I have this nginx config.. i want it to accept all domains that have the word competitions in it and end with .com.au.. I have tested with a domain name that should NOT be accepted but it reaches the application.. is the server_name being ignore because I'm using a proxy?
server {
listen 80 default_server;
server_name ~^(.+)competitions?(.+)\.com\.au;
access_log /var/log/nginx/$host.access.log;
error_log /var/log/nginx/error.log;
if ($host !~* ^www){
rewrite ^/(.*)$ https://www.$host/$1 permanent;
}
location / {
proxy_no_cache 1;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8888;
try_files $uri $uri/ #proxy;
}
location #proxy {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8888;
proxy_intercept_errors on;
recursive_error_pages on;
error_page 404 = #rewrite_proxy;
}
location #rewrite_proxy {
rewrite /(.*) /index.cfm?path=$1;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8888;
}
}
You'd have to remove the default_server from there, because this is a catch-all directive.And you still could setup another one server with the default_server directive, if required.
See How nginx processes a request for a more detailed explanation:
If its value does not match any server name, or the request does not contain this header field at all, then nginx will route the request to the default server for this port.
Related
I'm using nginx, let's encrypt and trying to redirect all from http and www to one route - https://example.com. Everything working except https://www.example.com. It doesn't redirect. What am i doing wrong? My code below.
server {
root /var/www/example.com;
index index.html index.php index.htm;
server_name example.com www.example.com;
location ~* ^(?!/phpmyadmin/).+\.(jpg|jpeg|gif|png|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|tar|wav|bmp|rtf|swf|ico|flv|txt|xml|docx|xlsx)$ {
access_log off;
expires 30d;
}
location ~ /\.ht {
deny all;
}
location / {
proxy_pass http://127.0.0.1:81/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $remote_addr;
proxy_set_header Host $host;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_redirect off;
proxy_set_header Connection close;
proxy_pass_header Content-Type;
proxy_pass_header Content-Disposition;
proxy_pass_header Content-Length;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://example.com$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name example.com www.example.com;
return 404; # managed by Certbot
}
I have 2 domains running on my server, NGINX just proxies them to node apps. I have a certificate for one, but for the other I'm just using cloudflare to provide HTTPS. I want to ensure that when users visit either domain, they always get redirected to the HTTPS version of the domain, without a www. This is my current configuration, uncommenting the block for the domain2 configuration file seems to break both sites :(
domain1 config file:
upstream domain1.com {
server 127.0.0.1:8000;
keepalive 8;
}
server {
listen 0.0.0.0:80;
server_name domain1.com www.domain1.com;
return 301 https://domain1.com$request_uri;
}
server {
#listen 80;
listen 443 ssl http2;
server_name domain1.com;
access_log /var/log/nginx/domain1.com.log;
root /var/www/domain1.com/client/public;
include /etc/nginx/global/cloudflare-allow.conf;
ssl_certificate /etc/nginx/ssl/domain1.crt;
ssl_certificate_key /etc/nginx/ssl/domain1.key;
if ($bad_referer) {
return 444;
}
location / {
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Connection "";
proxy_pass http://domain1.com;
proxy_redirect off;
}
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|webp)$ {
expires 1M;
access_log off;
add_header Cache-Control "public";
}
# CSS and Javascript
location ~* \.(?:css|js)$ {
expires 1y;
access_log off;
add_header Cache-Control "public";
}
location ~* \.(?:rss|atom)$ {
expires 1h;
add_header Cache-Control "public";
}
location ~* \.(?:manifest|appcache|html?|xml|json)$ {
expires -1;
}
}
server {
listen 443 ssl http2;
server_name www.domain1.com;
return 301 https://domain1.com$request_uri;
}
domain2 config file:
upstream domain2.com {
server 127.0.0.1:9000;
keepalive 8;
}
#server {
# listen 80;
# server_name domain2.com www.domain2.com;
# return 301 https://$server_name$request_uri;
#}
server {
listen 80;
#listen 443 ssl http2;
server_name domain2.com;
access_log /var/log/nginx/domain2.com.log;
root /var/www/domain2.com;
include /etc/nginx/global/cloudflare-allow.conf;
if ($bad_referer) {
return 444;
}
location / {
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Connection "";
proxy_pass http://domain2.com;
proxy_redirect off;
}
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|webp)$ {
expires 1M;
access_log off;
add_header Cache-Control "public";
}
# CSS and Javascript
location ~* \.(?:css|js)$ {
expires 1y;
access_log off;
add_header Cache-Control "public";
}
location ~* \.(?:rss|atom)$ {
expires 1h;
add_header Cache-Control "public";
}
location ~* \.(?:manifest|appcache|html?|xml|json)$ {
expires -1;
}
}
When SSL is done through CloudFlare's Flexible SSL mode, communication to the origin is HTTP traffic over port 80.
In order to detect whether this traffic is HTTPS you can't use the HTTPS environment variable, you must then check if the X-Forwarded-Proto header is set to HTTPS instead.
You can do this in Nginx as follows:
if ($http_x_forwarded_proto != "https") {
rewrite ^(.*)$ https://$server_name$1 permanent;
}
The easier way to do this is to simply set an "Always use HTTPS" Page Rule in CloudFlare.
This is my Nginx config:
upstream app_server {
# Bindings to the Gunicorn server
server 127.0.0.1:8002 fail_timeout=0;
}
server {
listen 80;
server_name "~^www\.(.*)$";
return 301 https://$host$request_uri;
}
server {
access_log path_to_nginx-access.log;
error_log path_to_nginx-error.log;
listen 443 ssl;
server_name _;
ssl_certificate path_to_nginx.crt;
ssl_certificate_key path_to_nginx.key;
client_max_body_size 4G;
keepalive_timeout 5;
root path_to_root;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_redirect off;
if (!-f $request_filename) {
proxy_pass http://app_server;
break;
}
}
error_page 500 502 503 504 /500.html;
location = /500.html {
root path_to_templates;
}
}
My goal is to have all this addresses redirecting to https://domain.com
http://domain.com
https://domain.com
http://www.domain.com
https://www.domain.com
What should I change?
Keep in mind that I need to handle multiple domains with the same Nginx server (vide server_name).
Thanks!
I have the folloiwng Nginx configuration:
server {
listen 80;
server_name .example.net .example.com;
return 301 https://example.com$request_uri;
}
server {
listen 80;
server_name beta.example.com;
error_page 403 /403;
error_page 404 /404;
error_page 500 /500;
client_max_body_size 5M;
# Handle all locations
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/cert_chain.crt;
ssl_certificate_key /etc/ssl/csr.pem;
server_name example.com;
error_page 403 /403;
error_page 404 /404;
error_page 500 /500;
client_max_body_size 5M;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
I'm wanting to redirect HTTP requests to HTTPS however I get a redirect loop. I've read other answers on different questions including this one and this one however none of their solutions solved mine. Any ideas? Thanks.
It seems like your backend (running on 127.0.0.1:8000) issues Location: http://example.com/ header.
Please look into the access logs, nginx's and backend's too.
Or use httpliveheaders or tcpdump to investigate the traffic.
I want to redirect conditionally based on the server name, but where I redirect to also depends on the subdomain. So for example, here is my basic config
server {
listen 80;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name company.com compa.ny;
ssl on;
ssl_client_certificate /etc/ssl/certs/godaddy_CA.crt;
ssl_certificate /etc/ssl/certs/wildcard.company.com.crt;
ssl_certificate_key /etc/ssl/private/wildcard.company.com.key;
ssl_prefer_server_ciphers on;
root /var/www/company;
access_log /var/log/nginx/nginx.access.log;
error_log /var/log/nginx/nginx.error.log;
client_max_body_size 8M;
location ^~ /application {
proxy_set_header HOST $http_host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://127.0.0.1:8080;
}
}
I want to have something that looks for the short url host "compa.ny" and redirects to "company.com/shortUrldRedirector" and I also want to include the subdomain, so in dev or qa this will work correctly:
https://compa.ny/abc123 -> https://company.com/shortUrldRedirector/abc123
and
https://dev.compa.ny/abc123 -> https://dev.company.com/shortUrldRedirector/abc123
I see there is a $server_name config variable, but how do I accomplish the above redirects respecting the subdomain?
I would use map construction like this:
map $http_host $long_domain {
default company.com;
dev.compa.ny dev.company.com;
compa.ny company.com;
}
server {
...
return 301 https://$long_domain/shortUrldRedirector$request_uri;
}