|
Wrong redirecting to 404 on several subfolders November 26, 2018 03:10AM |
Registered: 5 years ago Posts: 2 |
Hello everybody,
I am nearly new to nginx and since three months I run my own server with Ubuntu 18.04. It's the first time I use Linux.
I did not find anything to my problem.
I use nginx and MariaDB. Currently I run some applications via nignx. I have a gateway host for this and a virtual host for each application.
Recently, I came across BookStack to be able to document well.
I currently have the problem that obviously some redirects are not forwarded correctly and I'm redirected in some subfolders on the error page 404 / not found.
I have found that in the application is always redirected to the page domain.com/translations. Since this page does not exist, 404 Not Found appears.
I have adapted the APP_URL accordingly. I would like to be reachable at https://domain.com/bookstack. I have included the URL in the .env including trailing slash.
Below are my current host configurations.
Gateway-Host
upstream php-handler {
server unix:/run/php/php7.2-fpm.sock;
}
server {
listen 80 default_server;
server_name domain.name.ltd server_ip;
root /var/www;
location ^~ /.well-known/acme-challenge {
proxy_pass http://127.0.0.1:port;
proxy_redirect off;
}
location / {
# Enforce HTTPS
# Use this if you always want to redirect to the DynDNS address (no local access).
return 301 https://$server_name$request_uri;
# Use this if you also want to access the server by local IP:
#return 301 https://$server_addr$request_uri;
}
}
server {
listen 443 ssl http2;
server_name noopiescloud.spdns.de 192.168.178.52;
# Certificates used
ssl_certificate ***;
ssl_certificate_key ***;
# Not using TLSv1 will break:
# Android <= 4.4.40
# IE <= 10
# IE mobile <=10
# Removing TLSv1.1 breaks nothing else!
# TLSv1.3 is not supported by most clients, but it should be enabled.
ssl_protocols TLSv1.2 TLSv1.3;
# Cipher suite from https://cipherli.st/
# Max. security, but lower compatibility
ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384';
# Cipher suite from https://wiki.mozilla.org/Security/Server_Side_TLS
#ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
# (Modern) cipher suite from https://mozilla.github.io/server-side-tls/ssl-config-generator/
#ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
# Diffie-Hellman parameter for DHE ciphersuites, recommended 4096 bits
# ssl_dhparam /etc/nginx/ssl/dhparams.pem;
# Use multiple curves.
# secp521r1: Not supported by Chrome
# secp384r1: Not supported by Android (DAVdroid)
ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
# Server should determine the ciphers, not the client
ssl_prefer_server_ciphers on;
# OCSP Stapling
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
# This should be chain.pem
# See here: https://certbot.eff.org/docs/using.html
ssl_trusted_certificate ***;
resolver 192.168.178.1;
# SSL session handling
ssl_session_timeout 24h;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
#
# Add headers to serve security related headers
#
# HSTS (ngx_http_headers_module is required)
# In order to be recoginzed by SSL test, there must be an index.hmtl in the server's root
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains" always;
add_header X-Content-Type-Options "nosniff" always;
# Usually this should be "DENY", but when hosting sites using frames, it has to be "SAMEORIGIN"
add_header Referrer-Policy "no-referrer" always;
#add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
location = / {
# Disable access to the web root, otherwise nginx will show the default site here.
deny all;
}
#
#app1
#
location ^~ /app1 {
proxy_pass http://127.0.0.1:port;
proxy_read_timeout 90;
}
#
#app2
#
location ^~ /app2 {
proxy_pass http://127.0.0.1:port;
}
#
# app3
#
location ^~ /app3 {
proxy_pass http://127.0.0.1:port;
}
#
# BookStack
#
location ^~ /bookstack/ {
rewrite ^/bookstack/(.*) /$1 break;
proxy_pass http://127.0.0.1:port/;
return 301 https://$server_name$request_uri;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
BookStack Virtual Host
server {
listen port;
root /var/www/bookstack/public;
index index.php index.html index.htm;
server_name 127.0.0.1;
access_log /var/log/nginx/bookstack_access.log;
error_log /var/log/nginx/bookstack_error.log;
client_max_body_size 100M;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README) {
deny all;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
}
}
Also an excerpt from the last logs.
2018/11/22 13:27:27 [error] 3067#3067: *504 open() "/usr/share/nginx/html/login" failed (2: No such file or directory), client: IP, server: domain.name.com, request: "GET /login HTTP/1.1", host: "domain.name.com"
2018/11/22 13:27:34 [error] 3067#3067: *504 open() "/usr/share/nginx/html/login" failed (2: No such file or directory), client: IP, server: domain.name.com, request: "GET /login HTTP/1.1", host: "domain.name.com"
2018/11/22 13:30:24 [error] 3067#3067: *603 open() "/usr/share/nginx/html/translations" failed (2: No such file or directory), client: IP, server: domain.name.com, request: "GET /translations HTTP/1.1", host: "domain.name.com"
2018/11/22 13:30:29 [error] 3066#3066: *677 open() "/usr/share/nginx/html/translations" failed (2: No such file or directory), client: IP, server: domain.name.com, request: "GET /translations HTTP/1.1", host: "domain.name.com"
2018/11/22 13:31:41 [error] 3066#3066: *817 open() "/usr/share/nginx/html/books/ufw/create-page" failed (2: No such file or directory), client: IP, server: domain.name.com, request: "GET /books/ufw/create-page HTTP/1.1", host: "domain.name.com"
2018/11/22 13:31:59 [error] 3066#3066: *677 open() "/usr/share/nginx/html/books/ufw/create-page" failed (2: No such file or directory), client: IP, server: domain.name.com, request: "GET /books/ufw/create-page HTTP/1.1", host: "domain.name.com"
Hope, u guys can help me out with this.
I am nearly new to nginx and since three months I run my own server with Ubuntu 18.04. It's the first time I use Linux.
I did not find anything to my problem.
I use nginx and MariaDB. Currently I run some applications via nignx. I have a gateway host for this and a virtual host for each application.
Recently, I came across BookStack to be able to document well.
I currently have the problem that obviously some redirects are not forwarded correctly and I'm redirected in some subfolders on the error page 404 / not found.
I have found that in the application is always redirected to the page domain.com/translations. Since this page does not exist, 404 Not Found appears.
I have adapted the APP_URL accordingly. I would like to be reachable at https://domain.com/bookstack. I have included the URL in the .env including trailing slash.
Below are my current host configurations.
Gateway-Host
upstream php-handler {
server unix:/run/php/php7.2-fpm.sock;
}
server {
listen 80 default_server;
server_name domain.name.ltd server_ip;
root /var/www;
location ^~ /.well-known/acme-challenge {
proxy_pass http://127.0.0.1:port;
proxy_redirect off;
}
location / {
# Enforce HTTPS
# Use this if you always want to redirect to the DynDNS address (no local access).
return 301 https://$server_name$request_uri;
# Use this if you also want to access the server by local IP:
#return 301 https://$server_addr$request_uri;
}
}
server {
listen 443 ssl http2;
server_name noopiescloud.spdns.de 192.168.178.52;
# Certificates used
ssl_certificate ***;
ssl_certificate_key ***;
# Not using TLSv1 will break:
# Android <= 4.4.40
# IE <= 10
# IE mobile <=10
# Removing TLSv1.1 breaks nothing else!
# TLSv1.3 is not supported by most clients, but it should be enabled.
ssl_protocols TLSv1.2 TLSv1.3;
# Cipher suite from https://cipherli.st/
# Max. security, but lower compatibility
ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384';
# Cipher suite from https://wiki.mozilla.org/Security/Server_Side_TLS
#ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
# (Modern) cipher suite from https://mozilla.github.io/server-side-tls/ssl-config-generator/
#ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
# Diffie-Hellman parameter for DHE ciphersuites, recommended 4096 bits
# ssl_dhparam /etc/nginx/ssl/dhparams.pem;
# Use multiple curves.
# secp521r1: Not supported by Chrome
# secp384r1: Not supported by Android (DAVdroid)
ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
# Server should determine the ciphers, not the client
ssl_prefer_server_ciphers on;
# OCSP Stapling
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
# This should be chain.pem
# See here: https://certbot.eff.org/docs/using.html
ssl_trusted_certificate ***;
resolver 192.168.178.1;
# SSL session handling
ssl_session_timeout 24h;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
#
# Add headers to serve security related headers
#
# HSTS (ngx_http_headers_module is required)
# In order to be recoginzed by SSL test, there must be an index.hmtl in the server's root
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains" always;
add_header X-Content-Type-Options "nosniff" always;
# Usually this should be "DENY", but when hosting sites using frames, it has to be "SAMEORIGIN"
add_header Referrer-Policy "no-referrer" always;
#add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
location = / {
# Disable access to the web root, otherwise nginx will show the default site here.
deny all;
}
#
#app1
#
location ^~ /app1 {
proxy_pass http://127.0.0.1:port;
proxy_read_timeout 90;
}
#
#app2
#
location ^~ /app2 {
proxy_pass http://127.0.0.1:port;
}
#
# app3
#
location ^~ /app3 {
proxy_pass http://127.0.0.1:port;
}
#
# BookStack
#
location ^~ /bookstack/ {
rewrite ^/bookstack/(.*) /$1 break;
proxy_pass http://127.0.0.1:port/;
return 301 https://$server_name$request_uri;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
BookStack Virtual Host
server {
listen port;
root /var/www/bookstack/public;
index index.php index.html index.htm;
server_name 127.0.0.1;
access_log /var/log/nginx/bookstack_access.log;
error_log /var/log/nginx/bookstack_error.log;
client_max_body_size 100M;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README) {
deny all;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
}
}
Also an excerpt from the last logs.
2018/11/22 13:27:27 [error] 3067#3067: *504 open() "/usr/share/nginx/html/login" failed (2: No such file or directory), client: IP, server: domain.name.com, request: "GET /login HTTP/1.1", host: "domain.name.com"
2018/11/22 13:27:34 [error] 3067#3067: *504 open() "/usr/share/nginx/html/login" failed (2: No such file or directory), client: IP, server: domain.name.com, request: "GET /login HTTP/1.1", host: "domain.name.com"
2018/11/22 13:30:24 [error] 3067#3067: *603 open() "/usr/share/nginx/html/translations" failed (2: No such file or directory), client: IP, server: domain.name.com, request: "GET /translations HTTP/1.1", host: "domain.name.com"
2018/11/22 13:30:29 [error] 3066#3066: *677 open() "/usr/share/nginx/html/translations" failed (2: No such file or directory), client: IP, server: domain.name.com, request: "GET /translations HTTP/1.1", host: "domain.name.com"
2018/11/22 13:31:41 [error] 3066#3066: *817 open() "/usr/share/nginx/html/books/ufw/create-page" failed (2: No such file or directory), client: IP, server: domain.name.com, request: "GET /books/ufw/create-page HTTP/1.1", host: "domain.name.com"
2018/11/22 13:31:59 [error] 3066#3066: *677 open() "/usr/share/nginx/html/books/ufw/create-page" failed (2: No such file or directory), client: IP, server: domain.name.com, request: "GET /books/ufw/create-page HTTP/1.1", host: "domain.name.com"
Hope, u guys can help me out with this.
Sorry, only registered users may post in this forum.
Online Users
Guests:
170
Record Number of Users:
8
on April 13, 2023
Record Number of Guests:
421
on December 02, 2018
This forum is powered by Phorum.
 |
 |
 |
 |
|