nginx/log main;
ssl on;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
server {
server_name example.com;
return 301 https://$host$request_uri;
}
thank you
You just need simple rewrite rule inside your location /
location / {
rewrite ^/$ /main redirect;
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}