Nginx routing issue - http server and https server - nginx

I have two nginx files in my sites-available. One is for a https domain and another for and http domain. I have the routing for the https domain to route domain1.com to https://www.domain1.com, but instead, it routes to the http domain I have set up, http://www.domain2.com. Can anybody help me out? I've tried google the issue but nothing has help so far.
domain1 setup
server{
server_name http://domain1.com
return 301 https://www.domain1.com$request_uri;
}
server {
listen 443 ssl;
server_name www.domain1.com;
ssl_certificate /home/node/www.domain1.com.crt;
ssl_certificate_key /home/node/www.domain1.com.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_redirect off;
access_log /var/log/nginx/mainacc.log;
proxy_pass http://127.0.0.1:3000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
}
}
domain2 setup
server {
listen 80;
listen [::]:80;
server_name domain2.com www.domain2.com;
root /var/www/html;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php?q=$uri&$args;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}

You are missing the listen 80 directive at top of your domain1 setup block
this should work
server {
listen 80 ;
listen [::]:80 ;
server_name domain1.com, www.domain1.com;
# return 301 https://www.domain1.com$request_uri;
rewrite ^/(.*) https://www.domain1.com/$1 permanent;
}
Did this do the trick ?

Related

Nginx redirection from www to non-www

I have an issue with redirecting from www to non-www.
My expected behaviour: all requests on port 80 and 443 should be redirected to non-www.
I also have a subdomain dev.example.com requests on this subdomain should also be redirected to non-www.
All is working fine with my current configuration except one thing:
If I request http://example.com then i'll be redirected to https://dev.example.com and i cannot find the reason for that.
Can anyone tell me what i did wrong?
I have 3 conf files in my nginx sites-enabled directory linked:
first :
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name example.com www.* dev.*;
return 301 https://$host$request_uri;
}
server {
listen 443 default_server ssl;
listen [::]:443 ssl;
server_name example.com;
root /var/www/my-site/public;
# Path of the SSL certificate
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# Use the file generated by certbot command.
include /etc/letsencrypt/options-ssl-nginx.conf;
# Define the path of the dhparam.pem file.
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
disable_symlinks off;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
index index.php index.html;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php8.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
second:
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name dev.example.com;
root /var/www/my-dev-site/public;
# Path of the SSL certificate
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# Use the file generated by certbot command.
include /etc/letsencrypt/options-ssl-nginx.conf;
# Define the path of the dhparam.pem file.
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
disable_symlinks off;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
index index.php index.html;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php8.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
third(for mailserver):
server {
if ($host = autoconfig.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = autodiscover.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = mail.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name mail.example.com autodiscover.* autoconfig.*;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mail.example.com autodiscover.* autoconfig.*;
# Path of the SSL certificate
ssl_certificate /etc/letsencrypt/live/steamangel.de/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/steamangel.de/privkey.pem; # managed by Certbot
# Use the file generated by certbot command.
include /etc/letsencrypt/options-ssl-nginx.conf;
# Define the path of the dhparam.pem file.
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location /Microsoft-Server-ActiveSync {
proxy_pass http://127.0.0.1:8080/Microsoft-Server-ActiveSync;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 75;
proxy_send_timeout 3650;
proxy_read_timeout 3650;
proxy_buffers 64 256k;
client_body_buffer_size 512k;
client_max_body_size 0;
}
location / {
proxy_pass http://127.0.0.1:8080/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 0;
}
}

wordpress nginx - Moved Permanently 301 after migration

{
server {
listen 80;
server_name www.example.com example.com;
return 301 https://www.example.com$request_uri;
}
server { #Redirect https, non-www to https, www
listen 443 ssl spdy;
server_name example.com;
ssl_certificate /var/www/web/example_com.crt;
ssl_certificate_key /var/www/web/www.expample.com.key;
return 301 https://www.example.com$request_uri;
}
server {
# SSL configuration
listen 443 ssl spdy;
server_name www.example.com;
ssl on;
ssl_certificate /var/www/web/example_com.crt;
ssl_certificate_key /var/www/web/www.expample.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # do not use SSLv3 ref: POODLE
root /var/www/web;
client_max_body_size 20M;
index index.php;
location / {
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
}
location ~ ^/(protected|framework|themes/\w+/views) {
deny all;
}
#avoid processing of calls to unexisting static files by yii
location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
try_files $uri =404;
}
location #bo {
rewrite ^/bo(.*) /bo/index.php?q=$1;
}
location /bo {
index index.php;
try_files $uri $uri/ #bo;
alias /var/www/web/bo;
}
location #app {
rewrite ^/app(.*) /app/index.php?q=$1;
}
location /app {
index index.php;
try_files $uri $uri/ #app;
alias /var/www/web/app;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
include fastcgi_params;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME /var/www/web$fastcgi_script_name;
}
# prevent nginx from serving dotfiles (.htaccess, .svn, .git, etc.)
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
location ~ /\.ht {
deny all;
}
if (!-e $request_filename) {
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 last;
rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ $1 last;
}
}
server {
listen 80;
listen [::]:80;
server_name supp.example.com;
access_log /var/log/nginx/supp.example.com.access.log;
error_log /var/log/nginx/supp.example.com.error.log;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:3001;
proxy_redirect off;
}
}
I had a server on OVH and I migrated to azure, inside the app I had a wordpress that is in the main root, a subfolder with an app on Yii2 and another subfolder with an app on CodeIgniter, When I test the config, everything works fine, I used the testnew.example.com for test it, when I do the deploy and use www.example.com, I got Moved permantly 301 on main root (Wordpress site), the rest of apps works good.

nginx reverse proxy multidomain

i have some problem with my nginx configuration. I am new with nginx by the way ..
I want to host multiple websites on one single server. Ubuntu 16.04 installed.
Example:
www.myDomain.com - should point to a normal webroot equ: /var/www/html
wiki.myDomain.com - should reverse-proxy to my confluence application at localhost:8090
blog.myDomain.com - should point to another webroot equ: /var/www/blog
I tried to configure the base url = www.myDomain.com and the wiki reverse proxy.
My files look like this:
default:
server {
listen 80 default_server;
# listen [::]:80 default_server;
server_name myDomain.com www.myDomain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name myDomain.com www.myDomain.com
include snippets/ssl-www.myDomain.com.conf;
include snippets/ssl-params.conf;
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name myDomain.com www.myDomain.com;
location / {
allow all;
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location /phpmyadmin {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
}
my wiki.myDomain.com witht the reverse proxy:
server {
listen 80;
# listen [::]:80;
server_name wiki.myDomain.com;
return 301 https://$server_name$request_uri;
}
server {
listen wiki.myDomain.com:443 ssl;
# listen [::]:443;
add_header Strict-Transport-Security "max-age=31536000";
include snippets/ssl-wiki.myDomain.com.conf;
include snippets/ssl-params.conf;
# root /var/www/wiki.myDomain.com;
location /.well-known {
root /var/www/wiki.myDomain.com/;
# default_type text/plain;
}
location / {
client_max_body_size 100m;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8090;
}
location /synchrony {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8091/synchrony;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
So here my problem:
Wiki.myDomain.com is working fine !
www.eida.at is allways auto forwarding to https://wiki.myDomain.com for some reason
with www.myDomain.com i want to have a separate website - no forward to the wiki. Seems that the reverse proxy part is used any time - doesnt matter which url i choose.
Thanks for help !

Website and Piwik on same server produces 403

i've got a site on xyz.com and piwik on xyz.com/piwik. Piwik is running fine, but unfortunately not all data - requested by piwik - are handled by the server.
I've watched behaviour like:
xyz.com/piwik/ -> error
xyz.com/piwik/index.php -> is fine
xyz.com/piwik/?module=... -> error
nginx.conf
# Configuration containing list of application servers
upstream wsgi_cluster {
server ***.***.112.44:5000;
}
# Default server configuration
#
server {
listen 80;
error_log /var/log/nginx/http.error.log warn;
server_name xxx;
return 301 https://$server_name$request_uri;
}
# HTTPS server
server {
listen 443 ssl;
server_name xxx;
auth_basic "Restricted";
root /usr/share/nginx/html;
index index.html index.htm;
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
error_log /var/log/nginx/https.error.log warn;
charset utf-8;
location /piwik/ {
location ~ /piwik/(.*\.php)(/.*)?$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
#fastcgi_split_path_info ^(.+\.php)(/.+)$;
#fastcgi_pass unix:/var/run/php5-fpm.sock;
#fastcgi_index index.php;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
}
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 60s;
proxy_send_timeout 90s;
proxy_read_timeout 90s;
proxy_buffering off;
proxy_temp_file_write_size 64k;
proxy_pass http://wsgi_cluster;
proxy_redirect off;
}
# Deny certain User-Agents (case insensitive)
# The ~* makes it case insensitive as opposed to just a ~
if ($http_user_agent ~* "Baiduspider|Jullo|AcoiRobot" ) {
return 403;
}
error_page 502 /502.html;
location = /502.html {
root /etc/nginx/;
internal;
}
error_page 401 /401.html;
location = /401.html {
root /etc/nginx/;
internal;
}
}
my-site.conf
# Configuration containing list of application servers
upstream wsgi_cluster {
server ***.***.112.44:5000;
}
# Default server configuration
#
server {
listen 80;
error_log /var/log/nginx/http.error.log warn;
server_name xxx;
return 301 https://$server_name$request_uri;
}
# HTTPS server
server {
listen 443 ssl;
server_name xxx;
auth_basic "Restricted";
root /usr/share/nginx/html;
index index.html index.htm;
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
error_log /var/log/nginx/https.error.log warn;
charset utf-8;
location /piwik/ {
location ~ /piwik/(.*\.php)(/.*)?$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
#fastcgi_split_path_info ^(.+\.php)(/.+)$;
#fastcgi_pass unix:/var/run/php5-fpm.sock;
#fastcgi_index index.php;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
}
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 60s;
proxy_send_timeout 90s;
proxy_read_timeout 90s;
proxy_buffering off;
proxy_temp_file_write_size 64k;
proxy_pass http://wsgi_cluster;
proxy_redirect off;
}
# Deny certain User-Agents (case insensitive)
# The ~* makes it case insensitive as opposed to just a ~
if ($http_user_agent ~* "Baiduspider|Jullo|AcoiRobot" ) {
return 403;
}
error_page 502 /502.html;
location = /502.html {
root /etc/nginx/;
internal;
}
error_page 401 /401.html;
location = /401.html {
root /etc/nginx/;
internal;
}
}
You are missing any default action for the /piwik/ URI. Presumably, if no other matching file is found, you would like the /piwik/index.php URI to be tried. Add a try_files directive to the outer location block, for example:
location /piwik/ {
try_files $uri /piwik/index.php$is_args$args;
location ~ /piwik/(.*\.php)(/.*)?$ { ... }
}

nginx - proxy/rewrite based on location

I am trying to redirect all requests beginning with /api/ to a node server on localhost. I've been unable to get nginx to rewrite the request properly.
My server.conf (I included the whole file in case there is something conflicting I'm not noticing):
server {
listen 80;
root /var/www/sites/my.server;
index index.php index.html index.htm;
server_name .my.server;
access_log /var/log/nginx/my.server-access.log;
error_log /var/log/nginx/my.server-error.log;
location / {
try_files $uri $uri/ /index.html;
}
## Redirect api to node server
location /api {
rewrite ^/api/(.*)$ /$1 last;
proxy_pass http://127.0.0.1:3030/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/www;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
if (!-e $request_filename){
rewrite ^(.*)$ /index.php?q=$1 last;
break;
}
# SSL Related Setup
listen 443 ssl;
ssl on;
ssl_certificate /etc/ssl/certs/ssl-bundle.crt;
ssl_certificate_key /etc/ssl/private/my.server.key;
#enables all versions of TLS, but not SSLv2 or 3 which are weak and now deprecated.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#Disables all weak ciphers
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
}
Using this config, http://my.server/api is redirected properly to the node server, but http://my.server/api/jobs is not.
After much trial and error and searching, I found the following works:
location ^~ /api/ {
rewrite ^/api/(.*) /$1 break;
proxy_pass http://127.0.0.1:3030/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

Resources