GOAL https://imgur.com/a/A04qrXz
^ Trying to get multiple (different) domains pointing at the same IP, serving the same files to bypass DNS filtering agent GoGaurdian.
Webserver SRC : https://github.com/Zaydo123/html-game-server
Why: trying to bypass a DNS filtering service
My /etc/nginx/conf.d/physics.conf (works fine)
server {
server_name physics-central.com;
location / {
proxy_pass http://localhost:3000/;
proxy_set_header X-Real-IP $remote_addr;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/physics-central.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/physics-central.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = physics-central.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen *:80 default_server;
listen 8000 default_server;
listen [::]:80 default_server;
server_name physics-central.com;
return 301 https://physics-central.com$request_uri; # managed by Certbot
}
Problem
From my little knowledge of Nginx, I assume I need to create one .conf file for each domain. Each is essentially the same but has different SSL certs and domain names. I tried doing this but upon reloading I received this warning/error.
nginx: [emerg] a duplicate default server for 0.0.0.0:80 in /etc/nginx/conf.d/physics.conf:27
My question
Am I going about this wrong? Am I supposed to even be making conf.d files for each domain? It would be amazing if you could help me out. Thanks.
Related
I have been using apache for a while but I just recently started using nginx. So I still have a lot to learn about it. Here's my problem in detail :
After I've followed this tutorial I've tried to install an ssl certificate on my server, but it didn't work. So I followed another tutorial to try and install an ssl certificate, it worked at first, but after some time it started doing the problem stated in the title. Here are my .conf files, if you can help me that would be great:
*I've replaced the real domain with my_domain
This is the /var/www/sites-available/my_domain :
server {
root /var/www/my_domain/html;
index index.html index.htm index.nginx-debian.html;
server_name my_domain;
location / {
rewrite ^(/.*)\.html(\?.*)?$ $1$2 permanent;
rewrite ^/(.*)/$ /$1 permanent;
try_files $uri/index.html $uri.html $uri/ $uri =404;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/my_domain/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/my_domain/privkey.pem; # managed by Cert> include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = my_domain) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name my_domain;
return 404; # managed by Certbot
}
This is the /var/www/sites-enabled/my_domain :
server {
root /var/www/my_domain/html;
index index.html index.htm index.nginx-debian.html;
server_name my_domain;
location / {
rewrite ^(/.*)\.html(\?.*)?$ $1$2 permanent;
rewrite ^/(.*)/$ /$1 permanent;
try_files $uri/index.html $uri.html $uri/ $uri =404;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/my_domain/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/my_domain/privkey.pem; # managed by Cert> include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = my_domain) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name my_domain;
return 404; # managed by Certbot
}
My ufw settings :
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
22 ALLOW Anywhere
Nginx Full ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)
I also use cloudflare as my dns maybe that can help.
Here are my cloudflare ssl/tls settings :
cloudflare-settings
So as I mentionned, I tried to add an ssl certificate on my domain, using this tutorial
And I just tried to do everything correctly, as I said, it worked for a little moment, then it stopped working.
I was expecting to have an ssl certificate, and this is what I got :
google-error-message
I need https to be the default way my site is served, I chose option 2 during letsencrypt cert generation.
I have https working on my site. It is a simple HTML page being served up by nodejs on port 3000. It is hosted in Oracle Cloud currently. I have opened the ports in iptables as Oracle does not use ufw.
If I go to https://www.example.com , the site loads securely so things are working.
If I go to http://www.example.com, the site also loads but not securely obviously.
If I go to example.com, the site loads in http, not https.
I am having trouble wrapping my mind around how I should write my nginx config file.
I need to proxy_pass using http to port 3000, but when I change the proxy_pass to https
proxy_pass https://localhost:3000;
It fails to load anything and that somewhat makes sense to me because my nodejs app does not have any code to support https and I was under the impression that nginx can handle all of that for me. That line of thinking is further supported because like I said above, https://www.example.com works just fine for my site now.
Below is my config with my server name removed. Please let me know how to best do what I am trying to accomplish.
listen 80;
listen [::]:80;
server_name example.com www.example.com;
location / {
proxy_pass http://localhost:3000;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name example.com www.example.com;
return 404; # managed by Certbot
}```
Thank you to Marc, it seems like my config was created strangely and certbot added in things slightly out of order to where it was getting confusing but I have figured it out. Like Marc said, redirect all 80 to https. In https server, make sure you have your certificates and proxy_pass there to your port 3000, or wherever your app is running.
server {
listen 80;
server_name example.com www.example.com;
return 301 https://www.example.com;
}
server {
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
proxy_pass http://localhost:3000;
}
}
I want to redirect my domain http://example.com to https://example.com
Anybody can please tell me what I am doing wrong.
Thanks in advance-----------:)
server {
listen 85;
listen [::]:85;
server_name example.com;
return 302 https://example.com$request_uri;
}
server {
listen 85 ;
listen [::]:85 ;
server_name example.com www.example.com; # managed by Certbot
location /static/ {
alias /home/shoaib/dir/static/;
}
location /media/ {
alias /home/shoaib/dir/media_root/;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/car.sock;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
i do something like this :
return 301 https://$server_name$request_uri;
301 is for permanent redirection
I use this config
server {
listen 80;
listen myIP:443;
server_name www.exemple.fr exemple.fr;
return 301 https://$server_name$request_uri;
}
server{
listen 80;
listen 443 ssl ;
server_name exemple.fr;
return 301 https://www.exemple.fr$request_uri;
}
this is not working my domain is showing "Welcome to nginx!"
Try rebooting your nginx using superuser and try again:
service nginx restart
https://phoenixnap.com/kb/nginx-start-stop-restart#htoc-force-restart-nginx
For major configuration changes, you can force a full restart of
Nginx. This force-closes the whole service and sub-processes, and
restarts the whole package.
I'm currently trying to host both an angular app and a reverse proxy to a node backend. Using Lets Encrypt, I've been able to set up the Angular app without any problems. However, I'm lost on how to configure Nginx to also act as a reverse proxy to my node app running on a specific port. I find examples of reverse proxies for nginx, but nothing that incorporates both.
Here is my config that is working with angular:
server {
server_name example.com;
root /var/www/example.com;
index index.html index.htm;
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name example.com www.example.com;
return 404; # managed by Certbot
}
What I'm trying to add:
server{
server_name api.example.com;
location / {
proxy_pass http://127.0.0.1:8080;
}
}
I've tried several combinations of server blocks and location blocks, but I simply get a 404 when I go to api.example.com.
I usually solve that kind of issue like this.
Endpoints of all back-end APIs are started with "v1".
I serve the angular project using pm2.
location / {
proxy_pass http://localhost:3000;
...
}
location ~ ^/(v1)/ {
proxy_pass http://localhost:3001;
...
}
Here's the situation:
I have up to 500 independent localhost applications all running simultaneously on a server. My router has ports 80, 443, 8000 to 8500 open. My clients can connect to each of the different localhost applications of their choice. My task is to figure out a way to do this, using 1 domain: example.com
It would be nice if I could use a query string to tell NGINX which application to redirect to. For example, if example.com is my domain name, and I have port 443 open to connect to it, it would be nice if I could do something like:
https://example.com?port=8300
then NGINX will redirect this request to localhost:8300
if this cannot be done, another solution could be to request:
https://example.com:8300
and then NGINX will redirect this request to localhost:8300
my current setup has https://example.com on port 443 redirecting to localhost:8080(the NGINX config code:)
server {
server_name example.com;
location / {
proxy_pass http://localhost:8080/;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by
Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by
Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
} server {
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name example.com;
return 404; # managed by Certbot
}
but I need a range of proxy_pass arguments, and they need to correspond to either a query string or a domain name's port.
I found no documentation or online articles on how to do this. Thanks!