My plan was to do a simple Nginx setup with redirections for URLs without the subdomain "www" and without port 443. The problem is that I get the following warning as output:
nginx: [warn] conflicting server name "domain.de" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "domain.de" on 0.0.0.0:80, ignored
I don't really get why there is a conflicting server name if the domains are on separate ports. Is there a workaround of do I miss something?
server {
server_name www.domain.de;
root /var/www/folder/;
index index.php;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.de/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
if ($host = www.domain.de) {
return 301 https://www.domain.de$request_uri;
}
if ($host = domain.de) {
return 301 https://www.domain.de$request_uri;
}
listen 80;
server_name www.domain.de domain.de;
return 404;
}
server {
if ($host = domain.de.de) {
return 301 https://www.domain.de$request_uri;
}
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/domain.de.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.de.de/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
server_name domain.de;
return 404;
}
Best regards
For some reason certbot created a redirect in the default config. Never had this issue before. After I removed the duplicated code it worked.
Related
I am trying to configure a simple wordpress site in nginx on Ubuntu. I'm no linux expert, but I usually manage between following tutorials online and tweaking a few bits myself. I've also had this very site running on a previous server with nginx, which I configured myself. I've migrated to a new server but I'm setting things up slightly differently this time round, so starting from scratch.
I've got nginx, php, and mysql installed and configured. I know php is working as I have checked it with domain.com/php.info. However, when I try to access domain.com or domain.com/index.php I get 403 forbidden. If I point the server block to index.html, that is served correctly.
I have set folder permissions to 755 and files to 644, and the owner to www-data.
If I rename index.php to index2.php, I can access the page at domain.com/index2.php but if I then point the server block to index2.php, I still get error 403.
I thought my server block config must be wrong, so I used the generator at digitalocean but the result is the same. I've tried almost every suggestion I can find on google and nothing has worked. Config below, can anyone help? Thanks!
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.example.com;
set $base /var/www/example.com;
root $base/;
# SSL
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# security
include nginxconfig.io/security.conf;
# logging
access_log /var/log/nginx/example.com.access.log;
error_log /var/log/nginx/example.com.error.log warn;
# index.php
index index.php;
# index.php fallback
location / {
try_files $uri $uri/ /index.php?$query_string;
#also tried the alternatives below
#try_files $uri /index.php;
#try_files $uri /index.php?$args;
}
# additional config
include nginxconfig.io/general.conf;
include nginxconfig.io/example.com.wordpress.conf;
# handle .php
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
include nginxconfig.io/php_fastcgi.conf;
}
}
# non-www, subdomains redirect
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name .example.com;
# SSL
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
return 301 https://www.example.com$request_uri;
}
# HTTP redirect
server {
listen 80;
listen [::]:80;
server_name .example.com;
return 301 https://www.example.com$request_uri;
}
I have a WordPress server inside a docker container. WordPress is running with a nginx server inside. When I go through the initial installation phase, css (and other files) worked perfectly. But the when I load the main site, those resources redirected to HTTP://example.com/blogs/... instead of HTTPS.
Here are the URLs from the inspect:
https://example.com/blogs/
http://example.com/blogs/wp-includes/js/wp-emoji-release.min.js?ver=5.1.1
Here are my Nginx configuration from example.com:
location /blogs/ {
proxy_pass HTTP://localhost:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 1800s;
}
I have updated the wp-config.php file with the following information
define('WP_HOME','https://example.com/blogs/');
define('WP_SITEURL','https://example.com/blogs/');
$_SERVER['REQUEST_URI'] = '/blogs' . $_SERVER['REQUEST_URI'];
Please let me know if u need any more information.
--- update #1 ---
Nginx Server block
server {
root /var/www/html;
index index.php index.html index.htm;
server_name example.com; # managed by Certbot
location /blogs/ {
proxy_pass HTTP://localhost:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 1800s;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # :managed by Certbot
if ($scheme != https) {
return 301 https://$host$request_uri;
}
}
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name example.com;
return 404; # managed by Certbot
}
Check in the wp_options table if siteurl and home are also set with https.
assuming you have a server block for your domain, make sure you have these lines in your server block to redirect all non-https request to https:
server {
listen 80;
listen 443 ssl http2;
server_name example.com www.example.com;
the rest of your code
if ($scheme != https) {
return 301 https://example.com$request_uri;
the rest of your code
}
I am using Nginx for a couple of websites. First time user of it and not that happy (Apache will not work in my case). I am trying to use PHP for a new project that requires it. I have PHP 7.3 FPM. To test, phpinfo(); does work however when adding this project (openCAD), index.php seems to be blank.
I tried putting on MyBB to see if that executes and it simply does not, just a blank page.
Here is my nginx config
server {
root /var/www/mywebsite.com/;
index index.php index.html index.htm index.nginx-debian.html;
server_name mywebsite.com www.mywebsite.com;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mywebsite.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mywebsite.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}server {
if ($host = www.mywebsite.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = mywebsite.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name mywebsite.com www.mywebsite.com;
return 404; # managed by Certbot
}
server {
if ($host = www.appeal.mywebsite.com) {
return 301 https://mywebsite.com/appeal;
} # managed by Certbot
if ($host = appeal.mywebsite.com) {
return 301 https://mywebsite.com/appeal;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name www.appeal.mywebsite.com appeal.mywebsite.com;
return 404; # managed by Certbot
}
server {
if ($host = www.cad.mywebsite.com) {
return 301 https://mywebsite.com/cad;
} # managed by Certbot
if ($host = cad.mywebsite.com) {
return 301 https://mywebsite.com/cad;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name www.cad.mywebsite.com cad.mywebsite.com;
return 404; # managed by Certbot
}
Here is the error log for trying to access MyBB
2019/08/20 15:48:11 [error] 23516#23516: *71 FastCGI sent in stderr: "PHP message: PHP Warning: require_once(/var/www/mywebsite.com/php/inc/init.php): failed to open stream: No such file or directory in /var/www/mywebsite.com/php/global.php on line 20PHP message: PHP Fatal error: require_once(): Failed opening required '/var/www/mywebsite.com/php/inc/init.php' (include_path='.:/usr/share/php') in /var/www/mywebsite.com/php/global.php on line 20" while reading response header from upstream, client: 70.44.50.53, server: mywebsite.com, request: "GET /php/index.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php7.3-fpm.sock:", host: "mywebsite.com"
Based on your error log, mybb is trying to find its files in /var/www/mywebsite.com/php/, but your root is set to /var/www/mywebsite.com/. So it looks like you didn't set it up properly. If you keep your root as is, you need to ensure that mybb's folders like inc, admin, etc. are subdirectories of /var/www/mywebsite.com/.
I have reloaded my server configuration to match the one provided on Laravel. When I do php --ini I can see my PHP version is 7.0 so I made the alterations to use 7.0.
My server config looks like this:
server {
server_name exoscape.co.uk;
root /var/www/html/exoscape/public;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/exoscape.co.uk/fullchain.pem; # manag$
ssl_certificate_key /etc/letsencrypt/live/exoscape.co.uk/privkey.pem; # man$
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = exoscape.co.uk) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name exoscape.co.uk;
return 404; # managed by Certbot
}
I have tried to ensure that the dir is chmod correctly by doing:
sudo chown -R www-data:www-data /var/www/html/exoscape/
sudo chmod -R 755 /var/www/html/exoscape/
But I still receive 502 Bad Gateway when I visit my domain. I am using nginx/1.15.12. Any help would be appreciated.
when i add another nginx-php site,this site was redirected to another php site,i didn't write the redirect in .conf file. what happend?
this is my new site : y2b.casvot.com
site above was redirected to this domain : www.casvot.com
//=======================my nginx config file=================
//
//You should look at the following URL's in order to grasp a solid understanding
//of Nginx configuration files in order to fully unleash the power of Nginx.
//http://wiki.nginx.org/Pitfalls
//http://wiki.nginx.org/QuickStart
//http://wiki.nginx.org/Configuration
//Generally, you will want to move this file somewhere, and start with a clean
//file but keep this around for reference. Or just disable in sites-enabled.
// Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
// Default server configuration
//================================================
server {
// SSL configuration
//
// listen 443 ssl default_server;
//listen [::]:443 ssl default_server;
// Note: You should disable gzip for SSL traffic.
// See: https://bugs.debian.org/773332
// Read up on ssl_ciphers to ensure a secure configuration.
//See: https://bugs.debian.org/765782
//Self signed certs generated by the ssl-cert package
//Don't use them in a production server!
//include snippets/snakeoil.conf;
root /home/casvot;
//Add index.php to the list if you are using PHP
// Index file path
index index.php index.html index.htm index.nginx-debian.html;
server_name casvot.com www.casvot.com;
location / {
//First attempt to serve request as file, then
// as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
//pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
root /home/casvot/;
include snippets/fastcgi-php.conf;
// With php7.0-fpm:
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
//SSL configuration
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.casvot.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.casvot.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
//Virtual Host configuration for example.com
//
// You can move that to a different file under sites-available/ and symlink that
//to sites-enabled/ to enable it.
server{
listen 80;
root /home/;
index index.php index.html index.htm ;
server_name y2b.casvot.com;
location / {
// First attempt to serve request as file, then
// as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location ~ \.php$ {
root /home;
include snippets/fastcgi-php.conf;
// With php7.0-fpm:
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
}
server {
if ($host = www.casvot.com) {
return 301 https://$host$request_uri;
} //managed by Certbot
if ($host = casvot.com) {
return 301 https://$host$request_uri;
} // managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name casvot.com www.casvot.com;
return 404; //# managed by Certbot
}
/home directory:
An issue doesn't stick out at me, but is it possible that your server and your ISP support IPv6? Maybe it's connecting via IPv6 and www.casvot.com is the only vhost listening. I don't see a listen [::]:80; for y2b.casvot.com, but I see it for the other.