I'm working on a symfony 4 application. Website works with a let's encrypt certificate in a docker container.
I have an issue with assets links :
<script src="/build/js/app.js"></script>
Link is good, but I have this issue :
nginx issue
App.js path :
app.js path
My nginx configuration :
server {
listen 80;
server_name esgi.be;
location ^~ /.well-known {
allow all;
root /var/www/symfony/;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name esgi.be;
ssl on;
ssl_certificate /etc/letsencrypt/live/esgi.be/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/esgi.be/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/esgi.be/chain.pem;
access_log /dev/stdout;
error_log /dev/stderr info;
root /var/www/symfony/public;
location ^~ /build/ {
alias /var/www/symfony/public/build/;
gzip_static on;
expires max;
add_header Cache-Control public;
}
location / {
try_files $uri /index.php$is_args$args;
}
location ~ ^/index\.php(/|$) {
include fastcgi.conf;
fastcgi_pass php-upstream;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
internal;
}
}
What can I do to fix that ?
Thanks for your help!
Related
I know that there's a lot of similar questions here, but none of them didn't help me, so here's my problem.
I need to redirect all requests from my server ip to my domain.
I tried the return 301 method, it kinda worked, but got me "Too many redirects error".
It wasn't me who wrote the config originally and I'm afraid to break it, it's a live server, so I don't have much time to test things.
Here's my config:
server {
listen xxx.xxx.xxx.xxx:443 ssl;
index index.php;
server_name example.com;
error_log /var/log/nginx/error_example_com.log;
access_log /var/log/nginx/access_example_com.log;
root /var/www/prod/frontend/web;
client_max_body_size 50m;
ssl on;
ssl_certificate /var/lib/dehydrated/certs/example.com/fullchain.pem;
ssl_certificate_key /var/lib/dehydrated/certs/example.com/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1.2;
ssl_ciphers EECDH:+AES256:-3DES:RSA+AES:RSA+3DES:!NULL:!RC4;
add_header Strict-Transport-Security "max-age=31536000";
ssl_prefer_server_ciphers on;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location /images {
alias /var/www/prod/frontend/web/images;
}
location /assets {
expires 1d;
}
location /upload {
expires 1d;
alias /var/www/prod/frontend/web/uploads;
}
location /plugins/Global/scripts {
alias /var/www/prod/frontend/web/js2;
}
location /plugins/Global/images {
alias /var/www/prod/frontend/web/images;
}
location /plugins/Global/css {
alias /var/www/prod/frontend/web/css;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/comn/php/php7.3-fpm.sock;
}
location /.well-known/acme-challenge {
alias /var/lib/dehydrated/acme-challenges;
}
}
server {
listen 443 ssl;
ssl_certificate /var/lib/dehydrated/certs/example.com/fullchain.pem;
ssl_certificate_key /var/lib/dehydrated/certs/example.com/privkey.pem;
server_name www.example.com;
location / {
return 301 https://example.com$request_uri;
}
location ~ /.git/ {
deny all;
}
}
server {
listen xxx.xxx.xxx.xxx:80;
location / {
return 301 https://example.com$request_uri; # enforce https
}
location /.well-known/acme-challenge {
alias /var/lib/dehydrated/acme-challenges;
}
}
Redirecting from http://xxx.xxx.xxx.xxx to https://example.com works just fine, but I can't figure out how to get https redirecting working. What am I missing?
Also there's an admin panel to this site, it's config stored in another file, not sure if it has to be posted as well.
Strangely adding this on top of my config worked, where even default_server was ignored..
server {
listen 443 ssl http2;
server_name example.com;
return 301 https://example.com$request_uri;
}
Still not sure what is wrong with my setup, but at least it's working now.
nginx/1.14.2
I am trying to get Nginx, WordPress, and Cloudflare all working together. All pages outside of the home page (which isn't loading CSS of JS it seems) redirect to the IP of the droplet it's on, and throwing an error since its not secure. Any help would be most appreciated, I've now exhausted all the fixes found here and still have made no progress.
server {
listen 80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl on;
ssl_certificate /etc/ssl/certs/cert.pem;
ssl_certificate_key /etc/ssl/private/key.pem;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_client_certificate /etc/ssl/certs/cloudflare.crt;
ssl_verify_client on;
access_log /var/log/nginx/main.access.log;
error_log /var/log/nginx/main.error.log;
server_name example.com www.example.com;
root /var/www/core;
index index.php;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
location / {
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php$is_args$args;
}
}
Looking to get Wordpress properly loading the https through Cloudflare.
So I have set up two domains with each of there repositories on one server with forge. It looks like this:
DomainA.com (179.x.x.x)
DomainB.com (179.x.x.x)
In my DNS I have pointed them both to the same ip, and forge has handled everything else and it works great.
On the server there's two folders.
DomainA.com
DomainB.com
So now I want to create a subdomain on DomainB which "loads" the code of DomainA, example: code.domainb.com will load show the contents which in on domaina.com.
I'm not sure how I can do that? So far I understand that I need to change something in the nginx config, hopefully someone can give me some pointers :)
Nginx config for domainb:
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/domainb.com/before/*;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name .domainb.com;
root /home/forge/domainb.com/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/domainb.com/471043/server.crt;
ssl_certificate_key /etc/nginx/ssl/domainb.com/471043/server.key;
ssl_protocols TLSv1.2;
ssl_ciphers XXX;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/domainb.com/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/domainb.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/domainb.com/after/*;
Nginx conf for domain A:
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/domaina.com/before/*;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name .domaina.com;
root /home/forge/domaina.com/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/domaina.com/470443/server.crt;
ssl_certificate_key /etc/nginx/ssl/domaina.com/470443/server.key;
ssl_protocols TLSv1.2;
ssl_ciphers XXX;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/domaina.com/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/domaina.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/domaina.com/after/*;
The server_name directive can have more than one value. The exact match HOST name takes precedence. See this document for details.
If code.domainb.com uses the same document root as the server block for .domaina.com, simply add its name to the server_name directive.
For example:
server {
...
server_name .domainb.com;
root /home/forge/domainb.com/public;
...
}
server {
...
server_name .domaina.com code.domainb.com;
root /home/forge/domaina.com/public;
...
}
See this document for more.
Is it possible to optimize/minimize the config posted below?
I feel that it should be possible to merge all the redirects into something more simple.
http:// & http://www & https://www > https://
Though I've had issues and settled.
I understand variables are not supported in NGINX config, so I have to manually define the log locations for example. Would there be a way to set a default location for all vhosts?
I use the same ssl-params.conf file for all vhosts. Can this be defaulted and disabled on a per-vhost basis?
# Redirect http:// & http://www to https://
server {
server_name example.com www.example.com;
return 301 https://example.com$request_uri;
}
# Redirect https://www to https://
server {
listen 443 ssl;
server_name www.example.com;
return 301 https://example.com/$request_uri;
}
# Main config
server {
listen 443 ssl;
server_name example.com;
# SSL config
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
# Error logs
access_log /srv/logs/nginx.access.example.com.log;
error_log srv/logs/nginx.error.example.com.log;
# Root dir
location / {
root /srv/example.com/_site/;
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
}
# Caching
location ~ .php$ {
root /srv/example.com/_site/;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
root /srv/example.com/_site/;
expires 365d;
}
location ~* \.(pdf)$ {
root /srv/example.com/_site/;
expires 30d;
}
# SSL
location /.well-known {
allow all;
}
}
I understand variables are not supported in NGINX config, so I have to manually define the log locations for example. Would there be a way to set a default location for all vhosts?
Yes, just define it in the http context of your config or stick with the default of your distro (e.g. /var/log/nginx/access.log).
I use the same ssl-params.conf file for all vhosts. Can this be defaulted and disabled on a per-vhost basis?
It works the other way around you enable it where you need it through the include directive.
Here is a shorter config (untested):
http {
error_log /srv/logs/nginx.error.example.com.log;
access_log /srv/logs/nginx.access.example.com.log;
index index.php index.html index.htm;
server {
listen 80;
listen 443 ssl;
server_name .example.com;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
server_name example.com;
root /srv/example.com/_site/;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
location / {
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files $uri =404;
}
location ~* \.(jpe?g|png|gif|ico|css|js)$ {
expires 365d;
}
location ~* \.(pdf)$ {
expires 30d;
}
try_files $uri $uri/ /index.php?$args;
}
location /.well-known {
allow all;
}
}
}
On my server I have 4 services running (my web page, plex...). I wanted to install WP on this one as a dev server.
All my previous services got their SSL certificate thanks to Let's Encrypt.
I set up WP for http only so I don't know why my browser tells me :
Your connexion is note private [...] NET::ERR_CERT_COMMON_NAME_INVALID
my nginx file :
server {
listen 80;
listen [::]:80;
server_name w.gfelot.xyz www.w.gfelot.xyz;
root /var/www/wp/;
index index.php;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
}
Any idea ?
EDIT:
Thanks to Richard Smith I update my server block
server {
listen 80;
listen [::]:80;
server_name www.w.gfelot.xyz w.gfelot.xyz;
return 301 https://w.gfelot.xyz$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
include snippets/ssl-gfelot.conf;
include snippets/ssl-params.conf;
server_name w.gfelot.xyz;
...
But I got the same result.