As a test, I enabled the nginx status page as per these articles
server {
listen 80;
#listen on any host name
server_name _;
location /status {
stub_status on;
access_log off;
}
access_log /var/log/nginx/$host-access.log;
error_log /var/log/nginx/monitor-error.log;
}
I'm normally running a wordpress site, and redirecting any http request to an https request:
server {
server_name _;
listen 80;
return 301 https://$host$request_uri;
}
I have several https server blocks, one for each dns which has it's own server cert.
Is there some way of combining the two server blocks above, so that normally an http request will redirect to https, but if the /status url is used, it will activate the nginx status page?
You need do something like below
server {
server_name _;
listen 80;
location = /status {
stub_status on;
access_log off;
}
location / {
return 301 https://$host$request_uri;
}
access_log /var/log/nginx/$host-access.log;
error_log /var/log/nginx/monitor-error.log;
}
So in case of /status no redirection will happen. In rest cases it will just do the https redirect
Related
I have an nginx conf:
ssl_certificate /etc/letsencrypt/live/collabora.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/collabora.example.com/privkey.pem;
server {
listen 80;
server_name www.collabora.example.com;
server_name collabora.example.com;
return 301 https://collabora.example.com$request_uri;
}
server {
listen 443 ssl;
server_name www.collabora.example.com;
return 301 $scheme://collabora.example.com$request_uri;
}
server {
listen 443 ssl;
server_name collabora.example.com;
location / {
proxy_pass http://collabora:9980;
access_log off;
proxy_set_header Host $host;
}
With this set up the following redirects function as desired:
www.collabora.example.com redirects to https://collabora.example.com
collabora.example.com redirects to https://collabora.example.com
However, this redirect does not occur, ssl www to non www:
https://www.collabora.example.com : no redirect, instead site cert warning.
How can I adjust my blocks so that https://www.collabora.example.com redirects to https://collabora.example.com?
Lets encrypt lets you create certificates which are valid for more than one URL.
You could try to create a certificate (or update yours) with the www. and normal version of your website.
This answer is based on the questions asked by #richardSmith.
I have the Nginx config as below, I'm trying to redirect
https://example.com
to
https://www.example.com
But when I enter
https://example.com
in the browser, I don't see the redirect. Anything idea?
server {
listen 443;
server_name example.com;
ssl on;
ssl_certificate /etc/nginx/conf.d/mynginx.crt;
ssl_certificate_key /etc/nginx/conf.d/mynginx.key;
return 301 https://www.example.com$request_uri;
}
server {
listen 443;
server_name www.example.com;
ssl on;
ssl_certificate /etc/nginx/conf.d/mynginx.crt;
ssl_certificate_key /etc/nginx/conf.d/mynginx.key;
location /media {
alias /media; # your Django project media files - amend as required
}
location /static {
alias /static; # your Django project static files - amend as required
}
location / {
proxy_pass http://web/;
}
}
I would like to redirect my website after entering www.lombo.pl to only lombo.pl (with SSL certificate).
Now when something write www.lombo.pl it does not redirect. I tried to change my nginx file but still to no avail. The user can visit my website via www.lombo.pl (which at the same time shows an error because I do not have a SSL certificate configured for this domain).
upstream app_server {
server unix:/home/app/run/gunicorn.sock fail_timeout=0;
}
server {
#listen 80;
# add here the ip address of your server
# or a domain pointing to that ip (like example.com or www.example.com)
listen 443 ssl;
server_name lombo.pl;
ssl_certificate /etc/letsencrypt/live/lombo.pl/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/lombo.pl/privkey.pem;
server_name 157.245.228.127;
keepalive_timeout 5;
client_max_body_size 4G;
access_log /home/app/logs/nginx-access.log;
error_log /home/app/logs/nginx-error.log;
location /static/ {
alias /home/app/static/;
}
# checks for static file, if not found proxy to app
location / {
try_files $uri #proxy_to_app;
}
location #proxy_to_app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_server;
}
}
server {
listen 80;
server_name lombo.pl;
return 301 https://$host$request_uri;
}
server {
listen 80;
server_name www.lombo.pl;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name www.lombo.pl;
return 301 https://$host$request_uri;
}
I have an Nginx setup whereby I included a file with whitelisted IPs that can access my site's admin portal admin.site.com. Usually all users are redirected to to site.com if the response is 403 or 404 i.e. if their IP is not in the whitelist. Here is what I have
server {
# listen on port 80 (http)
listen 80;
server_name admin.site.com;
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/.well-known/acme-challenge/;
default_type "text/plain";
try_files $uri =404;
}
location / {
# redirect any requests to the same URL but on https
return 301 https://$host$request_uri;
}
}
server {
# listen on port 443 (https)
listen 443 http2 ssl;
server_name admin.site.com;
root /var/www/admin.site.com/site-frontend/;
index index.html;
location / {
include /etc/nginx/snippets/whitelist.conf;
error_page 403 404 =301 site.com;
}
# location of SSL certificate
ssl_certificate /etc/some/path/admin.site.com/fullchain.pem;
ssl_certificate_key /etc/some/path/admin.site.com/privkey.pem;
...
...
...
How do I allow unfiltered traffic to certain endpoints e.g. site.com/api/no-filters for all traffic?
I want to allow traffic only from 10.10.10.94.
If I browse:
http://IP/api:5006 (from any machine other than allow), I'm getting access denied and it works as it should.
http://IP:5007 I get web page (although no data shown in WEB page - page should some graphs from allowed host only).
PROBLEM:
For /api location access works fine, it's allowed only from allowed IP, but for / no restrictions, can access from any IP.
server {
listen 80;
listen [::]:80;
server_name example.com;
client_max_body_size 16M;
return 301 https://$host$request_uri;
}
server {
listen 443 http2 ssl;
listen [::]:443 http2 ssl;
server_name example.com;
client_max_body_size 16M;
ssl_certificate /etc/ssl/certs/star.pem;
ssl_certificate_key /etc/ssl/private/star.key;
location / {
allow 10.10.10.94;
deny 10.10.0.0/16;
proxy_pass http://127.0.0.1:5007/;
}
location /api/ {
allow 10.10.10.94;
deny 10.10.0.0/16;
proxy_pass http://127.0.0.1:5006/;
}
}
Try this location:
location / {
allow 10.10.10.94/32;
deny all;
proxy_pass http://127.0.0.1:5007/;
}
location /api/ {
allow 10.10.10.94/32;
deny all;
proxy_pass http://127.0.0.1:5006/;
}