I have set up letsEncrypt free ssl with certbot on ubuntu 14.04 from digitalocean tutorial.
If anyone tries to access the page on 80 ( http://gw2axiom.com ) , it shows 404 not found.
If you try https://gw2axiom.com it will work normally. After that, http will redirect to 443.
What could be the reason?
My nginx config file is the following :
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/gw2axiom.com/before/*;
server {
listen 443 ssl;
server_name gw2axiom.com www.gw2axiom.com;
root /home/forge/gw2axiom.com/public;
ssl_certificate /etc/letsencrypt/live/gw2axiom.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/gw2axiom.com/privkey.pem;
# FORGE SSL (DO NOT REMOVE!)
# ssl_certificate;
# ssl_certificate_key;
location /forum/ { try_files $uri $uri/ /forum/index.php?$query_string; }
location /forum/api { try_files $uri $uri/ /forum/api.php?$query_string; }
location ~ /.well-known {
allow all;
}
location /forum/admin { try_files $uri $uri/ /forum/admin.php?$query_string; }
location /flarum {
deny all;
return 404;
}
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/gw2axiom.com/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/gw2axiom.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
}
location ~* \.html$ {
expires -1;
}
location ~* \.(css|js|gif|jpe?g|png)$ {
expires 1M;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
gzip on;
gzip_http_version 1.1;
gzip_vary on;
gzip_comp_level 6;
gzip_proxied any;
gzip_types application/atom+xml
application/javascript
application/json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/svg+xml
image/x-icon
text/css
text/plain
text/xml;
gzip_buffers 16 8k;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
location ~ /\.ht {
deny all;
}
}
server {
listen 80;
server_name www.gw2axiom.com gw2axiom.com;
return 301 https://$server_name$request_uri;
}
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/gw2axiom.com/after/*;
Put this before your current server entry:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name gw2axiom.com;
return 301 https://$server_name$request_uri;
}
After that restart your nginx webserver and everything should work fine.
Related
I have three nginx server blocks and when i run nginx -t get error "nginx: [warn] conflicting server name "" on 0.0.0.0:80, ignored"
I have three nginx server blocks:
One: /etc/nginx/sites-available/default
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
}
Two: /etc/nginx/sites-available/example.com
server {
listen 80;
return 301 https://$host$request_uri;
}
server {
# Document Root
root /var/www/example.com;
index index.php index.html index.htm;
server_name .example.com;
client_max_body_size 0;
listen [::]:443 ssl http2 ipv6only=on;
listen 443 ssl http2;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 20m;
ssl_ciphers 'TLS13+AESGCM+AES128:EECDH+AES128';
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
# Rocket-Nginx configuration
include rocket-nginx/conf.d/default.conf;
# security
include nginxconfig.io/security.conf;
# Block XMLRPC
location = /xmlrpc.php {
deny all;
}
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~* \.php$ {
if ($uri !~ "^/uploads/") {
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
}
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
log_not_found off;
access_log off;
allow all;
}
location ~* .(css|gif|svg|ico|woff2|eot|jpeg|webp|jpg|js|png)$ {
expires 1y;
log_not_found off;
}
# Enable Gzip compression.
gzip on;
# Disable Gzip on IE6.
gzip_disable "msie6";
# Allow proxies to cache both compressed and regular version of file.
# Avoids clients that don't support Gzip outputting gibberish.
gzip_vary on;
# Compress data, even when the client connects through a proxy.
gzip_proxied any;
# The level of compression to apply to files. A higher compression level increases
# CPU usage. Level 5 is a happy medium resulting in roughly 75% compression.
gzip_comp_level 5;
# Compress the following MIME types.
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
}
Three: /etc/nginx/sites-available/example1.com
server {
listen 80;
return 301 https://$host$request_uri;
}
server {
# Document Root
root /var/www/example1.com;
index index.php index.html index.htm;
server_name .example1.com;
client_max_body_size 0;
listen [::]:443 ssl http2;
listen 443 ssl http2;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_certificate /etc/letsencrypt/live/example1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example1.com/privkey.pem;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 20m;
ssl_ciphers 'TLS13+AESGCM+AES128:EECDH+AES128';
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
# Rocket-Nginx configuration
include rocket-nginx/conf.d/default.conf;
# security
include nginxconfig.io/security.conf;
# Block XMLRPC
location = /xmlrpc.php {
deny all;
}
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~* \.php$ {
if ($uri !~ "^/uploads/") {
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
}
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
log_not_found off;
access_log off;
allow all;
}
location ~* .(css|gif|svg|ico|woff2|eot|jpeg|webp|jpg|js|png)$ {
expires 1y;
log_not_found off;
}
# Enable Gzip compression.
gzip on;
# Disable Gzip on IE6.
gzip_disable "msie6";
# Allow proxies to cache both compressed and regular version of file.
# Avoids clients that don't support Gzip outputting gibberish.
gzip_vary on;
# Compress data, even when the client connects through a proxy.
gzip_proxied any;
# The level of compression to apply to files. A higher compression level increases
# CPU usage. Level 5 is a happy medium resulting in roughly 75% compression.
gzip_comp_level 5;
# Compress the following MIME types.
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
}
When i run: $ sudo nginx -t
This answer appears:
nginx: [warn] conflicting server name "" on 0.0.0.0:80, ignored
How do i solve this?
example.com and example1.com both are identical, you have to add server_name on the listen 80 of both blocks.
Corrected Server blocks is:
Two: /etc/nginx/sites-available/example.com
server {
listen 80;
server_name .example.com;
return 301 https://example.com$request_uri;
}
server {
# Document Root
root /var/www/example.com;
index index.php index.html index.htm;
server_name .example.com;
client_max_body_size 0;
listen [::]:443 ssl http2 ipv6only=on;
listen 443 ssl http2;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 20m;
ssl_ciphers 'TLS13+AESGCM+AES128:EECDH+AES128';
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
# Rocket-Nginx configuration
include rocket-nginx/conf.d/default.conf;
# security
include nginxconfig.io/security.conf;
# Block XMLRPC
location = /xmlrpc.php {
deny all;
}
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~* \.php$ {
if ($uri !~ "^/uploads/") {
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
}
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
log_not_found off;
access_log off;
allow all;
}
location ~* .(css|gif|svg|ico|woff2|eot|jpeg|webp|jpg|js|png)$ {
expires 1y;
log_not_found off;
}
# Enable Gzip compression.
gzip on;
# Disable Gzip on IE6.
gzip_disable "msie6";
# Allow proxies to cache both compressed and regular version of file.
# Avoids clients that don't support Gzip outputting gibberish.
gzip_vary on;
# Compress data, even when the client connects through a proxy.
gzip_proxied any;
# The level of compression to apply to files. A higher compression level increases
# CPU usage. Level 5 is a happy medium resulting in roughly 75% compression.
gzip_comp_level 5;
# Compress the following MIME types.
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-poli
}
Three: /etc/nginx/sites-available/example1.com
server {
listen 80;
server_name .example1.com;
return 301 https://example1.com$request_uri;
}
server {
# Document Root
root /var/www/example1.com;
index index.php index.html index.htm;
server_name .example1.com;
client_max_body_size 0;
listen [::]:443 ssl http2;
listen 443 ssl http2;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_certificate /etc/letsencrypt/live/example1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example1.com/privkey.pem;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 20m;
ssl_ciphers 'TLS13+AESGCM+AES128:EECDH+AES128';
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
# Rocket-Nginx configuration
include rocket-nginx/conf.d/default.conf;
# security
include nginxconfig.io/security.conf;
# Block XMLRPC
location = /xmlrpc.php {
deny all;
}
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~* \.php$ {
if ($uri !~ "^/uploads/") {
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
}
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
log_not_found off;
access_log off;
allow all;
}
location ~* .(css|gif|svg|ico|woff2|eot|jpeg|webp|jpg|js|png)$ {
expires 1y;
log_not_found off;
}
# Enable Gzip compression.
gzip on;
# Disable Gzip on IE6.
gzip_disable "msie6";
# Allow proxies to cache both compressed and regular version of file.
# Avoids clients that don't support Gzip outputting gibberish.
gzip_vary on;
# Compress data, even when the client connects through a proxy.
gzip_proxied any;
# The level of compression to apply to files. A higher compression level increases
# CPU usage. Level 5 is a happy medium resulting in roughly 75% compression.
gzip_comp_level 5;
# Compress the following MIME types.
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
}
no need to do changes on default one.
This is driving me mad, hopefully someone can help. I have the following warning: But the 403 page is not friendly to blocked countries, I want to redirect people who are blocked to a custom 403 page.
map $geoip2_data_country_code $allowed_country {
default no;
AU yes;
CA yes;
GB yes;
NZ yes;
US yes;
}
server {
location / {
if ($allowed_country = no) {
return 403;
}
index index.php index.html;
try_files $uri $uri/ /index.php?$args;
}
}
My custom file lives in /var/www/sitename/403/index.html. I have tried numerous suggestions but non have worked :(
Here is my Full Configuration of the vhost file.
##################################
# WORDPRESS NGINX CONFIGURATIONS
##################################
map $geoip2_data_country_code $allowed_country {
default no;
AU yes;
CA yes;
GB yes;
NZ yes;
US yes;
}
server {
root /var/www/example;
server_name www.example.com example.com;
access_log /var/log/nginx/wp_client_access.log;
error_log /var/log/nginx/wp_client_error.log;
if ($allowed_country = no) {
return 403;
}
location / {
index index.php index.html;
try_files $uri $uri/ /index.php?$args;
}
# Specify a charset
charset utf-8;
# GZIP
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types application/javascript application/rss+xml application/vnd.ms-fontobject application/x-font application/x-font-opentype application/x-font-otf application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/opentype font/otf font/ttf image/svg+xml image/x-icon text/css text/javascript text/plain text/xml;
# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
# Prevents hidden files (beginning with a period) from being served
location ~ /\. {
access_log off;
log_not_found off;
deny all;
}
###########
# SEND EXPIRES HEADERS AND TURN OFF 404 LOGGING
###########
location ~* ^.+.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off;
log_not_found off;
expires max;
}
# Pass all .php files onto a php-fpm or php-cgi server
location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_read_timeout 3600s;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 128k;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/run/php/php7.3-fpm.sock;
#fastcgi_pass unix:/run/php/php7.2-fpm.sock;
#fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
}
# ROBOTS
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
#rewrite rules for AIOSEOP XML Sitemap v3.1
rewrite ^/sitemap.xml$ /index.php?aiosp_sitemap_path=root last;
rewrite ^/sitemap.xml.gz$ /index.php?aiosp_sitemap_path=root last;
rewrite ^/(.+)-sitemap.xml$ /index.php?aiosp_sitemap_path=$1 last;
rewrite ^/(.+)-sitemap.xml.gz$ /index.php?aiosp_sitemap_path=$1 last;
rewrite ^/(.+)-sitemap(\d+).xml$ /index.php?aiosp_sitemap_path=$1&aiosp_sitemap_page=$2 last;
rewrite ^/(.+)-sitemap(\d+).xml.gz$ /index.php?aiosp_sitemap_path=$1&aiosp_sitemap_page=$2 last;
# RESTRICTIONS
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/guidinglightpsychics.com.au-0002/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/guidinglightpsychics.com.au-0002/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name www.example.com example.com;
listen 80;
return 404; # managed by Certbot
}
Try this changes to your configuration:
server {
...
error_page 403 /403/;
location /403/ {
internal;
root /var/www/sitename;
}
location / {
if ($allowed_country = no) {
return 403;
}
...
}
}
I have issue with nginx configuration, when i try to run it its giving me error :
nginx: [emerg] invalid variable name in /etc/nginx/nginx.conf:156
nginx: configuration file /etc/nginx/nginx.conf test failed
nginx.service: control process exited, code=exited status=1 Failed
to start The nginx HTTP and reverse proxy server. Unit
nginx.service entered failed state nginx.service failed.
Below this is my configuration file.
Please notice it is REACTJS website.
Thanks infront
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream some_upsteram_com {
server 127.0.0.1:7000;
keepalive 15;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name socket.domain.com;
location / {
root /usr/share/nginx/folder/socket;
index index.html index.htm;
}
ssl_certificate "/etc/pki/socketserver.crt";
ssl_certificate_key "/etc/pki/socketserver.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/project_error_socket.log;
error_log /var/log/nginx/project_access_socket.log;
large_client_header_buffers 8 32k;
location / {
try_files $uri #nodejs;
}
# Important! Serve client socket.io file as normal static file, e.g. /js/libs/socket.io/socket.io.min.js
location /socket.io/ {
proxy_pass http://some_upsteram_com;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_redirect off;
proxy_buffers 8 32k;
proxy_buffer_size 64k;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header 'Access-Control-Allow-Origin' '*';
}
location #nodejs {
proxy_pass http://some_upsteram_com;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name api.domain.com;
root /usr/share/nginx/folder/public;
ssl_certificate "/etc/pki/apiserver.crt";
ssl_certificate_key "/etc/pki/apiserver.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
try_files $uri /index.php$is_args$args;
}
location ~ ^/index\.php(/|$) {
fastcgi_pass unix:/var/run/php-fpm/www.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param APP_ENV dev;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
internal;
}
location ~ \.php$ {
return 404;
}
error_log /var/log/nginx/project_error_api.log;
access_log /var/log/nginx/project_access_api.log;
}
server {
listen 80;
server_name domain.com;
return 301 https://domain.c0m$request_uri;
}
server {
listen 80;
listen [::]:80;
server_name www.domain.com;
return 301 https://$server_name$request_uri;
root /usr/share/nginx/folder/public;
rewrite ^/faq/$ /en/faq permanent;
rewrite ^/quote/$ /en/contact-us permanent;
rewrite ^/reviews/$ / permanent;
location / {
try_files $uri /index.php$is_args$args;
}
location ~ ^/index\.php(/|$) {
fastcgi_pass unix:/var/run/php-fpm/www.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param APP_ENV dev;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
internal;
}
location ~ \.php$ {
return 404;
}
error_log /var/log/nginx/project_error.log;
access_log /var/log/nginx/project_access.log;
}
# Settings for a TLS enabled server.
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name www.domain.com;
root /usr/share/nginx/folder/public;
ssl_certificate "/etc/pki/server.crt";
ssl_certificate_key "/etc/pki/server.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
# Enable Gzip
gzip on;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_min_length 1100;
gzip_buffers 4 8k;
gzip_proxied any;
gzip_types
# text/html is always compressed by HttpGzipModule
text/css
text/javascript
text/xml
text/plain
text/x-component
application/javascript
application/json
application/xml
application/rss+xml
font/truetype
font/opentype
application/vnd.ms-fontobject
image/svg+xml;
gzip_static on;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
gzip_vary on;
# Cache
location ~* ^.+\.(?:css|cur|js|jpe?g|gif|htc|ico|png|html|xml|otf|ttf|eot|woff|woff2|svg)$ {
access_log off;
expires 30d;
add_header Cache-Control public;
tcp_nodelay off;
open_file_cache max=3000 inactive=120s;
open_file_cache_valid 45s;
open_file_cache_min_uses 2;
open_file_cache_errors off;
}
rewrite ^/faq/$ /en/faq permanent;
rewrite ^/quote/$ /en/contact-us permanent;
rewrite ^/reviews/$ / permanent;
location / {
try_files $uri /index.php$is_args$args;
}
location ~ ^/index\.php(/|$) {
fastcgi_pass unix:/var/run/php-fpm/www.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
internal;
}
location ~* \.(jpg|jpeg|png|gif|ico|css|js|woff|woff2|ttf)$ {
expires 365d;
}
location ~ \.php$ {
return 404;
}
error_log /var/log/nginx/project_error.log;
access_log /var/log/nginx/project_access.log;
}
}
I have an NGINX server where I have enabled caching for my laravel website. I also have phpmyadmin on the server as well. Since I have enabled the caching, none of the images from phpmyadmin Return when I view it. Below, please find the server code. thank you for your help in advance.
/phpmyadmin/themes/dot.gif 404 (Not Found)
NGINX configuration
server {
if ($host = www.xx.com) { return 301 https://$host$request_uri; }
if ($host = xx.com) { return 301 https://$host$request_uri; }
listen 80;
listen [::]:80;
server_name xx.com www.xx.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
root /var/www/yyyy;
gzip on;
gzip_vary on;
gzip_disable "msie6";
gzip_comp_level 6;
gzip_min_length 1100;
gzip_buffers 16 8k;
gzip_proxied any;
gzip_types
text/plain
text/css
text/js
text/xml
text/javascript
application/javascript
application/x-javascript
application/json
application/xml
application/xml+rss;
#css|js
location ~* \.(jpg|jpeg|png|gif|ico)$ { expires 30d; }
location ~* \.(pdf)$ { expires 30d; }
ssl_certificate /xxx/fullchain.pem; # managed by x
ssl_certificate_key /xxx/privkey.pem; # managed by xx
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "xxx";
ssl_session_cache shared:SSL:10m;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
index index.php index.html index.htm;
server_name xx.com www.xx.com;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location /phpmyadmin {
root /usr/share/;
index index.php;
try_files $uri $uri/ =404;
location ~ ^/phpmyadmin/(doc|sql|setup)/ {
deny all;
}
location ~ /phpmyadmin/(.+\.php)$ {
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
include snippets/fastcgi-php.conf;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_read_timeout 240;
}
}
}
In Nginx regex match beats prefix match. So this directive is considered a better match for anything ending gif etc
location ~* \.(jpg|jpeg|png|gif|ico)$ { expires 30d; }
than this one
location /phpmyadmin {
So your images all get processed by the top location directive, even the ones beginning /phpmyadmin, and the first directive has a different root directory to your phpmyadmin location so Nginx can't find the files in there
I'm setting up my nginx server to be as efficient as possible. Starting with the landing page. I decided to use the gzip_static directive and it works great, Precompresses my 14kb index.html to 3kb and when calling site.com/index.html it is served.
But the issue is when calling site.com/ nginx returns a 403 (I have it setup to return 403 all the time to prevent scanners trying to find stuff they shouldnt so this is basically a 404.)
How can I get location / to serve the precompressed index.html by default?
server {
server_name mxgaming.com;
return 301 $scheme://www.mxgaming.com$request_uri;
}
server {
listen 80;
#listen 443 ssl;
server_name www.mxgaming.com;
root C:\\WebServer\\nginx\\www\\www.mxgaming.com;
index index.html index.htm index.php;
charset utf-8;
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log C:\\WebServer\\nginx\\logs\\www.mxgaming.com-error.log error;
sendfile off;
client_max_body_size 100m;
gzip_static on;
gzip off;
gzip_min_length 1024;
gzip_proxied any;
gzip_http_version 1.1;
gzip_comp_level 4;
gzip_vary on;
gzip_types text/xml text/javascript application/atom+xml application/javascript application/json application/rss+xml application/xml+rss application/vnd.ms-fontobject application/x-font-ttf application/x-web-app- manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component;
server_tokens off;
location / {
try_files $uri $uri/ /index.html;
}
location ~* /teamspeak/? {
try_files $uri $uri/ /teamspeak.html;
}
location /teamspeakfull(?:/|) {
try_files $uri $uri/ /teamspeakfull.html;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9123;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_intercept_errors off;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 60;
fastcgi_read_timeout 60;
}
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|woff|ogv|webm|htc)$ {
expires 1y;
access_log off;
add_header Cache-Control "public";
}
location ~* \.(css|js)$ {
expires 1M;
access_log off;
add_header Cache-Control "public";
try_files $uri $uri/ /assets/$1/$uri;
}
location ~ /\.ht {
deny all;
}
}
Again, Calling and .html, .js .css works as long as you call them directly but just / doesn't.