Develop Reference

Nginx main domain requests getting forwarded to subdomain

I am trying to set up an angular app and a dotnet core web api on the digitalocean server. I have successfully configured the setting for these two ( at least I believe I did ). However there is this one problem - all the request whether that be maindomain.xyz or api.maindomain.xyz - every requests are handled by the api.maindomain.xyz configuration.
Is this an intended behaviour ? If its not, could you help me find a solution?
Here is the nginx configuration.
root#ubuntu-s-1vcpu-1gb-blr1-01:/etc/nginx/sites-enabled# sudo nginx -T
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
# configuration file /etc/nginx/sites-enabled/api.maindomain.xyz.conf:
server {
listen 80;
server_name api.maindomain.xyz;
return 301 https://$server_name$request_uri;
}
server {
listen 443;
server_name api.maindomain.xyz;
ssl_certificate /etc/letsencrypt/live/maindomain.xyz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/maindomain.xyz/privkey.pem;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
gzip on;
gzip_http_version 1.1;
gzip_vary on;
gzip_comp_level 6;
gzip_proxied any;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/javascript text/xml application/xml application/rss+xml ap
lication/atom+xml application/rdf+xml;
gzip_buffers 16 8k;
gzip_disable “MSIE [1-6].(?!.*SV1)”;
access_log /var/log/nginx/access.log;
location / {
proxy_pass https://localhost:5001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# configuration file /etc/nginx/sites-enabled/maindomain.xyz.conf:
server {
server_name maindomain.xyz;
listen 80;
listen [::]:80;
return 301 https://$server_name$request_uri;
root /var/www/html;
index index.html index.htm;
location ~* \.(?:html|js)$ {
expires -1;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
root /var/www/html;
index index.html index.htm;
ssl_certificate /etc/letsencrypt/live/maindomain.xyz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/maindomain.xyz/privkey.pem;
location ~* \.(?:html|js)$ {
expires -1;
}
}
Removed some configuration for brevity.

The problem is in the last server block, where server_name is missing.
This block should contain the following, for example below the listen lines:
server_name maindomain.xyz;

Nginx http to https redirect not working for some clients

I have configured nginx to redirect http to https for my site. Here is my configuration block:
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl on;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# ......
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
root /var/www/example;
index index.php index index.html index.htm;
server_name www.example.com example.com;
location / {
try_files $uri $uri/ =404;
}
gzip on;
gzip_disable "msie6";
gzip_comp_level 6;
gzip_min_length 1100;
gzip_buffers 16 8k;
gzip_proxied any;
gzip_types
text/plain
text/css
text/js
text/xml
text/javascript
application/javascript
application/x-javascript
application/json
application/xml
application/rss+xml
image/svg+xml;
gzip_vary on;
location ~* \.(jpg|jpeg|png|gif|ico|css|cur|js)$ {
expires 7d;
}
}
Http does not redirect to https for some clients and it takes long time with no response from server.But it redirects for some others! For example it does not work for my desktop browsers but redirects fine when accessed by my mobile browser.
This can be traced in nginx logs where there are 499 error codes for those than do not redirect and there are 301 codes for those that redirect.
Of course everything is fine on every browser when accessed directly from https.

How can I redirect non-www to www in https NGINX

I have a question related with Nginx redirects
Bellow you can see configurations.
My goal is to redirect from https://example.com to https://www.example.com
I looked through almost all in stackoverflow and I didn't find any help. Please help me with this issue. I will provide all necessary information about my Nginx Web Server.
I hope you will help me, with this difficult question.
My file nginx.conf looks like there:
user www-data;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 768;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_names_hash_bucket_size 64;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_static on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 9;
# gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xm$
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
My file /etc/nginx/sites-enabled/example:
server {
listen 80;
server_name example.com www.example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl;
server_name www.example.com;
ssl_stapling on;
ssl on;
ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem; # managed by Certbot
root /var/www/example/public;
index ../views/index.html;
location /img/ {
proxy_pass http://127.0.0.1:3010;
proxy_cache off;
proxy_cache_key "$proxy_host$uri$is_args$args";
}
location / {
proxy_pass http://127.0.0.1:3010;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|css|js|html)$ {
root /var/www/example/public;
expires 1y;
access_log off;
add_header Cache-Control "public";
}
}

Just create a server for non-www requests, for example:
# redirect http to https
server {
listen 80;
server_name www.example.com example.com;
return 301 https://www.example.com$request_uri;
}
# redirect http://example.com to https://www.example.com
server {
listen 443 ssl;
server_name example.com;
# ssl ...
return 301 https://www.example.com$request_uri;
}
# https://www.example.com
server {
listen 443 ssl;
server_name www.example.com;
# ssl ...
}
The DNS records for example.com and www.example.com should be pointing to your Nginx server

Quick instruction for redirect and also for ssl
Don't write all conf all your sites in one file nginx.conf. Separate these. You have two folders for it /etc/nginx/sites-available/ and /etc/nginx/sites-enabled/
Add file for your site for example /etc/nginx/sites-available/example
Make link ln -s /etc/nginx/sites-enabled/example
To this conf file paste text below:
server {
listen 80;
server_name example.com www.cova.company;
return 301 https://www.example.company$request_uri;
}
server {
listen 443 ssl;
server_name www.example.com;
ssl_stapling on;
ssl on;
ssl_certificate /etc/letsencrypt/live/www.site.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.site.com/privkey.pem;
# your location there a
}
In you nginx.conf ypu already have row include /etc/nginx/sites-enabled/*; it means automatically take all of their sites configs from folder sites-enabled
After it check syntax with command nginx -t and reload your nginx with command systemctl reload nginx
And after all off this who call your site via http://example.com or https://example.com will be redirected to https://www.example.com

http to https redirection on nginx

I have a website running on EC2 machine behind an Amazon ELB.
I have configured SSL on ELB hence its handling http as well as https for me.
All requests on https works perfectly. But I want to force(redirect) http requests to https. For some reason, it does not work
I have added redirect rule in nginx but whenever I enable that rule, the nginx server stops responding.
server {
listen 80;
server_name domain1.com;
gzip on;
gzip_proxied any;
gzip_types text/plain text/xml text/css application/x-javascript;
gzip_vary on;
access_log /var/log/nginx/domain1.access.log;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:4000/;
### Redirect http to https ####
if ($http_x_forwarded_proto != "https") {
rewrite ^(.*)$ https://$server_name$1 permanent;
}
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;";
}
}
Here is the configuration of Load Balancer:
Please help me where I am going wrong with the configuration.
TIA.

Try the following:
server {
listen 80;
listen [::]:80;
server_name domain1.com;
return 301 https://$host$request_uri;
}

I propose this code. Teste on my VPS, but not Amazon ELB
server {
server_name example.com www.example.com;
listen 80;
return 301 https://example.com$request_uri;
}
server {
server_name example.com;
root /home/user/www/example/;
include global.conf;
include php.conf;
include ssl.conf;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
}
server{
server_name www.example.com;
include ssl.conf;
return 301 https://example.com$request_uri;
ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;
}
File ssl.conf containt:
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AES$
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;

Open site both on site.name and www.site.name

I tried to achieve this as described in the manual (server_name .site.name), but it not seem to work (404 Not found). Can I do this without redirecting?
Here is the config.
server {
listen 80;
listen 443 ssl;
server_name .site.name;
ssl_certificate certs/mshop-production.crt;
ssl_certificate_key certs/mshop-production.key;
passenger_set_cgi_param HTTP_X_FORWARDED_PROTO $scheme;
error_log /var/log/nginx/mshop-production.error.log error;
access_log /var/log/nginx/mshop-production.access.log;
root /home/deployer/apps/production/mshop/current/public;
passenger_enabled on;
rails_env production;
gzip on;
gzip_types application/x-javascript application/javascript text/javascript text/css;
client_max_body_size 50m;
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires 1M;
}
}

why not modify your A query record in your domain-name server?
I think it is more simple for you .

server_name server.name www.server.name;
would do. You can also use wildcards
server_name server.name *.server.name;