I am trying to server secure site using nginx ssl connection.I am not able to load third party http css and js file. It is giving error.
This request has been blocked; the content must be served over HTTPS.
here is the my nginx conf
server {
listen 443 ssl;
server_name api-test.vendorver.com;
ssl_certificate /etc/nginx/ssl/vv_key/cert_chain.crt;
ssl_certificate_key /etc/nginx/ssl/vv_key/vendorver.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
location / {
proxy_pass http://0.0.0.0:8000;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Ssl on;
proxy_redirect off;
}
#if ($host !~* ^(vendorver.com|www.vendorver.com)$ ) {
# return 444;
#}
location /static/ {
autoindex on;
alias /home/ec2-user/vendorver.backend/static/;
}
}
That file is not available on https request. How can i include that file in page?
You have to configure your static directory and your media (images) directory
To run all this over ssl the config should be something like:
server {
listen 80;
charset utf-8;
client_max_body_size 100M;
ssl on;
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/yoursite_com/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/yoursite_com/cert.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
access_log /var/www/vhosts/yoursite.com/logs/access_log;
error_log /var/www/vhosts/yoursite.com/logs/error_log;
server_name yousite.com www.yoursite.com;
root /var/www/vhosts/yoursite.com/yourapp/;
add_header Strict-Transport-Security max-age=31536000;
location / {
.... your settings here
}
location /media {
alias /var/www/vhosts/yoursite.com/yourapp/media;
}
location /static {
alias /var/www/vhosts/yoursite.com/yourapp/static;
}
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
}
Rather than listening to both ports 80 and 443 in the same config. I suggest setting up server redirects, e.g.
server {
listen 80;
server_name endyourif.com www.endyourif.com;
return 301 https://www.endyourif.com$request_uri;
}
Setting up SSL with nginx including redirects from non HTTPS traffic
Related
I have set up Nginx as a reverse proxy as well as using SSL, and everything is working fine except location maping.
When I call /api/public/contact it redirects me to: https://127.0.0.1/api/public/contact
but what I want is: http://127.0.0.3:1337/api/public/contact
I feel like after redirecting to https, the nginx is ignoring locations.
I'm testing on localhost. Below is my configuration. Any help will be appreciated :)
events{}
http {
include /etc/nginx/mime.types;
server {
listen 80;
listen [::]:80;
server_name test.com www.test.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
keepalive_timeout 70;
ssl_certificate /etc/nginx/cert.crt;
ssl_certificate_key /etc/nginx/keykey.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
server_name test.com www.test.com;
root /usr/share/nginx/html;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
location /api {
proxy_pass http://127.0.0.3:1337;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_read_timeout 90;
}
}
}
I've a webserver nginx on the host of my vps with a simple html site on main root (example: domain.com).
I want to redirect an endpoint of this webserver to a docker container with wordpress at port 8080.
The endpoint must be /blog.
I've this configuration on nginx's virtual host (including redirect to 443 port):
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
root /var/www/http/domain.com/public;
index index.html index.htm index.nginx-debian.html;
server_name domain.com www.domain.com;
#headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
#ssl
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ecdh_curve secp384r1;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384 OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 OLD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
ssl_prefer_server_ciphers on;
ssl_certificate /etc/ssl/private/domain.com.crt;
ssl_certificate_key /etc/ssl/private/domain.com.key;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
location /blog {
include /etc/nginx/mime.types;
#proxy
proxy_pass http://localhost:8080;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name domain.com www.domain.com;
return 301 $scheme://$server_name$request_uri;
}
server {
listen 80;
listen [::]:80;
server_name domain.com www.domain.com;
location /blog {
include /etc/nginx/mime.types;
proxy_pass http://localhost:8080;
}
return 301 https://$server_name$request_uri;
}
It doesn't work.
I tried to set another virtual host with name blog.domain.com, but some features how wp-login and wp-admin don't works (neither css, javascript, ssl certificate).
Thank you.
Using command: docker inspect container_id of Wordpress container get IP address of container ID, then:
proxy_pass http://ipaddress_of_container_ID:8080;
I am using centos6 linux vps and i have installed nginx on my server. I have installed letsencrypt SSL certificate . But the thing is that when i go to my website www.mywebsite.com ,it shows SECURE but when i go to www.mywebsite.com/otherpages ,it shows Insecure and letsencrypt certificate invalid.
The configuration of "/etc/nginx/conf.d/default.conf"
server {
listen 80 default_server;
# listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
the configuration of /etc/nginx/sites-available/quiznou.com.conf
server {
listen 80 ;
server_name quiznou.com www.quiznou.com;
return 301 https://$server_name$request_uri;
}
server{
listen 443 ssl http2;
server_name quiznou.com www.quiznou.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/quiznou.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/quiznou.com/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
location / {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location ~ /.well-known {
allow all;
}
location /.well-known/acme-challenge/ {
root /var/www/quiznou.com;
}
}
this my own configuration files of NGINX as a revers_proxy: but I'm using configuration to proxy some docker. I modified directly the /etc/nginx/default.conf ,to proxy an apache web page I've created a VHost in nginx.
If it could help you.
server {
listen 80;
listen 443 ssl;
server_name some.name.com;
server_tokens off;
## Certificates
ssl_certificate /etc/letsencrypt/live/some.name.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/some.name.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/some.name.com/chain.pem;
if ($scheme = http){
return 301 https://$server_name$request_uri;
}
location / {
proxy_pass http://IP_du_serveur:port;
}
## Protocol
ssl_protocols TLSv1.2;
## Diffie-Hellman
ssl_ecdh_curve secp384r1;
## Ciphers
ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;
ssl_prefer_server_ciphers on;
# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
## TLS parameters
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_session_tickets off;
## HSTS
add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
}
I have a website running on EC2 machine behind an Amazon ELB.
I have configured SSL on ELB hence its handling http as well as https for me.
All requests on https works perfectly. But I want to force(redirect) http requests to https. For some reason, it does not work
I have added redirect rule in nginx but whenever I enable that rule, the nginx server stops responding.
server {
listen 80;
server_name domain1.com;
gzip on;
gzip_proxied any;
gzip_types text/plain text/xml text/css application/x-javascript;
gzip_vary on;
access_log /var/log/nginx/domain1.access.log;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:4000/;
### Redirect http to https ####
if ($http_x_forwarded_proto != "https") {
rewrite ^(.*)$ https://$server_name$1 permanent;
}
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;";
}
}
Here is the configuration of Load Balancer:
Please help me where I am going wrong with the configuration.
TIA.
Try the following:
server {
listen 80;
listen [::]:80;
server_name domain1.com;
return 301 https://$host$request_uri;
}
I propose this code. Teste on my VPS, but not Amazon ELB
server {
server_name example.com www.example.com;
listen 80;
return 301 https://example.com$request_uri;
}
server {
server_name example.com;
root /home/user/www/example/;
include global.conf;
include php.conf;
include ssl.conf;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
}
server{
server_name www.example.com;
include ssl.conf;
return 301 https://example.com$request_uri;
ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;
}
File ssl.conf containt:
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AES$
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;
I'm trying to use Nginx as a reverse-proxy for my pages at github pages. Based on info from here: https://pascal.io/github-pages-https/, and others, my config looks like this:
server {
listen 80 default_server;
server_name leepope.com www.leepope.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name leepope.com;
ssl on;
ssl_certificate <my cert>;
ssl_certificate_key <my key>;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:10m;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=15768000;
location / {
proxy_pass https://leepope.github.io;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_intercept_errors on;
expires off;
}
}
When I make a request to the server root, I get a github page, but it's a 404.
I've enabled nginx debugging, but I can't see what the request going to github looks like - their headers are in the log, but there's no info about what's going out.
Can anyone help me troubleshoot this?
Thanks.