I'm a bit stuck. I'm setting up a new installation of JTL-Shop3 on Nginx. But whenever I call https://www.domain.tld/ it becomes http://www.domain.tld/ and the other way around and ends up showing an error because the webpage is redirecting in a loop.
Here is my nginx config for Non-SSL
# redirect non www to www
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name trendboxx.eu www.trendboxx.eu;
return 301 https://www.trendboxx.eu$request_uri;
}
And here the config for the SSL vhost
server {
listen 443 ssl;
ssl on;
ssl_certificate /srv/www/trendboxx.eu/certificates/www.trendboxx.eu.crt;
ssl_certificate_key /srv/www/trendboxx.eu/certificates/www.trendboxx.eu.key;
server_name www.trendboxx.eu;
access_log /srv/www/trendboxx.eu/logfiles/nginx.access.log;
error_log /srv/www/trendboxx.eu/logfiles/nginx.error.log;
root /srv/www/trendboxx.eu/public_html;
index index.php;
location / {
# try file => folder => JTL-Shop3 Search
try_files $uri $uri/ /index.php?q=$uri$args;
}
# error pages
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# JTL-Shop3 expires for static files
location ~* \.(eot|ttf|woff|css|less)$ {
expires max;
add_header Access-Control-Allow-Origin *;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
access_log off;
log_not_found off;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
access_log off;
log_not_found off;
}
# PHP handler
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_read_timeout 180;
proxy_read_timeout 180;
}
# deny access to hidden files
location ~ /\. {
deny all;
}
}
I am gratefull for every hint on how to solve this problem.
Related
This is what my current server block looks like:
server {
listen 80;
server_name www.domain.com domain.com;
return 301 https://www.domain.com$request_uri;
access_log /var/log/nginx/domain.com.access;
error_log /var/log/nginx/domain.com.error error;
}
## BETA
server {
listen 443 ssl http2;
keepalive_timeout 300;
This works perfectly in redirecting non https www and non https non www to https://www.domain.com
Unfortunately https non www was not being redirected so I altered to this:
server {
listen 80;
server_name www.domain.com domain.com;
return 301 https://www.domain.com$request_uri;
access_log /var/log/nginx/domain.com.access;
error_log /var/log/nginx/domain.com.error error;
}
## BETA
server {
listen 443 ssl http2;
server_name domain.com;
return 301 https://www.domain.com$request_uri;
keepalive_timeout 300;
Unfortunately this only managed to crash the server.
Any input on what I'm doing wrong would be greatly appreciated.
As requested here is my conf file. nginx -t returns a success
server {
listen 80;
server_name www.example.com example.com;
return 301 https://www.example.com$request_uri;
access_log /var/log/nginx/example.com.access;
error_log /var/log/nginx/example.com.error error;
}
## BETA
server {
listen 443 ssl http2;
keepalive_timeout 300;
charset utf-8;
add_header Strict-Transport-Security 'max-age=63072000; includeSubDomains; preload';
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
ssl_certificate /etc/ssl/certs/wc.example.com.pem;
ssl_certificate_key /etc/ssl/certs/wc.example.com.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 30m;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
server_name www.example.com;
# SSL buffer size was added in 1.5.9
ssl_buffer_size 1400; # 1400 bytes to fit in one MTU
access_log /var/log/nginx/dev.example.com.access;
error_log /var/log/nginx/dev.example.com.error error;
root /srv/storage/pxpubl29/www.example.com/htdocs/;
index index.php index.html index.htm;
location / {
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ ^/pages {
try_files $uri /index.php$is_args$args;
rewrite ^/pages/free_chat.php$ /pages/free-chat.php permanent;
}
location ~ ^/upl {
client_max_body_size 400M;
client_body_buffer_size 1024k;
# For CORS
if ($request_method = OPTIONS) {
add_header Pragma no-cache;
add_header X-Content-Type-Options nosniff;
# Access control for CORS
add_header Access-Control-Allow-Origin "https://www.example.com";
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
add_header Access-Control-Allow-Headers "cache-control, content-range, accept, origin, session-id, content-disposition, x-requested-with, content-type, content-description, referer, user-agent";
add_header Access-Control-Allow-Credentials "true";
# 10 minute pre-flight approval
add_header Access-Control-Max-Age 600;
return 204;
}
if ($request_method = POST) {
add_header Pragma no-cache;
add_header X-Content-Type-Options nosniff;
#add_header Cache-control "no-story, no-cache, must-revalidate";
# Access control for CORS
add_header Access-Control-Allow-Origin "https://www.example.com";
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
add_header Access-Control-Allow-Headers "cache-control, content-range, accept, origin, session-id, content-disposition, x-requested-with, content-type, content-description, referer, user-agent";
add_header Access-Control-Allow-Credentials "true";
# 10 minute pre-flight approval
add_header Access-Control-Max-Age 600;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PHP_VALUE "session.name=space_sid
session.cookie_domain=.example.com
upload_max_filesize=400M
post_max_size=400M";
include fastcgi_params;
fastcgi_index index.php;
}
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PHP_VALUE "session.name=space_sid
session.cookie_domain=.example.com
upload_max_filesize=400M
post_max_size=400M";
include fastcgi_params;
fastcgi_index index.php;
}
location /samples {
return 301 /;
}
location ~ ^/large {
try_files $uri $uri/ /large/index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_index index.php;
}
}
location /avc {
rewrite ^/avc/users_(.+)$ /avc/users_php.php break;
rewrite ^/avc/undefined$ /avc/integration_xml.php break;
rewrite ^/avc/avc_settings.xml$ /avc/integration_xml.php break;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_index index.php;
}
location = /avc/avc_settings.xml {
rewrite ^(.*)$ /avc/integration_xml.php break;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_index index.php;
}
location /upl/server/php/files {
location ~ \.php$ {return 403;}
}
location ~ .*/\.git {
deny all;
}
# Force the latest IE version
add_header "X-UA-Compatible" "IE=Edge";
# This tells Nginx to cache open file handles, "not found" errors, metadata about files and their permissions, etc.
open_file_cache max=1000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
#location ~* \.(js|css|png|jpg|jpeg|gif|ico|ttf|svg)$ {
# expires 14d;
# add_header Pragma "public";
# add_header Cache-Control "public, must-revalidate, proxy-revalidate";
#}
# The X-Frame-Options header indicates whether a browser should be allowed
# to render a page within a frame or iframe.
add_header X-Frame-Options SAMEORIGIN;
# MIME type sniffing security protection
# There are very few edge cases where you wouldn't want this enabled.
add_header X-Content-Type-Options nosniff;
# The X-XSS-Protection header is used by Internet Explorer version 8+
# The header instructs IE to enable its inbuilt anti-cross-site scripting filter.
add_header X-XSS-Protection "1; mode=block";
# cache.appcache, your document html and data
location ~* \.(?:manifest|appcache|html?|xml|json)$ {
expires -1;
}
# Feed
location ~* \.(?:rss|atom)$ {
expires 1h;
add_header Cache-Control "public";
}
# Media: images, icons, video, audio, HTC
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|swf|mp3)$ {
expires 1M;
access_log off;
add_header Cache-Control "public";
}
# CSS and Javascript
location ~* \.(?:css|js)$ {
expires 1y;
access_log off;
add_header Cache-Control "public";
}
# WebFonts
# If you are NOT using cross-domain-fonts.conf, uncomment the following directive
location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ {
expires 1M;
access_log off;
add_header Cache-Control "public";
}
# ERROR Pages
error_page 404 /error/404/;
error_page 403 /error/403/;
error_page 401 /error/401/;
# ACL
# deny all;
}
I have a weird 301 redirection issue. My server is set up to handle multiple domains pointing to the server, i.e.
The main domain: https://maindomain.com
An N number of custom domains: http://somecustomdomain.com, http://anothercustomdomain.com, etc.
However there is a strange 301 issue when visiting a custom domain and including www., like: http://www.somecustomdomain.com. On the maindomain this works fine:
When visiting https://www.maindomain.com/some-uri it will redirect to: https://maindomain.com/some-uri
However, when visiting a custom domain it redirects from: http://www.somecustomdomain.com/some-uri to https://maindomain.com/some-uri (!!). You would expect it to redirect to: http://somecustomdomain.com/some-uri
I have tried debugging this issue (ensured that my browser does not cache the 301 redirects) and I have not been able to resolve the issue. I have three nginxs confiugrations inside my sites-available directory. They are listed here:
maindomain.com
catch-all (I have tried removing this file, so only maindomain.com exists, but problem still occours)
www.maindomain.com (I have tried removing this file, so only maindomain.com exists, but problem still occours)
maindomain.com contents
server {
listen 80;
server_name maindomain.com;
return 301 https://maindomain.com$request_uri;
}
server {
listen 443 ssl;
server_name maindomain.com;
root /home/forge/maindomain.com/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/maindomain.com/30126/server.crt;
ssl_certificate_key /etc/nginx/ssl/maindomain.com/30126/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/maindomain.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
catch-all contents
server {
listen 80;
server_name ~^(.+)$;
root /home/forge/maindomain.com/public;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/maindomain.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
www.maindomain.com contents
server {
listen 80;
server_name www.maindomain.com;
return 301 $scheme://maindomain.com$request_uri;
}
If i CURL into http://www.somecustomdomain.com/some-uri this is the content I receive:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8" />
<meta http-equiv="refresh" content="1;url=https://maindomain.com/some-uri" />
<title>Redirecting to https://maindomain.com/some-uri</title>
</head>
<body>
Redirecting to https://maindomain.com/some-uri.
</body>
</html>%
You need an extra server configuration for www domains:
server {
server_name ~^(www\.)?(?<domain>.+)$;
location / {
return 301 $scheme://$domain/$uri;
}
}
I am trying to make my domain name only work with a https:// and www in front of it. It's important that domain.com without the www. redirects to the www, and it's also important that https:// is always enabled. I am having a lot of trouble achieving this. I've removed all the redirects from the config because they all just give me errors.
server {
listen 80;
default_type text/html;
server_name epicmc.us;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
root /usr/share/nginx/html;
index index.php index.html index.htm;
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# pass the PHP scripts to FastCGI server listening on the php-fpm socket
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 443;
default_type text/html;
server_name www.epicmc.us;
root /usr/share/nginx/html;
index index.php index.html index.htm;
ssl on;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:5m;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH:!aNULL;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
ssl_certificate /etc/nginx/ssl/cert.crt;
ssl_certificate_key /etc/nginx/ssl/private.key;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
# Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests
#location /RequestDenied {
# proxy_pass http://127.0.0.1:8080;
#}
error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root /usr/share/nginx/html;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
#
# # With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
}
EDIT: I am now using a PHP redirect, but there has to be a better option...
You should define additional virtualhost, and there redirect all clients to desired method+host.
Add to your config (tune to your taste, of course) :
# redirection vhost
server {
listen 10.1.2.3:80;
server_name www.epicmc.us epicmc.us;
access_log /logs/access.log full;
error_log /logs/error.log notice;
location / {
rewrite ^/(.*)$ https://www.epicmc.us/$1 permanent;
}
}
There are two ways of doing this, simple redirect return 301
server {
server_name www.example.com;
listen 80;
return 301 https://$host$request_uri;
}
or using rewrite rules, check the answer for this question it might be helpful
server {
listen 80;
server_name www.example.com ;
location{
rewrite ^(.*)$ https://www.example.com/$1 permanent;
}
}
check answers for this question it might be helpful
Hey guys I'm using Cloudflare's flexible SSL, so my problem was that I had to do the page rules on their site and not in my config. That's why I was getting redirect errors.
Basically my domain just kinda redirects to the homepage if you do https://epicmc.us/nonexistantpage but https://epicmc.us/nonexistantpage.php works (My 404 error only pops up if there is a .php at the end of the non-existant page) _ Where did I go wrong? How do I make my 404 page always work?
server {
listen 80;
listen 443;
default_type text/html;
location / {
root /usr/share/nginx/html;
index index.php index.html index.htm;
try_files $uri $uri/ /index.php;
}
root /usr/share/nginx/html;
index index.php index.html index.htm;
server_name epicmc.us;
error_page 404 /404.php;
error_page 500 502 503 504 /50x.php;
location = /50x.html {
root /usr/share/nginx/html;
}
# pass the PHP scripts to FastCGI server listening on the php-fpm socket
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
Last argument of try_files is an URI for internal redirect. So basically any non-existent page (that not ends on php) redirects to /index.php which exists I suppose.
So I would change config to:
server {
listen 80;
listen 443 ssl;
default_type text/html;
server_name epicmc.us;
root /usr/share/nginx/html;
index index.php index.html index.htm;
error_page 404 /404.php;
error_page 500 502 503 504 /50x.php;
# pass the PHP scripts to FastCGI server listening on the php-fpm socket
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
I've removed location / because directives there are the same as on server level (root and index) and there is no need to have try_files.
location = /50x.html is also redundant.
And I've added ssl flag to listen 443, cause I can't imagine any reason not to have SSL on default SSL port.
EDIT: I doubt that you need fastcgi_split_info with location ~ \.php$, so I've removed it too.
maybe try this one i think you had some redundant references to the 404 pages
server {
listen 80;
listen 443;
root /usr/share/nginx/html;
index index.php index.php index.html index.htm;
server_name epicmc.us;
location ~^(?:ico|mp3|css|js|gif|jpe?g|png)$ {
expires 30d;
add_header Pragma public;
add_header Cache-Control "public";
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}
I am trying to convert my apache redirection directives to nginx one, for now I have the following directive:
server {
listen 80;
index index.php index.html;
server_name myvisit_head;
root /var/www/mv/head/myvisit/;
access_log /var/log/nginx/myvisit-access.log;
error_log /var/log/nginx/myvisit-error.log;
# Use gzip compression
# gzip_static on; # Uncomment if you compiled Nginx using --with-http_gzip_static_module
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 5;
gzip_buffers 16 8k;
gzip_http_version 1.0;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/$
# error pages
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www;
}
# Deny access to hidden files
location ~* /\.ht {
deny all;
access_log off;
log_not_found off;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~* /myvisitv3 {
rewrite /(myvisitv3|myvisitV3|myVisitv3|myVisitV3)([-_])(.*).(html|php)$ /myvisitv3.php?libAdresse=$3 break;
}
# Pass PHP scripts on to PHP-FPM
include global/php-fpm.conf;
location ~* \.php$ {
try_files $uri /index.php;
fastcgi_index index.php;
fastcgi_pass php5-fpm-sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param PHP_VALUE "auto_prepend_file=/var/www/profile/external/header.php \n
auto_append_file=/var/www/profile/external/footer.php";
include /etc/nginx/fastcgi_params;
}
}
but when I try to access the url I get a 404 not found error.
I have tried both with location, request_uri directive but the result is the same
here's my apache rules:
RewriteEngine on
RewriteRule ^(myvisitv3|myvisitV3|myVisitv3|myVisitV3)([-_])(.*).(html|php)$ myvisitv3.php?libAdresse=$3 [L,QSA]
RewriteRule ^(openVisit|openvisit).(html|php)$ openvisitv3.php [L,QSA]
RewriteRule ^(favicon).(ico|png|bmp|jpg)$ web/img/favicon.ico [L,QSA]
These rules use case insensitive matching to spare us the hassle of handling those so many cases.
location ~* /myvisitv3[-_](.*)\.(?:html|php) {
try_files $uri $uri/ /myvisitv3.php?libAdresse=$1;
}
location ~* /openvisit\.(?:html|php)$ {
try_files $uri $uri/ /openvisitv3.php;
}
location ~* /favicon\.(?:ico|png|bmp|jpg)$ {
try_files $uri $uri/ /web/img/favicon.ico;
}