I am developing a new project that uses forced HTTPS navigation where we need to display an iframe with content that is not HTTPS.
Issue comes that in Nginx I am forcing the usage of HTTPS with a redirect for any request.
I want to add an "exception" in the rewrite for the URL demo.html, I have no clue how to do this properly, any help much appreciated. Thanks
This is our Nginx config file:
server {
listen 80;
listen [::]:80;
server_name
www.domain.com
domain.com
;
rewrite ^ https://$server_name$request_uri? permanent;
}
server {
listen 443 ssl spdy;
listen [::]:443 ssl spdy;
server_name
www.domain.com
domain.com
;
### redirect www to no www with client code 301 ###
if ($host = 'www.domain.com') {
rewrite ^/(.*)$ https://domain.com/$1 permanent;
}
root /srv/users/public;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-SSL on;
proxy_set_header X-Forwarded-Proto $scheme;
}
index index.php;
# Don't serve hidden files.
location ~ /\. {
deny all;
}
location /
{
try_files $uri /index.php?$args;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param KOHANA_ENV PRODUCTION;
fastcgi_pass 127.0.0.1:2222;
try_files $uri =404;
}
At the end I will disable the HTTPS redirect for all and allow browsing also without the HTTPS.
So what I did is to force the homepage to be HTTPS and the rest of link I print they are always HTTPS except that one I need that doesnt use HTTPS. I did this: ## we only force the HTTPS to the home page but we allow to browse without HTTPS if they want to.
## we only force the HTTPS to the home page but we allow to browse without HTTPS if they want to.
if ($request_uri = /) {
set $test A;
}
if ($scheme = 'http') {
set $test "${test}B";
}
if ($test = AB) {
rewrite ^/(.*)$ https://yclas.com/$1 permanent;
}
## END if Hack
Related
I have a simple Symfony application, using Webpack Encore.
I also have a nginx server, with this below configuration to access to my Symfony app:
server {
listen 8080;
server_name localhost;
root D:/Projects/SampleApp/public;
location / {
root D:/Projects/SampleApp/;
try_files /public/$uri /public/$uri /assets/$uri /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_pass php_farm;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
}
}
When I access to http://localhost:8080, my Symfony app works well.
I would like to add another nginx as a reverse proxy, that point http://localhost/SampleApp to http://localhost:8080.
I create this nginx configuration file :
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
ssl_certificate D:/Projects/certificate.crt;
ssl_certificate_key D:/Projects/certificate.key;
server_name localhost;
location /SampleApp/ {
rewrite ^/SampleApp(/.*)$ $1 break;
proxy_pass http://localhost:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
}
}
When I access to http://localhost/SampleApp/login, my Symfony login page works. But :
Assets are not loaded because the base doesn't contains the "SampleApp" prefix (it call http://localhost/assets/app.css instead of http://localhost/SampleApp/assets/app.css)
Links and redirections doesn't works too for the same problem
Do you have any ideas to resolve this problem please ?
Thanks
i have some problem with my nginx configuration. I am new with nginx by the way ..
I want to host multiple websites on one single server. Ubuntu 16.04 installed.
Example:
www.myDomain.com - should point to a normal webroot equ: /var/www/html
wiki.myDomain.com - should reverse-proxy to my confluence application at localhost:8090
blog.myDomain.com - should point to another webroot equ: /var/www/blog
I tried to configure the base url = www.myDomain.com and the wiki reverse proxy.
My files look like this:
default:
server {
listen 80 default_server;
# listen [::]:80 default_server;
server_name myDomain.com www.myDomain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name myDomain.com www.myDomain.com
include snippets/ssl-www.myDomain.com.conf;
include snippets/ssl-params.conf;
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name myDomain.com www.myDomain.com;
location / {
allow all;
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location /phpmyadmin {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
}
my wiki.myDomain.com witht the reverse proxy:
server {
listen 80;
# listen [::]:80;
server_name wiki.myDomain.com;
return 301 https://$server_name$request_uri;
}
server {
listen wiki.myDomain.com:443 ssl;
# listen [::]:443;
add_header Strict-Transport-Security "max-age=31536000";
include snippets/ssl-wiki.myDomain.com.conf;
include snippets/ssl-params.conf;
# root /var/www/wiki.myDomain.com;
location /.well-known {
root /var/www/wiki.myDomain.com/;
# default_type text/plain;
}
location / {
client_max_body_size 100m;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8090;
}
location /synchrony {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8091/synchrony;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
So here my problem:
Wiki.myDomain.com is working fine !
www.eida.at is allways auto forwarding to https://wiki.myDomain.com for some reason
with www.myDomain.com i want to have a separate website - no forward to the wiki. Seems that the reverse proxy part is used any time - doesnt matter which url i choose.
Thanks for help !
I have an Nginx with Docker for my development environment with HTTP and HTTPS, here's the configuration:
listen 80;
listen 443 ssl;
set_real_ip_from 10.0.0.0/8;
real_ip_header X-Real-IP;
real_ip_recursive on;
location / {
try_files $uri #rewriteapp;
}
location #rewriteapp {
rewrite ^(.*)$ /app.php/$1 last;
}
location ~ ^/(app|app_dev|app_test|config)\.php(/|$) {
fastcgi_pass php-upstream;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS $https;
}
I want to test HTTP and HTTPS in my local environment but in production, I have an Nginx reverse proxy in front with:
upstream app_upstream {
server app:80;
}
server {
server_name $APP_DOMAIN;
listen 443 ssl;
ssl_certificate /run/secrets/app_cert.pem;
ssl_certificate_key /run/secrets/app_key.pem;
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / {
proxy_pass http://app_upstream;
}
}
I want the reverse proxy to accept the only HTTPS and forward to the application nginx but my PHP application behind is receiving $_SERVER['HTTPS'] = ""
I also want to keep the SSL certificate only on the reverse proxy, how do I pass HTTPS from reverse proxy to Nginx to PHP?
The HTTPS variable is set to $https (which is set according to the connection to the backend server, which will always be HTTP), but you want it to be set according to the forwarded connection.
You can use the X-Forwarded-Proto header to set the HTTPS variable using a map. For example:
map $http_x_forwarded_proto $https_flag {
default off;
https on;
}
server {
...
location ~ ^/(app|app_dev|app_test|config)\.php(/|$) {
...
fastcgi_param HTTPS $https_flag;
...
}
}
See this document for more.
I want to understand the connections between Nginx Config Files, Domains and Wordpress Site URL.
I map my domain blog.example.com to my ip: xxx.xxx.xxx.xxx/wordpress/
in the Wordpress SiteUrl i set blog.example.com
How should my NGINX configuration file look like?
Edit
My Configuration works in the first step, I get to the Frontpage, but when clicking on permalinks, I get redirected to the Frontpage again instead of the Post.
My current Config looks like this:
server {
listen 80 default_server;
root /var/www/wordpress/;
index index.html index.htm index.php
server_name blog.example.com;
location ~\.php$ {
try_files $uri =404;
fastcgi_pass php:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param REQUEST_URI $uri?$args;
}
location / {
try_files $uri /index.php$args;
}
}
Edit
In Nginx Debug Log I see the REQUEST_URI is /wordpress/postname/
but as i understand it should be just /postname/
How about this:
server {
listen 80;
server_name _;
return 404; # default
}
server {
listen 80;
server_name blog.example.com;
location / {
return 301 http://blog.example.com/wordpress;
}
location ^~ /wordpress {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://xxx.xxx.xxx.xxx;
}
}
I have moved my site to a new server running nginx from apache.
The old site structure was:
example.com/NEW/
The new structure:
example.com/
I have a few applications that still reference uploads/files like:
example.com/NEW/assets/images/7871862618261826.jpg
I need to rewrite all the requests that include the /NEW/ parameter.
eg:
example.com/NEW/assets/images/7871862618261826.jpg
should be routed to:
example.com/assets/images/7871862618261826.jpg
My Current Nginx config looks like:
server {
listen 80;
server_name www.domain.com domain.com;
return 301 https://www.domain.com$request_uri;
}
server {
listen 443;
if ($http_host = domain.com) {
rewrite (.*) https://www.domain.com$1;
}
location /NEW/ {
rewrite ^/NEW(.*)$ $1 last;
#return 405;
#return 301 https://www.domain.com$request_uri;
}
server_name domain.com www.domain.com;
access_log /var/log/nginx/domaincom.access.log;
error_log /var/log/nginx/domaincom.error.log;
root /var/www/domain.com/public_html/;
index index.html index.htm index.php;
#set default location
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080;
}
}
How can I achieve the rewrite?
I Finally got it working with the below location block:
location ~ /NEW/.*\.(png|jpg|gif|pdf|doc)$ {
rewrite ^/NEW(.*)$ $1 last;
}
It seems the location block was not being executed as required.