Nginx subdomain configuration - nginx

I have nginx acting as a reverse proxy to apache. I now need to add a new subdomain
that will serve files from another directory, but at the same time I want all location and proxy_pass directives that I have for the default host to apply to the subdomain also.
I know that if I copy the rules from the default host to the new subdomain it will work, but is there a way for the subdomain to inherit the rules?
Below is a sample configuration
server {
listen 80;
server_name www.somesite.com;
access_log logs/access.log;
error_log logs/error.log error;
location /mvc {
proxy_pass http://localhost:8080/mvc;
}
location /assets {
alias /var/www/html/assets;
expires max;
}
... a lot more locations
}
server {
listen 80;
server_name subdomain.somesite.com;
location / {
root /var/www/some_dir;
index index.html index.htm;
}
}
Thanks

You could move the common parts to another configuration file and include from both server contexts. This should work:
server {
listen 80;
server_name server1.example;
...
include /etc/nginx/include.d/your-common-stuff.conf;
}
server {
listen 80;
server_name another-one.example;
...
include /etc/nginx/include.d/your-common-stuff.conf;
}
Edit: Here's an example that's actually copied from my running server. I configure my basic server settings in /etc/nginx/sites-enabled (normal stuff for nginx on Ubuntu/Debian). For example, my main server bunkus.org's configuration file is /etc/nginx/sites-enabled and it looks like this:
server {
listen 80 default_server;
listen [2a01:4f8:120:3105::101:1]:80 default_server;
include /etc/nginx/include.d/all-common;
include /etc/nginx/include.d/bunkus.org-common;
include /etc/nginx/include.d/bunkus.org-80;
}
server {
listen 443 default_server;
listen [2a01:4f8:120:3105::101:1]:443 default_server;
include /etc/nginx/include.d/all-common;
include /etc/nginx/include.d/ssl-common;
include /etc/nginx/include.d/bunkus.org-common;
include /etc/nginx/include.d/bunkus.org-443;
}
As an example here's the /etc/nginx/include.d/all-common file that's included from both server contexts:
index index.html index.htm index.php .dirindex.php;
try_files $uri $uri/ =404;
location ~ /\.ht {
deny all;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location ~ /(README|ChangeLog)$ {
types { }
default_type text/plain;
}

Related

Is server tag additive?

As this block would work perfectly for health check:
server {
listen 80 default_server;
location /health-check {
access_log off;
return 200;
add_header Content-Type text/plain;
}
}
I am not sure if this would cause any issues on other server blocks that uses the same port, like for example:
server {
listen 80 my-domain.com;
...
...
}
would the above server block still working? or that server tag is not additive?
**you not user duplicate server name or ip/
diffent serve block same port can not run
you give server name in config block
**
server {
listen 80;
listen [::]:80;
root /var/www/example.com/html;
index index.html index.htm index.nginx-debian.html;
server_name example.com www.example.com;
location / {
try_files $uri $uri/ =404;
}
}
you can genrate your nginx config using this tools https://www.digitalocean.com/community/tools/nginx

nginx redirection to index page

I am struggling to implement an automatic nginx redirect from non index pages to my index page, with the exception of /admin
For instance, example.com/test should redirect to example.com, but example.com/admin should not redirect to example.com
This is my current nginx configuration file:
upstream app_server {
server unix:/tmp/mysite.sock;
}
proxy_cache_path /var/www/example.com/cache levels=1:2 keys_zone=my_cache:10m max_size=10g inactive=60m use_temp_path=off;
server {
listen 80;
server_name www.example.com example.com;
# redirects both www and non-www to https
return 301 https://www.example.com$request_uri;
}
server {
listen 443;
server_name example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name www.example.com;
ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;
charset utf-8;
client_max_body_size 75M;
location /media {
alias /var/www/example.com/media;
}
location /static {
alias /var/www/example.com/static;
}
location / {
proxy_cache my_cache;
include proxy_params;
proxy_pass http://app_server;
proxy_ssl_server_name on;
}
}
I have tried adding a try_files statetement within my location / block, and other things, but none seem to work. Am I missing something?
You are trying to mix proxy_pass with try_files, it won't work within the same location block. You can use named location instead and rewrite any URI that doesn't start with /admin to a root one using negative regex assertion:
location / {
try_files $uri #app;
}
location #app {
rewrite ^(?!/admin) / break;
proxy_cache my_cache;
include proxy_params;
proxy_pass http://app_server;
}
You don't need the separate location /media { ... } or location /static { ... } blocks, because as nginx documentation states:
When location matches the last part of the directive’s value:
location /images/ {
alias /data/w3/images/;
}
it is better to use the root directive instead:
location /images/ {
root /data/w3;
}
Instead you just need to define the common server root (outside of any location blocks):
root /var/www/example.com;
You are also don't need to use the proxy_ssl_server_name directive since you are not proxying your request to the upstream with HTTPS protocol.

Shiny server and nginx subdomain

I have configured shiny server ok and I cannot redirect localhost:3838 to shiny.mywebsite.com
I followed this Redirect subdomain to port [nginx/flask] and RStudio guides but no success.
I tried
server {
listen 80;
server_name shiny.mywebsite.com;
location / {
proxy_pass http://localhost:3838;
}
}
and
server {
listen 80;
server_name shiny.mywebsite.com;
root /shiny;
access_log /var/log/nginx/shiny.access.log;
error_log /var/log/nginx/shiny.error.log;
location / {
index index.html;
autoindex on;
}
}
to be put in /etc/nginx/sites-enabled/shiny.conf and just can access localhost:3838 but no shiny.mywebsite.com
You should declare port 80 in nginx configuration file and not the shiny-server.conf I was confused at the start too.
My shiny-server.conf
# Instruct Shiny Server to run applications as the user "shiny"
run_as shiny;
server {
listen 3838;
location / {
site_dir /home/shiny/ShinyApps;
log_dir /home/shiny/logs;
directory_index on;
}
}
My server within sites-enabled/default.
Note that your website will be under /var/www/shiny.mywebsite.com directory. Then your shiny apps will be accessible via shiny.mywebsite.com/shiny/YourAppsas we set up a proxy pass below.
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/shiny.mywebsite.com;
# Add index.php to the list if you are using PHP
index index.html;
server_name asemenov.com;
location /shiny/ {
proxy_pass http://127.0.0.1:3838/;
}
location / {
try_files $uri $uri/ =404;
}
}

nginx root directive causing 404

I ham trying to make http://example.com serve http://example.com/home.html from /home/ubuntu/mysitedir/home.html.
I have the following conf file which successfully redirects everything to https, and proxies to uwsgi. The http->https redirection works fine, and the uwsgi proxy works, but http(s)://example.com/, http(s)://example.com/home.html, http(s)://example.com/index.html, and http(s)://example.com/index.htm are all 404
Any pointers as to what I can try?
Here is my conf file:
server {
listen 80;
server_name example.com;
return 301 https://$server_name$request_uri;
root /home/ubuntu/mysitedir/;
index home.html;
}
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/nginx/ssl/example_combined.crt;
ssl_certificate_key /etc/nginx/ssl/www.example.com.key;
root /home/ubuntu/mysitedir/;
index home.html;
location /images/ads {
alias /home/ubuntu/mysitedir/images/ads/;
}
location /images {
alias /home/ubuntu/mysitedir/images/;
}
location /static {
alias /home/ubuntu/mysitedir/static/;
}
location / {
alias /home/ubuntu/mysitedir/;
include uwsgi_params;
uwsgi_pass unix:/tmp/mysitedir.sock;
}
}
Thanks.
location / is the catch-all. You could try the try_files directive like this:
location #wsgisite {
include uwsgi_params;
uwsgi_pass unix:/tmp/mysitedir.sock;
}
location / {
index home.html;
try_files $uri $uri/ #wsgisite;
}
Any thing coming into the base location will first check to see if it is a file, or a directory with an index (home.html) file in it, and if not, then pass it on to the #wsgisite.
This should also make the other three location directives obselete, since nginx will be checking for the files first before passing it to the wsgi block.

NGINX Rewrite single HTTPS URL to HTTP

On my NGINX server, I have all non-SSL traffic redirected to my SSL site.
Now, I want to have a single URL excluded from this, specifically:
https://pyronexus.com/forum/pages.php and everything appended to pages.php, such as pages.php?page=blahblah redirected to http://pyronexus.com/forum/pages.php, etc.
My config file looks like this so far, but I've not had any luck in getting my rewrite for this single url to work.
server {
server_name
www.pyronexus.com
;
listen 80 default;
listen 443 ssl;
ssl_certificate ssl/pyronexus.com.crt;
ssl_certificate_key ssl/pyronexus.com.key;
return 301 https://pyronexus.com$request_uri;
}
server {
server_name
pyronexus.com
;
listen 80;
listen 443 default ssl;
ssl_certificate ssl/pyronexus.com.crt;
ssl_certificate_key ssl/pyronexus.com.key;
root /home/nginx/pyronexus.com/public;
index index.html index.php;
access_log /home/nginx/pyronexus.com/logs/access.log;
error_log /home/nginx/pyronexus.com/logs/error.log;
include php.conf;
include mime.types;
location /forum/ {
#include pyronexus-naxsi.rules;
rewrite ^/forum/forum-([0-9]+)\.html$ /forum/forumdisplay.php?fid=$1;
rewrite ^/forum/forum-([0-9]+)-page-([0-9]+)\.html$ /forum/forumdisplay.php?fid=$1&page=$2;
rewrite ^/forum/thread-([0-9]+)\.html$ /forum/showthread.php?tid=$1;
rewrite ^/forum/thread-([0-9]+)-page-([0-9]+)\.html$ /forum/showthread.php?tid=$1&page=$2;
rewrite ^/forum/thread-([0-9]+)-lastpost\.html$ /forum/showthread.php?tid=$1&action=lastpost;
rewrite ^/forum/thread-([0-9]+)-nextnewest\.html$ /forum/showthread.php?tid=$1&action=nextnewest;
rewrite ^/forum/thread-([0-9]+)-nextoldest\.html$ /forum/showthread.php?tid=$1&action=nextoldest;
rewrite ^/forum/thread-([0-9]+)-newpost\.html$ /forum/showthread.php?tid=$1&action=newpost;
rewrite ^/forum/thread-([0-9]+)-post-([0-9]+)\.html$ /forum/showthread.php?tid=$1&pid=$2;
rewrite ^/forum/post-([0-9]+)\.html$ /forum/showthread.php?pid=$1;
rewrite ^/forum/announcement-([0-9]+)\.html$ /forum/announcements.php?aid=$1;
rewrite ^/forum/user-([0-9]+)\.html$ /forum/member.php?action=profile&uid=$1;
rewrite ^/forum/calendar-([0-9]+)\.html$ /forum/calendar.php?calendar=$1;
rewrite ^/forum/calendar-([0-9]+)-year-([0-9]+)\.html$ /forum/calendar.php?action=yearview&calendar=$1&year=$2;
rewrite ^/forum/calendar-([0-9]+)-year-([0-9]+)-month-([0-9]+)\.html$ /forum/calendar.php?calendar=$1&year=$2&month=$3;
rewrite ^/forum/calendar-([0-9]+)-year-([0-9]+)-month-([0-9]+)-day-([0-9]+)\.html$ /forum/calendar.php?action=dayview&calendar=$1&year=$2&month=$3&day=$4;
rewrite ^/forum/calendar-([0-9]+)-week-(n?[0-9]+)\.html$ /forum/calendar.php?action=weekview&calendar=$1&week=$2;
rewrite ^/forum/event-([0-9]+)\.html$ /forum/calendar.php?action=event&eid=$1;
rewrite ^/forum/archive/index\.php/forum-([0-9]+)\.html$ /forum/archive/index.php?forum-$1.html;
rewrite ^/forum/archive/index\.php/thread-([0-9]+)\.html$ /forum/archive/index.php?thread-$1.html;
}
location ~ /forum/(inc) {
deny all;
}
}
The rewrite rule I have tried is this, but I'm still getting to grips on how these rules work:
rewrite ^https://pyronexus.com/forum/pages\.php(.*)$ http://pyronexus.com/forum/pages.php$1;
Open up the configuration for your site, mine is /etc/nginx/sites-enabled/pyronexus.com.
Add the following server directive, adjusting the variables as needed:
server {
server_name
www.your-site.com
;
listen 80;
listen 443 ssl;
ssl_certificate ssl/your-certificate.crt;
ssl_certificate_key ssl/your-certificate.key;
return 301 https://your-site.com$request_uri;
}
This directive will force any www connections, be it through SSL or non-SSL, to non-www.
Add another directive. Although in this directive you can add any exclusions of pages you don’t want to be SSL-enabled. Add them before the location ~ / {} directive (I’ve included an example in there, which excludes http://your-site.com/forum/pages.php from HTTPS connections):
server {
server_name
your-site.com
;
listen 80 default;
root /your/site/root;
access_log /your/logs/location/access.log;
error_log /your/logs/location/error.log;
include global.conf;
# This excludes forum/pages.php from being forced through HTTPS
location ~ ^/forum/pages\.php$ {
include php.conf;
}
# This will force any http:// connections through https://
location ~ / {
return 301 https://your-site.com$request_uri;
}
}
Add a third, and final directive. This one is the directive that handles all SSL connections. You’ll need to put any exclusions you put above in here as well, and redirect people to a http connection:
server {
server_name
your-site.com
;
listen 443 default ssl;
ssl_certificate ssl/your-site.crt;
ssl_certificate_key ssl/your-site.key;
root /your/site/root;
access_log /your/logs/location/access.log;
error_log /your/logs/location/error.log;
include global.conf;
# This will force forum/pages.php through http://
location ~ ^/forum/pages\.php$ {
return 301 http://your-site.com$request_uri;
}
include php.conf;
}
That’s it! Test your configuration out!
If you’re wondering what’s in my global.conf and php.conf, then here they are:
global.conf:
# Tries to access the file directly before handing over to index.php
location / {
try_files $uri $uri/ /index.php?$args;
}
# Exclude common static file formats from logging and cache as long as possible
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|txt)$ {
access_log off;
log_not_found off;
expires max;
}
# Deny access to files that start with a dot, such as .htaccess
location ~ /\. {
deny all;
}
# Deny access to php files in folders named uploads and files (this is to prevent people uploading php files and executing them)
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
php.conf:
# Pass all php files to php5-fpm
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
}
Source: https://pyronexus.com/blog/2015/01/11/nginx-remove-www-and-force-ssl-connections/

Resources