I am trying to run my application on http and https. The application renders static htmls along with their css' and js'. I use nginx to serve the pages. I have configured my nginx configuration, but the pages do not get rendered on https.
When I hit http://subdomain.example.com, it works well!
However, when I hit https://subdomain.example.com, I get a CONNECTION_RESET or a CONNECTION_CLOSED error in Chrome.
Below is my configuration:
server {
listen 80;
server_name subdomain.example.com;
#charset koi8-r;
#access_log /var/log/nginx/log/host.access.log main;
location / {
root /var/www/html/htmls/;
index entergmat.html;
}
}
server{
listen 443 ssl;
ssl on;
server_name subdomain.example.com;
ssl_certificate /path/to/certificate.crt;
ssl_certificate_key /path/to/certificate.key;
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ssl_ciphers HIGH:!aNULL:!MD5;
keepalive_timeout 70;
location / {
root /var/www/html/htmls/;
index entergmat.html;
}
}
Request your help on this.
Thanks!
I would suggest to remove ssl on; from your configuration:
It is recommended to use the ssl parameter of the listen directive
instead of this directive.
From nginx doc http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl
Related
I'm trying to rewrite from short name to FQDN.
My nginx version is
nginx version: nginx/1.13.4
server {
listen 80;
server_name foo foo.bar.com;
rewrite_log on;
rewrite ^ https://foo.bar.com/ permanent;
include includes/web-site;
include includes/files-site;
}
server {
listen 443 ssl;
server_name foo.bar.com
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_session_cache shared:SSL:10m;
ssl_certificate foobar.crt;
ssl_certificate_key foobar.key;
add_header Strict-Transport-Security "max-age=31536000";
include includes/web-site;
include includes/files-site;
}
No effect. Any advise?
Maybe you just want to redirect non-ssl traffic to ssl server. if so, you can try this
server {
listen 80;
server_name foo.bar.com;
rewrite ^ https://$server_name$request_uri? permanent;
}
refer https://serverfault.com/questions/250476/how-to-force-or-redirect-to-ssl-in-nginx
So I am trying to achieve 4 things:
support both ip-v4 and ip-v6
support letsencrypt ssl certificates (the acme-challenge location in http)
redirect www to non www
redirect http to https
I have come up with a config, but it seems not to work. I get a "page does not exist" when trying to access http://www.MY_DOMAIN.COM.
Due to the hsts setting, this does work after having visited the https non-www version once.
Note that I have ssl certificates for both the with and without www domain.
How can I achieve this / what am I doing wrong in my config:
# HTTP server
#
server {
listen [::]:80;
server_name MY_DOMAIN.COM www.MY_DOMAIN.COM;
location /.well-known/acme-challenge {
root /var/www/letsencrypt;
try_files $uri $uri/ =404;
}
location / {
return 301 https://MY_DOMAIN.COM$request_uri;
}
}
# HTTPS server
#
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name www.MY_DOMAIN.COM;
ssl on;
ssl_certificate /etc/letsencrypt/live/www.MY_DOMAIN.COM/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.MY_DOMAIN.COM/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/www.MY_DOMAIN.COM/fullchain.pem;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security "max-age=86400; includeSubDomains";
return 301 https://MY_DOMAIN.COM$request_uri;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server ipv6only=on;
server_name MY_DOMAIN.COM;
ssl on;
ssl_certificate /etc/letsencrypt/live/MY_DOMAIN.COM/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/MY_DOMAIN.COM/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/MY_DOMAIN.COM/fullchain.pem;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security "max-age=86400; includeSubDomains";
root /var/www/MY_DOMAIN.COM;
index index.html;
}
Also, I do not find the copy-paste nature of the two server blocks very nice.
As #RichardSmith notes; I was not listening to the ipv4 version of the http://www variant. Hence, the redict was not triggered at all.
After fixing this, the setup is working.
I deployed a website on digitalocean with nginx as a proxypass. The Site works but sometimes I have to refresh to reach the site. I am afraid that my nginx or my dns configuration is wrong, since I'm doing this the first time.
Here is my nginx config: (the server should run only on https)
server {
listen 80;
server_name <site_name>.com;
return 301 https://www.<site_name>.com$request_uri;
}
server {
listen 80;
server_name www.<site_name>.com;
return 301 https://www.<site_name>.com$request_uri;
}
server {
listen 443 ssl;
server_name <site_name>.com;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/certs/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/certs/private.key;
return 301 $scheme://www.<site_name>.com$request_uri;
}
server {
listen 443;
server_name www.<site_name>f.com;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
ssl on;
ssl_certificate /etc/nginx/ssl/certs/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/certs/private.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
location / {
proxy_pass http://localhost:8000;
}
}
Here are my dns settings:
A Record host:# value: TTL: automatic
A Record host:www value: TTL: 1 min
Any idea what is going wrong?
Thx!
When the site fails to load what is the error message, if any? I doubt this is a DNS issue, since it works sometimes.
I am using NGINX and I am receiving that error in the browser's console.
According to the instructions of my boss, I need to set up cors which what I did and still I am getting the same error.
This is the entire error
OPTIONS https://backend.just4bettors.mobi/auth/login
XMLHttpRequest cannot load https://backend.just4bettors.mobi/auth/login. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://www.just4bettors.mobi' is therefore not allowed access. The response had HTTP status code 400.
Here is the config
map $http_origin $cors_header {
default "";
"~^https?://[^/]+\.just4bettors\.mobi(:[0-9]+)?$" "$http_origin";
}
server {
large_client_header_buffers 1 1K;
listen 80;
listen 443 ssl;
server_name www.just4bettors.mobi just4bettors.mobi;
root /home/c0pt/capilleira/capilleiraclickandgamblemobile/www;
ssl_certificate /etc/ssl/certs/just4bettors.mobi.chained.crt;
ssl_certificate_key /etc/ssl/private/just4bettors.mobi.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
add_header Access-Control-Allow-Origin $cors_header;
...
}
}
server {
listen 80;
listen 443 ssl;
server_name backend.just4bettors.mobi www.backend.just4bettors.mobi;
ssl_certificate /etc/ssl/certs/just4bettors.mobi.chained.crt;
ssl_certificate_key /etc/ssl/private/just4bettors.mobi.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
add_header Access-Control-Allow-Origin $cors_header;
}
}
I have the domain and the subdomain, it is like something named cross-domain.
Where do I have the error here ? I mean, I have everything set up and still asking me for the Access-Control-Allow-Origin, why ?
ps: I want to cry.
You need to set the header on the backend side, not under your main section location /
The error message basically states that you are not allowed to access the backend from your www frontend.
Your backend must allow backend.just4bettors.mobi and www.backend.just4bettors.mobi as valid Origins ...
I'm deploying a Rails application on personal server using Nginx, phusion_passenger. I've site configuration file with following server blocks. With this configuration my https://192.168.1.121 service works but my connection doesn't redirect from http://192.168.1.121. What am I doing wrong? I really appreciate any help, please.
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
# Make site accessible from http://localhost/
#server_name 192.168.1.121;
server_name mydomain.com www.mydomain.com
return 301 https://$server_name$request_uri;
}
server {
# Make site accessible from http://localhost/
listen 443 ssl default;
#server_name 192.168.1.121;
server_name mydomain.com www.mydomain.com
# Certificate details
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
passenger_enabled on;
rails_env production;
root /home/deploy/www/myapplication/current/public;
index index.html index.htm;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
semi-colon is missing at end of server_name variable for http as well as https:
server_name mydomain.com www.mydomain.com;