I tried to achieve this as described in the manual (server_name .site.name), but it not seem to work (404 Not found). Can I do this without redirecting?
Here is the config.
server {
listen 80;
listen 443 ssl;
server_name .site.name;
ssl_certificate certs/mshop-production.crt;
ssl_certificate_key certs/mshop-production.key;
passenger_set_cgi_param HTTP_X_FORWARDED_PROTO $scheme;
error_log /var/log/nginx/mshop-production.error.log error;
access_log /var/log/nginx/mshop-production.access.log;
root /home/deployer/apps/production/mshop/current/public;
passenger_enabled on;
rails_env production;
gzip on;
gzip_types application/x-javascript application/javascript text/javascript text/css;
client_max_body_size 50m;
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires 1M;
}
}
why not modify your A query record in your domain-name server?
I think it is more simple for you .
server_name server.name www.server.name;
would do. You can also use wildcards
server_name server.name *.server.name;
Related
I am building a static website on my Olimex Lime2 board (Armbian OS) using Nginx as my webserver. My problem that no matter what static site builder or theme I use, when I go to view the public site, there is no CSS styling. Here is the public site: https://natehn.com
I have tried several themes on Hugo and Jekyll, with little or no modification to the default settings. This is why I think the issue is with Nginx.
I have explored this question and done plenty of Googling but was unable to determine a solution. I'm self-taught and don't know what I am looking for. Hopefully I missed something simple and this is an easy fix.
Here is my nginx.conf:
events {}
# Expires map
http {
map $sent_http_content_type $expires {
default off;
text/html 7d;
text/css max;
application/javascript max;
~image/ max;
}
server {
listen 80;
server_name natehn.com;
location / {
return 301 https://$server_name$request_uri;
}
}
server{
listen 443 ssl http2;
server_name natehn.com;
charset UTF-8; #improve page speed by sending the charset with the first response.
location / {
root /home/nathan/blog/public;
index index.html;
autoindex off
}
#Caching (save html pages for 7 days, rest as long as possible, no caching on frontpage)
expires $expires;
location #index {
add_header Last-Modified $date_gmt;
add_header Cache-Control 'no-cache, no-store';
etag off;
expires off;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root /var/www/;
#}
#Compression
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
# Logs
access_log /var/log/nginx/natehn.com.com_ssl.access.log;
error_log /var/log/nginx/natehn.com_ssl.error.log;
# SSL Settings:
ssl_certificate /etc/letsencrypt/live/natehn.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/natehn.com/privkey.pem;
# Improve HTTPS performance with session resumption
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
# Enable server-side protection against BEAST attacks
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
# Disable SSLv3
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# Lower the buffer size to increase TTFB
ssl_buffer_size 4k;
#CAUSED ERROR
# Diffie-Hellman parameter for DHE ciphersuites
# $ sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
#ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Enable HSTS (https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security)
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
# Enable OCSP stapling (http://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox)
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/natehn.com/fullchain.pem;
resolver 192.34.59.80 66.70.228.164 valid=300s;
resolver_timeout 5s;
}
}
And here is my sites-available/natehn.com, which is linked to sites-enabled:
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
root /home/nathan/blog/public;
# Add index.php to the list if you are using PHP
index.html;
server_name natehn.com www.natehn.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
}
I have explored everything I know. Any tips on where to look for potential solutions? Let me know if there is something else you need to look at.
Many thanks :) N
The css link has been blocked because of mixed content - the page is loaded over https:// but the href for the css is plain http://
Same will be true for your favicon etc.
As a general approach, to use the same protocol as the parent page, simply miss that off the href, for example:
<link rel="stylesheet" href="//natehn.com/css/style-white.css">
Edit: Better solution for site builders is to set the base URL to make sure constructed hrefs always use the correct protocol, https in your case:
For Hugo, see baseURL in https://gohugo.io/getting-started/configuration/
For Jekyll, see baseurl in https://jekyllrb.com/docs/configuration/options/
Wordpress and others have similar options.
I am trying to set up an angular app and a dotnet core web api on the digitalocean server. I have successfully configured the setting for these two ( at least I believe I did ). However there is this one problem - all the request whether that be maindomain.xyz or api.maindomain.xyz - every requests are handled by the api.maindomain.xyz configuration.
Is this an intended behaviour ? If its not, could you help me find a solution?
Here is the nginx configuration.
root#ubuntu-s-1vcpu-1gb-blr1-01:/etc/nginx/sites-enabled# sudo nginx -T
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
# configuration file /etc/nginx/sites-enabled/api.maindomain.xyz.conf:
server {
listen 80;
server_name api.maindomain.xyz;
return 301 https://$server_name$request_uri;
}
server {
listen 443;
server_name api.maindomain.xyz;
ssl_certificate /etc/letsencrypt/live/maindomain.xyz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/maindomain.xyz/privkey.pem;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
gzip on;
gzip_http_version 1.1;
gzip_vary on;
gzip_comp_level 6;
gzip_proxied any;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/javascript text/xml application/xml application/rss+xml ap
lication/atom+xml application/rdf+xml;
gzip_buffers 16 8k;
gzip_disable “MSIE [1-6].(?!.*SV1)”;
access_log /var/log/nginx/access.log;
location / {
proxy_pass https://localhost:5001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# configuration file /etc/nginx/sites-enabled/maindomain.xyz.conf:
server {
server_name maindomain.xyz;
listen 80;
listen [::]:80;
return 301 https://$server_name$request_uri;
root /var/www/html;
index index.html index.htm;
location ~* \.(?:html|js)$ {
expires -1;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
root /var/www/html;
index index.html index.htm;
ssl_certificate /etc/letsencrypt/live/maindomain.xyz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/maindomain.xyz/privkey.pem;
location ~* \.(?:html|js)$ {
expires -1;
}
}
Removed some configuration for brevity.
The problem is in the last server block, where server_name is missing.
This block should contain the following, for example below the listen lines:
server_name maindomain.xyz;
I've seen many ways of dealing with redirecting http://example.com or example.com (with or without www.) or https://example.com to https://www.example.com.
The way I use is in this nginx configuration:
error_log /dev/stdout info;
upstream django_server {
server app:8001 fail_timeout=0;
}
server {
listen 80;
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/nginx/ssl/certificate.chained.crt;
ssl_certificate_key /etc/nginx/ssl/example.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
return 301 https://www.example.com$request_uri;
}
server {
listen 80;
server_name www.example.com;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
return 301 https://www.example.com$request_uri;
}
server {
listen 443 default_server ssl;
server_name www.example.com;
client_max_body_size 4G;
charset utf-8;
keepalive_timeout 70;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
gzip on;
gzip_http_version 1.1;
gzip_disable "MSIE [1-6]\.";
gzip_min_length 256;
gzip_vary on;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/javascript application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss;
gzip_comp_level 9;
ssl_certificate /etc/nginx/ssl/certificate.chained.crt;
ssl_certificate_key /etc/nginx/ssl/example.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location /static/ {
root /usr/share/nginx/sasite/;
expires 30d;
autoindex off;
location /static/download/ {
location ~* \.(pdf|docx|zip|rar)$ {
add_header Content-Disposition 'attachment; filename="$request_filename"';
}
}
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
if (!-f $request_filename) {
proxy_pass http://django_server;
break;
}
}
}
But I have also seen versions where multiple server_name values are set like so:
server {
listen 80;
server_name example.com www.example.com;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
return 301 https://www.example.com$request_uri;
}
server {
listen 443 default_server ssl;
server_name example.com www.example.com;
client_max_body_size 4G;
charset utf-8;
keepalive_timeout 70;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
ssl_certificate /etc/nginx/ssl/certificate.chained.crt;
ssl_certificate_key /etc/nginx/ssl/example.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
}
I've seen other ways to do it as well, that did not seem as effective. What is the actual ideal approach to handling this scenario? My current configuration works, but I'd like to learn the best practices.
It comes down to preference. Do you want your users to always see (or always not see) the "www." portion? If so, use the redirect method. If you don't care whether they see it or not, use multiple server_name/server_alias entries.
I have a question related with Nginx redirects
Bellow you can see configurations.
My goal is to redirect from https://example.com to https://www.example.com
I looked through almost all in stackoverflow and I didn't find any help. Please help me with this issue. I will provide all necessary information about my Nginx Web Server.
I hope you will help me, with this difficult question.
My file nginx.conf looks like there:
user www-data;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 768;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_names_hash_bucket_size 64;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_static on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 9;
# gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xm$
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
My file /etc/nginx/sites-enabled/example:
server {
listen 80;
server_name example.com www.example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl;
server_name www.example.com;
ssl_stapling on;
ssl on;
ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem; # managed by Certbot
root /var/www/example/public;
index ../views/index.html;
location /img/ {
proxy_pass http://127.0.0.1:3010;
proxy_cache off;
proxy_cache_key "$proxy_host$uri$is_args$args";
}
location / {
proxy_pass http://127.0.0.1:3010;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|css|js|html)$ {
root /var/www/example/public;
expires 1y;
access_log off;
add_header Cache-Control "public";
}
}
Just create a server for non-www requests, for example:
# redirect http to https
server {
listen 80;
server_name www.example.com example.com;
return 301 https://www.example.com$request_uri;
}
# redirect http://example.com to https://www.example.com
server {
listen 443 ssl;
server_name example.com;
# ssl ...
return 301 https://www.example.com$request_uri;
}
# https://www.example.com
server {
listen 443 ssl;
server_name www.example.com;
# ssl ...
}
The DNS records for example.com and www.example.com should be pointing to your Nginx server
Quick instruction for redirect and also for ssl
Don't write all conf all your sites in one file nginx.conf. Separate these. You have two folders for it /etc/nginx/sites-available/ and /etc/nginx/sites-enabled/
Add file for your site for example /etc/nginx/sites-available/example
Make link ln -s /etc/nginx/sites-enabled/example
To this conf file paste text below:
server {
listen 80;
server_name example.com www.cova.company;
return 301 https://www.example.company$request_uri;
}
server {
listen 443 ssl;
server_name www.example.com;
ssl_stapling on;
ssl on;
ssl_certificate /etc/letsencrypt/live/www.site.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.site.com/privkey.pem;
# your location there a
}
In you nginx.conf ypu already have row include /etc/nginx/sites-enabled/*; it means automatically take all of their sites configs from folder sites-enabled
After it check syntax with command nginx -t and reload your nginx with command systemctl reload nginx
And after all off this who call your site via http://example.com or https://example.com will be redirected to https://www.example.com
Problem
Other sites work with exactly the same configuration, but one site is different and does not work. Browser outputs ERR_CONNECTION_RESET. Nginx logs 6819 # 0: signal process started.
If you change server _name to another domain then everything works.
Help someone who came across. Thank you.
My config nginx:
server {
server_name example.com *.example.com;
listen 80;
return 301 https://$host$request_uri;
}
server {
server_name example.com *.example.com;
listen 443 ssl http2;
# resolver 8.8.8.8;
root /usr/share/nginx/sites/example.com/html;
keepalive_timeout 65;
gzip on;
gzip_disable "msie6";
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;
#autoindex on;
index index.php index.html index.htm;
ssl on;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
location ~ /.well-known {
allow all;
}
error_page 404 /404.html;
# proxy the PHP scripts to Apache listening on 127.0.0.1:8080
#
location ~ \.php$ {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://127.0.0.1:8080;
}}
I solved this problem... Proxy server didn't work. Face palm.