How to disable ssl on particular url on nginx - nginx

I need help with some nginx configuration. So please help. So here is my situation.
my domain: rtechmedia.com
1) I want all the request of http:// www.rtechmedia.com redirect to https:// www.rtechmedia.com
2) I want all the request of https:// rtechmedia.com to https:// www.rtechmedia.com
3) But i want that the style folder and its content located at www.rtechmedia.com/styles/* should redirect to http:// www.rtechmedia.com/styles/* instead of https:// www.rtechmedia.com/styles/*
I am noob in nginx so please give in details. And note i put space in url because of low reputation. So ignore it
I am able to achieve 1) and 2) but not 3 so help me with that.
server {
listen 80;
server_name www.rtechmedia.com;
return 301 https://www.rtechmedia.com$request_uri;
}
server {
listen 80;
server_name rtechmedia.com;
return 301 https://www.rtechmedia.com$request_uri;
}
server {
listen 443 ssl;
server_name www.rtechmedia.com;
root /home/forge/www.rtechmedia.com;
ssl_certificate /etc/nginx/ssl/www.rtechmedia.com/11369/server.crt;
ssl_certificate_key /etc/nginx/ssl/www.rtechmedia.com/11369/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/www.rtechmedia.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}

Related

Nginx responds all requests

Hi guys i have a question.
When i check the logs from graylog i noticed something weird. My nginx web server responds domain names that are not in my server. Like google.com or some ips.
How can i solve the problem?
# HTTP Server
server {
listen 80;
server_name x.com.tr www.x.com.tr;
rewrite ^ https://$server_name$request_uri permanent;
}
# HTTPS Server
server {
listen 443;
server_name x.com.tr www.x.com.tr;
root /var/www/html/xcom;
index index.php;
ssl on;
ssl_certificate /etc/nginx/ssl/xcomtr.crt;
ssl_certificate_key /etc/nginx/ssl/xcomtr.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # do not use SSLv3 ref: POODLE
if (!-e $request_filename) { rewrite ^.* /index.php break; }
client_max_body_size 100M;
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~/\.ht {
deny all;
}
location ~ ^/(wp-admin|wp-login\.php) {
allow x/24;
allow y/24;
allow z/24;
deny all; }
}
I had to hide my website name and ip's because it's govermantal project :)
Thank you all for your answers

How to redirect ip to https domain in nginx

I know that there's a lot of similar questions here, but none of them didn't help me, so here's my problem.
I need to redirect all requests from my server ip to my domain.
I tried the return 301 method, it kinda worked, but got me "Too many redirects error".
It wasn't me who wrote the config originally and I'm afraid to break it, it's a live server, so I don't have much time to test things.
Here's my config:
server {
listen xxx.xxx.xxx.xxx:443 ssl;
index index.php;
server_name example.com;
error_log /var/log/nginx/error_example_com.log;
access_log /var/log/nginx/access_example_com.log;
root /var/www/prod/frontend/web;
client_max_body_size 50m;
ssl on;
ssl_certificate /var/lib/dehydrated/certs/example.com/fullchain.pem;
ssl_certificate_key /var/lib/dehydrated/certs/example.com/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1.2;
ssl_ciphers EECDH:+AES256:-3DES:RSA+AES:RSA+3DES:!NULL:!RC4;
add_header Strict-Transport-Security "max-age=31536000";
ssl_prefer_server_ciphers on;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location /images {
alias /var/www/prod/frontend/web/images;
}
location /assets {
expires 1d;
}
location /upload {
expires 1d;
alias /var/www/prod/frontend/web/uploads;
}
location /plugins/Global/scripts {
alias /var/www/prod/frontend/web/js2;
}
location /plugins/Global/images {
alias /var/www/prod/frontend/web/images;
}
location /plugins/Global/css {
alias /var/www/prod/frontend/web/css;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/comn/php/php7.3-fpm.sock;
}
location /.well-known/acme-challenge {
alias /var/lib/dehydrated/acme-challenges;
}
}
server {
listen 443 ssl;
ssl_certificate /var/lib/dehydrated/certs/example.com/fullchain.pem;
ssl_certificate_key /var/lib/dehydrated/certs/example.com/privkey.pem;
server_name www.example.com;
location / {
return 301 https://example.com$request_uri;
}
location ~ /.git/ {
deny all;
}
}
server {
listen xxx.xxx.xxx.xxx:80;
location / {
return 301 https://example.com$request_uri; # enforce https
}
location /.well-known/acme-challenge {
alias /var/lib/dehydrated/acme-challenges;
}
}
Redirecting from http://xxx.xxx.xxx.xxx to https://example.com works just fine, but I can't figure out how to get https redirecting working. What am I missing?
Also there's an admin panel to this site, it's config stored in another file, not sure if it has to be posted as well.
Strangely adding this on top of my config worked, where even default_server was ignored..
server {
listen 443 ssl http2;
server_name example.com;
return 301 https://example.com$request_uri;
}
Still not sure what is wrong with my setup, but at least it's working now.
nginx/1.14.2

WordPress + Nginx + Cloudflare - Not loading properly

I am trying to get Nginx, WordPress, and Cloudflare all working together. All pages outside of the home page (which isn't loading CSS of JS it seems) redirect to the IP of the droplet it's on, and throwing an error since its not secure. Any help would be most appreciated, I've now exhausted all the fixes found here and still have made no progress.
server {
listen 80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl on;
ssl_certificate /etc/ssl/certs/cert.pem;
ssl_certificate_key /etc/ssl/private/key.pem;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_client_certificate /etc/ssl/certs/cloudflare.crt;
ssl_verify_client on;
access_log /var/log/nginx/main.access.log;
error_log /var/log/nginx/main.error.log;
server_name example.com www.example.com;
root /var/www/core;
index index.php;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
location / {
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php$is_args$args;
}
}
Looking to get Wordpress properly loading the https through Cloudflare.

How to point a subdomain to another "folder" on same server?

So I have set up two domains with each of there repositories on one server with forge. It looks like this:
DomainA.com (179.x.x.x)
DomainB.com (179.x.x.x)
In my DNS I have pointed them both to the same ip, and forge has handled everything else and it works great.
On the server there's two folders.
DomainA.com
DomainB.com
So now I want to create a subdomain on DomainB which "loads" the code of DomainA, example: code.domainb.com will load show the contents which in on domaina.com.
I'm not sure how I can do that? So far I understand that I need to change something in the nginx config, hopefully someone can give me some pointers :)
Nginx config for domainb:
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/domainb.com/before/*;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name .domainb.com;
root /home/forge/domainb.com/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/domainb.com/471043/server.crt;
ssl_certificate_key /etc/nginx/ssl/domainb.com/471043/server.key;
ssl_protocols TLSv1.2;
ssl_ciphers XXX;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/domainb.com/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/domainb.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/domainb.com/after/*;
Nginx conf for domain A:
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/domaina.com/before/*;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name .domaina.com;
root /home/forge/domaina.com/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/domaina.com/470443/server.crt;
ssl_certificate_key /etc/nginx/ssl/domaina.com/470443/server.key;
ssl_protocols TLSv1.2;
ssl_ciphers XXX;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/domaina.com/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/domaina.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/domaina.com/after/*;
The server_name directive can have more than one value. The exact match HOST name takes precedence. See this document for details.
If code.domainb.com uses the same document root as the server block for .domaina.com, simply add its name to the server_name directive.
For example:
server {
...
server_name .domainb.com;
root /home/forge/domainb.com/public;
...
}
server {
...
server_name .domaina.com code.domainb.com;
root /home/forge/domaina.com/public;
...
}
See this document for more.

Nginx block for multiple domains to redirect all traffic to https?

I have a web server running nginx 1.6 with one IP address and hosting www.domainname.com as well as dev.domainname.com.
I'm trying to find a smart way to route all http traffic to https and I want to make sure that my default server is the 'www' live version of the time. So the end goal is that unless the user specifies https://dev.domainname.com they will be redirected to https://www.domainname.com.
My nginx.conf setup is configured to include for '/etc/nginx/etc/sites-enabled/*'. So my configuration example is located at 'etc/nginx/sites-enabled/www.domainname.com'.
So my question is there a better way to handle this type of setup?
# redirect all non https
server {
# all traffic should be over https
listen 80 default;
# listen for all server names
server_name *.domainname.com;
# redirect to www with https
return 301 $scheme://www.domainname.com$request_uri;
}
# configuration for the non-www redirect
server {
# non-www server name
server_name domainname.com;
# return to www
return 301 $scheme://www.domainname.com$request_uri;
}
# configuration for the live website
server {
# configuration for all https sites
listen 443 default_server ssl;
ssl on;
# www server name
server_name www.domainname.com;
# root to public directory
root /path/to/www.domainname.com/public;
# ssl certificates
ssl_certificate /etc/nginx/ssl/www.domainname.com/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/www.domainname.com/server.key;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
# error logs for www site
error_log /var/log/nginx/www.domainname.com-error.log error;
}
# configuration for the dev site
server {
# dev server name
server_name dev.domainname.com;
# root to public directory
root /path/to/dev.domainname.com/public;
# ssl certificates - using multi domain ssl
ssl_certificate /etc/nginx/ssl/www.domainname.com/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/www.domainname.com/server.key;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
# error logs for dev site
error_log /var/log/nginx/dev.domainname.com-error.log error;
}

Resources