How to set up Laravel Forge / nginx default site - nginx

I have a nginx server with a single web site, managed by Laravel Forge. At the moment it responds to requests for a single subdomain: subdomain_a.mydomain.com.au. I need it to respond to requests for subdomain_b.mydomain.com.au, and also the raw IP address. How do I do that?
Here's the nginx config:
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/subdomain_a.mydomain.com.au/before/*;
server {
listen 80;
listen [::]:80;
server_name subdomain_a.mydomain.com.au;
root /home/forge/subdomain_a.mydomain.com.au/public;
# FORGE SSL (DO NOT REMOVE!)
# ssl_certificate;
# ssl_certificate_key;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-(truncated by me!!!);
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/subdomain_a.mydomain.com.au/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/subdomain_a.mydomain.com.au-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/subdomain_a.mydomain.com.au/after/*;
I am new to both nginx and Forge, and this is due to be in production within a few days.

In forge open your website page, at the right bottom there is a dropup menu called "Files", click on "Edit Nginx configuration".
Now you have to change this directive (as described here) from:
add_header X-Frame-Options "SAMEORIGIN";
to
add_header X-Frame-Options "allow from https://your-ip-or-domain.tld"

Related

Increase number of worker_connection on Nginx on Forge

I have a lot of error messages like:
2022/11/21 11:05:36 [alert] 729126#729126: *467625 768 worker_connections are not enough while connecting to upstream, upstream: "fastcgi://unix:/var/run/php/php8.1-fpm.sock:"
I'm trying to increase the number of worker_connections. On Laravel Forge, i can edit the nginx configuration file, but nothing I add is working.
My file:
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/ [...] /before/*;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name [...] ;
server_tokens off;
root /home/forge/ [...] /public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/ [...] /1550866/server.crt;
ssl_certificate_key /etc/nginx/ssl/ [...] /1550866/server.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/ [...] /server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/ [...] -error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/ [...] /after/*;
I saw this on Github:
events {
# When you need > 8000 * cpu_cores connections, you start optimizing your OS,
# and this is probably the point at which you hire people who are smarter than
# you, as this is *a lot* of requests. default is 768.
worker_connections 768;
multi_accept on;
}
But the "events" entry is not allowed, so I don't know how to specify the number of worker_connections.
Any ideas?

Redirect API endpoints in nginx

There is an API deployed on the server. I have a public IP to which I want to connect the domain. Normally it works this way: 127.0.0.1/api/v1/register, but the domain looks like api.mydomain.com, so I don't really need the part "api/v1". How can I redirect all users' requests like "127.0.0.1/register" into "127.0.0.1/api/v1/register"?
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/{{ SITE }}/before/*;
server {
listen {{ PORT }};
listen {{ PORT_V6 }};
server_name {{ DOMAINS }};
server_tokens off;
root {{ PATH }};
# FORGE SSL (DO NOT REMOVE!)
# ssl_certificate;
# ssl_certificate_key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/{{ SITE }}/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/{{ SITE }}-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass {{ PROXY_PASS }};
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/{{ SITE }}/after/*;

Laravel Forge - Deploying Wordpress + HTTPS is giving "too many redirects"

My Nginx config file:
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.example.com/before/*;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.example.com;
root /home/forge/www.example.com;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/www.example.com/616559/server.crt;
ssl_certificate_key /etc/nginx/ssl/www.example.com/616559/server.key;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.example.com/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/www.example.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.example.com/after/*;
Site domain is www.example.com
Aliases: example.com
Any idea?
Just posting the solution to anyone in the same situation:
The problem was not with posted Nginx configuration at all, which is correct.
After a while searching for a solution, I realised that I had two DNS records (in DNS table of my web and domain hosting) pointing to www.example.com in DNS table, resulting in that behaviour when accessing the web.
Thanks.

How to point a subdomain to another "folder" on same server?

So I have set up two domains with each of there repositories on one server with forge. It looks like this:
DomainA.com (179.x.x.x)
DomainB.com (179.x.x.x)
In my DNS I have pointed them both to the same ip, and forge has handled everything else and it works great.
On the server there's two folders.
DomainA.com
DomainB.com
So now I want to create a subdomain on DomainB which "loads" the code of DomainA, example: code.domainb.com will load show the contents which in on domaina.com.
I'm not sure how I can do that? So far I understand that I need to change something in the nginx config, hopefully someone can give me some pointers :)
Nginx config for domainb:
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/domainb.com/before/*;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name .domainb.com;
root /home/forge/domainb.com/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/domainb.com/471043/server.crt;
ssl_certificate_key /etc/nginx/ssl/domainb.com/471043/server.key;
ssl_protocols TLSv1.2;
ssl_ciphers XXX;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/domainb.com/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/domainb.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/domainb.com/after/*;
Nginx conf for domain A:
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/domaina.com/before/*;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name .domaina.com;
root /home/forge/domaina.com/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/domaina.com/470443/server.crt;
ssl_certificate_key /etc/nginx/ssl/domaina.com/470443/server.key;
ssl_protocols TLSv1.2;
ssl_ciphers XXX;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/domaina.com/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/domaina.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/domaina.com/after/*;
The server_name directive can have more than one value. The exact match HOST name takes precedence. See this document for details.
If code.domainb.com uses the same document root as the server block for .domaina.com, simply add its name to the server_name directive.
For example:
server {
...
server_name .domainb.com;
root /home/forge/domainb.com/public;
...
}
server {
...
server_name .domaina.com code.domainb.com;
root /home/forge/domaina.com/public;
...
}
See this document for more.

WordPress blog subdirectory with Laravel on nginx produces 404 error

I installed a new WordPress blog thru Forge onto the same server as a Laravel 5.4 app. I put the blog in blog.example.com for simplicity sake, but I don't have any DNS actually pointing to the subdomain. Instead, I want to have example.com/blog pointing to my WordPress installation.
I then modified the nginx conf file for the Laravel site to look like this:
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/example.com/before/*;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
root /home/forge/example.com/current/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/example.com/230815/server.crt;
ssl_certificate_key /etc/nginx/ssl/example.com/230815/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'SHA-HASH-HERE';
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/example.com/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/example.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_read_timeout 600;
fastcgi_send_timeout 600;
fastcgi_connect_timeout 600;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
}
location ~ /\.(?!well-known).* {
deny all;
}
location /blog {
root /home/forge/blog.example.com/public;
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?q=$uri&$args;
access_log /var/log/nginx/blog.example.com-access.log;
error_log /var/log/nginx/blog.example.com-error.log error;
}
}
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/example.com/after/*;
I restarted nginx expecting to see the WP installation when I visit example.com/blog but instead I only see a 404 error from the Laravel app.
What is wrong with my approach here?
Assuming your index file is actually .../blog.example.com/public/index.* then inside of your location /blog I believe you will want to change root to alias. Try that and see if it helps. The documents below go into more depth. If you do that, you may want to get rid of the try_files for that location. I would also browse the link at the bottom from NGINX, and check your config against those suggestions.
NGINX Config
NGINX Alias Docs

Resources