I have 2 machines one is django (https://orgofoods.com) and another one is wordpress (https://blog.orgofoods.com). Django is running with nginx, gunicorn and the configuration goes like this
upstream app_server {
server unix:/home/django/gunicorn.socket fail_timeout=0;
}
server {
root /usr/share/nginx/html;
index index.html index.htm;
client_max_body_size 4G;
server_name orgofoods.com;
keepalive_timeout 5;
# Your Django project's media files - amend as required
location /media {
alias /home/django/django_project/django_project/media;
}
# your Django project's static files - amend as required
location /static {
alias /home/django/django_project/django_project/static;
}
# Proxy the static assests for the Django Admin panel
location /static/admin {
alias /usr/lib/python2.7/dist-packages/django/contrib/admin/static/admin/;
}
location /blog {
proxy_pass https://blog.orgofoods.com;
}
location /blog/wp-content {
proxy_pass https://blog.orgofoods.com/wp-content;
}
location /blog/wp-includes {
proxy_pass https://blog.orgofoods.com/wp-includes;
}
location /blog/wp-login.php {
proxy_pass https://blog.orgofoods.com/wp-login.php;
}
location /blog/wp-admin {
proxy_pass https://blog.orgofoods.com/wp-admin;
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://app_server;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/orgofoods.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/orgofoods.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = orgofoods.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name orgofoods.com;
return 404; # managed by Certbot
}
but when i try to access orgofoods.com/blog it is returning 404 error, and the request is handled by nginx where as it needs to be handled by apache, please any one can shed some light on it.
dev tools network screenshot
Thanks in advance
p.s.: i followed this tutorial (https://jeffreyeverhart.com/2016/12/11/wordpress-nginx-proxy-server-subdomain-subdirectory)
Related
I have a files in files and favicon.ico in static folder. Webpages is served by Nginx, favicon is not visible and files are not accessible. I tried reading some post but they fixing is not working on my. Here is configuration.
The webpage is working but icon is not rendering.
$ cat /etc/nginx/sites-enabled/my_app
server {
server_name www.mysite.com;
location /static/ {
# handle static files directly, without forwarding to the application
alias /home/ubuntu/mysite/app/static/;
expires 30d;
}
location = /_favicon.ico {
alias /home/ubuntu/mysite/app/static/favicon.ico;
}
location / {
# forward application requests to the gunicorn server
proxy_pass http://localhost:8000;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.mysite.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.mysite.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.mysite.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name www.mysite.com;
return 404; # managed by Certbot
}
thanks in advance
I'm getting an error while connecting the websocket.
And I have read similar Q&A on stackoverflow but still not working for me. I've been trying all sorts of ways for days but still can't make the connection. This is my mistake
The server I use is: Django + Gunicorn + Nginx + Daphne
Browser error
WebSocket connection to 'wss://mydomain/ws/some_url/' failed:
Below is my config on the server
Ngnix config:
server {
server_name ****** mydomain www.mydomain;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
alias /home/django/magi/src/staticfiles/;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
location /ws/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_pass http://127.0.0.1:8001;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}server {
if ($host = www.mydomain) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host =mydomain) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name ****** mydomain www.mydomain;
listen 80;
return 404; # managed by Certbot
}
If you need to check any files, please comment below so I can add them!
Thank you very much
This issue is probably because you haven't added an upstream block in the Nginx configuration which will allow your WebSocket requests to get redirected on port 8001.
your Nginx config should be like below:
upstream channels-backend {
server localhost:8001;
}
server {
server_name ****** mydomain www.mydomain;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
alias /home/django/magi/src/staticfiles/;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
location /ws/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_pass http://127.0.0.1:8001;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}server {
if ($host = www.mydomain) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host =mydomain) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name ****** mydomain www.mydomain;
listen 80;
return 404; # managed by Certbot
}
Also, try to first remove the SSL configuration for HTTPS and WSS you did by using Certbot and make sure everything is working under HTTP and WS.
If it is still not working on WSS even after adding the upstream block, check for redirect config added by Certbot, try to remove them, and test it.
server {
if ($host = www.mydomain) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host =mydomain) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name ****** mydomain www.mydomain;
listen 80;
return 404; # managed by Certbot
}
We have a Django project that is served in production using Nginx and Gunicorn reverse-proxy setup. Everything seems to work except for one small detail. Somehow, the browser "sees" the following addresses as different sessions.
Suppose I log into the site using the example.com address.
Then, if I visit https://www.example.com, the browser does not see that the user has logged in.
When I visit www.example.com, I get a 404 error in the browser from Nginx.
My suspicion is that this has something to do with the way Nginx or Gunicorn are setup. Any help on how to resolve this discrepancy is appreciated.
Nginx config:
server {
root /home/example/mysite;
# Add index.php to the list if you are using PHP
index index.html index.htm;
server_name example.com www.example.com;
client_max_body_size 512M;
location /static/ {
alias /home/example/mysite/static/;
expires 30d;
add_header Vary Accept-Encoding;
access_log off;
}
location /media {
alias /home/example/mysite/media/;
expires 30d;
add_header Vary Accept-Encoding;
access_log off;
}
location / {
# try_files $uri $uri/ =404;
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_connect_timeout 6000;
proxy_send_timeout 6000;
proxy_read_timeout 6000;
send_timeout 6000;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /home/ubuntu/ssl/example_com_chain.crt;
ssl_certificate_key /home/ubuntu/ssl/server.key;
#include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name example.com www.example.com;
return 404; # managed by Certbot
}
to redirect
http://www.example.com
http://example.com
https://www.example.com
to
https://example.com
you need to make changes in your nginx vhost config file like so:
# Resirect 'http www' and 'http non-www' traffic to 'https non-www'
server {
listen 80;
server_name example.com www.example.com;
return 301 https://example.com$request_uri;
}
# Resirect 'https www' traffic to 'https non-www'
server {
listen 443 ssl;
server_name www.example.com;
return 301 https://example.com$request_uri;
}
# https://example.com
server {
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
server_name example.com;
root /home/example/mysite;
# Add index.php to the list if you are using PHP
index index.html index.htm;
client_max_body_size 512M;
location /static/ {
alias /home/example/mysite/static/;
expires 30d;
add_header Vary Accept-Encoding;
access_log off;
}
location /media {
alias /home/example/mysite/media/;
expires 30d;
add_header Vary Accept-Encoding;
access_log off;
}
location / {
# try_files $uri $uri/ =404;
proxy_pass http://127.0.0.1:8080; # HERE review this line it should be the server IP not localhost
proxy_set_header Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_connect_timeout 6000;
proxy_send_timeout 6000;
proxy_read_timeout 6000;
send_timeout 6000;
}
ssl_certificate /home/ubuntu/ssl/example_com_chain.crt;
ssl_certificate_key /home/ubuntu/ssl/server.key;
# include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
this thread may helps you https://www.digitalocean.com/community/questions/redirecting-https-www-domain-to-non-www-domain-with-nginx (my answer is based on)
and in your settings.py:
ALLOWED_HOSTS = [
'example.com', # https non-www
]
# SESSION_COOKIE_SECURE = True
# CSRF_COOKIE_SECURE = True
for more details see
https://docs.djangoproject.com/en/3.1/topics/security/#ssl-https
https://security.stackexchange.com/questions/8964/trying-to-make-a-django-based-site-use-https-only-not-sure-if-its-secure?newreg=bf8583d7f6d34236b7c6cbfb0fe315b4
I'm running a Django Channels app on DigitalOcean, Ubuntu 16.04 using Daphne and Nginx.
Followed this post.
Nginx will only be used as a proxy for your django application, your
django application will be running with daphne.
And you should have daphne running on 127.0.0.1:8001 (or change the
port to your likings).
I have enabled Let’s Encrypt SSL for my page and told all http requests to be redirected to https.
My page is showing the error
myapp.com redirected you too many times.
I'm running daphne on 127.0.0.1:8001.
daphne -b 127.0.0.1 -p 8001 myapp.asgi:application
My nginx config file
server {
server_name myapp.com www.myapp.com;
server_tokens off;
return 301 https://$server_name$request_uri;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/myapp.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/myapp.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.myapp.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = myapp.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name myapp.com www.myapp.com;
return 404; # managed by Certbot
root /home/me/myapp/src/myapp;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/me/myapp/src/myapp;
}
location /media/ {
root /home/me/myapp/src/myapp;
}
location / {
try_files $uri $uri/ #python_django;
}
location #python_django {
proxy_pass http://127.0.0.1:8001;
proxy_pass_request_headers on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
}
}
The first block of your configuration is not properly set. The listen 443 line is supposed to be on the second block. Try to these configurations.
server {
listen 80;
server_name myapp.com www.myapp.com;
server_tokens off;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl; # managed by Certbot
server_name myapp.com www.myapp.com;
ssl_certificate /etc/letsencrypt/live/myapp.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/myapp.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
root /home/me/myapp/src/myapp;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/me/myapp/src/myapp;
}
location /media/ {
root /home/me/myapp/src/myapp;
}
location / {
try_files $uri $uri/ #python_django;
}
location #python_django {
proxy_pass http://127.0.0.1:8001;
proxy_pass_request_headers on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
}
}
I've been trying to encrypt my website with https, but when redirecting I get 502 bad gateaway, I use Digital Ocean with nginx on Ubuntu 14 and django:
Here is my server config:
upstream app_server {
server unix:/home/django/gunicorn.socket fail_timeout=0;
}
server {
# listen 80 default_server;
# listen [::]:80 default_server ipv6only=on;
listen 443 ssl;
server_name = programmationetia.com;
ssl_certificate /etc/letsencrypt/live/programmationetia.com/fullchain.pem ;
ssl_certificate_key /etc/letsencrypt/live/programmationetia.com/privkey.pem;
root /usr/share/nginx/html;
index index.html index.htm;
client_max_body_size 4G;
server_name _;
keepalive_timeout 5;
# Your Django project's media files - amend as required
location /media {
alias /home/django/django_project/django_project/media;
}
# your Django project's static files - amend as required
location /static {
alias /home/django/django_project/django_project/static;
}
# Proxy the static assests for the Django Admin panel
location /static/admin {
alias /usr/lib/python2.7/dist-packages/django/contrib/admin/static/admin/;
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
proxy_buffering off;
proxy_pass https://app_server;
}
}
server {
listen 80;
server_name programmationetia.com;
return 301 https://$server_name$request_uri;
}
I followed Sentex tutorial on encrypting with ssl.
Thank you for helping