Wordpress install on LEMP -> NET::ERR_CERT_COMMON_NAME_INVALID - wordpress

On my server I have 4 services running (my web page, plex...). I wanted to install WP on this one as a dev server.
All my previous services got their SSL certificate thanks to Let's Encrypt.
I set up WP for http only so I don't know why my browser tells me :
Your connexion is note private [...] NET::ERR_CERT_COMMON_NAME_INVALID
my nginx file :
server {
listen 80;
listen [::]:80;
server_name w.gfelot.xyz www.w.gfelot.xyz;
root /var/www/wp/;
index index.php;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
}
Any idea ?
EDIT:
Thanks to Richard Smith I update my server block
server {
listen 80;
listen [::]:80;
server_name www.w.gfelot.xyz w.gfelot.xyz;
return 301 https://w.gfelot.xyz$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
include snippets/ssl-gfelot.conf;
include snippets/ssl-params.conf;
server_name w.gfelot.xyz;
...
But I got the same result.

Related

nginx - Disable HTTPS redirection for specific URL

I have nginx setup to redirect all HTTP requests to HTTPS like so:
# Redirect every request to HTTPS...
server {
listen 80;
listen [::]:80;
server_name .sub.example.com;
return 301 https://$host$request_uri;
}
I have a requirement for a specific route to not be forced to HTTPS /iot/{token}/weather.
I tried updating the nginx config like so:
# Redirect every request to HTTPS...
server {
listen 80;
listen [::]:80;
location ~* ^/iot/[0-9a-z]/weather$ {
break;
}
server_name .sub.example.com;
return 301 https://$host$request_uri;
}
However the HTTP request was still being forced to HTTPS.
So I tried doing this:
# Redirect every request to HTTPS...
server {
listen 80;
listen [::]:80;
server_name .sub.example.com;
location ~* ^/iot/[0-9a-z]/weather$ {
break;
}
location / {
return 301 https://$host$request_uri;
}
}
However this still isn't working.
The above is the only file imported in the before section below:
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/sub.example.com/before/*;
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name sub.example.com;
root /home/forge/sub.example.com/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/sub.example.com/467330/server.crt;
ssl_certificate_key /etc/nginx/ssl/sub.example.com/467330/server.key;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/sub.example.com/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/sub.example.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/sub.example.com/after/*;
I'd appreciate some help setting this up so that I can specify a URL to match that should not be redirected to HTTPS and then have all other URLs redirect to HTTPS.

WordPress + Nginx + Cloudflare - Not loading properly

I am trying to get Nginx, WordPress, and Cloudflare all working together. All pages outside of the home page (which isn't loading CSS of JS it seems) redirect to the IP of the droplet it's on, and throwing an error since its not secure. Any help would be most appreciated, I've now exhausted all the fixes found here and still have made no progress.
server {
listen 80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl on;
ssl_certificate /etc/ssl/certs/cert.pem;
ssl_certificate_key /etc/ssl/private/key.pem;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_client_certificate /etc/ssl/certs/cloudflare.crt;
ssl_verify_client on;
access_log /var/log/nginx/main.access.log;
error_log /var/log/nginx/main.error.log;
server_name example.com www.example.com;
root /var/www/core;
index index.php;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
location / {
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php$is_args$args;
}
}
Looking to get Wordpress properly loading the https through Cloudflare.

Nginx cannot open files but files exist

I'm working on a symfony 4 application. Website works with a let's encrypt certificate in a docker container.
I have an issue with assets links :
<script src="/build/js/app.js"></script>
Link is good, but I have this issue :
nginx issue
App.js path :
app.js path
My nginx configuration :
server {
listen 80;
server_name esgi.be;
location ^~ /.well-known {
allow all;
root /var/www/symfony/;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name esgi.be;
ssl on;
ssl_certificate /etc/letsencrypt/live/esgi.be/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/esgi.be/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/esgi.be/chain.pem;
access_log /dev/stdout;
error_log /dev/stderr info;
root /var/www/symfony/public;
location ^~ /build/ {
alias /var/www/symfony/public/build/;
gzip_static on;
expires max;
add_header Cache-Control public;
}
location / {
try_files $uri /index.php$is_args$args;
}
location ~ ^/index\.php(/|$) {
include fastcgi.conf;
fastcgi_pass php-upstream;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
internal;
}
}
What can I do to fix that ?
Thanks for your help!

How to disable ssl on particular url on nginx

I need help with some nginx configuration. So please help. So here is my situation.
my domain: rtechmedia.com
1) I want all the request of http:// www.rtechmedia.com redirect to https:// www.rtechmedia.com
2) I want all the request of https:// rtechmedia.com to https:// www.rtechmedia.com
3) But i want that the style folder and its content located at www.rtechmedia.com/styles/* should redirect to http:// www.rtechmedia.com/styles/* instead of https:// www.rtechmedia.com/styles/*
I am noob in nginx so please give in details. And note i put space in url because of low reputation. So ignore it
I am able to achieve 1) and 2) but not 3 so help me with that.
server {
listen 80;
server_name www.rtechmedia.com;
return 301 https://www.rtechmedia.com$request_uri;
}
server {
listen 80;
server_name rtechmedia.com;
return 301 https://www.rtechmedia.com$request_uri;
}
server {
listen 443 ssl;
server_name www.rtechmedia.com;
root /home/forge/www.rtechmedia.com;
ssl_certificate /etc/nginx/ssl/www.rtechmedia.com/11369/server.crt;
ssl_certificate_key /etc/nginx/ssl/www.rtechmedia.com/11369/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/www.rtechmedia.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}

Cannot enter admin section in opencart nginx

I have transferred by Opencart websites from Apache to Nginx.In Apache everything was working fine,in Nginx I am unable to enter the admin section despite the correct password and keeps on showing the login page with every subsequent attempt.Besides that the addtocart button doesn't react.The config file seems ok.I have tried different options nothing has help so far.Any help will be appreciated.
Thanks.
server {
listen 80;
server_name opencart.local;
return 301 $scheme://www.opencart.local$request_uri;
}
server {
listen 80; # listen for ipv4; this line is default and implied
server_name www.opencart.local;
root /home/arch/mysites/opencart;
index index.php index.html index.htm;
charset UTF-8;
#autoindex off;
access_log /var/log/nginx/opencart.local.access.log;
error_log /var/log/nginx/opencart.local.error.log;
# Add trailing slash to */admin requests.
rewrite /admin$ $scheme://$host$uri/ permanent;
location /image/data {
autoindex on;
}
location /admin {
index index.php;
}
location / {
try_files $uri #opencart;
}
location #opencart {
rewrite ^/(.+)$ /index.php?_route_=$1 last;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make sure files with the following extensions do not get loaded by nginx
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location ~* \.(jpg|jpeg|png|gif|css|js|ico)$ {
expires max;
log_not_found off;
}
location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
I have found the solution.Actually there are several vhosts named as opencart.local in my /etc/hosts file as under.
127.0.0.1 opencart.local opencart
127.0.0.1 opencart1.local opencart1
In my config file I removed the first server section:
server {
listen 80;
server_name opencart.local;
return 301 $scheme://www.opencart.local$request_uri;
}
In the next section I wrote:
server {
listen 80; # listen for ipv4; this line is default and implied
server_name opencart.local www.opencart.local; <---
root /home/arch/mysites/opencart;
index index.php index.html
It was probably the result of how host names where specified in /etc/hosts file.Now I can enter the admin section and the addtocart button also works.

Resources