It works from outside (ipv4).
My nginx configuration has to be messed up, since when I browse for 192.168.xxx.xxx (address of my webserver), I get forwarded to my homepage's DNS. Even if I use "localhost" or "0.0.0.0" in my browser bar on the webserver itself, it doesn't work.
Can anyone tell me how to properly solve this? If I insert anything else than "cooldomain.com", it won't be reachable from the outside, right? But there has to be a solution.
The nginx server is running in a docker container, which is based on the official nginx image.
This is my nginx config file:
server {
listen 80;
listen 443 ssl http2;
server_name cooldomain.com;
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers On;
ssl_certificate /usr/share/nginx/fullchain.pem;
ssl_certificate_key /usr/share/nginx/privkey.pem;
ssl_trusted_certificate /usr/share/nginx/chain.pem;
ssl_session_cache shared:SSL:128m;
add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
ssl_stapling on;
ssl_stapling_verify on;
# Your favorite resolver may be used instead of the Google one below
# resolver 8.8.8.8;
# /usr/share/nginx/html;
# index index.html;
# charset koi8-r;
# access_log /var/log/nginx/host.access.log main;
location / {
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
root /usr/share/nginx/html;
# index index.html index.htm;
try_files $uri$args $uri$args/ /index.html;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
Edit:
Output of docker ps:
faXXXXX nginx "nginx -g 'daemon off" 14 minutes ago, up 14 minutes 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp webserver
(this is sadly not a copy paste)
Output of curl -v http://127.0.0.1:
$ curl -v http://127.0.0.1
Rebuilt URL to: http://127.0.0.1/
Trying 127.0.0.1...
Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)
GET / HTTP/1.1
Host: 127.0.0.1
User-Agent: curl/7.47.0
Accept:
HTTP/1.1 301 Moved Permanently
Server: nginx/1.13.3
Date: Wed, 20 Sep 2017 15:46:55 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: https://cooldomain.com/
Strict-Transport-Security: max-age=31557600; includeSubDomains
Connection #0 to host 127.0.0.1 left intact
I managed to workaround it. I don't know if this is the right way to do it, but it does the job.
I added another server-block before my server block, which has the default_server prefix.
If you have a better idea, feel free to write an answer. :)
This is how my config file looks now. Pay attention to the first block:
server {
listen 80;
server_name 127.0.0.1 default_server;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
server {
listen 80;
listen 443 ssl http2;
server_name cooldomain.com;
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers On;
ssl_certificate /usr/share/nginx/fullchain.pem;
ssl_certificate_key /usr/share/nginx/privkey.pem;
ssl_trusted_certificate /usr/share/nginx/chain.pem;
ssl_session_cache shared:SSL:128m;
add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
ssl_stapling on;
ssl_stapling_verify on;
# Your favorite resolver may be used instead of the Google one below
# resolver 8.8.8.8;
# /usr/share/nginx/html;
# index index.html;
# charset koi8-r;
# access_log /var/log/nginx/host.access.log main;
location / {
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
root /usr/share/nginx/html;
# index index.html index.htm;
try_files $uri$args $uri$args/ /index.html;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
Related
For some reason I can't get this simple thing to work: https://www.nginx.com/blog/creating-nginx-rewrite-rules/
I have this:
`# cat sites-available/custom_default
server {
listen 80;
listen [::]:80;
server_name _;
include hardening;
location /.well-known/acme-challenge/ {
root /var/www/acme-challenge/;
default_type "text/plain";
}
location / {
return 301 https://$host$request_uri;
}
}`
Which provides the ACME well-known dir over port 80 and then redirects everything else to port 443.
Then I have a bunch of vhosts:
`# ll sites-enabled/
total 0
lrwxrwxrwx 1 root root 35 sep 5 15:15 chapters -> /etc/nginx/sites-available/chapters
lrwxrwxrwx 1 root root 41 jul 15 09:21 custom_default -> /etc/nginx/sites-available/custom_default
lrwxrwxrwx 1 root root 36 jul 15 12:24 discourse -> /etc/nginx/sites-available/discourse
lrwxrwxrwx 1 root root 30 sep 5 15:15 map -> /etc/nginx/sites-available/map`
I first want to change the domain of chapters:
`# cat sites-enabled/chapters
server {
server_name chapters.example.community;
return 302 https://chapters.example.one$request_uri;
}
server {
server_name chapters.example.one;
ssl_certificate /etc/letsencrypt/live/chapters.example.community/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/chapters.example.community/privkey.pem;
include tls_params;
include hardening;
location ~ /(emoji.css|index.html|list.js|main.js|resources|robots.txt|script.js|style.min.css|errorpages/example-logo.png|errorpages/sob.png|errorpages/generic_offline.html) {
limit_except GET HEAD { deny all; }
root /var/www/chapters;
error_page 403 404 502 =404 /errorpages/generic_offline.html;
}
location /errorpages/ {
alias /var/www/errorpages/;
}
location ~* \.(css|gif|jpg|js|png|ico|otf|sng|xls|doc|exe|jpeg|tgx)$ {
access_log off;
expires 1d;
}
}`
For some reason this doesn't work, maybe I'm too used to Apache. I'm expecting the first server block to listen to the old domain, then redirect to the new domain. The next server block then listens to the new domain and serves the website. But now both domains work just fine, and the old domain does not redirect traffic to the new domain.
For full context, here are the included configs:
`# cat tls_params
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=63072000" always;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;`
`# cat hardening
server_tokens off;`
If I put both server names in one server block and the redirect to the new domain, I get an infinite redirect loop. My guess is that it may have to do with my custom_default block. Any thoughts?
i want to redirect only my homepage to another domain -no subdomain or files should redirect
for eg: https://example.com should redirect to https://nmg.com
but https://subdomain.example.com should not redirect Also https://example.com/subfolders should not redirect i tried searching but endup with redirecting domain + subdomain both. Any help will be apprecialted
Am noob & having this config :
server
{
listen 80;
listen 443 ssl http2;
server_name example.com *.example.com;
index index.php index.html index.htm default.php default.htm default.html;
root /www/wwwroot/example;
#SSL-START SSL related configuration, do NOT delete or modify the next line of commented-out 404 rules
#error_page 404/404.html;
#HTTP_TO_HTTPS_START
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
#HTTP_TO_HTTPS_END
ssl_certificate /www/server/panel/vhost/cert/example.com/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/example.com/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497 https://$host$request_uri;
#SSL-END
#ERROR-PAGE-START Error page configuration, allowed to be commented, deleted or modified
#error_page 404 /404.html;
#error_page 502 /502.html;
#ERROR-PAGE-END
#PHP-INFO-START PHP reference configuration, allowed to be commented, deleted or modified
include enable-php-80.conf;
#PHP-INFO-END
#REWRITE-START URL rewrite rule reference, any modification will invalidate the rewrite rules set by the panel
include /www/server/panel/vhost/rewrite/example.com.conf;
#REWRITE-END
# Forbidden files or directories
location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
index index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# Directory verification related settings for one-click application for SSL certificate
location ~ \.well-known{
allow all;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
error_log /dev/null;
access_log off;
}
location ~ .*\.(js|css)?$
{
expires 12h;
error_log /dev/null;
access_log off;
}
access_log /www/wwwlogs/example.com.log;
error_log /www/wwwlogs/example.com.error.log;
}
Instead of
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
You can try (in the following order):
set $joined $host$uri;
if ($joined = example.com/) {
return 301 https://nmg.com/;
}
if ($scheme = http) {
return 301 https://$host$request_uri;
}
I have a React app that runs on https://localhost:3000.
I have a domain like https://example.com/some/path.
When I enter https://example.com/some/path into my browser, I'd like it to redirect to https://localhost:3000. So the way I've seen this possible is using a reverse proxy and I'm trying to nginx setup to do so.
However I keep facing in an issue that I need include the port number when I go to the full url for example: https://example.com:3000/some/path.
How do i prevent this from happening? i.e. I'd like to just enter https://example.com/some/path.
My nginx conf file looks like this:
#user nobody;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 443 ssl;
server_name example.com;
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
location /some/path {
return 301 $scheme://localhost:3000$request_uri;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 3000 ssl;
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
server_name localhost;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
location / {
proxy_pass https://localhost:3000;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
include servers/*;
}
And in my hosts file I have the line:
127.0.0.1 example.com
Even if I keep it simple and have only one server section with location like:
location /some/path {
proxy_pass https://localhost:3000;
}
That kind of works - however looking at the console the assets themselves don't load https://example.com/static/js/bundle.js when it needs to be https://example.com:3000/static/js/bundle.js
Any help would be appreciated.
I am trying to serve a static index html and would upgrade http request to https. Let's say that the file below is bursan. Weirdly so when I have another file, pointing to another domain name, siosan but I managed to get it working. For bursan, I keep getting 301s.
server {
listen 80;
server_name bursan.co.uk;
return 301 https://bursan.co.uk$request_uri;
}
server {
listen 443 ssl;
root /var/www/html/bursan;
index index.html;
server_name bursan.co.uk;
ssl_certificate /etc/nginx/ssl/bursan.crt;
ssl_certificate_key /etc/nginx/ssl/bursan.key;
add_header Strict-Transport-Security "max-age=31536000";
# Set up preferred protocols and ciphers. TLS1.2 is required for HTTP/2
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
# This is a cache for SSL connections
ssl_session_cache shared:SSL:2m;
ssl_session_timeout 60m;
location / {
try_files $uri $uri/ /index.html;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
What if you try
listen 443 ssl default_server;
instead of
listen 443 ssl;
(don't forget to reload the conf and to test it with incognito window to avoid cache issues)
I'm deploying a Rails application on personal server using Nginx, phusion_passenger. I've site configuration file with following server blocks. With this configuration my https://192.168.1.121 service works but my connection doesn't redirect from http://192.168.1.121. What am I doing wrong? I really appreciate any help, please.
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
# Make site accessible from http://localhost/
#server_name 192.168.1.121;
server_name mydomain.com www.mydomain.com
return 301 https://$server_name$request_uri;
}
server {
# Make site accessible from http://localhost/
listen 443 ssl default;
#server_name 192.168.1.121;
server_name mydomain.com www.mydomain.com
# Certificate details
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
passenger_enabled on;
rails_env production;
root /home/deploy/www/myapplication/current/public;
index index.html index.htm;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
semi-colon is missing at end of server_name variable for http as well as https:
server_name mydomain.com www.mydomain.com;