I want to strip the www from my url in my nginx configuration and looking around the documentation and stack overflow posts I wrote the following configuration but it doesn't seem to be working.
server_name {
server_name www.subdomain.domain.com;
rewrite ^(.*) https://subdomain.domain.com/$1 permanent
}
server_name {
server_name subdomain.domain.com;
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /file;
index index.html index.htm app.js;
location /{
proxy_pass https://subdomain.domain.com:443/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /*/ {
proxy_pass https://subdomain.domain.com:443/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests
#location /RequestDenied {
# proxy_pass http://127.0.0.1:8080;
#}
error_page 404 /404.html;
}
But it doesn't seem to be working at all. However whenever I try to go to the site using www.subdomain.domain.com i can't access the site but doing https://subdomain.domain.com works fine. Any advice on this would be great thanks.
You have typo in nginx config (server_name instead server), and try return instead rewrite as more proper way:
server {
server_name www.subdomain.domain.com;
return 301 $scheme://subdomain.domain.com$request_uri;
}
Related
I only want to allow access to my server from one domain. Lets say my domain is called "mydomain.mydomain.com" (yes, it is a subdomain).
Normally I would write everywhere server_name mydomain.mydomain.com, but I changed it to a non-existing domain and I can still enter the website? Why is my website working also from other domains? I know nginx is normally using the first server-block if no server_name is found, but my first server-block is my catch-all non-existing domain block. I defined server_name _; and default_server, but still, my website is working.
I have the following configuration:
server {
#If server_name mydomain.mydomain.com is not found return 444
listen 80 default_server;
server_name _;
return 444;
}
# redirect all traffic to https if the domain is mydomain.mydomain.com (server_name)
server {
listen 80;
listen [::]:80;
#-------------------------------------------
# I CHANGE HERE TO A NON-EXISTING DOMAIN AND MY WEBSITE IS STILL WORKING?!?!?
#-------------------------------------------
server_name nonExistingDomain.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /config/www;
index index.html index.htm index.php;
#-------------------------------------------
# I CHANGE HERE TO A NON-EXISTING DOMAIN AND MY WEBSITE IS STILL WORKING?!?!?
#-------------------------------------------
server_name nonExistingDomain.com;
# enable subfolder method reverse proxy confs
include /config/nginx/proxy-confs/*.subfolder.conf;
# all ssl related config moved to ssl.conf
include /config/nginx/ssl.conf;
client_max_body_size 0;
error_page 404 =200 /portal;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options "SAMEORIGIN";
location = / {
return 301 https://mydomain.mydomain.com/portal;
#try_files $uri $uri/ /index.html /index.php?$args =404;
}
location /pea {
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8080/pea;
# do not pass the CORS header from the response of the proxied server to the
# client
#proxy_hide_header 'Access-Control-Allow-Origin';
}
location /portal {
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8180/portal;
}
location /auth {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8280/auth;
}
}
You are listening to the IpV6 network socket in your server blocks where you change domain to non-existent. Since there are no other such server blocks, they are the default for those IPv6 ports.
Note that your first server block is default only for IPv4 network socket listen 80 default_server;.
Thus the behavior can be explained only by the fact that you are connecting/testing over IpV6.
To avoid inconsistency, use default_server for all your listen options. E.g. in the first server block add default server for IPv6 too:
server {
#If server_name mydomain.mydomain.com is not found return 444
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 444;
}
I'm trying to migrate from WordPress to self hosted Ghost blog. In the process I wish to clean up url's for my posts from https://example.com/categoryid/slug to https://example.com/slug. Cateogryid is seems to be whole number containing 1-4 digits.
The problem is that I have also urls that I don't want to rewrite
don't rewrite for img: https://example.com/content/images/2020/01/logo.png
rewrite for post: https://example.com/1886/slug
What I have tried:
this works, but for both url's
rewrite ^(.*)(\/\d*\/)(.*)$ https://example.com/$3 redirect;
this should be a match with an online regEx tester, but does not work
rewrite \.*(com)(\/\d*\/)(.*)$ https://example.com/$3 redirect;
passing proxy before and after rewrite rules
location /content/ {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass example_ip ;
}
full config:
server {
listen 80;
listen [::]:80;
server_name www.example.com example.com;
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
# redirect /id/slug -> slug
rewrite ^(.*)(\/\d*\/)(.*)$ https://example.com/$3 redirect;
# redirect category -> tag
rewrite (category\/)(.*)$ https://example.com/tag/$2 permanent;
# redirect blog -> archive
rewrite (blog\/)$ https://example.com/archive permanent;
root /var/www/ghost/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/nginx/snippets/ssl-params.conf;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://example_ip;
}
location ~ /.well-known {
allow all;
}
client_max_body_size 50m;
}
In the URLs https://example.com/content/images/2020/01/logo.png and https://example.com/1886/slug, the URI seen by the rewrite directive is /content/images/2020/01/logo.png and /1886/slug respectively.
You need to rewrite URIs which contain 1 to 4 digits in the first path element.
Use either:
rewrite ^/\d+(/.*)$ $1 redirect;
Or:
rewrite "^/\d{1,4}(/.*)$" $1 redirect;
The last variant must use the quotes to protect the embedded brace characters.
See this document for details.
Is it possible to mask a sub-domain to point to another sub-domain like so:
sub.domain.comto sub2.domain.com/example/example2.
I was able to sort of get this by using this nginx configuration:
server {
listen 443 ssl http2; # managed by Certbot
<!-- ssl_certificate goes here -->
server_name sub.domain.com;
rewrite ^/?$ https://sub2.domain.com/example/example2 permanent;
}
But the problem with this config is that when you go to sub.domain.com you are redirected to sub2.domain.com/example/example2 instead of just masking the URL.
And if I go to sub.domain.com/test instead of going to sub2.domain.com/example/example2/test it just shows 404 page.
Finally! I figured it out myself.
Instead of rewrite I had to use proxy_pass. And to extend the URL, I just needed to add a / to the end of URL:
location / {
proxy_pass https://sub2.domain.com/example/example2/; <-- Note the slash at the end
proxy_redirect off;
proxy_set_header X-Real-IP sub2.domain.com;
proxy_set_header X-Forwarded-For sub2.domain.com;
proxy_set_header Host sub2.domain.com;
}
Full code:
server {
listen 443 ssl http2; # managed by Certbot
<!-- ssl_certificate goes here -->
server_name sub.domain.com;
location / {
proxy_pass https://sub2.domain.com/example/example2/;
proxy_redirect off;
proxy_set_header X-Real-IP sub2.domain.com;
proxy_set_header X-Forwarded-For sub2.domain.com;
proxy_set_header Host sub2.domain.com;
}
}
I have the following configuration in a linux nginx reverse proxy setup. All is working fine for the basic redirection. What I want to achieve is a rewrite from webmail.someserver.net to webmail.someserver.net/gw
I can't seem to get any rewrite rule to achieve this successfully and I'm probably missing something very simple. Can anyone provide any ideas?
Thanks
server {
listen 80;
server_name webmail.someserver.net;
access_log /var/log/www/webmail.someserver.net.access.log;
error_log /var/log/www/webmail.someserver.net.error.log error;
rewrite ^ https://$http_host$request_uri? permanent; # force redirect http to https
index index.html index.htm;
}
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/servercerts/someserver.net.chained.crt; # path to your cacert.pem
ssl_certificate_key /etc/ssl/servercerts/certified_wildcard_certificate_Private.key; # path to your privkey.pem
server_name webmail.someserver.net; #Domain Name
proxy_set_header X-Forwarded-For $remote_addr;
# rewrite ^ $scheme://$host/gw redirect;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
server_tokens off;
location / {
proxy_pass https://ebvl-009.cdn.someserver.net;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
If you simply want to redirect / to /gw use:
location = / {
return 301 /gw;
}
See this and this for more details.
As an aside, your statement rewrite ^ https://$http_host$request_uri? permanent; can also be written more simply as: return 301 https://$http_host$request_uri
I have the following Nginx server block:
server {
listen 80;
listen [::]:80;
server_name example.com;
root /usr/share/nginx/html;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://localhost/page-1/;
}
}
I would like that when the user gets a 404 error on example.com, the proxy_pass should change to direct to http://localhost/example-404/.
However, this server block and the one for http://localhost both have the same root so alternatively it could just point to /example-404/ internally, I'm not sure which is easier to do. Either way, I want the address in the browser's address bar to stay the same.
The reason I want this is that there will be a different 404 page if accessing the server from http://localhost directly. I would really appreciate anyone's thoughts on this!
You can use different vhosts to give different results depending on how the user is accessing the server. I'd imagine something like this might work:
server {
listen 80;
server_name example.com;
root /usr/share/nginx/html;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_intercept_errors on;
error_page 404 = #errors;
proxy_pass http://localhost/page-1/;
}
location #errors {
root /usr/share/nginx/errors/example.com.404.html;
}
}
server {
listen 80;
server_name localhost;
root /usr/share/nginx/html;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_intercept_errors on;
error_page 404 = #errors;
proxy_pass http://localhost/page-1/;
}
location #errors {
root /usr/share/nginx/errors/localhost.404.html;
}
}