I am having some problems with my Nginx config on RHEL, I am trying to configure custom error pages, this is a bit of my config:
server {
listen 443;
listen [::]:443;
ssl on;
ssl_certificate /etc/nginx/ssl/^/ssl.crt;
ssl_certificate_key /etc/nginx/ssl/^/ssl.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
server_name ~^(www\.)?(?P<domain>.+)$;
root /www/$domain;
include /etc/nginx/conf.d/my_domain;
location ~ ^/(403|404|405|50x).html {
root /www/^/error;
}
location ~ .php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_intercept_errors on;
fastcgi_param SCRIPT_FILENAME /www/$domain$fastcgi_script_name;
include fastcgi_params;
}
}
Any way I have read everything and I'm not sure what to do to fix it :( and before anyone asks... yes I have restarted nginx!
Related
I had Wordpress running in Apache but it giving me slow performance (idk if it is for apache) and i tried to migrate it to nginx.
I configured the nginx.conf but it giving me: 502 Bad Gateway
My wordpress path is: C:\nginx\html
My php path is: C:\nginx\php
And my nginx.conf is:
listen 443 ssl;
server_name domain.com www.domain.com;
root html;
index index.php;
try_files $uri $uri/ /index.php?$args;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_certificate $CERTPATH;
ssl_certificate_key $CERTKEYPATH;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root "html";
index index.php index.html index.htm;
}
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
include fastcgi_params;
}
}
i tried without location ~ .php and it was giving me a download file everytime that i execute website.
I have a WordPress site and trying to set up subdomains using Nginx and Let's Encrypt SSL to have prod and test environments.
For example:
prod site --> abc.com www.abc.com
dev site --> dev.abc.com
I have set up Nginx using this guide https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-server-blocks-on-centos-7.
My Server blocks look as following:
/site-available/abc.com.conf
server {
root /var/www/wordpress;
index index.php index.html index.htm;
server_name abc.com www.abc.com;
client_max_body_size 100M;
location / {
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_connect_timeout 300s;
fastcgi_read_timeout 300s;
fastcgi_send_timeout 300s;
}
location ~ /\.ht {
deny all;
}
listen 443 ssl http2;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";
# Improve HTTPS performance with session resumption
ssl_session_cache shared:SSL:30m;
ssl_session_timeout 15m;
ssl_session_tickets on;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/abc.com/fullchain.pem;
resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] valid=300s; # Cloudflare
resolver_timeout 5s;
ssl_certificate /etc/letsencrypt/live/abc.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/abc.com/privkey.pem; # managed by Certbot
}
server {
if ($host = www.abc.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = abc.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name abc.com www.abc.com;
return 404; # managed by Certbot
}
/site-available/dev.abc.com.conf
server {
root /var/www/dev.abc.com;
index index.php index.html index.htm index.nginx-debian.html;
server_name dev.abc.com;
location / {
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_connect_timeout 300s;
fastcgi_read_timeout 300s;
fastcgi_send_timeout 300s;
}
location ~ /\.ht {
deny all;
}
listen 443 ssl http2;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";
# Improve HTTPS performance with session resumption
ssl_session_cache shared:SSL:30m;
ssl_session_timeout 15m;
ssl_session_tickets on;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/dev.abc.com/fullchain.pem;
resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] valid=300s; # Cloudflare
resolver_timeout 5s;
ssl_certificate /etc/letsencrypt/live/dev.abc.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/dev.abc.com/privkey.pem; # managed by Certbot
}
I have successfully enabled A records on Cloudflare and Digital ocean for dev domain name.
Problem is, whenever I try to access dev.abc.com it is getting redirect to abc.com no matter what.
Then I tried to remove the abc.com.conf server block and tested, then it was working fine with dev.abc.com.conf; however, when I try to put both blocks together then this time it was only working on dev.abc.com.
I am not sure what I am missing in this Nginx configuration. I also have both SSL certificate to match the exact domains. I have exact Nginx configuration on Ubuntu server and its working fine for my another site.
server {
listen 80;
server_name www.21cl.ca 21cl.ca;
return 301 https://21cl.ca$request_uri;
}
server {
server_name 21cl.ca;
listen 443 ssl http2;
ssl_certificate /srv/ssl/2100computerlane_net.crt;
ssl_certificate_key /srv/ssl/21ca.key;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
access_log /srv/www/www.2100computerlane.net/logs/access.log;
error_log /srv/www/www.2100computerlane.net/logs/error.log;
root /srv/www/www.2100computerlane.net/public_html;
location / {
index index.html index.htm index.php;
autoindex on;
autoindex_exact_size off;
}
location ~* \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
}
http://www.21cl.ca is being forwarded to https://www.21cl.ca not https://21cl.ca like instructed.
Note this works fine when I do it with my dot net and dot com domains.
I think it has been cached in the browser try it in private or incognito window, It is redirecting properly for me
I'm currently working on creating a dockerized server with two sites. I want them both to run over port 443. So far, I've managed to get one of them running on their own using the nginx reverse proxy, but when I try to do both, it seems to be totally ignoring my server.
stream {
upstream shop_local_xposi_com {
server 127.0.0.1:9000;
}
upstream sockets_local_xposi_com {
server 127.0.0.1:9001;
}
map $ssl_preread_server_name $upstream {
shop.local.xposi.com shop_local_website_com;
socket.local.xposi.com sockets_local_website_com;
}
# SHOP webserver
server {
# SSL
listen 127.0.0.1:9000 ssl;
ssl_certificate /etc/nginx/certs/website.com.crt;
ssl_certificate_key /etc/nginx/certs/website.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
index index.php index.html;
root /var/www/public;
location / {
try_files $uri /index.php?$args;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass app:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
# SOCKET webserver
server {
# SSL
listen 127.0.0.1:9001 ssl;
ssl_certificate /etc/nginx/certs/website.com.crt;
ssl_certificate_key /etc/nginx/certs/website.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
index index.php index.html;
root /var/www/public;
location / {
try_files $uri /index.php?$args;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass socket:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
server {
listen 443;
ssl_preread on;
proxy_pass $upstream;
}
}
When running just one server, this config gile was just one of the larger server sections, which worked perfectly. But when trying to create the set up I'm trying to create (diagram below), it instantly redirects to the API on my accept environment. My guess as to why this specific api is because it's the next available line with the same domain in my window's hosts file, so the browser gets told to go there(?).
For any further information that I forgot to give, please ask.
I have similar function but I do have different "servers" listening to different server_name configuration
server {
listen 80 ; (or listen 443 ;)
server_name shop-local.website.com ;
location / {
... some code
proxy_pass http://shoplocalwebsiteIP:port;
}
}
server {
listen 80 ; (or listen 443 ;)
server_name socket-local.website.com ;
location / {
... some code
proxy_pass http://socketlocalwebsiteIP:port;
}
}
You could encapsulate the server name inside the desired block and then set the correct proxy_pass to backend.
I changed the following lines in my nginx conf
listen 80 default_server;
server_name _;
To
listen 80 default_server;
server_name mydomain.com;
return 301 https://server_name$request_uri;
I've removed the redirection to https change that I made however nginx is still redirecting my requests to https which is not supported currently. How do I change it back?
The rest of my nginx conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
server {
listen 80 default_server;
server_name _;
location / {
include uwsgi_params;
uwsgi_pass 127.0.0.1:8000;
uwsgi_buffer_size 8192;
uwsgi_buffering on;
}
location ~ [^/]\.php(/|$) {
root /opt;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_param HTTP_PROXY "";
fastcgi_read_timeout 150;
fastcgi_buffers 4 256k;
fastcgi_buffer_size 128k;
fastcgi_busy_buffers_size 256k;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
#include /etc/nginx/conf.d/*.conf;
}
}
Are there any other settings that need to be checked?
It was a browser cache issue because of using the 301.
Opened the urls in incognito and they worked fine.