Nginx appending 443 to rewritten routes - http

I am trying to redirect all http traffic to https. Below is my config. The traffic redirects but it adds 443 to the route which causes my app to fail.
http://mysite.com/login
Becomes
https://mysite.com:443/login
Here is my nginx config file:
server {
listen 80;
server_name mysite.com www.mysite.com;
rewrite ^ https://$server_name$request_uri? permanent;
}
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/mysite.com.crt;
ssl_certificate_key /etc/ssl/server.key;
server_name mysite.com www.mysite.com;
root /var/www/html/mysite/public/;
client_max_body_size 150M;
location /
{
index index.php index.html index.htm;
}
# Enforce No WWW - I put this in an include:
# include /etc/nginx/includes/enforce_non_www;
if ($host ~* ^www\.(.*))
{
set $host_without_www $1;
rewrite ^/(.*)$ $scheme://$host_without_www/$1 permanent;
}
# Check if file exists
if (!-e $request_filename)
{
rewrite ^/(.*)$ /index.php?/$1 last;
break;
}
# catch all
error_page 404 /index.php;
# The PHP Inclusion Block
# include /etc/nginx/includes/php;
location ~ \..*/.*\.php$
{
# I'm pretty sure this stops people trying to traverse your site to get to other PHP files
return 403;
}
location ~ \.php(.*)$
{
# Pass the PHP files to PHP FastCGI for processing
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# Deny Any Access to .htaccess Files That May Be Present (not usually in issue in Laravel)
# include /etc/nginx/includes/deny_htaccess;
location ~ /\.ht
{
deny all;
}
}

Related

Nginx Conf conflict www 502

my website work with hsts http redirection https working but when i want use www i have 502 nginx in brower
I have alias in panel www.mydomain.com
and my log error when i type nginx -t
nginx: [warn] conflicting server name "mydomain.com" on MYIP:80, ignored
nginx: [warn] conflicting server name "www.mydomain.com" on 0.0.0.0:80, ignored
Nginx.conf
server {
listen 80;
server_name www.mydomain.com;
}
server {
listen myIP:80;
server_name mydomain.com;
root /home/razor/web/mydomain.com/public_html;
index index.php index.html index.htm;
access_log /var/log/nginx/domains/mydomain.com.log combined;
access_log /var/log/nginx/domains/mydomain.com.bytes bytes;
error_log /var/log/nginx/domains/mydomain.com.error.log error;
include /home/razor/conf/web/mydomain.com/nginx.forcessl.conf*;
location / {
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
fastcgi_hide_header "Set-Cookie";
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass unix:/run/php/php7.4-fpm-mydomain.com.sock;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
}
location /error/ {
alias /home/razor/web/mydomain.com/document_errors/;
}
location ~* "/\.(htaccess|htpasswd)$" {
deny all;
return 404;
}
location /vstats/ {
alias /home/razor/web/mydomain.com/stats/;
include /home/razor/web/mydomain.com/stats/auth.conf*;
}
include /etc/nginx/conf.d/phpmyadmin.inc*;
include /etc/nginx/conf.d/phppgadmin.inc*;
include /home/razor/conf/web/mydomain.com/nginx.conf_*;
}
nginx.hsts.conf
client_max_body_size 5G;
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
if (!-e $request_filename) { rewrite ^/(.*) /index.php?_page_url=$1 last; }
fastcgi_pass unix:/run/php/php8.0-fpm-php8.fhscript.com.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;
include /etc/nginx/fastcgi_params;
}
#location / {
if (!-e $request_filename) {
rewrite ^/(.*) /index.php?_page_url=$1 last;
}
#}
location /files/ {
internal;
}
# these locations would be hidden by .htaccess normally
location /logs/ {
deny all;
}
NGINX processed the configuration file line by line or for the order of files in alphabetical order.
What is happening here is you have provided 2 blocks to NGINX that are listening on port 80.
Just remove this part and you should be good to go.
server {
listen 80;
server_name www.mydomain.com;
}

Nginx subdirectory root PHP with Rails or Django app

I'm trying to add a PHP app in subdirectory with different root location.
For example, I have a Rails app at root / and I want to add a phpBB forum at /forum location.
I also have a specific need: I want to add a rewrite rule for a file located in forum root directory (e.g. rewrite /forum/foo.php to /forum/bar.php)
I tried multiple configurations with some examples given on stackoverflow but none of the solutions work :(
If there is no solution I will use subdomain instead (e.g. forum.domain.com), but I would like to try with only one domain if possible
upstream railsApp {
server unix:/tmp/puma.sock;
}
server {
listen 80;
server_name domain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name domain.com;
root /var/www/domain.com/railsApp/public;
ssl_certificate /etc/nginx/ssl_certs/domain.com/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl_certs/domain.com/privkey.pem;
client_body_buffer_size 10M;
client_max_body_size 10M;
location / {
try_files $uri #proxy;
}
location #proxy {
include proxy_params;
proxy_pass http://railsApp;
}
# Here I want a PHP app with different root location
# forum is an example
location /forum {
root /var/www/other-location;
index index.html index.php;
include proxy_params;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# I also want to add rewrite rule for a specific file name
location ~ /foo {
rewrite ^(.*)$ /bar.php$1 last;
}
}
}
Thanks

Redirect localhost to https nginx magento

I am running a magento website on my localhost and want to redirect it to https so that service workers can get registered. my conf file is
upstream php-handler {
server unix:/var/run/php5-fpm.sock;
}
server {
listen 80;
listen *:443 ssl;
server_name mytestsite.com;
ssl_certificate /etc/nginx/ssl/wildcard.chained.crt;
ssl_certificate_key /etc/nginx/ssl/somekey.key;
return 301 https://$server_name$request_uri;
# Path to the root of your installation
root /home/webstack/magento;
index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README) {
#deny all;
}
location / {
# The following 2 rules are only needed with webfinger
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
#try_files $uri $uri/ index.php;
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php(?:$|/) {
try_files $uri $uri/ /index.php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
#fastcgi_param HTTPS on;
fastcgi_pass php-handler;
}
# Optional: set long EXPIRES header on static assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
expires 30d;
# Optional: Don't log access to assets
access_log off;
}
}
when i restart the nginx server and type the address https://mytestsite.com it says
The mytestsite.com page isn’t working
mytestsite.com redirected you too many times.
I've tried clearing the cache and cookies but its still the same.
can anyone tell me what is wrong with the conf file?
Thanks in advance.
Delete this line
return 301 https://$server_name$request_uri;
and set unsecure and secure links on magento admin panel(System>Configuration>Web)
Base URL = https://mytestsite.com
Base Link URL = https://mytestsite.com
Base Skin URL = https://mytestsite.com
Base Media URL = https://mytestsite.com
Base JavaScript URL = https://mytestsite.com

Symfony2 and NGINX - auth_basic allways asks for the password

I have a project written using Symfony2 framework and running on Nginx server.
The goal is to protect it with auth_basic.
What I did in nginx config file:
location ~ \.php(/|$) {
auth_basic 'RESTRICTED ACCESS';
auth_basic_user_file /var/www/my.passwd;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS off;
}
But there, when I try to access the page and i fill in the username and password, It asks me the same again and again.
I have some redirects on the page:
server {
listen 80;
server_name example.com;
rewrite ^ http://www.example.com$uri permanent;
}
server {
listen 80;
listen 443 default_server ssl;
ssl_certificate ssl2013/myssl.crt;
ssl_certificate_key ssl2013/myssl.key;
keepalive_timeout 70;
set $asset_dir /var/www/example.com/web/bundles/mdpimain;
server_name www.example.com;
root /var/www/example.com/web;
# strip app.php/ prefix if it is present
rewrite ^/app\.php/?(.*)$ /$1 permanent;
# rewrite home
rewrite ^/home/? / permanent;
# remove trailing slash
rewrite ^/(.*)/$ /$1 permanent;
# remove index.php
rewrite ^[/](.*)/index\.php$ /$1 permanent;
# sitemap redirection
rewrite ^/sitemap_(.*)$ /sitemap/$1 last;
location / {
index app.php;
if (-f $request_filename) {
break;
}
rewrite ^(.*)$ /app.php/$1 last;
}
EDIT1.
Another detail: the password and user I am using are ok because no logs in the nginx error.log, so there is a redirect problem.
Try checking the $remote_user, if empty, return 403.
EDIT This works for me.
server {
listen 80;
server_name www.example.com;
auth_basic 'RESTRICTED ACCESS';
auth_basic_user_file /var/web/my.passwd;
set $ok "no";
if ($remote_user ~ ^$) { break; }
if ($remote_user != '') { set $ok "yes"; }
if ($ok != "yes") {
return 403;
}
# Path for static files
root /var/web/public_html;
location / {
# try to serve file directly, fallback to app.php
try_files $uri /app_dev.php$is_args$args;
}
location ~ ^/(app|app_dev|config)\.php(/|$) {
fastcgi_pass 127.0.0.1:9000;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS off;
}
}

Nginx proxy_pass to another port with Wordpress

My problem is following: I use Wordpress on Nginx with "pretty links". I also run 2 other services on ports 88 and 1234 and I want to make a subdomains bugs.mydomain and mail.mydomain. I did the proxypass on location / but it's working only for the main directory, anything that is after the domain/ is falling into Wordpress "pretty links" mechanism. Do you have any idea how to solve this? My config files below:
The server config:
server {
listen <IP>:80;
root /usr/share/nginx/www/domain;
index index.html index.htm index.php;
server_name domain www.domain;
location / {
try_files $uri $uri/ /index.html;
if ( $host ~ "bugs.domain" ) {
proxy_pass http://domain:88;
}
if ( $host ~ "mail.domain" ) {
proxy_pass http://domain:1234;
}
}
location /doc/ {
alias /usr/share/doc/;
autoindex on;
allow 127.0.0.1;
deny all;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
include /home/domain/public_html/nginx.conf;
}
the config for specified domain (with Wordpress):
#First there is many rewrites for the W3TC plugin, like minification, caches etc
if ($host ~* ^www\.(.*))
{
set $host_without_www $1;
rewrite ^/(.*)$ $scheme://$host_without_www/$1 permanent;
}
#
# unless the request is for a valid file, send to bootstrap
if (!-e $request_filename)
{
rewrite ^(.+)$ /index.php?q=$1 last;
}
Now, when I enter domain:88 or domain:1234 it works. When I enter bugs.domain the website loads, but no CSS or images works as the url is bugs.domain/somapath and this falls into the Wordpress bootstrap. I run out of the ideas.
why create only 1 server with if's in it, separate the servers
server {
listen 80;
server_name bugs.example.com;
proxy_pass http://example.com:88;
}
server {
listen 80;
server_name mail.example.com;
proxy_pass http://example.com:1234;
}
server {
listen 80;
# the rest of your main server
#
}
So the problem was completely different then I thought. it was failing on this line:
try_files $uri $uri/ /index.html;
The problem was, that file index.html didn't exist, I only had index.php. Changing it solved the problem.

Resources