I am hosting a Django application on digitalocean. I follow this tutorial to finish its SSL certification. Following that tutorial I don't know where to add this line of code:
return 301 https://$server_name$request_uri;
I tried adding it in /etc/nginx/sites-enabled/leptitox_pro
server {
listen 80;
server_name 68.183.203.33 yahkut.com www.yahkut.com;
return 301 https://$server_name$request_uri;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/leptitoxadmin/pyapps/Leptitox;
}
location /media/ {
root /home/leptitoxadmin/pyapps/Leptitox;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
}
when it didn't work I added it in /etc/nginx/sites-available/leptitox_pro
server {
listen 80;
server_name 68.183.203.33 yahkut.com www.yahkut.com;
return 301 https://$server_name$request_uri;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/leptitoxadmin/pyapps/Leptitox;
}
location /media/ {
root /home/leptitoxadmin/pyapps/Leptitox;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
}
it didn't work there as well, so I added below the server block of code in /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
server { # new
listen 80; # new
server_name yahkut.com; # new
return 301 https://$server_name$request_uri; # new
}
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
}
I then restarted ngnix and run nginx -t and got a success message, and when I ran the website I get either 404 not found or Not secure version of the website.
Please help me with this. Thank you
You have to seperate the server block running port 80 and the server block running port 443 (SSL). Just like this:
server {
listen 80;
server_name 68.183.203.33 yahkut.com www.yahkut.com;
return 301 https://$server_name$request_uri;
# Stop here, it's will be redirect to HTTPS. There's no left to execute
}
server {
listen 443 ssl;
server_name yahkut.com www.yahkut.com;
ssl_certificate /path/to/certificate/your_domain_chain.crt;
ssl_certificate_key /path/to/your_private.key;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/leptitoxadmin/pyapps/Leptitox;
}
location /media/ {
root /home/leptitoxadmin/pyapps/Leptitox;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
}
Add these server blocks.
This is to redirect http to https
server {
listen 80;
server_name example.com;
location / {
return 301 https://$host$request_uri;
}
}
Your main block with ssl
server {
listen 443 ssl ;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
index index.html index.htm index.nginx-debian.html;
server_name example.com;
location / {
proxy_pass http://localhost:5003; // Your port goes here
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
This goes under /nginx/sites-enabled/default or you can create different files for it in this folder
Related
I have a project, Frontend with Flutter and Backend with Django. It was working fine. I wanted to change HTTP to HTTPs. now I am getting the error This site can’t be reached domain.de refused to connect
The Nginx file for the Frontend:
server {
server_name visoon.de;
root /home/visoon_frontend/build/web;
index index.html;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/visoon.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/visoon.de/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
if ($host = visoon.de) {
return 301 https://$host$request_uri;
}
listen 80;
server_name visoon.de;
return 404;
}
And Nginx file for the Backend:
upstream visoon_app_server {
server unix:/home/visoon_backend/run/gunicorn.sock fail_timeout=0;
}
server {
listen 80;
server_name visoon.de;
client_max_body_size 4G;
proxy_read_timeout 1200s;
access_log /home/visoon_backend/logs/nginx-access.log;
error_log /home/visoon_backend/logs/nginx-error.log;
location /static/ {
alias /home/visoon_backend/visoon_backend/static/;
expires -1;
}
location /media/ {
alias /home/visoon_backend/visoon_backend/static/media/;
expires -1;
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
# proxy_buffering off;
if (!-f $request_filename) {
proxy_pass http://visoon_app_server;
break;
}
}
# Error pages
error_page 500 502 503 504 /500.html;
location = /500.html {
root /home/visoon_backend/visoon_backend/static/;
}
}
Does anyone know why I am getting this error?
After searching for a couple of hours, I discovered that port 443 wasn't accessible on the server.
Whenever I try to go to www.example.com/anything it always redirects to www.example.com.
It works fine if I don't use the domain. Ex: ip.ip.ip.ip/anything works.
here's my sites-available
server {
listen 80;
listen [::]:80;
server_name my_ip_here;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/chris/Portfolio_v2/mysite;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
}
You need to add your domain name to the server block
server_name www.example.com;
hi i'm coding my own server with django ,nginx, and uwsgi
the problem is when i access https://localhost , ssl work.
but https://domainname , it wont work.
what is wrong in my code?
nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
keepalive_timeout 65;
upstream django {
#server 172.30.1.40:8000;
server localhost:8000;
}
server {
server_name fidochallenge486.tk;
listen 8080;
location / {
uwsgi_pass django;
include /usr/local/etc/nginx/uwsgi_params;
proxy_redirect off;
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:8000/;
proxy_redirect off;
proxy_http_version 1.1;
}
}
server {
listen 443 ssl;
server_name fidochallenge486.tk;
ssl_certificate /Users/junbeomkwak/Downloads/fidochallenge486.tk/bundle.crt;
ssl_certificate_key /Users/junbeomkwak/Downloads/fidochallenge486.tk/privkey.key;
#ssl_session_cache shared:SSL:1m;
#ssl_session_timeout 5m;
#ssl_ciphers HIGH:!aNULL:!MD5;
#ssl_prefer_server_ciphers on;
location / {
include /usr/local/etc/nginx/uwsgi_params;
uwsgi_pass django;
}
}
}
fido_project.conf
upstream django {
server 172.30.1.40:8000;
}
server {
listen 8080;
server_name domainname;
return 301 https://$host$request_uri;
location / {
uwsgi_pass django;
proxy_pass 172.30.1.40:8000;
}
}
server {
listen 443 ssl;
server_name domainname;
if ($host = domainname') {
return 301 https://domainname$request_uri;
}
ssl_certificate /Users/junbeomkwak/Downloads/fidochallenge486.tk/bundle.crt;
ssl_certificate_key /Users/junbeomkwak/Downloads/fidochallenge486.tk/privkey.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
uwsgi_pass django;
include /usr/local/etc/nginx/uwsgi_params;
#proxy_pass 172.30.1.40:8000; // local
}
}
edited by 10:55 kst
i edited what you said.. not working
need some file? like ini file or something..
Here are some strange parts of your config:
server {
listen 8080;
server_name domainname;
return 301 https://$host$request_uri;
location / {
uwsgi_pass django;
proxy_pass 172.30.1.40:8000;
}
}
This redirect
return 301 https://$host$request_uri;
is usually used for HTTP to HTTPS redirection when end user types domainname in his browser address bar without specifying an https:// prefix. Having that in a server block that listen on port 8080 is quite strange because end user had to type domainname:8080 to get redirected to https://domainname. Usually this type of redirect is used in a server block that listen on a default HTTP port 80. Anyway
location / {
uwsgi_pass django;
proxy_pass 172.30.1.40:8000;
}
had no sense here because it would never executed. Additionally, you should have only proxy_pass or uwsgi_pass, not both.
Next one:
server {
listen 443 ssl;
server_name domainname;
if ($host = domainname') {
return 301 https://domainname$request_uri;
}
...
What is that if block for? It would give you endless redirection from HTTPS to HTTPS which definitely has no sense at all. Looks like you copy-pasted it from some other config without understanding what does it mean. Remove it.
I have an Nginx serving my django application. When I try to access example.com/resource it should redirect to https://example.com/resource but in my case it redirects to https://example.comresource (removing the / before resource)
I have a very minimal Nginx configuration (as you'll see below). I don't know where to start to figure out what's wrong.
server{
listen 443;
listen [::]:443 ssl;
ssl on;
ssl_certificate /etc/ssl/example_com.crt;
ssl_certificate_key /etc/ssl/example_com.key;
server_name example.com;
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
location /static/ {
autoindex on;
alias /home/administrator/example/collectedstatic/;
}
location /media {
alias /home/administrator/example/store;
}
}
server {
listen 8000;
server_name localhost;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
autoindex on;
alias /home/administrator/example/collectedstatic/;
}
location /media {
alias /home/administrator/example/store;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
}
There are no error messages, just a webpage not found.
I currently have a working Django + Gunicorn + Nginx setup for https://www.example.com and http://sub.example.com. Note the main domain has ssl whereas the subdomain does not.
This is working correctly with the following two nginx configs. First is www.example.com:
upstream example_app_server {
server unix:/path/to/example/gunicorn/gunicorn.sock fail_timeout=0;
}
server {
listen 80;
server_name www.example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl;
server_name www.example.com;
if ($host = 'example.com') {
return 301 https://www.example.com$request_uri;
}
ssl_certificate /etc/nginx/example/cert_chain.crt;
ssl_certificate_key /etc/nginx/example/example.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'ciphers removed to save space in post';
ssl_prefer_server_ciphers on;
client_max_body_size 4G;
access_log /var/log/nginx/www.example.com.access.log;
error_log /var/log/nginx/www.example.com.error.log info;
location /static {
autoindex on;
alias /path/to/example/static;
}
location /media {
autoindex on;
alias /path/to/example/media;
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
if (!-f $request_filename) {
proxy_pass http://example_app_server;
break;
}
}
}
Next is sub.example.com:
upstream sub_example_app_server {
server unix:/path/to/sub_example/gunicorn/gunicorn.sock fail_timeout=0;
}
server {
listen 80;
server_name sub.example.com;
client_max_body_size 4G;
access_log /var/log/nginx/sub.example.com.access.log;
error_log /var/log/nginx/sub.example.com.error.log info;
location /static {
autoindex on;
alias /path/to/sub_example/static;
}
location /media {
autoindex on;
alias /path/to/sub_example/media;
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
if (!-f $request_filename) {
proxy_pass http://sub_example_app_server;
break;
}
}
}
As mentioned, this is all working. What I am trying to do now is to use ssl on the subdomain as well. I have a second ssl certificate for this purpose which has been activated with the domain register for this subdomain.
I have updated the original nginx config from above for sub.example.com to have exactly the same format as example.com, but pointing to the relevant ssl cert/key etc:
upstream sub_example_app_server {
server unix:/path/to/sub_example/gunicorn/gunicorn.sock fail_timeout=0;
}
server {
listen 80;
server_name sub.example.com;
return 301 https://sub.example.com$request_uri;
}
server {
listen 443 ssl;
server_name sub.example.com;
if ($host = 'sub.example.com') {
return 301 https://sub.example.com$request_uri;
}
ssl_certificate /etc/nginx/sub_example/cert_chain.crt;
ssl_certificate_key /etc/nginx/sub_example/example.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'ciphers removed to save space in post';
ssl_prefer_server_ciphers on;
client_max_body_size 4G;
access_log /var/log/nginx/sub.example.com.access.log;
error_log /var/log/nginx/sub.example.com.error.log info;
location /static {
autoindex on;
alias /path/to/sub_example/static;
}
location /media {
autoindex on;
alias /path/to/sub_example/media;
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
if (!-f $request_filename) {
proxy_pass http://sub_example_app_server;
break;
}
}
}
I haven't changed anything with my domain register / dns because everything was already working correctly before adding the ssl for the subdomain. Not sure if there is something I need to change?
When browsing to http://sub.example.com I am redirected to https://sub.example.com, so that part appears to be working. However the site does not load and the browser error is: This page isn't working. sub.example.com redirected you too many times. ERR_TOO_MANY_REDIRECTS
https://www.example.com is still working.
I don't have any errors in my nginx or gunicorn logs. I can only guess I have configured something in the sub.example.com nginx config incorrectly.
The section in the ssl server configuration:
if ($host = 'sub.example.com') { return 301 sub.example.com$request_uri }
is the problem. That rule will always be triggered. Removing it should eliminate the too many redirect errors.