I have an issue as given below.
Say I have a site example.com and I have made modifications to the rewrite logic to remove .php extensions. The code given below works fine in all the cases except for index.php
https://example.com --> Not accessible. This is not correct. It should display contents from index.php page.
https://example.com/index.php --> Displays 404 page. This is correct.
https://example.com/index --> Displays index page. This is not correct.
server {
root /usr/share/nginx/html;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm;
server_name example.com www.example.com;
error_page 404 /error/custom_404;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
index index.php index.html index.htm;
try_files $uri $uri/ #missing;
}
location ~* \.(jpg|jpeg|png|gif|ico|css|js|svg)$ {
expires 365d;
}
location ~* (\.php$|myadmin) {
return 404;
}
location #missing {
if (!-f $document_root$uri.php) { return 404; }
fastcgi_param SCRIPT_FILENAME "$document_root$uri.php";
fastcgi_param PATH_TRANSLATED "$document_root$uri.php";
fastcgi_param QUERY_STRING $args;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~* \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name example.com www.example.com;
return 404; # managed by Certbot
}
Can someone point to where I am doing wrong?
Thanks
Related
I have an Ubuntu 20.04 server on Azure, with Nginx, PHP-FPM and actualy two websites.
The sites are example.com and sub.example.com and They are with the certificate issued by certboot and working fine.
I added a third site with a diferente domain example2.com and it worked fine. But when I add certboot to this third site, they all stop working, and Nginx don’t stop and don't show any error.
I added the certificates using this
sudo certbot --nginx -d example.com -d www.example.com
sudo certbot --nginx -d sub.example.com
Until here ok, sites working fine last five months
Then I add a new website and worked fine two, but when a I add certbot, all of them stop to work, but nginx still running withou erros
sudo certbot --nginx -d example2.com -d www.example2.com
sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Sites only work again if I remove the certificate from the third site
sudo sudo certbot delete --cert-name example2.com
sorry for my english
Server block Site 1
server {
root /var/www/example.com/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name example.com www.example.com;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name example.com www.example.com;
return 404; # managed by Certbot
}
Server block Site 2 (subdomain site 1)
server {
root /var/www/sub.example.com/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name sub.example.com;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/sub.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/sub.example.com/privkey.pem; # managed by Certbot
# include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = sub.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name sub.example.com;
return 404; # managed by Certbot
}
Server block Site 3
server {
root /var/www/example2.com/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name example2.com www.example2.com;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example2.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example2.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.example2.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example2.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name example2.com www.example2.com
return 404; # managed by Certbot
}
here my conf file
server {
root /var/www/[NAME]/latest;
index index.php index.html index.htm index.nginx-debian.html;
server_name [SITENAME].com www.[SITENAME].com [ANOTHER-SITENAME].com www.[ANOTHER-SITENAME].com;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/[SITENAME].com-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/[SITENAME].com-0001/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.[ANOTHER-SITENAME].com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = [ANOTHER-SITENAME].com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = www.[SITENAME].com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = [SITENAME].com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name [SITENAME].com www.[SITENAME].com [ANOTHER-SITENAME].com www.[ANOTHER-SITENAME].com;
return 404; # managed by Certbot
}
everythign works fine when i open [SITENAME].com
but when i open [ANOTHER-SITENAME].com
i get an error message
This page isn’t working [ANOTHER-SITENAME].comredirected you too many
times.
why? how to fix this?
Your config NEVER works for [ANOTHER-SITENAME].com, because http
have redirect to https and https not working because SSL cert is
only for [SITENAME].com.
If have two sites who use same files, make
seperate blocks for them - it will be easier to manage and
troubleshoot.
Make it simple, help yourself... For example:
[SITENAME].com
server
{
listen 80;
server_name www.[SITENAME].com [SITENAME].com;
return 301 https://[SITENAME].com$request_uri;
}
server
{
listen 443 ssl;
server_name www.[SITENAME];
ssl_certificate /etc/letsencrypt/live/www.[SITENAME].com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.[SITENAME].com/privkey.pem;
return 301 https://[SITENAME].com$request_uri;
}
server
{
listen 443 ssl;
server_name [SITENAME].com;
root /var/www/[NAME]/latest;
index index.php index.html index.htm index.nginx-debian.html;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
[ANOTHER-SITENAME].com
server
{
listen 80;
server_name www.[ANOTHER-SITENAME].com [ANOTHER-SITENAME].com;
return 301 https://[ANOTHER-SITENAME].com$request_uri;
}
server
{
listen 443 ssl;
server_name www.[ANOTHER-SITENAME].com;
ssl_certificate /etc/letsencrypt/live/www.[ANOTHER-SITENAME].com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.[ANOTHER-SITENAME].com/privkey.pem;
return 301 https://[ANOTHER-SITENAME].com$request_uri;
}
server
{
listen 443 ssl;
server_name [ANOTHER-SITENAME].com;
root /var/www/[NAME]/latest;
index index.php index.html index.htm index.nginx-debian.html;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
I got a problem with infinite redirection on my site. Nginx redirects from http to https successfully but after that for some reason it does the opposite and that leads to infinite loop. What's wrong in my config?
erver {
listen 80 default_server;
listen [::]:80 default_server;
server_name devcore.pw www.devcore.pw;
return 301 https://devcore.pw$request_uri;
}
server {
client_max_body_size 20M;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name www.devcore.pw devcore.pw; # managed by Certbot
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
location ~ \.php$ {
include snippets/fastcgi-php.conf;
# With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
# With php-cgi (or other tcp sockets):
#fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on;
}
#deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
location ~ /\.ht {
deny all;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl on;
ssl_certificate /etc/letsencrypt/live/devcore.pw/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/devcore.pw/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}```
this config has major problem. you closed server block after the redirect line
so you have to fix it, try:
server {
listen 80 default_server;
listen [::]:80 default_server;
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
server_name devcore.pw www.devcore.pw;
return 301 https://devcore.pw$request_uri;
client_max_body_size 20M;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
location ~ \.php$ {
include snippets/fastcgi-php.conf;
# With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
# With php-cgi (or other tcp sockets):
#fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on;
}
#deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
location ~ /\.ht {
deny all;
}
ssl on;
ssl_certificate /etc/letsencrypt/live/devcore.pw/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/devcore.pw/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
Recently we have migrated from Apache2 to Nginx server. Consider we have domain www.test.com and following is the www.test.com.conf and I had disabled default Nginx default file.
server {
server_name www.test.com;
# Character Set
charset utf-8;
# Logs
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# Directory Indexes
index index.html index.htm index.php;
# Document Root
root /var/www/html/project1/public;
# Location
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
# Error Pages
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
# PHP-FPM Support
location ~ \.php$ {
fastcgi_read_timeout 240;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; #/var/run/php5-fpm.sock;
#include fastcgi.conf;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# Block access to .htaccess
location ~ \.htaccess {
deny all;
}
client_body_timeout 10s;
client_header_timeout 10s;
client_max_body_size 100M;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.test.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.test.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.test.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen *:80;
server_name www.test.com;
return 404; # managed by Certbot
}
With the above configuration, I can access https://www.test.com without issues. In this case root /var/www/html/project1/public. Now to access multiple applications from the same domain I had changed the root directive to /var/www/html/ and tried to access https://www.test.com/project1/public but I'm getting the following error
FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream
May I know the reason for this issue? my application is Lumen which is a mirco service framework by Laravel.
By changing the following blocks it is working for me
from root /var/www/html/project1/public; to root /var/www/html;
And we need to add multiple location blocks based on the requirement. Consider I want to access two Lumen/ Laravel applications from single domain, then I need to add two location blocks as
location /project1/public {
try_files $uri $uri/ /project1/public/index.php$is_args$args;
}
location /project2/public {
try_files $uri $uri/ /project2/public/index.php$is_args$args;
}
Credits go to Richard Smith
I want to deny access to few directories, as well as all sub-directories and files, including JS/CSS files.
I have this configuration, and it works for the most part, but it doesn't deny access to .js file I have.
server {
listen 80;
server_name DOMAIN www.DOMAIN;
root /home/me/www/app;
index index.php index.html index.htm;
autoindex on;
client_max_body_size 20m;
fastcgi_read_timeout 600;
#Forbid access to these directories
location ~ /(data|dev|py)/ {
deny all;
return 403;
}
#Force download on PDF files
location ~* /(.*\.pdf) {
types { application/octet-stream .pdf; }
default_type application/octet-stream;
}
location / {
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
}
#API
location /api/v1/ {
index index.php;
try_files $uri $uri/ /api/v1/index.php?$args;
}
#php support
location ~ [^/]\.php(/|$) {
include /etc/nginx/conf.d/php_generic;
fastcgi_param DOCUMENT_ROOT /home/me/www/site1;
fastcgi_pass unix:/var/run/php/php-fpm-me.sock;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
error_log /home/me/logs/error.log;
access_log /home/me/logs/access.log;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
Any ideas?
EDIT / RESOLVED
Well, the website is behind CloudFlare, so after 30 minutes of pulling my hair off, link is no longer accessible, which tells me that CloudFlare had it cached and served it, even tho nginx config was changed.