I'm new to using nginx. Up until now I was using as an hosting engine APACHE2, and because of it I have an issue with my website migration
here is my VHOST config file:
server {
root /var/www/html/domain_com/web/;
index index.php index.html index.htm;
server_name domain.com www.domain.com;
error_log /var/www/html/domain_com/log/error.log;
access_log /var/www/html/domain_com/log/nginx-access.log;
try_files $uri $uri/ /index.php?$args;
location ~* \.php$ {
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
}
include /var/www/html/domain_com/web/nginx.conf;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name domain.com www.domain.com;
return 404; # managed by Certbot
}
with config like this when I call the website it returns me error "too many redirects", but if I will add listen 80; at the top of first server block everything works just fine, but certbot while adding certs for next domain displays warning about that server name already exists and information that the warning was ignored.
what can i do, to solve this problem? :)
server {
listen 80;
server_name domain.com www.domain.com;
rewrite ^ https://$server_name$request_uri permanent;
}
server {
listen 443 ssl; # managed by Certbot
root /var/www/html/domain_com/web/;
index index.php index.html index.htm;
server_name domain.com www.domain.com;
error_log /var/www/html/domain_com/log/error.log;
access_log /var/www/html/domain_com/log/nginx-access.log;
try_files $uri $uri/ /index.php?$args;
location ~* \.php$ {
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
}
include /var/www/html/domain_com/web/nginx.conf;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
Related
I have an Ubuntu 20.04 server on Azure, with Nginx, PHP-FPM and actualy two websites.
The sites are example.com and sub.example.com and They are with the certificate issued by certboot and working fine.
I added a third site with a diferente domain example2.com and it worked fine. But when I add certboot to this third site, they all stop working, and Nginx don’t stop and don't show any error.
I added the certificates using this
sudo certbot --nginx -d example.com -d www.example.com
sudo certbot --nginx -d sub.example.com
Until here ok, sites working fine last five months
Then I add a new website and worked fine two, but when a I add certbot, all of them stop to work, but nginx still running withou erros
sudo certbot --nginx -d example2.com -d www.example2.com
sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Sites only work again if I remove the certificate from the third site
sudo sudo certbot delete --cert-name example2.com
sorry for my english
Server block Site 1
server {
root /var/www/example.com/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name example.com www.example.com;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name example.com www.example.com;
return 404; # managed by Certbot
}
Server block Site 2 (subdomain site 1)
server {
root /var/www/sub.example.com/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name sub.example.com;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/sub.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/sub.example.com/privkey.pem; # managed by Certbot
# include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = sub.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name sub.example.com;
return 404; # managed by Certbot
}
Server block Site 3
server {
root /var/www/example2.com/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name example2.com www.example2.com;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example2.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example2.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.example2.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example2.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name example2.com www.example2.com
return 404; # managed by Certbot
}
I have a WordPress site and trying to set up subdomains using Nginx and Let's Encrypt SSL to have prod and test environments.
For example:
prod site --> abc.com www.abc.com
dev site --> dev.abc.com
I have set up Nginx using this guide https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-server-blocks-on-centos-7.
My Server blocks look as following:
/site-available/abc.com.conf
server {
root /var/www/wordpress;
index index.php index.html index.htm;
server_name abc.com www.abc.com;
client_max_body_size 100M;
location / {
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_connect_timeout 300s;
fastcgi_read_timeout 300s;
fastcgi_send_timeout 300s;
}
location ~ /\.ht {
deny all;
}
listen 443 ssl http2;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";
# Improve HTTPS performance with session resumption
ssl_session_cache shared:SSL:30m;
ssl_session_timeout 15m;
ssl_session_tickets on;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/abc.com/fullchain.pem;
resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] valid=300s; # Cloudflare
resolver_timeout 5s;
ssl_certificate /etc/letsencrypt/live/abc.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/abc.com/privkey.pem; # managed by Certbot
}
server {
if ($host = www.abc.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = abc.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name abc.com www.abc.com;
return 404; # managed by Certbot
}
/site-available/dev.abc.com.conf
server {
root /var/www/dev.abc.com;
index index.php index.html index.htm index.nginx-debian.html;
server_name dev.abc.com;
location / {
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_connect_timeout 300s;
fastcgi_read_timeout 300s;
fastcgi_send_timeout 300s;
}
location ~ /\.ht {
deny all;
}
listen 443 ssl http2;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";
# Improve HTTPS performance with session resumption
ssl_session_cache shared:SSL:30m;
ssl_session_timeout 15m;
ssl_session_tickets on;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/dev.abc.com/fullchain.pem;
resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] valid=300s; # Cloudflare
resolver_timeout 5s;
ssl_certificate /etc/letsencrypt/live/dev.abc.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/dev.abc.com/privkey.pem; # managed by Certbot
}
I have successfully enabled A records on Cloudflare and Digital ocean for dev domain name.
Problem is, whenever I try to access dev.abc.com it is getting redirect to abc.com no matter what.
Then I tried to remove the abc.com.conf server block and tested, then it was working fine with dev.abc.com.conf; however, when I try to put both blocks together then this time it was only working on dev.abc.com.
I am not sure what I am missing in this Nginx configuration. I also have both SSL certificate to match the exact domains. I have exact Nginx configuration on Ubuntu server and its working fine for my another site.
I got a problem with infinite redirection on my site. Nginx redirects from http to https successfully but after that for some reason it does the opposite and that leads to infinite loop. What's wrong in my config?
erver {
listen 80 default_server;
listen [::]:80 default_server;
server_name devcore.pw www.devcore.pw;
return 301 https://devcore.pw$request_uri;
}
server {
client_max_body_size 20M;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name www.devcore.pw devcore.pw; # managed by Certbot
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
location ~ \.php$ {
include snippets/fastcgi-php.conf;
# With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
# With php-cgi (or other tcp sockets):
#fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on;
}
#deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
location ~ /\.ht {
deny all;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl on;
ssl_certificate /etc/letsencrypt/live/devcore.pw/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/devcore.pw/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}```
this config has major problem. you closed server block after the redirect line
so you have to fix it, try:
server {
listen 80 default_server;
listen [::]:80 default_server;
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
server_name devcore.pw www.devcore.pw;
return 301 https://devcore.pw$request_uri;
client_max_body_size 20M;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
location ~ \.php$ {
include snippets/fastcgi-php.conf;
# With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
# With php-cgi (or other tcp sockets):
#fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on;
}
#deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
location ~ /\.ht {
deny all;
}
ssl on;
ssl_certificate /etc/letsencrypt/live/devcore.pw/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/devcore.pw/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
I currently have Rainloop working with mail.mydomain.com without issue. Now I want to install zpush and put rainloop as a alias, ex: mail.mydomain.com/rainloop and leave zpush as mail.mydomain.com (for the auto discovery). This is what I have so far
server {
server_name mail.mydomain.com;
root /var/www/zpush;
access_log /var/www/rainloop/logs/access.log;
error_log /var/www/rainloop/logs/error.log;
index index.php;
location / {
try_files $uri /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_index index.php;
# fastcgi_param HTTPS on;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_keep_conn on;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# Z-Push Ping command will be alive for 470s, but be safe
fastcgi_read_timeout 630;
}
location ~ /\.ht {
deny all;
}
location ^~ /data {
deny all;
}
location /Microsoft-Server-ActiveSync {
rewrite ^(.*)$ /index.php last;
}
location /rainloop {
alias /var/www/rainloop/;
index index.php;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mail.mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mail.mydomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/mail.mydomain.com/chain.pem; # managed by Certbot
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
}
Not sure what I'm doing wrong or maybe I'm missing something? Keep getting the the 403
SOLVED IT: needed to create a symbolic link
ln -s /var/www/rainloop /var/www/zpush
I have an issue as given below.
Say I have a site example.com and I have made modifications to the rewrite logic to remove .php extensions. The code given below works fine in all the cases except for index.php
https://example.com --> Not accessible. This is not correct. It should display contents from index.php page.
https://example.com/index.php --> Displays 404 page. This is correct.
https://example.com/index --> Displays index page. This is not correct.
server {
root /usr/share/nginx/html;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm;
server_name example.com www.example.com;
error_page 404 /error/custom_404;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
index index.php index.html index.htm;
try_files $uri $uri/ #missing;
}
location ~* \.(jpg|jpeg|png|gif|ico|css|js|svg)$ {
expires 365d;
}
location ~* (\.php$|myadmin) {
return 404;
}
location #missing {
if (!-f $document_root$uri.php) { return 404; }
fastcgi_param SCRIPT_FILENAME "$document_root$uri.php";
fastcgi_param PATH_TRANSLATED "$document_root$uri.php";
fastcgi_param QUERY_STRING $args;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~* \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name example.com www.example.com;
return 404; # managed by Certbot
}
Can someone point to where I am doing wrong?
Thanks