I am trying to get Nginx, WordPress, and Cloudflare all working together. All pages outside of the home page (which isn't loading CSS of JS it seems) redirect to the IP of the droplet it's on, and throwing an error since its not secure. Any help would be most appreciated, I've now exhausted all the fixes found here and still have made no progress.
server {
listen 80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl on;
ssl_certificate /etc/ssl/certs/cert.pem;
ssl_certificate_key /etc/ssl/private/key.pem;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_client_certificate /etc/ssl/certs/cloudflare.crt;
ssl_verify_client on;
access_log /var/log/nginx/main.access.log;
error_log /var/log/nginx/main.error.log;
server_name example.com www.example.com;
root /var/www/core;
index index.php;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
location / {
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php$is_args$args;
}
}
Looking to get Wordpress properly loading the https through Cloudflare.
Related
I wanted to set up a staging version of our Wordpress website, so I copied everything, added a new nginx config, and pointed the subdomain to the server (this all exists on the same ubuntu server).
I added basic authentication to staging.mydomain.com, and when I go to the URL on any computer (and incognito) I do get the auth login popup, but when I fill it in, I get redirected straight to mydomain.com. I had this exact issue previously and it was a caching issue, but I don't think that's the case here which is why I think I'm missing something in my Nginx configuration.
Here's the nginx config for the main website:
limit_req_zone $binary_remote_addr zone=one:10m rate=14r/s;
limit_req_zone $binary_remote_addr zone=login:10m rate=2r/s;
server {
listen 80;
server_name mydomain.com www.mydomain.com;
rewrite ^ https://$server_name$request_uri? permanent;
}
server {
listen 443;
server_name mydomain.com www.mydomain.com;
root /var/www/mydomain;
index index.php;
location = /wp-login.php {
limit_req zone=login burst=5 nodelay;
include fastcgi_params;
fastcgi_intercept_errors on;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
try_files $uri $uri/ /index.php?$args;
proxy_read_timeout 300;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
ssl on;
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
keepalive_timeout 70;
ssl_prefer_server_ciphers On;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
}
And here's the nginx config for staging.mydomain.com:
server {
listen 80;
server_name staging.mydomain.com www.staging.mydomain.com;
rewrite ^ https://staging.mydomain.com$request_uri? permanent;
return 301 https://staging.mydomain.com;
}
server {
listen 443;
server_name staging.mydomain.com www.staging.mydomain.com;
root /var/www/mydomain-staging;
index index.php index.html;
auth_basic "Admin Area";
auth_basic_user_file /etc/apache2/.htpasswd;
location = /wp-login.php {
limit_req zone=login burst=5 nodelay;
include fastcgi_params;
fastcgi_intercept_errors on;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
try_files $uri $uri/ /index.php?$args;
proxy_read_timeout 300;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
ssl on;
ssl_certificate /etc/letsencrypt/live/staging.mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/staging.mydomain.com/privkey.pem;
keepalive_timeout 70;
ssl_prefer_server_ciphers On;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
}
My Nginx config file:
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.example.com/before/*;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.example.com;
root /home/forge/www.example.com;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/www.example.com/616559/server.crt;
ssl_certificate_key /etc/nginx/ssl/www.example.com/616559/server.key;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.example.com/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/www.example.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.example.com/after/*;
Site domain is www.example.com
Aliases: example.com
Any idea?
Just posting the solution to anyone in the same situation:
The problem was not with posted Nginx configuration at all, which is correct.
After a while searching for a solution, I realised that I had two DNS records (in DNS table of my web and domain hosting) pointing to www.example.com in DNS table, resulting in that behaviour when accessing the web.
Thanks.
I'm working on a symfony 4 application. Website works with a let's encrypt certificate in a docker container.
I have an issue with assets links :
<script src="/build/js/app.js"></script>
Link is good, but I have this issue :
nginx issue
App.js path :
app.js path
My nginx configuration :
server {
listen 80;
server_name esgi.be;
location ^~ /.well-known {
allow all;
root /var/www/symfony/;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name esgi.be;
ssl on;
ssl_certificate /etc/letsencrypt/live/esgi.be/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/esgi.be/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/esgi.be/chain.pem;
access_log /dev/stdout;
error_log /dev/stderr info;
root /var/www/symfony/public;
location ^~ /build/ {
alias /var/www/symfony/public/build/;
gzip_static on;
expires max;
add_header Cache-Control public;
}
location / {
try_files $uri /index.php$is_args$args;
}
location ~ ^/index\.php(/|$) {
include fastcgi.conf;
fastcgi_pass php-upstream;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
internal;
}
}
What can I do to fix that ?
Thanks for your help!
On my server I have 4 services running (my web page, plex...). I wanted to install WP on this one as a dev server.
All my previous services got their SSL certificate thanks to Let's Encrypt.
I set up WP for http only so I don't know why my browser tells me :
Your connexion is note private [...] NET::ERR_CERT_COMMON_NAME_INVALID
my nginx file :
server {
listen 80;
listen [::]:80;
server_name w.gfelot.xyz www.w.gfelot.xyz;
root /var/www/wp/;
index index.php;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
}
Any idea ?
EDIT:
Thanks to Richard Smith I update my server block
server {
listen 80;
listen [::]:80;
server_name www.w.gfelot.xyz w.gfelot.xyz;
return 301 https://w.gfelot.xyz$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
include snippets/ssl-gfelot.conf;
include snippets/ssl-params.conf;
server_name w.gfelot.xyz;
...
But I got the same result.
I need help with some nginx configuration. So please help. So here is my situation.
my domain: rtechmedia.com
1) I want all the request of http:// www.rtechmedia.com redirect to https:// www.rtechmedia.com
2) I want all the request of https:// rtechmedia.com to https:// www.rtechmedia.com
3) But i want that the style folder and its content located at www.rtechmedia.com/styles/* should redirect to http:// www.rtechmedia.com/styles/* instead of https:// www.rtechmedia.com/styles/*
I am noob in nginx so please give in details. And note i put space in url because of low reputation. So ignore it
I am able to achieve 1) and 2) but not 3 so help me with that.
server {
listen 80;
server_name www.rtechmedia.com;
return 301 https://www.rtechmedia.com$request_uri;
}
server {
listen 80;
server_name rtechmedia.com;
return 301 https://www.rtechmedia.com$request_uri;
}
server {
listen 443 ssl;
server_name www.rtechmedia.com;
root /home/forge/www.rtechmedia.com;
ssl_certificate /etc/nginx/ssl/www.rtechmedia.com/11369/server.crt;
ssl_certificate_key /etc/nginx/ssl/www.rtechmedia.com/11369/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/www.rtechmedia.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}