Develop Reference

is it possible to config nginx certificate in public file

Now this is my nginx server config:
server{
listen 443;
ssl_certificate /etc/nginx/conf.d/cert/example.com/fullchain1.pem;
ssl_certificate_key /etc/nginx/conf.d/cert/example.com/privkey1.pem;
server_name super.example.com;
#rewrite ^(.*)$ https://${server_name}$1 permanent;
root /usr/share/nginx/html/pc-super-frontend-fat;
location / {
try_files $uri /index.html;
index index.html index.htm;
}
location ^~ /service/ {
proxy_pass http://k8s-edge-node/;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
in every server config file, it contains certificate config:
ssl_certificate /etc/nginx/conf.d/cert/example.com/fullchain1.pem;
ssl_certificate_key /etc/nginx/conf.d/cert/example.com/privkey1.pem;
because I have more than 50 sub domains, if change the certificate, it should change more than 100 files config(80 + 443). is it possible to make the certificate config to a seperate file and just reference it in server config file?

nginx: how to divide /etc/nginx/conf.d/default.conf ?

looking for a way to divide /etc/nginx/conf.d/default.conf, something like per site. Any idea?
current file looks like this:
upstream Master_MAT {
server 172.18.0.3:8080;
}
upstream Master_PAT {
server 172.18.0.4:8080;
}
server {
listen 80;
server_name localhost;
#charset koi8-r;
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log warn;
root /etc/nginx/html;
index index.html index.php;
#charset koi8-r;
location / {
root /etc/nginx/html;
try_files $uri /$uri $uri/ =404;
}
location /Master_MAT {
proxy_set_header Host $proxy_host;
proxy_pass http://Master_MAT/Master_MAT;
# proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /Master_PAT {
proxy_set_header Host $proxy_host;
proxy_pass http://Master_PAT/Master_PAT;
# proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Is there a way to put the Master_MAT in different file? Tried to use 'include' yet failed.
THX

Most people recommend using the sites-enabled and sites-available approach:
http {
…
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
Now you can leave 'disabled' sites in sites-available and move them into the sites-enabled folder when you want it to be in use.
This is a wildcard so you can just create new .conf files for each site and it will load them automatically.
Here's an example of what would go inside /etc/nginx/sites-available/example.com
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
try_files $uri $uri/ =404;
}
}

Nginx configuratie redirect http to https for only one domain

In the beginning of my Nginx .conf file I have added the following redirect:
server {
listen 80;
listen [::]:80;
server_name *.a-domain.nl;
return 301 https://$host$request_uri;
}
server {
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
listen 443;
listen [::]:443 ipv6only=on;
server_name *.a-domain.nl;
ssl on;
ssl_certificate /etc/ssl/b-domain.crt;
ssl_certificate_key /etc/ssl/b-domain.key;
location ~* \.(ogg|ogv|svgz|mp4|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|html|txt|htm)$ {
root /var/www/html/mtcore/web;
try_files $uri $uri/ $uri.html =404;
}
location / {
proxy_pass http://127.0.0.1;
proxy_http_version 1.1;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
}
}
server {
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
listen 80;
listen [::]:80 ipv6only=on;
server_name _;
location ~* \.(ogg|ogv|svgz|mp4|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|html|txt|htm)$ {
root /var/www/html/mtcore/web;
try_files $uri $uri/ $uri.html =404;
}
location / {
proxy_pass http://127.0.0.1;
proxy_http_version 1.1;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
}
}
Only when I open in an browser the following domain www.b-domain.nl that is served on the same server, the Nginx also redirects it to https. I would expect that Nginx only redirects www.a-domain.nl?

The first server block is the implicit default server for port 80, so it gets to process all http requests irrespective of server name. The third server block would only match the server name _, which is either illegal or unlikely.
To make another server block the default, use default_server option on the listen directive.
See this document for more.

nginx reverse proxy multidomain

i have some problem with my nginx configuration. I am new with nginx by the way ..
I want to host multiple websites on one single server. Ubuntu 16.04 installed.
Example:
www.myDomain.com - should point to a normal webroot equ: /var/www/html
wiki.myDomain.com - should reverse-proxy to my confluence application at localhost:8090
blog.myDomain.com - should point to another webroot equ: /var/www/blog
I tried to configure the base url = www.myDomain.com and the wiki reverse proxy.
My files look like this:
default:
server {
listen 80 default_server;
# listen [::]:80 default_server;
server_name myDomain.com www.myDomain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name myDomain.com www.myDomain.com
include snippets/ssl-www.myDomain.com.conf;
include snippets/ssl-params.conf;
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name myDomain.com www.myDomain.com;
location / {
allow all;
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location /phpmyadmin {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
}
my wiki.myDomain.com witht the reverse proxy:
server {
listen 80;
# listen [::]:80;
server_name wiki.myDomain.com;
return 301 https://$server_name$request_uri;
}
server {
listen wiki.myDomain.com:443 ssl;
# listen [::]:443;
add_header Strict-Transport-Security "max-age=31536000";
include snippets/ssl-wiki.myDomain.com.conf;
include snippets/ssl-params.conf;
# root /var/www/wiki.myDomain.com;
location /.well-known {
root /var/www/wiki.myDomain.com/;
# default_type text/plain;
}
location / {
client_max_body_size 100m;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8090;
}
location /synchrony {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8091/synchrony;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
So here my problem:
Wiki.myDomain.com is working fine !
www.eida.at is allways auto forwarding to https://wiki.myDomain.com for some reason
with www.myDomain.com i want to have a separate website - no forward to the wiki. Seems that the reverse proxy part is used any time - doesnt matter which url i choose.
Thanks for help !

cannot match a server with double Ip address

I have a server with two ip: when i use nginx as Reverse Proxy for jboss7，
in order to prevent direct access use ip address,(we have configured the dns),
i use configuration bellow:
# You may add here yourdefault_server;
# server {
#
server {
listen *:80;
server_name _;
return 404;
}
server {
listen 80;
listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/html;
index index.html index.htm;
server_name www.shikuaigou.com localhost;
charset utf-8;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_pass http://jboss;
}
location /doc/ {
alias /usr/share/doc/;
autoindex on;
allow 127.0.0.1;
allow ::1;
deny all;
}
}
server {
listen 80;
server_name example.com;
rewrite "^/(.*)$" http://www.example.com/$1 permanent;
}
server {
listen 12.34.56.78;
server_name www.example.com;
root /usr/share/nginx/html;
index index.html index.htm;
location / {
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_pass http://jboss;
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# try_files $uri $uri/ /index.html;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
}
but only on ip can matche the server whitch return 404,the other one cannot match the
configuration server_name _;
which cause this?

Because you have listen 12.34.56.78; so nginx chooses this server to process requests on 12.34.56.78, since it is more specific for that IP.
Please, also note that server_name _; actually means nothing, except an incorrect domain name.
Reference:
Server names
How nginx processes a request
The listen directive