I'm very new to nginx, so forgive me if my explanations are off. I'll do my best to explain what I am trying to achieve.
Using WordPress and nginx, I would like user accounts to be mapped to a subdomain of the main domain. For example, if the user creates an account called "sample", the subdomain for that user would be sample.example.com.
When the user goes to sample.example.com, the subdomain should be mapped to example.com/sample/. Similarly, if a user visits sample.example.com/account/, it should map to example.com/sample/account/, and so on and so forth. It should be noted that the example.com/sample/ URLs are rewrites of this type of structure: example.com/index.php?user=sample.
There are also a few reserved subdomains that should not be redirected, such as cdn and admin. They should be ignored by these rules if they are requested.
How can I achieve this automatically when a user creates an account? The goal here is automation - set it up once correctly and not worry about it. Since I have literally just started working with nginx a few days ago, I'm not sure where to start at all. Any advice to move me in the right direction would be incredibly helpful. Here is my current config file for the domain:
server {
listen 80;
server_name www.example.com;
rewrite ^(.*) $scheme://example.com$1 permanent;
}
server {
listen 443 ssl;
server_name www.example.com;
rewrite ^(.*) $scheme://example.com$1 permanent;
}
server {
listen 80;
server_name example.com;
access_log /var/www/example.com/logs/access.log;
error_log /var/www/example.com/logs/error.log;
root /var/www/example.com/public;
index index.php;
location / {
try_files $uri $uri/ #wordpress /index.php?q=$request_uri;
}
location #wordpress {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME /var/www/example.com/public/index.php;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_NAME /index.php;
}
# Pass the PHP scripts to FastCGI server listening on UNIX sockets.
#
location ~ \.php$ {
try_files $uri #wordpress;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/example.com/public$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 443 ssl;
ssl on;
keepalive_timeout 70;
server_name example.com;
ssl_certificate ssl/example.com.chained.crt;
ssl_certificate_key ssl/example.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
root /var/www/example.com/public;
index index.php;
location / {
try_files $uri $uri/ #wordpress /index.php?q=$request_uri;
}
location #wordpress {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME /var/www/example.com/public/index.php;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_NAME /index.php;
}
# Pass the PHP scripts to FastCGI server listening on UNIX sockets.
#
location ~ \.php$ {
try_files $uri #wordpress;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/example.com/public$fastcgi_script_name;
include fastcgi_params;
}
}
I understand that what I am trying to achieve probably needs to go into the /etc/nginx/nginx.conf file if I want it to be automated, and I am actively trying to learn how to achieve this. I'm just stuck where I am at now and am looking for any advice/help that would point me in the right direction. I'm eager to learn!
ANSWER
After days of searching, tweaking, and configuring, I've gotten down the code needed to map subdomains to URLs exactly like in my example. Here is my vhost for example.com: https://gist.github.com/thomasgriffin/4733283
server {
listen 80;
listen 443 ssl;
server_name ~^(?<user>[a-zA-Z0-9-]+)\.example\.com$;
location / {
resolver 8.8.8.8;
rewrite ^([^.]*[^/])$ $1/ permanent;
proxy_pass_header Set-Cookie;
proxy_pass $scheme://example.com/user/$user$request_uri;
}
}
server {
listen 80;
listen 443 ssl;
server_name www.example.com;
return 301 $scheme://example.com$request_uri;
}
server {
listen 80;
server_name example.com;
access_log /var/www/example.com/logs/access.log;
error_log /var/www/example.com/logs/error.log;
root /var/www/example.com/public;
index index.php;
location / {
try_files $uri $uri/ #wordpress /index.php?q=$request_uri;
}
location #wordpress {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_NAME /index.php;
}
# Pass the PHP scripts to FastCGI server listening on UNIX sockets.
#
location ~ \.php$ {
try_files $uri #wordpress;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 443 ssl;
ssl on;
keepalive_timeout 70;
server_name example.com;
ssl_certificate ssl/example.com.chained.crt;
ssl_certificate_key ssl/example.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
root /var/www/example.com/public;
index index.php;
location / {
try_files $uri $uri/ #wordpress /index.php?q=$request_uri;
}
location #wordpress {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_NAME /index.php;
}
# Pass the PHP scripts to FastCGI server listening on UNIX sockets.
#
location ~ \.php$ {
try_files $uri #wordpress;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
The main chunk of the mapping is done in the first server block. I'm targeting any subdomain (I will have already weeded out restricted subdomains with other non-relevant code) and rewriting it to ensure that it has a trailing slash to avoid any internal redirects by WordPress for URLs without a trailing slash. From there, the resolver directive is required to resolve URLs defined in proxy_pass, so I am resolving with Google's DNS. I'm also using the proxy_pass_header directive to send over cookies in order to keep WordPress login authentication in tact. proxy_pass defines the URL to map to.
It should also be noted that if you want to use login authentication as well with subdomains, you need to define your custom cookie domain in wp-config.php like this:
define('COOKIE_DOMAIN', '.example.com');
And that should be it. You can now enjoy URLs like subdomain.example.com that map to example.com/user/subdomain/ or whatever you want. From there, you can utilize WordPress' Rewrite API to map the mapped URL to specific query args that can be sent to $wp_query for loading custom templates, etc.
the following should do it:
server {
listen 80; listen 443;
server_name *.example.com;
if ($host ~ "^(.*)\.example\.com$" ) { set $subdomain $1;}
rewrite ^ $scheme://example.com/$subdomain/$request_uri permanent;
}
(as an aside: the regex ^ matches all url's the most efficiently, and the standard nginx variable $request_uri holds the uri including arguments so you don't need the (.*) group in the rewrite)
additionally add a second serverblock for the domains you don't want redirected:
server {
listen 80; listen 443;
server_name cdn.example.com admin.example.com;
# do whatever with the requests of the reserved subdomains;
}
I think .htaccess is not working with nginx.
I use Nginx As Reverse Proxy Server port 80 and Apache as web server
HERE
Related
in sites-enabled file test.com.conf:
map $http_host $blogid {
default 0;
test.com 1;
}
server {
listen 5.187.1.93:80;
server_name test.com *.test.com;
root /home/fornex/wordpress;
access_log /var/log/nginx/test.com-access.log;
error_log /var/log/nginx/test.com-error.log;
include conf.d/restrictions.conf;
# include /home/fornex/wordpress/nginx.conf;
include conf.d/wordpress-mu.conf;
}
file site.com.conf:
server {
listen 5.187.1.93:80;
server_name site.com *.site.com;
return 301 https://$host$request_uri;
}
server {
listen 5.187.1.93:443 ssl;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_certificate /etc/letsencrypt/live/site.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site.com/privkey.pem;
server_name site.com *.site.com;
root /home/fornex/site.com;
index index.php;
client_max_body_size 7m;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~* /\. {
deny all;
}
location ~*\.(php)$ {
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
when I open test.com(It should be a wordpress installation) - site.com opens. What is wrong? How can I make them separate sites? I searched a lot in WEB but didn't find anything that helps in my situation. Adding *.test.com didn't help.
I'm currently working on creating a dockerized server with two sites. I want them both to run over port 443. So far, I've managed to get one of them running on their own using the nginx reverse proxy, but when I try to do both, it seems to be totally ignoring my server.
stream {
upstream shop_local_xposi_com {
server 127.0.0.1:9000;
}
upstream sockets_local_xposi_com {
server 127.0.0.1:9001;
}
map $ssl_preread_server_name $upstream {
shop.local.xposi.com shop_local_website_com;
socket.local.xposi.com sockets_local_website_com;
}
# SHOP webserver
server {
# SSL
listen 127.0.0.1:9000 ssl;
ssl_certificate /etc/nginx/certs/website.com.crt;
ssl_certificate_key /etc/nginx/certs/website.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
index index.php index.html;
root /var/www/public;
location / {
try_files $uri /index.php?$args;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass app:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
# SOCKET webserver
server {
# SSL
listen 127.0.0.1:9001 ssl;
ssl_certificate /etc/nginx/certs/website.com.crt;
ssl_certificate_key /etc/nginx/certs/website.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
index index.php index.html;
root /var/www/public;
location / {
try_files $uri /index.php?$args;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass socket:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
server {
listen 443;
ssl_preread on;
proxy_pass $upstream;
}
}
When running just one server, this config gile was just one of the larger server sections, which worked perfectly. But when trying to create the set up I'm trying to create (diagram below), it instantly redirects to the API on my accept environment. My guess as to why this specific api is because it's the next available line with the same domain in my window's hosts file, so the browser gets told to go there(?).
For any further information that I forgot to give, please ask.
I have similar function but I do have different "servers" listening to different server_name configuration
server {
listen 80 ; (or listen 443 ;)
server_name shop-local.website.com ;
location / {
... some code
proxy_pass http://shoplocalwebsiteIP:port;
}
}
server {
listen 80 ; (or listen 443 ;)
server_name socket-local.website.com ;
location / {
... some code
proxy_pass http://socketlocalwebsiteIP:port;
}
}
You could encapsulate the server name inside the desired block and then set the correct proxy_pass to backend.
So I'm trying to setup 5 websites, all on the same domain just with diffrent subdomain, etc www. and cdn.
but www. works fine as it should
tho cdn. does not, It got the same files I just copyed them over, all permissions are the same for the folders.
I have each sub domain in their own files etc wwwmydomaincom and cdnmydomaincom and the config is the same, only diffrence is server_name. the file that works got www.mydomain.com the rest got somesubdomain.mydomain.com and they throw 404.
I use Nginx on ubuntu server 16.04.1.
Added
location / {
try_files $uri.html;
}
and the sub domains displays the html pages fine (now their config isent like the one that works)
But.. every asset, css, js, images or other things get 404 so it's a pure html page.
The config under is the exact same config as www.mydomain.com but changed to fit cdn.mydomain.com
server {
listen 80;
server_name cdn.domain.com;
location /.well-known/acme-challenge {
default_type "text/plain";
root /storage/webserver/certbot;
}
#Forces all other requests to HTTPS
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
server_name cdn.domain.com;
ssl_certificate /etc/letsencrypt/live/cdn.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cdn.domain.com/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA512:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:ECDH+AESGCM:ECDH+AES256:DH+AESGCM:DH+AES256:RSA+AESGCM:!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
ssl_session_cache shared:TLS:2m;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8;
# Set HSTS to 365 days
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';
root /storage/webserver/cdn.domain.com;
index index.html index.php;
location #rewrite {
rewrite ^ $uri.php last;
try_files $uri =404;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+?\.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
include fastcgi.conf;
try_files $uri =404;
}
rewrite ^(/.*)\.html(\?.*)?$ $1$2 permanent;
#rewrite ^/(.*)/$ /$1 permanent;
error_page 404 /404.php;
error_page 500 503 502 504 /error/40x.php;
location =/error/40x.html {
internal;
}
}
Ahem, this is why I want to learn this kind of stuff.
You obviosly need to make it look for the files.
so if anyone enters this litte situation, Don't forget to make it look in the root folder.
location / {
try_files $uri $uri/ $uri.html #rewrite;
}
So, I want to secure only the login and admin part of my website. The problem is that the admin uses some common static files that are used on the general site as well. This means that when I am in the admin those files should be served over https while when I am on the general site they should be served as http.
How can I configure nginx to behave this way?
The configuration I use so far is bellow:
server {
listen 80;
server_name site.com www.site.com;
root /home/site_folder/web;
index index.php;
location ~ /(get-involved|contribute|api) {
return 301 https://$server_name$request_uri;
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param HTTPS on;
fastcgi_param SCRIPT_FILENAME /home/site_folder/web/index.php;
}
location / {
root /home/site_folder/web;
if (-f $request_filename) {
expires max;
break;
}
try_files $uri $uri/index.php;
rewrite ^(.*) /index.php last;
}
}
server {
listen 443 ssl;
ssl_certificate path_to_ssl.crt;
ssl_certificate_key path_to_key.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
server_name site.com www.site.com;
root /home/site_folder/web;
index index.php;
location ~ /(get-involved|contribute|api) {
root /home/site_folder/web;
if (-f $request_filename) {
expires max;
break;
}
try_files $uri $uri/index.php;
rewrite ^(.*) /index.php last;
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param HTTPS on;
fastcgi_param SCRIPT_FILENAME /home/site_folder/web/index.php;
}
location / {
return 301 http://$server_name$request_uri;
}
}
I have to configure multi https website with a dedicated certificate for each website. It works fine like that.
server {
listen 443;
server_name client1.localhost.eu;
ssl on;
ssl_certificate ...;
ssl_certificate_key ...;
root /var/www/client1;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm-client1.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}
server {
listen 443;
server_name client2.localhost.eu;
ssl on;
ssl_certificate ...;
ssl_certificate_key ...;
root /var/www/client2;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm-client2.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}
Now, I would like to factorize the "location" block, because it is always the same. Is it possible ?
(I have also tried to have only on server block, but it's not possible to put a variable in the ssl attribute)
Thanks a lot for your help.
Eric
Use include directive for such factorization:
include
Create file in the nginx config folder like
/etc/nginx/conf.d/location_php.cnf (not .conf to avoid auto-loading by nginx)
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm-client2.sock;
fastcgi_index index.php;
include fastcgi_params;
}
and then include it into server blocks:
server {
listen 443;
server_name client1.localhost.eu;
ssl on;
ssl_certificate ...;
ssl_certificate_key ...;
root /var/www/client1;
include /etc/nginx/conf.d/location_php.cnf;
# OR use relative path to nginx config root:
# include conf.d/location_php.cnf;
}