I get that error in title when I cat out the error.log
this is how I set my website config inside /etc/nginx/site-availables/ArticleWebsite:
server_tokens off;
access_log /var/log/nginx/ArticleWebsite.access.log;
error_log /var/log/nginx/ArticleWebsite.error.log;
# This configuration will be changed to redirect to HTTPS later
server {
server_name backend.globeofarticles.com;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/backend.globeofarticles.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/backend.globeofarticles.com/privkey.pem;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
}
}
to explain my situation better, backend.globeofarticles.com is the subdomain, that where the requests are sent from globeofarticles.com or www.globeofarticles.com.
Also, Django has 127.0.0.1:8000 host as default.
when I access the website (backend subdomain) I get this error:
when checking network tab, I get too many redirects actually:
with status code 301
try this for ur nginx config. then u can reinstall certbot for this domain. using certbot --nginx
server {
server_name backend.globeofarticles.com;
root /var/www/backend.globeofarticles.com/html/;
index index.php index.html index.htm index.nginx-debian.html;
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
fastcgi_pass unix:/run/php-fpm/www.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# A long browser cache lifetime can speed up repeat visits to your page
location ~* \.(jpg|jpeg|gif|png|webp|svg|woff|woff2|ttf|css|js|ico|xml)$ {
access_log off;
log_not_found off;
expires 360d;
}
# disable access to hidden files
location ~ /\.ht {
access_log off;
log_not_found off;
deny all;
}
Related
I have a csrf token error when trying to log in to the django admin in production after adding SSL.
So if I use the configuration below without ssl everything works fine:
upstream app_server {
server unix:/home/app/run/gunicorn.sock fail_timeout=0;
}
server {
listen 80;
# add here the ip address of your server
# or a domain pointing to that ip (like example.com or www.example.com)
server_name 107.***.28.***;
keepalive_timeout 5;
client_max_body_size 4G;
access_log /home/app/logs/nginx-access.log;
error_log /home/app/logs/nginx-error.log;
location /static/ {
alias /home/app/static/;
}
# checks for static file, if not found proxy to app
location / {
try_files $uri #proxy_to_app;
}
location #proxy_to_app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_server;
}
}
But if I change to configuration do listen SSL when filling in any form on the page I get the csrf_token error. My configuration nginx using SSL:
upstream app_server {
server unix:/home/app/run/gunicorn.sock fail_timeout=0;
}
server {
#listen 80;
# add here the ip address of your server
# or a domain pointing to that ip (like example.com or www.example.com)
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
keepalive_timeout 5;
client_max_body_size 4G;
access_log /home/app/logs/nginx-access.log;
error_log /home/app/logs/nginx-error.log;
# Compression config
gzip on;
gzip_min_length 1000;
gzip_buffers 4 32k;
gzip_proxied any;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/xml text/css;
gzip_vary on;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
location /static/ {
alias /home/app/static/;
}
# checks for static file, if not found proxy to app
location / {
try_files $uri #proxy_to_app;
}
location #proxy_to_app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_server;
}
}
server {
listen 80;
server_name example.com;
return 301 https://$host$request_uri;
}
server {
listen 80;
server_name www.example.com;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
server_name www.example.com;
return 301 https://example.com$request_uri;
}
How can I fix the error or where to find the bug. I tried to clear cookies, use different browsers, reset the server and server configuration without result.
In Django ≥ 4 it is now necessary to specify CSRF_TRUSTED_ORIGINS in settings.py
CSRF_TRUSTED_ORIGINS = [
'https://your-domain.com'',
'https://www.your-domain.com'
]
See documentation
I'm trying to create a django site on my nginx server. I already have other site in other sub-folders. I use gunicorn service to redirect from nginx to django.
I'm able to access the default django welcome page (https://example.com/django/) but I can't go to the admin page of my django site (if I enter https://example.com/django/admin, it redirect me to https://example.com/admin/login/?next=/admin/ and I get a nginx 404). Renaming the redirection to https://example.com/django/admin/login/?next=/admin/ shows a plain html login page (like if the static content was not loaded).
I'm only starting webdev so I might be wrong, but is seems the error is in my nginx config.
Here is my nginx configuration file:
server {
listen 80;
server_name example.com www.example.com;
return 301 https://$host$request_uri;
}
server {
server_name example.com www.example.com;
# listen 80;
# SSL configuration
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # drop SSLv3 (POODLE vulnerability)
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
root /var/www/example.com;
index index.php index.html;
location / {
try_files $uri $uri/ $uri.html $uri.php$is_args$query_string;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
include snippets/fastcgi-php.conf;
# With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
# With php-cgi (or other tcp sockets):
#fastcgi_pass 127.0.0.1:9000;
}
location /biketrack {
try_files $uri $uri/ =404;
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
}
# Django configuration
location /django/static/ {
alias /home/pi/elops-tracker-project/static;
}
location /django {
include proxy_params;
rewrite ^/django/(.*) /$1 break;
# alias /home/pi/elops-tracker-project
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header Host $http_host;
# proxy_set_header X-Forwarded-Host $server_name;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_redirect off;
# proxy_set_header SCRIPT_NAME /django
proxy_pass http://unix:/home/pi/elops-tracker-project/elops_tracker.sock;
}
}```
What I am working with :
Instance - amazon EC2,
OS - linux AMI,
Web-server - nginx
I have installed phpmyadmin according to what is mentioned in the AWS documentation here
I have mysql up and running, as well as php-fpm and nginx. I also created a symlink between the directory where phpMyAdmin i.e /var/www/html/phpMyAdmin -> /usr/share/nginx/www/html
below is what I have in my nginx.conf file
server{
listen 80;
server_name localhost;
root /var/www/html/phpMyAdmin;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
# redirect server error pages to the static page /40x.html
#
error_page 404 /404.html;
location = /40x.html {
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
#location ^~ /phpMyAdmin/ {
# root /var/www/html/phpMyAdmin;
# index index.php;
# include fastcgi_params;
# fastcgi_pass unix:/var/run/php-fpm.sock;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME script/$fastcgi_script_name;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
root /var/www/html/phpMyAdmin;
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
But none of this seems to work. I am trying from hours but unable to figure out what may be the problem due to which its not working. any help would be really great. Thanks !
You can try with below vhost config file. Error page redirection handling appears a problem with your config file.
server {
listen 80;
root /var/www/html/phpMyAdmin; # Change the PHPMyAdmin location
index index.php;
server_name default_server;# Set server name based on sub-domain
access_log /var/log/nginx/phpMyAdmin-access.log;
error_log /var/log/nginx/phpMyAdmin-error.log notice;
charset utf-8;
error_page 404 403 500 502 503 504 /index.php;
location / {
try_files $uri $uri/ /index.php?$args;
access_log off;
expires max;
}
location ~* .(jpg|jpeg|png|gif|ico|css|js|ico|swf)$ { expires 365d; access_log off; log_not_found off;}
location = /favicon.ico { log_not_found off; access_log off; allow all; }
location = /robots.txt { access_log off; log_not_found off; allow all; }
location ~ \.php$ {
expires off;
fastcgi_read_timeout 600;
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
fastcgi_pass unix:/var/run/php/phpmyadmin.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}
I've looked at a couple similar question, but they didn't seem to be any help. I've got a vultr.com instance running a Wordpress in the default 1 click configuration. Centos6 if that matters. This is (and I would like it to remain) in the root (www.mysite.com). I would like to have my Django app running in www.mysite.com/crossfaded/. I don't want any downtime for my current server, so there is no domain name associated with the server yet. I'm trying to do this just using the IP.
The Wordpress site is working fine.
I've been following the guide here as then tried this one, but when I navigate to http://ip.add.re.ss/crossfaded/media/apple.jpg in my browser, I get a 404 from nginx. Going /crossfaded/media/ gives me a 403 from nginx and /crossfaded/invalidpath/ gives me a 404 served by Wordpress, so something is happening with the routing. I did chmod 777 apple.jpg on the off-chance it was a permissions issue, but that didn't do anything.
I have a hunch I've got the syntax of the location block muddled, but I'm really not sure.
wordpress_http.conf
upstream php-handler-http {
server 127.0.0.1:9000;
#server unix:/var/run/php5-fpm.sock;
}
server {
listen 80 default_server;
server_name _;
#server_name wordpress.example.com;
root /var/www/html/;
index index.php;
# set max upload size
client_max_body_size 2G;
fastcgi_buffers 64 4K;
access_log /var/log/nginx/wordpress_http_access.log combined;
error_log /var/log/nginx/wordpress_http_error.log;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
try_files $uri $uri/ /index.php?$args ;
}
location ^~ /wp-admin/ {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/htpasswd/wpadmin;
location ~* \.(htaccess|htpasswd) {
deny all;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass php-handler-http;
fastcgi_read_timeout 60s;
}
}
location ~* \.(htaccess|htpasswd) {
deny all;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass php-handler-http;
fastcgi_read_timeout 60s;
}
# set long EXPIRES header on static assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
expires 30d;
access_log off;
}
location ~ /crossfaded/static/ {
alias /root/crossfaded/static/;
}
location ~ /crossfaded/media/ {
alias /root/crossfaded/media/ ;
}
}
There were two problems:
I needed a caret (^) in the location of the alias, so:
location ^~ /crossfaded/static/ {
alias /root/crossfaded/static/;
}
location ^~ /crossfaded/media/ {
alias /root/crossfaded/media/ ;
}
The server defaulted ~/ to /root/. Nginx needs r-x permissions to all directories from / to the file in question. It did not have that. Moved the project directory to /home/.
Hmm I have a problem...
Browser redirects my 3 virtual sites www.site1.com www.site2.com www.site3.com to www.site1.com, only when I use http://site3.com / http://site2.com it works and redirects correctly.
More simply put my problem is that http:// redirects to my virtual entities correctly, www does NOT.
www.site2.com -> www.site1.com (redirects to wrong vhost)
http://site2.com -> www.site2.com works!
My setup is Nginx + Gunicorn + Django, however I strongly believe this is a problem within my Nginx configuration.
Nginx.conf
user www-data;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
My Vhosts:
MYSITE (/etc/nginx/sites-enabled/site)
upstream mysite_app_server {
# fail_timeout=0 means we always retry an upstream even if it failed
# to return a good HTTP response (in case the Unicorn master nukes a
# single worker for timing out).
server unix:/webapps/mysite/run/gunicorn.sock fail_timeout=0;
}
server {
listen 80;
server_name mysite.com;
client_max_body_size 4G;
access_log /webapps/mysite/logs/nginx-access.log;
error_log /webapps/mysite/logs/nginx-error.log;
location /static/ {
alias /webapps/mysite/static/;
}
location /media/ {
alias /webapps/mysite/mysite/media/;
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
if (!-f $request_filename) {
proxy_pass http://mysite_app_server;
break;
}
include includes/botblock;
}
# Error pages
error_page 500 502 503 504 /500.html;
location = /500.html {
root /webapps/mysite/static/;
}
}
MYSITE2 (/etc/nginx/sites-enabled/site2)
upstream mysite2_app_server {
# fail_timeout=0 means we always retry an upstream even if it failed
# to return a good HTTP response (in case the Unicorn master nukes a
# single worker for timing out).
server unix:/webapps/mysite2/run/gunicorn.sock fail_timeout=0;
}
server {
listen 80;
server_name mysite2.com;
client_max_body_size 4G;
access_log /webapps/mysite2/logs/nginx-access.log;
error_log /webapps/mysite2/logs/nginx-error.log;
location /static/ {
alias /webapps/mysite2/static/;
}
location /media/ {
alias /webapps/mysite2/mysite2/media/;
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
if (!-f $request_filename) {
proxy_pass http://mysite2_app_server;
break;
}
include includes/botblock;
}
# Error pages
error_page 500 502 503 504 /500.html;
location = /500.html {
root /webapps/mysite2/static/;
}
}
MYSITE3 (/etc/nginx/sites-enabled/site3)
upstream mysite3_app_server {
# fail_timeout=0 means we always retry an upstream even if it failed
# to return a good HTTP response (in case the Unicorn master nukes a
# single worker for timing out).
server unix:/webapps/mysite3/run/gunicorn.sock fail_timeout=0;
}
server {
listen 80;
server_name mysite3.com;
client_max_body_size 4G;
access_log /webapps/mysite3/logs/nginx-access.log;
error_log /webapps/mysite3/logs/nginx-error.log;
location /static/ {
alias /webapps/mysite3/static/;
}
location /media/ {
alias /webapps/mysite3//media/;
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
if (!-f $request_filename) {
proxy_pass http://mysite3_app_server;
break;
}
include includes/botblock;
}
# Error pages
error_page 500 502 503 504 /500.html;
location = /500.html {
root /webapps/mysite3/static/;
}
}
I’m not going to sanitize and validate your configuration files, but they contain several problems and you should DRY them out.
Regarding your actual question.
You haven’t configured any redirects and nginx is therefore happily redirecting those subdomains to your default server.
You haven’t configured a default server and nginx is simply using the very first defined server as default server (in your case site since site2 and site3 come after that one; simple sort).
The actual solution is to configure the redirects you want to happen for each of your servers. This snippet is taken from another answer of mine on a similar question.
server {
#listen 80 is default
server_name www.example.com;
return 301 $scheme://example.com$request_uri;
}
server {
#listen 80 is default
server_name example.com;
## here goes the rest of your conf...
}
you need
server {
listen 80;
server_name mysite1.com;
return 301 http://www.mysite1.com$request_uri;
}
server {
listen 80;
server_name www.mysite1.com;
# other stuff...
}
this redirects non-www to www and www to www. you need this config for each of those 3 domains..