I'm having a 301 redirect issue for multiple sites pointing to our primary site although the intended affected sites are in their own server blocks. If I disable the primary site, the others work as intended, so it seems something in the primary config is trumping the others. Any help would be appreciated.
/etc/nginx/nginx.conf:
user nginx;
worker_processes 8;
worker_rlimit_nofile 100000;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 4096;
multi_accept on;
use epoll;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log /var/log/nginx/access.log;
access_log off;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_min_length 1100;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
open_file_cache max=2000 inactive=20s;
open_file_cache_valid 60s;
open_file_cache_min_uses 5;
open_file_cache_errors off;
client_max_body_size 50M;
client_body_buffer_size 1m;
client_body_timeout 15;
client_header_timeout 15;
keepalive_timeout 2 2;
send_timeout 15;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
fastcgi_buffers 256 16k;
fastcgi_buffer_size 128k;
fastcgi_connect_timeout 3s;
fastcgi_send_timeout 120s;
fastcgi_read_timeout 120s;
fastcgi_busy_buffers_size 256k;
fastcgi_max_temp_file_size 0;
reset_timedout_connection on;
server_names_hash_bucket_size 100;
fastcgi_cache_path /var/cache/nginx levels=1:2 keys_zone=microcache:10m max_size=1000m inactive=60m;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
include /etc/nginx/conf.d/*.conf;
}
This is the vhost conf that appears to be trumping other vhosts. /etc/nginx/conf.d/site1.conf:
server {
listen 10.10.10.1:80;
listen 10.10.10.1:443 ssl;
server_name ^site1\.org$ ^www\.site1\.org$ ^old\.site1domain\.org$;
ssl_certificate ...;
ssl_certificate_key ...;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
keepalive_timeout 70;
root /var/www/vhosts/site1.org/httpdocs;
index index.php;
client_max_body_size 128M;
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php-fpm/site1.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
include /etc/nginx/fastcgi_params;
include /etc/nginx/fastcgi.conf;
open_file_cache max=4000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
}
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
if ($scheme != "https") {
rewrite ^ https://site1.org$uri permanent;
}
if ($host != "site1.org") {
rewrite ^ https://site1.org$uri permanent;
}
#wp-super-cache
....
location ~* .(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|tar|mid|midi|wav|bmp)$ {
expires max;
}
}
Phew. OK, here is an example of a different vhost config, which does not seem to be answering requests (instead, i get a 301 to the vhost above, with or without the redirects commented out).
/etc/nginx/conf.d/site2.conf:
server {
listen 10.10.10.1:80;
server_name ^sub1\.site2\.org$;
allow all;
proxy_redirect / http://10.10.10.1:6969;
location / {
proxy_pass http://10.10.10.1:6969;
}
}
However, for some reason, this SSL proxy works as intended (on different IP):
/etc/nginx/conf.d/site3.conf:
server {
listen 10.10.10.2:443 ssl;
server_name ^sub3\.site1\.org$;
ssl_certificate ...;
ssl_certificate_key ...;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
allow all;
proxy_redirect / http://sub3.site1.org:80/;
location / {
proxy_pass http://sub3.site1.org:80/;
}
proxy_set_header Host $http_host;
}
Here is what I get when I attempt to connect to http://sub1.site2.org:
[c09 79] /etc/nginx/conf.d # wget {sub1.site2.url}
--2015-11-25 09:09:28-- {sub1.site2.url}
Resolving sub1.site2.org... 10.10.10.1
Connecting to sub1.site2.org|10.10.10.1|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: {site1.url} [following]
and so on...
Thanks in advance.
Your server_name directives are all invalid so none of them match. So nginx uses the first server container as the default and processes all requests through that.
It then hits your rewrite ^ https://site1.org$uri permanent; conditional rewrite.
If you must use regex in your server_names (although it's less efficient unless you really need it), you must prefix the name with ~. Otherwise, just use the plain name.
server_name site1.org www.site1.org old.site1domain.org;
See this document for details.
Related
so I have vagrant with port forwarding
here is vagrantfile
Vagrant.configure("2") do |config|
config.vm.provider "virtualbox" do |v|
v.memory = 2048
v.cpus = 4
end
config.berkshelf.enabled = true
config.berkshelf.berksfile_path = "./Berksfile"
config.omnibus.chef_version = :latest
config.vm.network :forwarded_port, guest: 80, host: 8080
config.vm.network :forwarded_port, guest: 22, host: 2020
end
Here is nginx.conf
user www-data;
worker_processes 4;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_requests 100;
keepalive_timeout 65;
gzip on;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_proxied any;
gzip_vary off;
gzip_types text/plain text/css application/x-javascript text/xml application/xml application/rss+xml application/atom+xml text/javascript application/javascript application/json text/mathml;
gzip_min_length 1000;
gzip_disable "MSIE [1-6]\.";
variables_hash_max_size 1024;
variables_hash_bucket_size 64;
server_names_hash_bucket_size 64;
types_hash_max_size 2048;
types_hash_bucket_size 64;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
here is sites_enabled/default
server {
listen 80;
server_name precise64;
access_log /var/log/nginx/localhost.access.log;
root /vagrant/site/www/public;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/run/php/php7.1-fpm.sock;
fastcgi_index index.php;
}
}
The issue is that everytime I go to http://localhost:8080/somedirectory on my browser, nginx ends up redirecting (301) to http://localhost/somedirectory
If I access a specific file, it doesn't do the redirect as expected
why is that happening and how can I prevent nginx from dropping the port?
I don't see a redirect in your NGINX config so my guess is that it's coming from your PHP app.
This is what my current server block looks like:
server {
listen 80;
server_name www.domain.com domain.com;
return 301 https://www.domain.com$request_uri;
access_log /var/log/nginx/domain.com.access;
error_log /var/log/nginx/domain.com.error error;
}
## BETA
server {
listen 443 ssl http2;
keepalive_timeout 300;
This works perfectly in redirecting non https www and non https non www to https://www.domain.com
Unfortunately https non www was not being redirected so I altered to this:
server {
listen 80;
server_name www.domain.com domain.com;
return 301 https://www.domain.com$request_uri;
access_log /var/log/nginx/domain.com.access;
error_log /var/log/nginx/domain.com.error error;
}
## BETA
server {
listen 443 ssl http2;
server_name domain.com;
return 301 https://www.domain.com$request_uri;
keepalive_timeout 300;
Unfortunately this only managed to crash the server.
Any input on what I'm doing wrong would be greatly appreciated.
As requested here is my conf file. nginx -t returns a success
server {
listen 80;
server_name www.example.com example.com;
return 301 https://www.example.com$request_uri;
access_log /var/log/nginx/example.com.access;
error_log /var/log/nginx/example.com.error error;
}
## BETA
server {
listen 443 ssl http2;
keepalive_timeout 300;
charset utf-8;
add_header Strict-Transport-Security 'max-age=63072000; includeSubDomains; preload';
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
ssl_certificate /etc/ssl/certs/wc.example.com.pem;
ssl_certificate_key /etc/ssl/certs/wc.example.com.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 30m;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
server_name www.example.com;
# SSL buffer size was added in 1.5.9
ssl_buffer_size 1400; # 1400 bytes to fit in one MTU
access_log /var/log/nginx/dev.example.com.access;
error_log /var/log/nginx/dev.example.com.error error;
root /srv/storage/pxpubl29/www.example.com/htdocs/;
index index.php index.html index.htm;
location / {
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ ^/pages {
try_files $uri /index.php$is_args$args;
rewrite ^/pages/free_chat.php$ /pages/free-chat.php permanent;
}
location ~ ^/upl {
client_max_body_size 400M;
client_body_buffer_size 1024k;
# For CORS
if ($request_method = OPTIONS) {
add_header Pragma no-cache;
add_header X-Content-Type-Options nosniff;
# Access control for CORS
add_header Access-Control-Allow-Origin "https://www.example.com";
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
add_header Access-Control-Allow-Headers "cache-control, content-range, accept, origin, session-id, content-disposition, x-requested-with, content-type, content-description, referer, user-agent";
add_header Access-Control-Allow-Credentials "true";
# 10 minute pre-flight approval
add_header Access-Control-Max-Age 600;
return 204;
}
if ($request_method = POST) {
add_header Pragma no-cache;
add_header X-Content-Type-Options nosniff;
#add_header Cache-control "no-story, no-cache, must-revalidate";
# Access control for CORS
add_header Access-Control-Allow-Origin "https://www.example.com";
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
add_header Access-Control-Allow-Headers "cache-control, content-range, accept, origin, session-id, content-disposition, x-requested-with, content-type, content-description, referer, user-agent";
add_header Access-Control-Allow-Credentials "true";
# 10 minute pre-flight approval
add_header Access-Control-Max-Age 600;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PHP_VALUE "session.name=space_sid
session.cookie_domain=.example.com
upload_max_filesize=400M
post_max_size=400M";
include fastcgi_params;
fastcgi_index index.php;
}
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PHP_VALUE "session.name=space_sid
session.cookie_domain=.example.com
upload_max_filesize=400M
post_max_size=400M";
include fastcgi_params;
fastcgi_index index.php;
}
location /samples {
return 301 /;
}
location ~ ^/large {
try_files $uri $uri/ /large/index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_index index.php;
}
}
location /avc {
rewrite ^/avc/users_(.+)$ /avc/users_php.php break;
rewrite ^/avc/undefined$ /avc/integration_xml.php break;
rewrite ^/avc/avc_settings.xml$ /avc/integration_xml.php break;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_index index.php;
}
location = /avc/avc_settings.xml {
rewrite ^(.*)$ /avc/integration_xml.php break;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_index index.php;
}
location /upl/server/php/files {
location ~ \.php$ {return 403;}
}
location ~ .*/\.git {
deny all;
}
# Force the latest IE version
add_header "X-UA-Compatible" "IE=Edge";
# This tells Nginx to cache open file handles, "not found" errors, metadata about files and their permissions, etc.
open_file_cache max=1000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
#location ~* \.(js|css|png|jpg|jpeg|gif|ico|ttf|svg)$ {
# expires 14d;
# add_header Pragma "public";
# add_header Cache-Control "public, must-revalidate, proxy-revalidate";
#}
# The X-Frame-Options header indicates whether a browser should be allowed
# to render a page within a frame or iframe.
add_header X-Frame-Options SAMEORIGIN;
# MIME type sniffing security protection
# There are very few edge cases where you wouldn't want this enabled.
add_header X-Content-Type-Options nosniff;
# The X-XSS-Protection header is used by Internet Explorer version 8+
# The header instructs IE to enable its inbuilt anti-cross-site scripting filter.
add_header X-XSS-Protection "1; mode=block";
# cache.appcache, your document html and data
location ~* \.(?:manifest|appcache|html?|xml|json)$ {
expires -1;
}
# Feed
location ~* \.(?:rss|atom)$ {
expires 1h;
add_header Cache-Control "public";
}
# Media: images, icons, video, audio, HTC
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|swf|mp3)$ {
expires 1M;
access_log off;
add_header Cache-Control "public";
}
# CSS and Javascript
location ~* \.(?:css|js)$ {
expires 1y;
access_log off;
add_header Cache-Control "public";
}
# WebFonts
# If you are NOT using cross-domain-fonts.conf, uncomment the following directive
location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ {
expires 1M;
access_log off;
add_header Cache-Control "public";
}
# ERROR Pages
error_page 404 /error/404/;
error_page 403 /error/403/;
error_page 401 /error/401/;
# ACL
# deny all;
}
Im trying to rewrite a url like below:
https://example.com/products/product-post ---> https://example.com/product-post
But i want in the same time the url https://example.com/products/ to be accessible, without any modifications since its a product catalog.
This is not working causing a 500 server error:
location /products/ {
rewrite ^/(.*)$ /products/$1 last;
}
For organizing reasons i keep my files in /products/file1, file2 etc.
Perhaps i should be using "alias" and not "rewrite"?
Thank you.
UPDATE: Below is my server.conf config
server {
server_name www.example.com;
listen 80;
listen 443 ssl spdy;
listen [::]:80;
listen [::]:443 ssl spdy;
ssl_certificate /opt/ssl/example.com.chained.crt;
ssl_certificate_key /opt/ssl/example.com.key;
# Non-www redirect
return 301 https://example.com$request_uri;
}
server {
server_name example.com;
listen 443 ssl spdy;
listen [::]:443 ssl spdy;
root /home/html_public;
charset UTF-8;
ssl_certificate /opt/ssl/example.com.chained.crt;
ssl_certificate_key /opt/ssl/example.com.key;
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
keepalive_timeout 70;
ssl_buffer_size 1400;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=86400;
resolver_timeout 10;
ssl_trusted_certificate /opt/ssl/example.com.chained.crt;
location ~* \.(jpg|jpeg|gif|png|ico|cur|gz|svgz|mp4|ogg|ogv|webm|htc|css|js|otf|eot|svg|ttf|woff|woff2)(\?ver=[0-9.]+)?$ {
expires 1M;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
access_log off;
}
#access_log logs/host.access.log main;
#===BAN COUNTRIES START ==============
if ($allowed_country = no) {
return 403;
}
if ($bad_referer) {
return 444;
}
location #extensionless-php {
rewrite ^(.*)/$ $1.php last;
rewrite ^(.*[^/])$ $1/ permanent;
}
location / {
try_files $uri $uri/ #extensionless-php;
#limit_conn num_conn 15;
#limit_req zone=num_reqs;
}
#=====PAGE SPEED START==========
location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" {
add_header "" "";
}
location ~ "^/pagespeed_static/" { }
location ~ "^/ngx_pagespeed_beacon$" { }
#=====PAGE SPEED END==========
error_page 404 /404.php;
#pass the PHP scripts to FastCGI server listening on php-fpm unix socket
location ~ \.php$ {
try_files $uri =404;
fastcgi_index index.php;
fastcgi_pass unix:/tmp/php5-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
include fastcgi_params;
}
location = /robots.txt {
access_log off;
log_not_found off;
}
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
#=====START phpMyAdmin==============#
location /phpMyAdmin {
root /usr/share/;
location ~ ^/phpMyAdmin/(.+\.php)$ {
root /usr/share/;
try_files $uri =404;
fastcgi_index index.php;
fastcgi_pass unix:/tmp/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~* ^/phpMyAdmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
location /phpmyadmin {
rewrite ^/* /phpMyAdmin last;
}
#=====END phpMyAdmin==============#
location /webmail {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/webmail/(.+\.php)$ {
root /usr/share/;
try_files $uri =404;
fastcgi_pass unix:/tmp/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~* ^/webmail/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
#====Out Link REDIRECTS===============
location /go/ {
rewrite ^/go/(.*)$ /go/site-linker.php?site=$1 last;
}
location ~ /products/(.+) {
rewrite ^/products/(.*)$ /$1 last;
}
}
In the logs im getting this:
2016/04/24 12:07:45 [notice] 6810#0: *1 "^/products/(.*)$" does not match "/xperia-z5/", client: 192.168.10.2, server: 192.168.10.1, request: "GET /xperia-z5/ HTTP/1.1", host: "192.168.10.1"
2016/04/24 12:07:45 [notice] 6810#0: *1 "^/products/(.*)$" does not match "/xperia-z5/", client: 192.168.10.2, server: 192.168.10.1, request: "GET /xperia-z5/ HTTP/1.1", host: "192.168.10.1"
2016/04/24 12:07:45 [notice] 6810#0: *1 "^(.*)/$" matches "/xperia-z5/", client: 192.168.10.2, server: 192.168.10.1, request: "GET /xperia-z5/ HTTP/1.1", host: "192.168.10.1"
2016/04/24 12:07:45 [notice] 6810#0: *1 "^(.*)/$" matches "/xperia-z5/", client: 192.168.10.2, server: 192.168.10.1, request: "GET /xperia-z5/ HTTP/1.1", host: "192.168.10.1"
2016/04/24 12:07:45 [notice] 6810#0: *1 rewritten data: "/xperia-z5.php", args: "", client: 192.168.10.2, server: 192.168.10.1, request: "GET /xperia-z5/ HTTP/1.1", host: "192.168.10.1"
2016/04/24 12:07:45 [notice] 6810#0: *1 rewritten data: "/xperia-z5.php", args: "", client: 192.168.10.2, server: 192.168.10.1, request: "GET /xperia-z5/ HTTP/1.1", host: "192.168.10.1"
https://www.digitalocean.com/community/tutorials/understanding-nginx-server-and-location-block-selection-algorithms
I've updated my rewrite sample config - https://github.com/TeXXaS/nginx-configs/tree/master/rewrite
From that tutorial - if you use rewrite, index or something like that nginx will internally reprocess request. To deal with that - I've added prods directory - so for .../products/ nginx serves /prods/index.html - while for all other .../products/(.+) - request is redirected to root. So if you type http://localhost:10080/products/index.html - it will show index.html from root, with out changing path in your browser. Hope it helps... :)
After a lot of trial and error, the sulution turned out to be:
location / {
try_files $uri $uri/ #extensionless-php;
rewrite /(.+$) /products/$1 break;
}
location = /products/ {
index index.php;
}
I hope this will help someone in the future.
I'm a bit stuck. I'm setting up a new installation of JTL-Shop3 on Nginx. But whenever I call https://www.domain.tld/ it becomes http://www.domain.tld/ and the other way around and ends up showing an error because the webpage is redirecting in a loop.
Here is my nginx config for Non-SSL
# redirect non www to www
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name trendboxx.eu www.trendboxx.eu;
return 301 https://www.trendboxx.eu$request_uri;
}
And here the config for the SSL vhost
server {
listen 443 ssl;
ssl on;
ssl_certificate /srv/www/trendboxx.eu/certificates/www.trendboxx.eu.crt;
ssl_certificate_key /srv/www/trendboxx.eu/certificates/www.trendboxx.eu.key;
server_name www.trendboxx.eu;
access_log /srv/www/trendboxx.eu/logfiles/nginx.access.log;
error_log /srv/www/trendboxx.eu/logfiles/nginx.error.log;
root /srv/www/trendboxx.eu/public_html;
index index.php;
location / {
# try file => folder => JTL-Shop3 Search
try_files $uri $uri/ /index.php?q=$uri$args;
}
# error pages
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# JTL-Shop3 expires for static files
location ~* \.(eot|ttf|woff|css|less)$ {
expires max;
add_header Access-Control-Allow-Origin *;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
access_log off;
log_not_found off;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
access_log off;
log_not_found off;
}
# PHP handler
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_read_timeout 180;
proxy_read_timeout 180;
}
# deny access to hidden files
location ~ /\. {
deny all;
}
}
I am gratefull for every hint on how to solve this problem.
I am trying to make my domain name only work with a https:// and www in front of it. It's important that domain.com without the www. redirects to the www, and it's also important that https:// is always enabled. I am having a lot of trouble achieving this. I've removed all the redirects from the config because they all just give me errors.
server {
listen 80;
default_type text/html;
server_name epicmc.us;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
root /usr/share/nginx/html;
index index.php index.html index.htm;
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# pass the PHP scripts to FastCGI server listening on the php-fpm socket
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 443;
default_type text/html;
server_name www.epicmc.us;
root /usr/share/nginx/html;
index index.php index.html index.htm;
ssl on;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:5m;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH:!aNULL;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
ssl_certificate /etc/nginx/ssl/cert.crt;
ssl_certificate_key /etc/nginx/ssl/private.key;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
# Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests
#location /RequestDenied {
# proxy_pass http://127.0.0.1:8080;
#}
error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root /usr/share/nginx/html;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
#
# # With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
}
EDIT: I am now using a PHP redirect, but there has to be a better option...
You should define additional virtualhost, and there redirect all clients to desired method+host.
Add to your config (tune to your taste, of course) :
# redirection vhost
server {
listen 10.1.2.3:80;
server_name www.epicmc.us epicmc.us;
access_log /logs/access.log full;
error_log /logs/error.log notice;
location / {
rewrite ^/(.*)$ https://www.epicmc.us/$1 permanent;
}
}
There are two ways of doing this, simple redirect return 301
server {
server_name www.example.com;
listen 80;
return 301 https://$host$request_uri;
}
or using rewrite rules, check the answer for this question it might be helpful
server {
listen 80;
server_name www.example.com ;
location{
rewrite ^(.*)$ https://www.example.com/$1 permanent;
}
}
check answers for this question it might be helpful
Hey guys I'm using Cloudflare's flexible SSL, so my problem was that I had to do the page rules on their site and not in my config. That's why I was getting redirect errors.