I am using set in my nginx virtual hosts to set the domain once so I can just re-use it all over the file since I name my directories exactly like the domains.
The issue is that nginx seems to completly ignore the variables I set and it just uses the variable itself instead of the value. So www.$appDomain results in www.$appDomain instead of www.domain.com.
Any idea how to fix this?
Virtual Host /etc/nginx/sites-available/domain.com
server {
set $appDomain "domain.com";
root /var/www/html/$appDomain;
server_name $appDomain www.$appDomain;
ssl_certificate /etc/letsencrypt/live/$appDomain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$appDomain/privkey.pem;
}
Error with sudo nginx -t
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/$appDomain/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/$appDomain/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
Related
I'll try to be short as it can get bloated.
I set up an ubuntu server 20.04 VM on an Oracle vbox.
I installed nginx, php7.4, Xdebug 3.
I configured everything properly for remote debugging and sftp ( I use PHPstorm), I forwarded the ports and customized my local hosts file.Everything works except...
when loading HTTP://127.0.0.2 it loads the default nginx landing page.My index.php file is uploaded in the root /var/www/my_domain folder through sftp. I created the server block for my_domain.
Still won't work. I am new to this so I am missing something.
If you need more info please request.
Any help appreciated!
Vhost config ( server block in nginx) - php-projects being my current domain and containing index.php:
server {
listen 80;
listen [::]:80 ipv6only=on;
root /var/www/php-projects;
server_name php-projects www.php-projects;
location / {
try_files $uri $uri/ =404;
}
error_log /var/log/nginx/debug.log debug;
}
Network settings from Vbox:
PS. I have tried :
How to set index.html as root file in Nginx?
and
Rewrite rule for the root file in nginx?
with no success.
"I configured everything properly for remote debugging and sftp"
Please post your xdebug configuration.
"when loading HTTP://127.0.0.2"
From where ? Host machine or VM?
"My index.php file is uploaded in the root /var/www/my_domain folder
through sftp."
Please post your nginx vhost configuration
"I created the server block for my_domain"
Where? Post the path to the file where you have done this
Please excuse lengthy write up - I would really appreciate any help in following regard.
I am trying to setup multi tenant subdomain + custom domain with SSL using LetsEncrypt:
(some will use subdomain some will use custom domain)
https://customer1.myapp.com
https://customer2.myapp.com
https://customer1.com (customer sets up A/CNAME recoreds at his DNS provider)
I am on EC2 instance using Ubuntu OS with username 'ubuntu'.
I learned from following tutorials:
https://sandeep.dev/how-we-generate-and-renew-ssl-certs-for-arbitrary-custom-domains-using-letsencrypt-cjtk0utui000c1cs1f7y9ua5n
https://www.digitalocean.com/community/tutorials/how-to-use-the-openresty-web-framework-for-nginx-on-ubuntu-16-04
https://sandro-keil.de/blog/openresty-nginx-with-auto-generated-ssl-certificate-from-lets-encrypt/
I have successfully done following:
Installed build-essential on server
Install OpenResty (Comes with its own Nginx & OpenSSL)
Install LuaRocks
Install lua-resty-auto-ssl
Created directory for resty auto ssl
sudo mkdir /etc/resty-auto-ssl
sudo chown -R ubuntu /etc/resty-auto-ssl
sudo chown -R www-data /etc/resty-auto-ssl
chmod -R 777 /etc/resty-auto-ssl/
Created Fallback Self-signed Certificate which expires in 3600 days
This is my starter conf file (/usr/local/openresty/nginx/conf/nginx.conf)
(I would refine it further to suite my redirect & security needs)
#user nginx;
error_log /usr/local/openresty/nginx/logs/error.log warn;
events {
worker_connections 1024;
}
http {
lua_shared_dict auto_ssl 1m;
lua_shared_dict auto_ssl_settings 64k;
init_by_lua_block {
auto_ssl = (require "resty.auto-ssl").new()
auto_ssl:set("allow_domain", function(domain)
return true
end)
auto_ssl:set("dir", "/etc/resty-auto-ssl")
auto_ssl:init()
}
init_worker_by_lua_block {
auto_ssl:init_worker()
}
# access_log /usr/local/openresty/nginx/logs/access.log main;
server {
listen 443 ssl;
ssl_certificate_by_lua_block {
auto_ssl:ssl_certificate()
}
ssl_certificate /etc/ssl/resty-auto-ssl-fallback.crt;
ssl_certificate_key /etc/ssl/resty-auto-ssl-fallback.key;
root /var/www/myapp.com/public;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# location ~ \.php$ {
# include snippets/fastcgi-php.conf;
# fastcgi_pass unix:/run/php/php7.4-fpm.sock;
# fastcgi_read_timeout 600;
# }
location ~ /\.ht {
deny all;
}
}
server {
listen 80;
server_name *.myapp.com myapp.com;
location /.well-known/acme-challenge/ {
content_by_lua_block {
auto_ssl:challenge_server()
}
}
location / {
return 301 https://myapp.com$request_uri;
}
}
server {
listen 8999;
location / {
content_by_lua_block {
auto_ssl:hook_server()
}
}
}
}
I am facing multiple issues like:
Cant mention user in nginx config - still works without it also
Trying to mention user in 1st line of config files gives me error.
So i commented it out and tried to caryy on anyways
Dehydrated Failure but certificate is created
keep getting following error in my log:
lets_encrypt.lua:40: issue_cert(): auto-ssl: dehydrated failed: env HOOK_SECRET=XXXX HOOK_SERVER_PORT=8999 /usr/local/openresty/luajit/bin/resty-auto-ssl/dehydrated --cron --accept-terms --no-lock --domain myapp.com --challenge http-01 --config /etc/resty-auto-ssl/letsencrypt/config --hook /usr/local/openresty/luajit/bin/resty-auto-ssl/letsencrypt_hooks status: 256 out: # INFO: Using main config file /etc/resty-auto-ssl/letsencrypt/config
But it still goes on & does create a certificate after which it gives random number generator error.
Sometimes, if I delete everything inside /etc/resty-auto-ssl - it dosent give me such errors.
Can't find OpenSSL random number generator
I keep getting following error in my log:
Can't load ./.rnd into RNG
random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:98:Filename=./.rnd
curl: (22) The requested URL returned error: 500 Internal Server Error
PHP-FPM on nginx provided with OpenResty
I have properly installed php-fpm and have tested it when using nginx standalone.
But, now that I am using nginx provided with openresty, it dosent seem to work
Error (Shown when tested config using: nginx -t command):
"/usr/local/openresty/nginx/conf/snippets/fastcgi-php.conf" failed (2: No such file or directory)
Failed to create certificate
Sometimes this error is followed by error in above point number 2:
auto-ssl: could not get certificate for myapp.com - using fallback - failed to get or issue certificate, context: ssl_certificate_by_lua*, client: 123.201.226.209, server: 0.0.0.0:443
set_response_cert(): auto-ssl: failed to set ocsp stapling for xxxx.myapp.com - continuing anyway - failed to get ocsp response: OCSP responder query failed (http://ocsp.int-x3.letsencrypt.org): no resolver defined to resolve "ocsp.int-x3.letsencrypt.org", context: ssl_certificate_by_lua*, client: 123.201.226.209, server: 0.0.0.0:443
connect() to unix:/run/php/php7.4-fpm.sock failed (13: Permission denied) while connecting to upstream, client: 123.201.226.209, server: , request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/run/php/php7.4-fpm.sock:", host: "xxxx.myapp.com"
When trying to access customer1.com whoes A record points to myapp.com server IP
"Error creating new order :: Cannot issue for \"X.X.X.X\": The ACME server can not issue a certificate for an IP address"
ssl_certificate.lua:281: auto-ssl: could not determine domain for request (SNI not supported?) - using fallback - , context: ssl_certificate_by_lua*, client: 45.148.10.72, server: 0.0.0.0:443
... where x.x.x.x is A recored for customer1.com whch was opened from browser
I have following confusions:
Should I get one proper (paid) wildcard positive ssl certificate for myapp.com ? (And use it as fallback)
This covers all my subdomain and I won't have to deal with limits on subdomain by letsencrypt.
This way I only have to use lets encrypt for custom domains like customer1.com
I am not sure if my users & permission are properly set up - any pointers would help
I would wish my final nginx config to fulfill following needs
Redirect http://myapp.com & http://www.myapp.com to -> https://myapp.com
Redirect https://www.myapp.com to -> https://myapp.com
Redirect http://customer1.com & http://www.customer1.com to -> https://customer1.com
And then on my acutal ssl server block - write all logic for auto ssl generation
It is somewhat hard to answer all these question, so I'll attempt to answer part of 5 & 6. I have setup open resty myself in a prod environment, see link.
I ran into this OCSP stapling issue. I found that it was resolved by adding this to my NGINX config:
# A DNS resolver must be defined for OSCP stapling to function.
resolver 172.20.0.10 ipv6=off;
Regarding question 6, I would suggest that customer1.com should be a CNAME to myapp.com.
I would also recommend using as a base the openresty docker image, or at least a reverse engineered version of the docker image into an EC2 instance. Here is my dockerfile:
FROM openresty/openresty:latest-xenial
RUN /usr/local/openresty/luajit/bin/luarocks install lua-resty-auto-ssl
RUN /usr/local/openresty/luajit/bin/luarocks install lua-resty-http
RUN apt-get update
RUN apt-get install -y dnsutils
RUN openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -subj '/CN=sni-support-required-for-valid-ssl' -keyout /etc/ssl/resty-auto-ssl-fallback.key -out /etc/ssl/resty-auto-ssl-fallback.crt
ADD nginx.conf /usr/local/openresty/nginx/conf/nginx.conf
Hopefully this is helpful.
I'm experiencing 502 gateway errors when accessing my site on 127.0.0.1:8000
Working with Vagrant and ubuntu with nginx, trying to install Magento 2.0. After a lot of bugfixxing I still have this 502 error.
Config:
Ubuntu 14.04 (ubuntu/trusty64 box)
Php 5.6.18 from ppa
Nginx 1.8.1
Error log:
connect() failed (111: Connection refused) while connecting to upstream, client: 10.0.2.2, server: localhost, request: "GET /favicon.ico HTTP/1.1", upstream: "fastcgi://127.0.0.1:7777", host: "127.0.0.1:8000", referrer: "http://127.0.0.1:8000/"
VagrantFile config: http://pastebin.com/rMSTmwJn
my /etc/php5/pool.d/vagrant.conf (and www.conf) file: http://pastebin.com/hHnFrf55
my /etc/nginx/sites-available/default file: http://pastebin.com/0mwR7CxY
which includes this magento nginx config file: https://github.com/magento/magento2/blob/develop/nginx.conf.sample (no edits)
Also have I edited the user and group in www.conf to 'vagrant'
I'm really stuck on this one. Hope you guys can help! If you need more information, please let me know.
I think the problem is occur in your nginx config. It only serves your localhost, but you are trying to access from physical, or another virtual machine. Try to add public domain name.
also add 10.0.2.2 public.domain to client's /etc/hosts file. And change below config's related line as server_name localhost public.domain;
server {
listen 80;
server_name localhost public.domain;
set $MAGE_ROOT /var/www/magento2;
set $MAGE_MODE developer;
include /vagrant/magento2/nginx.conf.sample;
}
After some more struggling I found out with php5-fpm -t and nginx -t I had an error in my /etc/php5/pool.d/vagrant.conf file rule 1 (:1). I change vagrant to [vagrant].
Next I got the following error from php5-fpm -t: Both www.conf and vagrant.conf serve on port :7777. Makes sense, so I changed www.conf to listen :9000 and everything is working! Thanks for the effort.
These answers got me close, but weren't my exact problem.
For those interested I'm using Windows 10 with Vagrant - 1.9.3 (laravel/homestead) box.
I was using this in my nginx config:
fastcgi_pass 127.0.0.1:9000;
I recently changed it to this:
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
I just create a server recently, and use Nginx as my web server.
I did : service nginx force-reload
Reloading nginx configuration nginx [ OK ]
Then I do service nginx status
nginx is running
Knowing that my site is running, but when I go to it. I see No input file specified. Wired ???
Here is what I have in my /etc/nginx/sites-available/default
server {
listen 80 default_server;
server_name default;
root /default/public;
Can someone please help me fix this ?
I fix this problem by assign my document root to the correct path :
root /home/forge/default/public;
If you see No input file specified., make sure you set your root to the correct path.
I'm not so good with nginx but i try to make somthing with that and fresh installed gitlab.
So i intall on digitalocean Gitlab. One click installer (ubuntu 13.10). But now i try to install php and phpmyadmin and after that i want to make somthing ridiculous. I want move main repository map from /home/gitlab/gitlab-satellites to main root of my dev (same server).
So gitlab need to be on my_domain.com/gitlab, and main dev server location will be my_domain.com.
Is this possible or?
you can find the nginx conf files in the gitlab installation: gitlab/nginx/etc
which will be '/var/opt/gitlab/nginx/etc' in the default install
you can then edit the .conf files as necessary
Example on the 'gitlab-http.conf' file you will find:
server {
listen *:80;
server_name git.your-domain-name.com;
you will have to create similar virtual hosts on NGINX for
server {
listen *:80;
server_name your-domain-name.com;
OR
server {
listen *:80;
server_name *.your-domain-name.com;