How do I do a nginx url rewrite? - nginx

I'm new to ngnix, maybe my problem is trivial but I can't get any way to diagonize where is the issue :
We migrated our web app from version 0.6.4 to 0.6.5. To be sure, our users don't keep old files in their browser cache, we prefix our url with the version number to force refreshing : eg https://qa.share.place/v0.6.5/place/(:placeId)
So I need people who bookmarked a url with the old url format
https://qa.share.place/v0.6.4/place/(:placeId) to be redirected to the new url.
I attempted a url rewrite this way:
server {
server_name qa.share.place;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server ipv6only=on;
ssl_certificate /etc/letsencrypt/live/qa.share.place/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/qa.share.place/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/qa.share.place/fullchain.pem;
include /etc/nginx/snippets/ssl.conf;
#https://forum.nginx.org/read.php?2,267685,267686
#keepalive_timeout 70;
root /home/ubuntu/share_place/bin/static;
index index.html index.htm index.nginx-debian.html;
#return 302 https://www.share.place/upgrade;
gzip on;
gzip_min_length 1000;
gunzip on;
client_body_in_file_only clean;
client_body_buffer_size 32K;
sendfile off;
send_timeout 300s;
client_max_body_size 1000M;
#================ here is my issue
rewrite ^(\/v0\.6\.4\/)(.*) /v0.6.5/$2 last;
location /v0.6.5 {
proxy_pass http://localhost:3000/ ;
}
}
The issue, is that I have a 404, and I don't know how to log where the url was redirected (rewritten) to understand what's happening behind the wall.
Is the routing location /v0.6.5 {} still interpreted after the rewrite? or does the rewrite skip any treatments after it happens?
Any help please

Related

Nginx configuration is giving me 3 copy's of my domain in the address bar, how is this?

Overview
Okay, before I start, let me say I don't know much of Nginx and has routing works. What I know I learned in about 1 week's time. I'm more of an apache type guy. However, I'm working on a large scale project and would prefer using a faster server and not just apache server. So I decided on Nginx.
This issue relates to CSS/JS files not being resolved within the browser during page rendering for the frontend user.
I've spent over 3 days messing around and keep running into issues. I wouldn't be shocked if it's an easy fix though, so if you know Nginx and want to help me solve this issue please help me. I would, greatly.... greatly, appreciate a helping hand with this.
So I reckon that any dev's that want to help will need a copy of my Nginx config. It's probably also worth mentioning that I am using a hosting panel, called aaPanel on my Ubuntu 20.04 server, hosted in the cloud with IBM.
Other things to note:
aaPanel has two Nginx config files (I'm aware of), I'm messed around on each sub level Nginx config file. If I'm understanding this correctly, aaPanel uses a master Nginx config file and then a copy of the master conf file for your website. I fiddled with both, reverting changes, reloading Nginx etc, etc.
The frontend errors I have received via Opera Console or any other Browser's Console:
Failed to load resource: net::ERR_HTTP2_PROTOCOL_ERROR
Failed to load resource: net::ERR_CONNECTION_CLOSED
The main issue and some thinks I've identified
CSS/JS/IMG/Any MIME TYPE files do not load/resolve.
Any kind of mime type does NOT load, even if I directly visit them in the browser.
Nginx (I am 90% sure it is Nginx) is appending duplicates of my domain name for these files in the path. Seen below (Note that this is not the complete URL, but a small fraction of it since it's over 1mb long. Which leads me to believe it's a stackoverflow/endless loop issue.
https:// domain .net /domain.net/domain.net/domain.net/domain.net/filetype.exstension
(JS/IMG/CSS)
My two Nginx conf file configs I am aware of within aaPanel
My main website's NGINX CONFIG FILE:
server
{
listen 80;
listen 443 ssl http2;
server_name solidbets.net;
index index.php;
root /www/wwwroot/solidbets.net;
#SSL-START SSL related configuration, do NOT delete or modify the next line of commented-out 404 rules
#error_page 404/404.html;
ssl_certificate /www/server/panel/vhost/cert/domain.net/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/domain.net/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
#Below ssl_ciphers changed for security PURPOSES
ssl_ciphers EECDH+CCHA20:EEH+CHACHA20-draft:EEH+AES128:RSA+AES128:EDH+A56:RSA+A6:+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497 https://$host$request_uri;
#SSL-END
#ERROR-PAGE-START Error page configuration, allowed to be commented, deleted or modified
#error_page 404 /404.html;
#error_page 502 /502.html;
#ERROR-PAGE-END
#PHP-INFO-START PHP reference configuration, allowed to be commented, deleted or modified
include enable-php-74.conf;
#PHP-INFO-END
#REWRITE-START URL rewrite rule reference, any modification will invalidate the rewrite rules set by the panel
include /www/server/panel/vhost/rewrite/domain.net.conf;
#REWRITE-END
# Forbidden files or directories
location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
# Directory verification related settings for one-click application for SSL certificate
location ./* {
include /www/server/nginx/conf/mime.types;
}
access_log /www/wwwlogs/domain.net.log;
error_log /www/wwwlogs/domain.net.error.log;
}
My MASTER NGINX CONF File for the server:
user www www;
worker_processes auto;
error_log /www/wwwlogs/nginx_error.log crit;
pid /www/server/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
stream {
log_format tcp_format '$time_local|$remote_addr|$protocol|$status|$bytes_sent|$bytes_received|$session_time|$upstream_addr|$upstream_bytes_sent|$upstream_bytes_received|$upstream_connect_time';
access_log /www/wwwlogs/tcp-access.log tcp_format;
error_log /www/wwwlogs/tcp-error.log;
include /www/server/panel/vhost/nginx/tcp/*.conf;
}
events
{
use epoll;
worker_connections 51200;
multi_accept on;
}
http
{
#AAPANEL_FASTCGI_CONF_BEGIN
fastcgi_cache_key "$scheme$request_method$host$request_uri";
fastcgi_cache_path /dev/shm/nginx-cache/wp levels=1:2 keys_zone=WORDPRESS:100m inactive=60m max_size=1g;
fastcgi_cache_use_stale error timeout invalid_header http_500;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
#AAPANEL_FASTCGI_CONF_END
include mime.types;
#include luawaf.conf;
include proxy.conf;
default_type application/octet-stream;
server_names_hash_bucket_size 512;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 50m;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
gzip_vary on;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;
server_tokens off;
access_log off;
server
{
listen 888;
server_name phpmyadmin;
index index.html index.htm index.php;
root /www/server/phpmyadmin;
location ~ /tmp/ {
return 403;
}
#error_page 404 /404.html;
include enable-php.conf;
location ~ /\.
{
deny all;
}
access_log /www/wwwlogs/access.log;
}
include /www/server/panel/vhost/nginx/*.conf;
}
URL REWRITE OPTIONS
If anyone has a solution to this very frustrating problem, which may be obvious, please help.

Your connection is not private (nginx, bluehost, google cloud and cloudflare)

I host a site in compute engine in google cloud with Nginx on Debian, I use a Bluehost domain and a Cloudflare SSL.
My site web sometimes works and sometimes not and show me this message: Your connection is not private.
what is the solution?
example.com file:
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
return 302 https://$server_name$request_uri;
}
server {
# SSL configuration
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl on;
ssl_certificate /etc/ssl/certs/cert.pem;
ssl_certificate_key /etc/ssl/private/key.pem;
server_name example.com www.example.com;
root /var/www/example.com/html;
index index.html index.htm index.php;
ssl_client_certificate /etc/ssl/certs/cloudflare.crt;
ssl_verify_client on;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
}
}
I think John H nailed it, seems you have a mixed content issue. You may end up having to edit as suggested, but I'd first recommend trying to enable "Automatic HTTPS Rewrites" on the Crypto tab. Other mixed content suggestions here, https://community.cloudflare.com/t/community-tip-fixing-mixed-content-errors/42476.
If you have more questions about Cloudflare, visit the Cloudflare Community, https://community.cloudflare.com/t/community-tip-welcome-stackoverflow-visitors/99529."

How to replace Nginx default error 400 "The plain HTTP request was sent to HTTPS port" page with Play! Framework backend.

I have a website using Play! framework with multiple domains proxying to the backend, example.com and example.ca.
I have all http requests on port 80 being rewritten to https on port 443. This is all working as expected.
But when I type into the address bar http://example.com:443, I'm served nginx's default error page, which says
400 Bad Request
The plain HTTP request was sent to HTTPS port
nginx
I'd like to serve my own error page for this, but I just can't seem to get it working. Here's a snipped of my configuration.
upstream my-backend {
server 127.0.0.1:9000;
}
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/certs/example.crt;
ssl_certificate_key /etc/ssl/private/example.key;
keepalive_timeout 70;
server_name example.com;
add_header Strict-Transport-Security max-age=15768000; #six months
location / {
proxy_pass http://my-backend;
}
error_page 400 502 error.html;
location = /error.html {
root /usr/share/nginx/html;
}
}
It works when my Play! application is shut down, but when it's running it always serves up the default nginx page.
I've tried adding the error page configuration to another server block like this
server {
listen 443;
ssl off;
server_name example.com;
error_page [..]
}
But that fails with the browser complaining about the certificate being wrong.
I'd really ultimately like to be able to catch and handle any errors which aren't handled by my Play! application with a custom page, or pages. I'd also like this solution to work if the user manually enters the site's IP into the address bar instead of the server name.
Any help is appreciated.
I found the answer to this here https://stackoverflow.com/a/12610382/4023897.
In my particular case, where I want to serve a static error page under these circumstances, my configuration is as follows
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/certs/example.crt;
ssl_certificate_key /etc/ssl/private/example.key;
keepalive_timeout 70;
server_name example.com;
add_header Strict-Transport-Security max-age=15768000; #six months
location = /error.html {
root /usr/share/nginx/html;
autoindex off;
}
location / {
proxy_pass http://my-backend;
}
# If they come here using HTTP, bounce them to the correct scheme
error_page 497 https://$host:$server_port/error.html;
}

Accessing site on nginx by https by default

I have website on nginx server! I want to make accessing the site by https by default(on specified port, I wrote in below)! I mean, when I write in browser - mysite.net:90, or www.mysite.net:90, it will go on https, instead of http! I've already tried to redirect requests with "rewrite" in server block, and "return", but it doesn't work.
This is how my server block looks now:
server {
listen 90;
listen 9090 ssl;
server_name example.com;
ssl on;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
root /var/www/path;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
......
}
You may find this forum post useful:
https://www.digitalocean.com/community/questions/http-https-redirect-positive-ssl-on-nginx
Basically you need to create a redirection from your HTTP instance where all requests are automatically redirected to HTTPS.
Like this:
server {
listen 90;
server_name example.com;
# Redirect all requests to https
return 301 https://$server_name$request_uri;
}
server {
listen 9090 ssl;
server_name example.com;
ssl on;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
root /var/www/path;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
}
Try that and see if that works for you.
But basically you for the first instance, you are simply creating a redirection and all the real configuration will be on the second one.

nginx CORS Issues with MAXCDN and Easydns with Digital Ocean

I am having issues with CORS, specifically with max cdn. CORS was working properly with maxcdn until a few days ago. I have posted my host config and the cors header is included.
I am stumped at this point, as I have done the following to troubleshoot:
Disabled a rocket-cache specific configuration for nginx included in
the server block.
I have changed caching methods - rather than redis-hhvm I have tried
switching over to fcgi-hhvm with rocket cache.
I have disabled rocket cache after clearing it's cache - then purging
the entire cache, and used a third party plugin for wordpress
specifically for linking the cdn.
I am using SNI with SPDY on maxcdn - I have a cert just for the subdomain (cdn.jurisdesk.com). And I am using Digitalocean for hosting.
Below is my current nginx config (everything was working properly until a few days ago which prompted me to speak with maxcdn support - who are great by the way, and extremely knowledgeable when it comes to advanced configurations specifically using nginx).
server {
server_name www.jurisdesk.com;
ssl_certificate_key /path/to/key/foobar.key;
ssl_certificate /path/to/cert/foobar.crt;
listen *:80;
listen *:443 ssl spdy;
listen [::]:80 ipv6only=on;
listen [::]:443 ssl spdy ipv6only=on;
return 301 https://jurisdesk.com$request_uri;
}
server {
server_name jurisdesk.com;
listen *:80;
listen [::]:80;
return 301 https://jurisdesk.com$request_uri;
}
server {
server_name jurisdesk.com;
listen *:443 ssl spdy;
listen [::]:443 ssl spdy;
ssl on;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
ssl_certificate_key /path/to/key/foobar.key;
ssl_certificate /path/to/cert/foobar.crt;
access_log /var/log/nginx/jurisdesk.com.access.log rt_cache_redis;
error_log /var/log/nginx/jurisdesk.com.error.log;
root /var/www/jurisdesk.com/htdocs;
index index.php index.html index.htm;
include common/redis-hhvm.conf;
include rocket-nginx/rocket-nginx.conf;
include common/wpcommon.conf;
include common/locations.conf;
location ~ \.(ttf|ttc|otf|eot|woff|woff2|font.css|css|js)$ {
add_header Access-Control-Allow-Origin "*";
}
}
I have also added CORS to rocket-nginx.conf - as this is something I've been tinkering with lately and reflects a change to my config - however I have also removed the directive to eliminate that as the cause of the problem.

Resources