I´m trying to add a .htaccess to my ghost project to enable the gzip compression, Im serving my project in Nginx Ubuntu 16 and Ghost-cli, i see that sites-avalable generates a proxy that redirects to the node that runs on localhost:2368, this is the configutation
server {
server_name latribu.mx www.latribu.mx;
root /var/www/latribu.mx/html/system/nginx-root;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:2368;
}
location ~ /.well-known {
allow all;
}
client_max_body_size 50m;
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/latribu.mx/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/latribu.mx/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = latribu.mx) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = www.latribu.mx) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name latribu.mx www.latribu.mx;
return 404; # managed by Certbot
}
How can i add .htaccess file to my project
Nginx does not support .htaccess file like Apache. If you want to enable GZip with Nginx, open /etc/nginx/nginx.conf. Scroll down to the GZip settings section and add these lines.
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
Then restart Nginx with service nginx restart.
First of all, add your .htaccess where you want. Let's say it's in /var/projects/projectName/.htaccess
In location / { => you have to add
auth_basic "Restricted Content";
auth_basic_user_file /var/projects/projectName/.htaccess;
Hope this was helpful
Related
I installed NginX to my nodeJS server and already made Certbot SSL authentication.
Everything is working fine, but when i delete cookies and going to page, its load in http.
Is there any way to redirect into https?
When i write "return 301 https://maarath.com$request_uri;", its going to error: too many redirects.
Someone any idea?
My config:
server {
listen 80;
server_name ujhonlapod.hu www.ujhonlapod.hu;
location / {
proxy_pass http://localhost:3000; # Change the port if needed
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen 443 ssl; # managed by Certbot
server_name ujhonlapod.hu www.ujhonlapod.hu;
ssl_certificate /etc/letsencrypt/live/ujhonlapod.hu/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ujhonlapod.hu/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/ujhonlapod.hu/chain.pem; # managed by Certbot
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
add_header Content-Security-Policy upgrade-insecure-requests;
}
Thanks for the answers.
Are you using the certbot plugin for nginx? It doesn't look like. You should remove this part
listen 443 ssl; # managed by Certbot
server_name ujhonlapod.hu www.ujhonlapod.hu;
ssl_certificate /etc/letsencrypt/live/ujhonlapod.hu/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ujhonlapod.hu/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/ujhonlapod.hu/chain.pem; # managed by Certbot
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
add_header Content-Security-Policy upgrade-insecure-requests;
and clean up your config to just listen on port 80.
server {
listen 80;
server_name ujhonlapod.hu www.ujhonlapod.hu;
location / {
proxy_pass http://localhost:3000; # Change the port if needed
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
}
}
Reload nginx nginx -s reload
Run certbot sudo certbot --nginx
This should create the correct configuration for you.
Personally I would always!! split the http and https traffic in two server blocks like
server {
listen 80;
server_name example.com;
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
}
server {
listen 443;
server_name example.com;
.....
}
I would really recommend to use the plugin to manage the NGINX configuration if not a 100% aware on how to manage the configuration and certificates by your self. With certbot it is an act of 2 minutes to make it work.
Read more here: https://certbot.eff.org/instructions?ws=nginx&os=ubuntufocal
Im new to all this, but how do i redirect my from www to a non-www. I have tried multiple ways to fix it in NGINX but no mater how i change it, there is still a www and an non-www site. The payment gateway is redirected to a non-www website after a transaction.
server {
server_name example.com www.example.com;
location / {
proxy_pass http://123.0.0.1:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/dineshudayan.tech/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/dineshudayan.tech/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name www.example.com;
return 404; # managed by Certbot
}
server {
listen 80;
server_name admin.example.com www.admin.example.com;
location / {
proxy_pass http://123.0.0.1:8000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
#richard-smith is right; here's a fully worked example with some comments:
# Your default server - assuming DNS is set up correctly
# will serve http & https requests for any *.example.com
# hosts and redirect to them to https://example.com
server {
listen 80 default_server;
listen 443 ssl default_server;
server_name www.example.com;
ssl_certificate /etc/letsencrypt/live/dineshudayan.tech/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dineshudayan.tech/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
# redirect all requests to https://example.com
return 301 https://example.com$request_uri;
}
# http server for example.com
# - will redirect requests to https://example.com
server {
listen 80;
server_name example.com;
# redirect all requests to https://example.com
return 301 https://example.com$request_uri;
}
# Your example.com https server
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/dineshudayan.tech/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dineshudayan.tech/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
I am pretty new to nginx, I managed to get web server running and I can access my Node.js app (port 5000) on my domain. However I would like to add a subdomain to access static website.
At the moment with my config, if I go to my subdomain I see my node.js application.
My nginx config files inside /etc/nginx/sites-available are the following:
default
subdomain.example.com.conf
Default config:
server {
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name example.com www.example.com; # managed by Certbot
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
proxy_pass http://localhost:5000; #whatever port your app runs on
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
Subdomain config:
server {
listen 443 ssl;
listen [::]:443 ssl;
root sites/example;
index test.example.com.html;
server_name test.example.com www.test.example.com;
ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
try_files $uri $uri/ =404;
}
}
How could I see different content other than my Node.js app from my subdomain?
Thank you in advance.
I have an express server running behind nginx reverse proxy and Certbot for certification. All my non-www traffic is redirected to www and https but on google page speed non-www version gives the following error "Lighthouse returned error: NO_FCP"
This is for a new Server deployed on AWS EC2 with nodejs installed.
server {
server_name www.compropertee.com compropertee.com;
location / {
proxy_pass https://localhost:3000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.compropertee.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.compropertee.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = compropertee.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name compropertee.com;
return 404; # managed by Certbot
}
all non-www and www requests should be working in google speed test.
I am super new to linux environment, and trying to configure a vps server to only allow https requests. I have read nginx documentation and tried various rewrite and return statements, changing server blocks etc. But what I have achieved so far, site serves on http and https both with following config.
What I want to achieve is to configure this subdomain admin.example.com to serve only https requests.
I am editing the config at this location: /etc/nginx/sites-available/default
server {
listen 80;
server_name admin.example.com;
#return 301 https://admin.example.com$request_uri;
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/admin.byrides.com/fullchain.pem; # man aged by Certbot
ssl_certificate_key /etc/letsencrypt/live/admin.byrides.com/privkey.pem; # m anaged by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
You will need to setup two server directives, one for port 80 which will redirect the traffic to port 443.
server {
listen 80;
server_name admin.example.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
ssl on;
ssl_certificate /etc/letsencrypt/live/admin.byrides.com/fullchain.pem; # man aged by Certbot
ssl_certificate_key /etc/letsencrypt/live/admin.byrides.com/privkey.pem; # m anaged by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
}
}