I've split up most of my config files so it looks like this (simplified)
example.conf
server {
listen 80;
server_name example.com;
root /var/www/example.com/public_html;
#stuff......
#########
# Base WordPress configuration, setup php and everything
include /etc/nginx/snippets/wordpress.conf;
}
wordpress.conf
#stuff......
location / {
try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php ;
}
#stuff......
So far so good. Now I want to secure only example.com with http-auth
So I add to the example.conf the following;
location / {
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
}
But then I get the error;
nginx: [emerg] duplicate location "/" in /etc/nginx/snippets/wordpress.conf:53
nginx: configuration file /etc/nginx/nginx.conf test failed
What is the best way to enable http-auth on this domain only?
I could create an alternative wordpress.conf but that would defeat the idea of splitting up configs.
Related
I'm trying to secure my phpMyAdmin with nginx http auth but, when I add auth instructions, nginx -t says:
nginx: [emerg] unexpected end of file, expecting ";" or "}" in /etc/nginx/conf.d/default.conf:22
nginx: configuration file /etc/nginx/nginx.conf test failed
server {
listen 80;
server_name x.x.x.x;
root /var/www/html/mypma;
index index.php index.html index.htm index.nginx-debian.html;
location = / {
return 444;
}
location = /pma {
auth_basic "Area riservataā€¯;
auth_basic_user_file /etc/apache2/.htpasswd;
}
location ~ .php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
}
}
The second " was not a regular quote. Thanks to #tkausl's comment!
I config a static site via nginx, and include my settings under conf.d directory. listen port 80.
But I found when I request the url, nginx always redirect the default page /usr/share/nginx/html/index.html
My configuration does seem work, for all access logs were written to my access log settings, and if I change index.html to some other name(i.html for example) in my directory, and request url mysite.com/i.html, I can access the correct page.
So, it seems that nginx redirect all index.html to the default one.
I tried change default port/server name/root and annotate the default settings, even close selinux, all above doesn't work, it really make me mad.
Can anyone help me?
I'm using nginx version 1.10.2, on CentOS 7.2
and following is my site settings:
# the upstream component nginx needs to connect to
upstream blog {
server 0.0.0.0:80; # for a web port socket (we'll use this first)
}
# configuration of the server
server {
# the port your site will be served on
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
# the domain name it will serve for
server_name mysite.com;
charset utf-8;
access_log /var/log/blog/access.log;
error_log /var/log/blog/error.log;
# max upload size
client_max_body_size 75M; # adjust to taste
# Finally, send all non-media requests to the Django server.
location / { try_files $uri #blog; }
location #blog{
root /home/work/projects/blog/public/;
index index.html index.htm;
uwsgi_read_timeout 120s;
uwsgi_send_timeout 120s;
}
}
and the /etc/nginx/nginx.conf is
server {
# listen 8000 default_server;
# listen [::]:8000 default_server;
# server_name not;
# root /usr/share/nginx/html;
# Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
# location / {
# }
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
This makes no sense:
location / {
try_files $uri #blog;
}
location #blog{
root /home/work/projects/blog/public/;
index index.html index.htm;
uwsgi_read_timeout 120s;
uwsgi_send_timeout 120s;
}
The lack of a root directive means that the first try_files will look for files in the default location.
All you need is root and index directives within the server context:
For example:
root /home/work/projects/blog/public;
index index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
See this document for details.
I'm not able to get nginx to return the files I've put in /var/www/letsencrypt.
nginx/sites-available/mydomain.conf
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name my-real-domain.com;
include /etc/nginx/snippets/letsencrypt.conf;
root /var/www/mydomain;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
nginx/snippets/letsencrypt.conf
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root /var/www/letsencrypt;
}
I run this command:
certbot certonly --webroot -w /var/www/letsencrypt/ -d my-real-domain.com
But the page that certbot tries to access is always an 404.
DEBUGGING
$ echo hi > /var/www/letsencrypt/hi
$ chmod 644 /var/www/letsencrypt/hi
Now I should be able to curl localhost/.well-known/acme-challenge/hi, but that does not work. Still 404. Any idea what I'm missing?
Option root /var/www/letsencrypt/; tells to nginx "this is base directory", so final path will be /var/www/letsencrypt/.well-known/acme-challenge/.
So, you have 2 options:
Change your path, for example to
$ echo hi > /var/www/letsencrypt/.well-known/acme-challenge/hi
Change behavior of nginx, so nginx will treat it as alias:
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
rewrite /.well-known/acme-challenge/(.*) /$1 break;
root /var/www/letsencrypt;
}
And don't forget make killall -1 nginx to reload config
It seems that the Synology Nginx configuration now has a rule for acme-challenge. Put your file in /var/lib/letsencrypt/.well-known/acme-challenge and there is no need to reload Nginx as the configuration stay unchanged.
See /etc/nginx/nginx.conf for details.
I have a server with Nginx.
I would like to set up two sites:
backend.mysite.com
staging.backend.mysite.com
Here is my server blocks config:
www.backend.mysite.com:
server {
listen 80;
server_name backend.mysite.com www.backend.mysite.com;
location / {
proxy_pass http://127.0.0.1:8800/;
}
}
server {
listen 8800;
server_name my.ip.address;
root /projects/backend/production/html;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
}
www.staging.backend.mysite.com:
server {
listen 80;
server_name staging.backend.mysite.com www.staging.backend.mysite.com;
location / {
proxy_pass http://127.0.0.1:8900/;
}
}
server {
listen 8900;
server_name my.ip.address;
root /projects/backend/staging/html;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
}
My problem is that backend.mysite.com is overriding staging.backend.mysite.com. How can I say to Nginx to never override if there is a sub subdomain on my adress?
UPDATE:
I've tried to add another domain (my_other_site.com) in my second config to check if it works:
server {
listen 80;
server_name my_other_site.com www.my_other_site.com staging.backend.mysite.com www.staging.backend.mysite.com;
location / {
proxy_pass http://127.0.0.1:8900/;
}
}
server {
listen 8900;
server_name my.ip.address;
root /projects/backend/staging/html;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
}
When I visit my_other_site.com it works well. The second site is reached as expected.
my_other_site.com, www.my_other_site.com, staging.backend.mysite.com and www.staging.backend.mysite.com have the same DNS A configuration, they are pointing on the same IP.
UPDATE 2:
When I disable www.backend.mysite.com server block, it works. The site staging.backend.mysite.com is working as expected. That mean that indeed the first block overrides the second one.
How can I tell the first server block to not take in account staging.backend.mysite.com? Is there a way to exclude a specific domain name?
Try to give for included config files same names as domain names, e.g.:
aa.domain.com --> aa.domain.com.nginx.conf
bb.domain.com --> bb.domain.com.nginx.conf
so nginx will include and catch in natural alphabetic order
I was running into the same experience, but eventually when I ran sudo nginx -T, it spat out:
nginx: [emerg] could not build server_names_hash, you should increase server_names_hash_bucket_size: 32
nginx: configuration file /etc/nginx/nginx.conf test failed
So, I edited nginx.conf and uncommented the relevant line:
# ...
server_names_hash_bucket_size: 64;
# ...
I picked 64 because that was what was in the file, commented out. Then I restarted and everything worked.
Then I cleared the cache in my browser.
I ham trying to make http://example.com serve http://example.com/home.html from /home/ubuntu/mysitedir/home.html.
I have the following conf file which successfully redirects everything to https, and proxies to uwsgi. The http->https redirection works fine, and the uwsgi proxy works, but http(s)://example.com/, http(s)://example.com/home.html, http(s)://example.com/index.html, and http(s)://example.com/index.htm are all 404
Any pointers as to what I can try?
Here is my conf file:
server {
listen 80;
server_name example.com;
return 301 https://$server_name$request_uri;
root /home/ubuntu/mysitedir/;
index home.html;
}
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/nginx/ssl/example_combined.crt;
ssl_certificate_key /etc/nginx/ssl/www.example.com.key;
root /home/ubuntu/mysitedir/;
index home.html;
location /images/ads {
alias /home/ubuntu/mysitedir/images/ads/;
}
location /images {
alias /home/ubuntu/mysitedir/images/;
}
location /static {
alias /home/ubuntu/mysitedir/static/;
}
location / {
alias /home/ubuntu/mysitedir/;
include uwsgi_params;
uwsgi_pass unix:/tmp/mysitedir.sock;
}
}
Thanks.
location / is the catch-all. You could try the try_files directive like this:
location #wsgisite {
include uwsgi_params;
uwsgi_pass unix:/tmp/mysitedir.sock;
}
location / {
index home.html;
try_files $uri $uri/ #wsgisite;
}
Any thing coming into the base location will first check to see if it is a file, or a directory with an index (home.html) file in it, and if not, then pass it on to the #wsgisite.
This should also make the other three location directives obselete, since nginx will be checking for the files first before passing it to the wsgi block.