In my limited experience with Nginx, I get too many redirects when I deploy many WEB projects on the one domain.
I want to use one 'location' to match multiple items.
File path: /mnt/vue/web and /mnt/vue/admin and /mnt/page/web
When I visit https://${domain}/page/single, it is wrong. It redirects to https://${domain}/page/single/index.html/index.html/index.html/...
When I visit https://${domain}/vue/web, it is ok.
I've tried multiple variations of this, but none of them seem to work. Any ideas? Thanks in advance.
Here is my Nginx conf:
server {
listen 443 http2;
server_name ${domain};
ssl on;
ssl_certificate /etc/nginx/conf.d/cert/web/web.pem;
ssl_certificate_key /etc/nginx/conf.d/cert/web/web.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
# wechat verify
root /mnt/wechat;
# for vue h5-wechat
location ~ /(.*)/web {
root /mnt;
try_files $uri $uri/ /$1/web/index.html =404;
}
# for vue admin-web
location ~ /(.*)/admin {
root /mnt;
try_files $uri $uri/ /$1/admin/index.html =404;
}
# for api
location ~ /(.*)/api/(.*)$ {
proxy_pass http://172.16.184.254:$1;
rewrite /(.*)/api/(.*)$ /$2 break;
}
# for single pages !!!!! Where the problem occurred.
location ~ /(.*)/single/ {
alias /mnt/$1/web/;
index index.html;
}
# for cache
location ~ /(css|img|js|fonts|image)/ {
add_header Cache-Control "public, max-age=300";
}
location /files {
rewrite /files/(.*)$ /$1 break;
proxy_pass https://172.16.92.152;
}
}
server {
listen 80;
server_name ${domain};
return 301 https://$server_name$request_uri;
#rewrite ^(.*)$ https://$host$1 permanent;
}
Using alias within a regular expression location block, you need to capture the entire URI. See this document for details.
For example:
location ~ ^/(.*)/single/(.*)$ {
alias /mnt/$1/web/$2;
index index.html;
}
Related
I have done basic configuration for my site to run using nginx,
server {
listen 80;
root /home/htdocs/;
index index.html index.htm index.php;
server_name example.com www.example.com;
return 301 https://$server_name$request_uri;
access_log /var/log/nginx/example.com.access.log;
error_log /var/log/nginx/example.com.error.log;
location / {
try_files $uri $uri/ /index.php?$args /;
}
# added error page
error_page 404 = #notfound;
location #notfound {
return 301 /;
}
location ~ \.php$ {
fastcgi_intercept_errors on;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
server {
listen 443 ssl http2;
#listen [::]:443 ssl;
# SSL
ssl_certificate /etc/letsencrypt/live/example.com-0002/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com-0002/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/example.com-0002/chain.pem;
ssl_protocols TLSv1.2 TLSv1.3;
root /home/htdocs/;
index index.html index.htm index.php;
server_name www.example.com;
#return 301 https://$server_name$request_uri;
access_log /var/log/nginx/example.com.access.log;
error_log /var/log/nginx/example.com.error.log;
location / {
try_files $uri $uri/ /index.php?$args /;
}
# added error page
error_page 404 = #notfound;
location #notfound {
return 301 /;
}
location ~ \.php$ {
fastcgi_intercept_errors on;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
Whats wrong with above config even I tried in incognito mode of google-chrome but still same.
Hope to hear from you with solution if I'm doing any thing wrong.
Regards
I have tried different solutions and parameters noting work out for me.
My app store images on the backedn side in nodejs folder: /images.
After publish it to Ec2 I don't have an access to these images by url like: www.domain.com/image01.jpg
Configuration in /etc/nginx/sites-available/default:
server {
charset utf-8;
listen 80 default_server;
server_name _;
location / {
root /opt/front-end;
try_files $uri /index.html;
}
location /images/ {
root /opt/back-end/;
}
location /api/ {
proxy_pass http://localhost:4000/;
}
}
Is it the configuration problem or permission or something else? I will be grateful for help!
The correct configuration should be:
server {
charset utf-8;
listen 80 default_server;
server_name _;
location / {
root /opt/front-end/;
try_files $uri /index.html;
}
location /api {
proxy_pass http://localhost:4000;
}
location /images {
autoindex on;
alias /opt/back-end/images/;
}
}
I've got nginx running in docker as a reverse proxy and have been for some time - and it works wonderfully, short of one little issue I've recently seen crop up.
What I'd like: when a user gets to my nginx server and there isn't a .conf file specified for the URL, either 404/444 or some other HTTP response that drops the connection.
What I'm seeing: when a user navigates to sudomain.url.com and that subdomain isn't specified in any of my *.conf files, nginx uses the first conf file it finds - ignoring the default.conf. Find my details below.
Any other tips/tricks you can provide would be awesome as well!
nginx.conf:
user nginx;
worker_processes 1;
error_log /etc/nginx/log/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /etc/nginx/log/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 70;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
default.conf:
server {
server_name _;
listen 80 default_server;
return 444;
}
server {
server_name _;
listen 443 default_server;
return 444;
}
Example of a conf file (there are maybe a dozen of these):
server {
listen sub.domain.com:80;
server_name sub.domain.com;
return 302 https://sub.domain.com$request_uri;
}
server {
listen sub.domain.com:443;
server_name sub.domain.com;
ssl_certificate /etc/nginx/keys/ssl.pem;
ssl_certificate_key /etc/nginx/keys/ssl.key;
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC4-SHA';
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/keys/dhparams.pem;
add_header X-Frame-Options SAMEORIGIN;
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
location / {
proxy_pass http://10.0.1.4:81;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
I haven't actually tested this but my gut feeling is that your listen directives shouldn't contain a host name. They should contain the IP address of the interface you want to be listening on and the port you want to be listening to. Then for each different port/IP combination you can specify one of them as the default.
Only after resolving which IP address did the request go to and which port was it on, nginx begins to actually process the request. The first step here is to check the Host header, if it finds a matching server block for the value of the host header then that's where it should route. If it doesn't find one then it should route to the default.
If there is no host header being received then, I think, in more recent versions of nginx it will drop the request, however it would previously just handle this by sending to the default server for the IP/port combo.
Below is an nginx.conf which gives me working endpoints for named servers and returns 404 for everything else. Due to HSTS headers you need to hit test.se{1,2,3,4}.home-v.ind.in to see it work or you will just get back a browser error.
user nginx;
worker_processes auto;
error_log stderr notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
keepalive_timeout 300s;
ssl_certificate /etc/pki/nginx/fullchain.pem;
ssl_certificate_key /etc/pki/nginx/privkey.pem;
ssl_dhparam /etc/pki/nginx/dhparams.pem;
ssl_protocols TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_buffer_size 1400;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/pki/nginx/fullchain.pem;
add_header "Cache-Control" "no-transform";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
resolver 8.8.8.8 8.8.4.4 216.146.35.35 216.146.36.36 valid=60s;
resolver_timeout 2s;
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name test.se1.home-v.ind.in;
root /usr/share/nginx/html;
location /.well-known { satisfy any; allow all; try_files $uri $uri/ =404; }
location /robots.txt { satisfy any; allow all; add_header Content-Type text/plain; return 200 "User-agent: *\nDisallow: /\n"; }
location / { satisfy any; allow all; add_header Content-Type text/plain; return 200 "Test Site 1"; }
}
server {
listen 443 ssl http2;
server_name test.se2.home-v.ind.in;
root /usr/share/nginx/html;
location /.well-known { satisfy any; allow all; try_files $uri $uri/ =404; }
location /robots.txt { satisfy any; allow all; add_header Content-Type text/plain; return 200 "User-agent: *\nDisallow: /\n"; }
location / { satisfy any; allow all; add_header Content-Type text/plain; return 200 "Test Site 2"; }
}
server {
listen 443 ssl http2 default_server;
server_name _;
root /usr/share/nginx/html;
location /.well-known { satisfy any; allow all; try_files $uri $uri/ =404; }
location / { return 404; }
}
}
I just build a web server using nginx and i try to change the root path but it failed. It doesnt open the page instead download a file. Also the extension of the file was not specified. Sorry for my english. Anyone can help me to fix this? here it is my sites-available/default:
# You may add here your
# server {
# ...
# }
# statements for each of your virtual hosts
server {
listen 80;
server_name localhost;
access_log /var/log/nginx/localhost.access.log;
location / {
root /var/www/rahma/wordpress;
# root /var/www/rahma;
index index.php index.html index.htm;
}
location /doc {
root /usr/share;
autoindex on;
allow 127.0.0.1;
deny all;
}
location /images {
root /usr/share;
autoindex on;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/rahma/wordpress;
# root /var/www/rahma;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
#proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
#fastcgi_pass 127.0.0.1:9000;
#fastcgi_index index.php;
#fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
#includefastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
#deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
#listen 8000;
#listen somename:8080;
#server_name somename alias another.alias;
#location / {
#root html;
#index index.html index.htm;
#}
#}
# HTTPS server
#
#server {
#listen 443;
#server_name localhost;
#ssl on;
#ssl_certificate cert.pem;
#ssl_certificate_key cert.key;
#ssl_session_timeout 5m;
#ssl_protocols SSLv2 SSLv3 TLSv1;
#ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
#ssl_prefer_server_ciphers on;
#location / {
#root html;
#index index.html index.htm;
#}
#}
Before set the root to wordpress, i just add index.php on line 'index' and create a file php.info but it doens't work too.
I'd like to protect the root with passwd and make the urlfriendly rewrite for modx cms.
only the rewriting works but the password won't be requested.
my ispconfig nginx directives looks like this
location / {
index index.html index.php
auth_basic "Protected Area";
auth_basic_user_file /var/www/clients/client21/web22/web/htpasswd;
client_max_body_size 0;
if (!-e $request_filename) {
rewrite ^/(.*)$ /index.php?q=$1 last;
}
}
location ~ /\.ht {
deny all;
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_read_timeout 600;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
client_max_body_size 0;
}
seems like the auth_basic won't be executed or overwriten by the rewrite rule. anyone got a idea?
after alot of ppl viewing this question but i didn't received a answer here i post the solution to the problem. The problem was that the basic auth needs to be done in the php directive.
location / {
index index.html index.php
client_max_body_size 0;
if (!-e $request_filename) {
rewrite ^/(.*)$ /index.php?q=$1 last;
}
}
location ~ /\.ht {
deny all;
}
location ~ \.php$ {
auth_basic "Protected Area";
auth_basic_user_file /var/www/clients/client21/web22/web/htpasswd;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_read_timeout 600;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
client_max_body_size 0;
}
Try this set of rules. No PHP directives and leverages FURLS.
location / {
auth_basic "Restricted";
# Add path to .htpasswd file
auth_basic_user_file /var/www/clients/client21/web22/web/.htpasswd;
# if the protected location is modx, then ...
try_files $uri $uri/ #modx-rewrite;
# otherwise, if static files, you’d use
# try_files $uri $uri/ =404;
# This line should always be placed at the end
try_files $uri $uri/ #modx-rewrite;
}