Error redirecting non-www to https - http

i wanna redirect al to https://example.com
This redirections works fine:
http://www.example.com -> https://example.com
https://www.example.com -> https://example.com
but this dont work:
http://example.com -> https://example.com
this is my nginx complete config:
server {
server_name www.example.com;
return 301 https://example.com$request_uri;
}
server {
listen 80; ## listen for ipv4; this line is default and implied
listen [::]:80 default_server ipv6only=on; ## listen for ipv6
root /var/www/laravel/public;
index index.php index.html index.htm;
server_name example.com;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location /doc/ {
alias /usr/share/doc/;
autoindex on;
allow 127.0.0.1;
allow ::1;
deny all;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/www;
}
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 443 ssl;
server_name example.com;
add_header Strict-Transport-Security "max-age=31536000";
ssl_certificate /home/user/example.com.chained.crt;
ssl_certificate_key /home/user/example.com.key;
}
i see a lot of example to redirect that but the server goes to the error 500 and too many redirections.

Add example.com to server_name
Hope that helps.

Related

NGINX Mulitple SSL certificates with one ip, different roots and domains

I'm trying to configure nginx with two domains, each with a different ssl certificate and a different root location.
The following code shows two times the exact same thing.
domain1.com should go to /home/ubuntu/web/html/domain1 and should use this: /etc/letsencrypt/live/domain1.com/fullchain.pem certificate. domain2.com should go to /home/ubuntu/web/html/domain2 and use this /etc/letsencrypt/live/domain2.com/fullchain.pem certificate.
I tried the following:
server {
listen 80;
server_name www.domain1.com;
return 301 https://domain1.com$request_uri;
}
server {
listen 80;
server_name domain1.com;
return 301 https://domain1.com$request_uri;
}
server {
listen 443;
ssl on;
ssl_certificate /etc/letsencrypt/live/domain1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain1.com/privkey.pem;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
root /home/ubuntu/web/html/domain1;
index index.php index.html index.htm;
server_name domain1.com, www.domain1.com;
location / {
try_files $uri $uri/ $uri.html $uri.php?$query_string;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_param MAGE_MODE "developer";
}
}
server {
listen 80;
server_name www.domain2.com;
return 301 https://domain2.com$request_uri;
}
server {
listen 80;
server_name domain2.com;
return 301 https://domain2.com$request_uri;
}
server {
listen 443;
ssl on;
ssl_certificate /etc/letsencrypt/live/domain2.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain2.com/privkey.pem;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
root /home/ubuntu/web/html/domain2;
index index.php index.html index.htm;
server_name domain2.com, www.domain2.com;
location / {
try_files $uri $uri/ $uri.html $uri.php?$query_string;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_param MAGE_MODE "developer";
}
}
It turns out that always one server block is chosen as default and also used for the the other domain.
Also adding an extra default server doesn't work.

wp-admin redirects to 404 not found nginx 1.10.0

Can you please help me to edit my Nginx script.I have problem with access to https://myurl.wp-admin.php redirects to 404 not found nginx 1.10.0.
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
listen 443 ssl;
root /var/www/html;
index index.php index.html;
server_name _;
ssl_certificate /etc/nginx/ssl/csr/ssl_altr/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/csr/ssl_altr/nginx.key;
location / {
try_files $uri $uri/ =404;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/html;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}

Minimizing and optimizing NGINX vhost config

Is it possible to optimize/minimize the config posted below?
I feel that it should be possible to merge all the redirects into something more simple.
http:// & http://www & https://www > https://
Though I've had issues and settled.
I understand variables are not supported in NGINX config, so I have to manually define the log locations for example. Would there be a way to set a default location for all vhosts?
I use the same ssl-params.conf file for all vhosts. Can this be defaulted and disabled on a per-vhost basis?
# Redirect http:// & http://www to https://
server {
server_name example.com www.example.com;
return 301 https://example.com$request_uri;
}
# Redirect https://www to https://
server {
listen 443 ssl;
server_name www.example.com;
return 301 https://example.com/$request_uri;
}
# Main config
server {
listen 443 ssl;
server_name example.com;
# SSL config
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
# Error logs
access_log /srv/logs/nginx.access.example.com.log;
error_log srv/logs/nginx.error.example.com.log;
# Root dir
location / {
root /srv/example.com/_site/;
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
}
# Caching
location ~ .php$ {
root /srv/example.com/_site/;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
root /srv/example.com/_site/;
expires 365d;
}
location ~* \.(pdf)$ {
root /srv/example.com/_site/;
expires 30d;
}
# SSL
location /.well-known {
allow all;
}
}
I understand variables are not supported in NGINX config, so I have to manually define the log locations for example. Would there be a way to set a default location for all vhosts?
Yes, just define it in the http context of your config or stick with the default of your distro (e.g. /var/log/nginx/access.log).
I use the same ssl-params.conf file for all vhosts. Can this be defaulted and disabled on a per-vhost basis?
It works the other way around you enable it where you need it through the include directive.
Here is a shorter config (untested):
http {
error_log /srv/logs/nginx.error.example.com.log;
access_log /srv/logs/nginx.access.example.com.log;
index index.php index.html index.htm;
server {
listen 80;
listen 443 ssl;
server_name .example.com;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
server_name example.com;
root /srv/example.com/_site/;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
location / {
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
try_files $uri =404;
}
location ~* \.(jpe?g|png|gif|ico|css|js)$ {
expires 365d;
}
location ~* \.(pdf)$ {
expires 30d;
}
try_files $uri $uri/ /index.php?$args;
}
location /.well-known {
allow all;
}
}
}

Nginx - Changing the server root make location root not working

I'm trying to setup phpmyadmin on my domain, and for some reason, I can't have the server root I want.
This doesn't work (404 on example.com/phpmyadmin without anything in the logs):
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
client_max_body_size 300m;
root /var/www/html;
index index.php index.html index.htm;
server_name example.com;
location / {
try_files $uri $uri/ =404;
}
location /phpmyadmin/ {
root /var/www/admin/;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
But if I change the server root to /usr/share/nginx/html it works...
Do you have any idea of what is happening?
Thank you for reading me.
Ok I fixed it, thanks to this post : nginx configuration with multiple location blocks
The reason was the ~ location for php files...
So here is the working code :
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
client_max_body_size 300m;
root /var/www/html;
index index.php index.html index.htm;
server_name example.com;
location / {
try_files $uri $uri/ =404;
}
location /phpmyadmin/ {
root /var/www/admin/;
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}

Nginx virtual host not working (wrong redirect)

i'm new to nginx and i have a problem with virtual host. The virtual host didn't work when i try to access the vhost it'll be redirect to localhost "Welcome to nginx". Here are the contents of my config:
/etc/hosts config:
127.0.0.1 localhost localhost.localdomain
::1 localhost localhost.localdomain
****Generated by Admin****
18.200.10.50 mail.testingweb.com
18.200.10.50 testingweb.com
SSL config on /etc/nginx/conf.d/ssl.conf:
server {
listen 443 default_server ssl;
server_name testingweb.com;
ssl_certificate /etc/nginx/sslcert/xxxx.crt;
ssl_certificate_key /etc/nginx/sslcert/xxxxx.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
keepalive_timeout 70;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNU$
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
root /usr/share/nginx/html;
index index.php index.html index.htm;
}
location ~ \.php$ {
try_files $uri =404;
# With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
/etc/nginx/sites-available/default config:
server {
listen 80 default_server;
# listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/xhtml;
index index.php index.html index.htm;
# Make site accessible from http://localhost/
server_name testingweb.com;
return 301 https://$host$request_uri;
location / {
try_files $uri $uri/ =404;
}
error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
try_files $uri =404;
# # With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
server {
listen 80;
listen 443;
return 403;
}
I want to access another sites from new root directory, /usr/share/nginx/html/www on www directory there is a wordpress.
/etc/nginx/sites-available/testingweb config:
server {
listen 80 default_server;
# listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/html/www;
index index.php index.html index.htm;
# Make site accessible from http://localhost/
server_name testingweb.com;
# rewrite ^ https://$http_host$request_uri? permanent;
return 301 https://$host$request_uri;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.php?q=$uri&$args;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules;
}
error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
try_files $uri =404;
# # With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# location = /favicon.ico {
# alias /usr/share/nginx/html/favicon.ico;
# }
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
According the configs, what's wrong with my config ? i cannot access the wordpress file on /usr/share/nginx/html/www directory by domain testingweb.com ? its always redirect to default host instead of testingweb host ?
sorry for my bad english..
This is a revised version of the nginx configuration from your pastebin code:
server {
listen 80;
# listen [::]:80 default_server ipv6only=on;
# Make site accessible from http://devdev.com/
server_name devdev.com;
return 301 https://$host$request_uri;
}
# HTTPS server
#
server {
listen 443 default_server ssl;
server_name devdev.com;
root /var/www;
index index.php index.html index.htm;
# uncomment to add your access log path here
# access_log /var/log/nginx/devdev.com.access.log main;
ssl_certificate /etc/ssl/ssl-unified.crt;
ssl_certificate_key /etc/ssl/ssl-my-private-decrypted.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
keepalive_timeout 70;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS +RC4 RC4";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location #default {
rewrite ^/(.*) /index.php?uri=$request_uri last;
}
location / {
try_files $uri $uri/index.php #default;
}
location ~ \.php$ {
try_files $uri =404;
# With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
The first server block listening on port 80 just redirects to https://devdev.com/. This will redirect all http requests to https so you don't need any other processing rules.
The second server block listens on port 443 and will proxy requests with a path ending with .php to php-fpm (you want to double-check that it's running on a unix socket and your permissions are correct).
The location block matching the / prefix (location /) will try to match files in the request URI and handle the request appropriately. For example:
If the request is for /index.php and the file exists, the following block will match the .php suffix and proxy to php-fpm.
If the request is for /foo and there's no match for a file by that name, nginx will try to match /foo/index.php and then proxy to php-fpm.
If there is still no match, try_files will use the #default location block, which just sends the request to your top-level /index.php with the request URI as parameters.
If your WordPress site is located in /var/www -- the top-level entry point should be /var/www/index.php -- this configuration should work. You might need to tweak the configurations based on your WordPress settings -- though this is generic enough that it should work without a lot of changes.

Resources