I am trying to make my domain name only work with a https:// and www in front of it. It's important that domain.com without the www. redirects to the www, and it's also important that https:// is always enabled. I am having a lot of trouble achieving this. I've removed all the redirects from the config because they all just give me errors.
server {
listen 80;
default_type text/html;
server_name epicmc.us;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
root /usr/share/nginx/html;
index index.php index.html index.htm;
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# pass the PHP scripts to FastCGI server listening on the php-fpm socket
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 443;
default_type text/html;
server_name www.epicmc.us;
root /usr/share/nginx/html;
index index.php index.html index.htm;
ssl on;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:5m;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH:!aNULL;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
ssl_certificate /etc/nginx/ssl/cert.crt;
ssl_certificate_key /etc/nginx/ssl/private.key;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
# Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests
#location /RequestDenied {
# proxy_pass http://127.0.0.1:8080;
#}
error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root /usr/share/nginx/html;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
#
# # With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
}
EDIT: I am now using a PHP redirect, but there has to be a better option...
You should define additional virtualhost, and there redirect all clients to desired method+host.
Add to your config (tune to your taste, of course) :
# redirection vhost
server {
listen 10.1.2.3:80;
server_name www.epicmc.us epicmc.us;
access_log /logs/access.log full;
error_log /logs/error.log notice;
location / {
rewrite ^/(.*)$ https://www.epicmc.us/$1 permanent;
}
}
There are two ways of doing this, simple redirect return 301
server {
server_name www.example.com;
listen 80;
return 301 https://$host$request_uri;
}
or using rewrite rules, check the answer for this question it might be helpful
server {
listen 80;
server_name www.example.com ;
location{
rewrite ^(.*)$ https://www.example.com/$1 permanent;
}
}
check answers for this question it might be helpful
Hey guys I'm using Cloudflare's flexible SSL, so my problem was that I had to do the page rules on their site and not in my config. That's why I was getting redirect errors.
Related
I want to redirect evry traffic of a domain to to one target:
https://example.com
We want to change http to https and www to nonwww.
Nginx 1.8.1 is the server
This is the vhost:
server {
listen xxx.xxx.xxx.xxx:80;
listen xxx.xxx.xxx.xxx:443 ssl;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /www/clients/client1/web2/ssl/example.com.crt;
ssl_certificate_key /www/clients/client1/web2/ssl/example.com.key;
server_name example.com www.example.com;
root /var/www/example.com/web;
#This is a rewrite from www.example.com -> example.com
if ($http_host = "www.example.com") {
rewrite ^ $scheme://example.com$request_uri? permanent;
}
......
......
}
The Problem that we have is, that every redirects and rewrite rules we checked out, worked well for this three cases:
https://example.com --> is right target works
http://www.example.com --> https://example.com works
http://example.com --> https://example.com works
but
https://**www**.example.com ---> https://example.com don't works
In Browsers we see https://www.example.com instead the target SSL
domain https://example.com
In this case our SL Cert shows an "untrusted" - message
The configiguration of the vhost is preset by ISPConfig.
Has anybody the same experiences? And maybe a solution.
Your certificate is most likely only issued for example.com and is not valid for www.example.com. Redirections, like the one you have in your NGINX config, happen only after the TLS/ HTTPS handshake which is what your browser is complaining about.
You will need to request your certificate issuer to issue a new certificate that is valid for both example.com and www.example.com. Most issuers should have done this to begin with and do not charge any fees.
Here is what I have done with one my domain.
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
return 301 https://$host$request_uri$is_args$args;
root /var/www/public_html;
index index.php index.html index.htm;
server_name domain.com www.domain.com;
add_header Strict-Transport-Security "max-age=31536000";
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~* \.(jpg|jpeg|png|gif|ico|css|js|svg)$ {
expires 2d;
}
}
server {
listen 443;
add_header Strict-Transport-Security "max-age=31536000";
root /var/www/public_html;
index index.php index.html index.htm;
server_name domain.com www.domain.com;
ssl on;
ssl_certificate /etc/ssl/ssl-bundle.crt;
ssl_certificate_key /etc/ssl/myserver.key;
ssl_dhparam /etc/ssl/dhparams.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#Disables all weak ciphers
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;
client_max_body_size 20M;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~* \.(jpg|jpeg|png|gif|ico|css|js|svg)$ {
expires 30d;
}
}
By the way, This settings make my domain ssl as A+ in ssltestlab
I have a weird 301 redirection issue. My server is set up to handle multiple domains pointing to the server, i.e.
The main domain: https://maindomain.com
An N number of custom domains: http://somecustomdomain.com, http://anothercustomdomain.com, etc.
However there is a strange 301 issue when visiting a custom domain and including www., like: http://www.somecustomdomain.com. On the maindomain this works fine:
When visiting https://www.maindomain.com/some-uri it will redirect to: https://maindomain.com/some-uri
However, when visiting a custom domain it redirects from: http://www.somecustomdomain.com/some-uri to https://maindomain.com/some-uri (!!). You would expect it to redirect to: http://somecustomdomain.com/some-uri
I have tried debugging this issue (ensured that my browser does not cache the 301 redirects) and I have not been able to resolve the issue. I have three nginxs confiugrations inside my sites-available directory. They are listed here:
maindomain.com
catch-all (I have tried removing this file, so only maindomain.com exists, but problem still occours)
www.maindomain.com (I have tried removing this file, so only maindomain.com exists, but problem still occours)
maindomain.com contents
server {
listen 80;
server_name maindomain.com;
return 301 https://maindomain.com$request_uri;
}
server {
listen 443 ssl;
server_name maindomain.com;
root /home/forge/maindomain.com/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/maindomain.com/30126/server.crt;
ssl_certificate_key /etc/nginx/ssl/maindomain.com/30126/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/maindomain.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
catch-all contents
server {
listen 80;
server_name ~^(.+)$;
root /home/forge/maindomain.com/public;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/maindomain.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
www.maindomain.com contents
server {
listen 80;
server_name www.maindomain.com;
return 301 $scheme://maindomain.com$request_uri;
}
If i CURL into http://www.somecustomdomain.com/some-uri this is the content I receive:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8" />
<meta http-equiv="refresh" content="1;url=https://maindomain.com/some-uri" />
<title>Redirecting to https://maindomain.com/some-uri</title>
</head>
<body>
Redirecting to https://maindomain.com/some-uri.
</body>
</html>%
You need an extra server configuration for www domains:
server {
server_name ~^(www\.)?(?<domain>.+)$;
location / {
return 301 $scheme://$domain/$uri;
}
}
I'm a bit stuck. I'm setting up a new installation of JTL-Shop3 on Nginx. But whenever I call https://www.domain.tld/ it becomes http://www.domain.tld/ and the other way around and ends up showing an error because the webpage is redirecting in a loop.
Here is my nginx config for Non-SSL
# redirect non www to www
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name trendboxx.eu www.trendboxx.eu;
return 301 https://www.trendboxx.eu$request_uri;
}
And here the config for the SSL vhost
server {
listen 443 ssl;
ssl on;
ssl_certificate /srv/www/trendboxx.eu/certificates/www.trendboxx.eu.crt;
ssl_certificate_key /srv/www/trendboxx.eu/certificates/www.trendboxx.eu.key;
server_name www.trendboxx.eu;
access_log /srv/www/trendboxx.eu/logfiles/nginx.access.log;
error_log /srv/www/trendboxx.eu/logfiles/nginx.error.log;
root /srv/www/trendboxx.eu/public_html;
index index.php;
location / {
# try file => folder => JTL-Shop3 Search
try_files $uri $uri/ /index.php?q=$uri$args;
}
# error pages
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# JTL-Shop3 expires for static files
location ~* \.(eot|ttf|woff|css|less)$ {
expires max;
add_header Access-Control-Allow-Origin *;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
access_log off;
log_not_found off;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
access_log off;
log_not_found off;
}
# PHP handler
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_read_timeout 180;
proxy_read_timeout 180;
}
# deny access to hidden files
location ~ /\. {
deny all;
}
}
I am gratefull for every hint on how to solve this problem.
Running LEMP stack: nginx version: nginx/1.4.6 (Ubuntu)
I've tried a number of different configurations to get my non-www domain to prepend www. onto all URLs and despite double checking the following configuration against many others I continue to get errors ("not available"/"server not found"). Maybe it has something to do with the fact that I'm using a 301 redirect and not 302.
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /var/www/laravel/mysite/public;
index index.php index.html index.htm;
server_name mysite.com;
return 301 $scheme://www.mysite.com$request_uri;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
I define server_name then I define the rewrite directly below it. This has worked in the past but not working now. I remove the "return" line and the domain without www. works perfectly. There are no other configurations running. Can someone tell me if this configuration contains an error or if I'm attempting to do this incorrectly? Thanks.
You have to separate it into 2 server blocks like this
server {
listen 80;
server_name site.com;
return 301 $scheme://www.site.com$request_uri;
}
server {
listen 80 default_server;
server_name www.site.com;
root /var/www;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
...
Basically my domain just kinda redirects to the homepage if you do https://epicmc.us/nonexistantpage but https://epicmc.us/nonexistantpage.php works (My 404 error only pops up if there is a .php at the end of the non-existant page) _ Where did I go wrong? How do I make my 404 page always work?
server {
listen 80;
listen 443;
default_type text/html;
location / {
root /usr/share/nginx/html;
index index.php index.html index.htm;
try_files $uri $uri/ /index.php;
}
root /usr/share/nginx/html;
index index.php index.html index.htm;
server_name epicmc.us;
error_page 404 /404.php;
error_page 500 502 503 504 /50x.php;
location = /50x.html {
root /usr/share/nginx/html;
}
# pass the PHP scripts to FastCGI server listening on the php-fpm socket
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
Last argument of try_files is an URI for internal redirect. So basically any non-existent page (that not ends on php) redirects to /index.php which exists I suppose.
So I would change config to:
server {
listen 80;
listen 443 ssl;
default_type text/html;
server_name epicmc.us;
root /usr/share/nginx/html;
index index.php index.html index.htm;
error_page 404 /404.php;
error_page 500 502 503 504 /50x.php;
# pass the PHP scripts to FastCGI server listening on the php-fpm socket
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
I've removed location / because directives there are the same as on server level (root and index) and there is no need to have try_files.
location = /50x.html is also redundant.
And I've added ssl flag to listen 443, cause I can't imagine any reason not to have SSL on default SSL port.
EDIT: I doubt that you need fastcgi_split_info with location ~ \.php$, so I've removed it too.
maybe try this one i think you had some redundant references to the 404 pages
server {
listen 80;
listen 443;
root /usr/share/nginx/html;
index index.php index.php index.html index.htm;
server_name epicmc.us;
location ~^(?:ico|mp3|css|js|gif|jpe?g|png)$ {
expires 30d;
add_header Pragma public;
add_header Cache-Control "public";
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}