Welcome! Log In Create A New Profile

Advanced

Re: Nginx only serves 1 App

Moshe Katz
May 15, 2018 11:46PM
That last "# managed by Certbot" section looks wrong - it shouldn't be
using "if ($host = ...", since that's inefficient and there are much better
ways to do it.

I have a very similar server, so here are the config files I use for it. I
don't like pasting them into emails, so I made a GitHub Gist:
https://gist.github.com/kohenkatz/08a74d757e0695f4ec3dc34c44ea4369 (that
also means I can edit it later if it doesn't work for you).

Note that with this configuration you have to run Certbot in "certonly"
mode instead of nginx mode. However, that is very easy.
I have eight servers configured in this exact way (though most of them with
applications other than Seafile and Mattermost, but it doesn't matter).

Here is the certbot command I use:
sudo certbot certonly --webroot -w /usr/share/nginx/html -d
domain-name-here.example.com
(If you changed the path for `.well-known` in the config files in my Gist,
you will also need to change it here.)

Let me know how this works for you.

Moshe

--
Moshe Katz
-- kohenkatz@gmail.com
-- +1(301)867-3732


On Tue, May 15, 2018 at 4:32 PM Nginx-Chris <nginx-forum@forum.nginx.org>
wrote:

> Dear Moshe
>
> I did switch off the seafile configuration and that means that the normal
> chat.mydomain.com works again with nginx.,
>
> I did then do
>
> > sudo certbot --nginx
>
> and the sitechat.mydomain.com now runs on with SSL.
>
> So then I switch seafile conf on again --> Seafile works as always.
>
> AND mattermost on chat.mydomain.com works, but ONLY if I add https:// in
> front of the web address.
>
> So:
>
> chat.mydomain.com <-- does only work when seafile off (then redirects)
> http://chat.mydomain.com <-- does only work when seafile off (then
> redirects)
>
> https://chat.mydomain.com <-- works when seafile is on and/or off.
>
> Why does nginx not redirect the chat.mydomain.com to https?
>
> The new config for chat.mydomain.com is this. it got changed by certbot
> automatically.
>
> MATTERMOST:
>
> server 127.0.0.1:8065;
> }
>
> proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m
> max_size=3g inactive=120m use_temp_path=off;
>
> server {
> server_name chat.mydomain.com;
>
> location ~/api/v[0-9]+/(users/)?websocket$ {
> proxy_set_header Upgrade $http_upgrade;
> proxy_set_header Connection "upgrade";
> client_max_body_size 50M;
> proxy_set_header Host $http_host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header X-Forwarded-Proto $scheme;
> proxy_set_header X-Frame-Options SAMEORIGIN;
> proxy_buffers 256 16k;
> proxy_buffer_size 16k;
> proxy_read_timeout 600s;
> proxy_pass http://backend;
> }
>
> location / {
> client_max_body_size 50M;
> proxy_set_header Connection "";
> proxy_set_header Host $http_host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header X-Forwarded-Proto $scheme;
> proxy_set_header X-Frame-Options SAMEORIGIN;
> proxy_buffers 256 16k;
> proxy_buffer_size 16k;
> proxy_read_timeout 600s;
> proxy_cache mattermost_cache;
> proxy_cache_revalidate on;
> proxy_cache_min_uses 2;
> proxy_cache_use_stale timeout;
> proxy_cache_lock on;
> proxy_pass http://backend;
> }
>
> listen 443 ssl; # managed by Certbot
> ssl_certificate /etc/letsencrypt/live/chat.mydomain.com/fullchain.pem;
> #
> managed by Certbot
> ssl_certificate_key /etc/letsencrypt/live/
> chat.mydomain.com/privkey.pem;
> # managed by Certbot
> include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
> ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
>
> }
>
>
> server {
> if ($host = chat.mydomain.com) {
> return 301 https://$host$request_uri;
> } # managed by Certbot
>
>
>
> listen 80;
> server_name chat.mydomain.com;
> return 404; # managed by Certbot
>
> Posted at Nginx Forum:
> https://forum.nginx.org/read.php?2,279794,279806#msg-279806
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Nginx only serves 1 App

Nginx-Chris May 15, 2018 04:35AM

Re: Nginx only serves 1 App

wickedhangover May 15, 2018 07:30AM

Re: Nginx only serves 1 App

Moshe Katz May 15, 2018 09:18AM

Re: Nginx only serves 1 App

Nginx-Chris May 15, 2018 04:32PM

Re: Nginx only serves 1 App

Moshe Katz May 15, 2018 11:46PM

Re: Nginx only serves 1 App

Nginx-Chris May 16, 2018 01:08AM

Re: Nginx only serves 1 App

Nginx-Chris May 16, 2018 01:12AM

Re: Nginx only serves 1 App

Nginx-Chris May 16, 2018 01:41AM

Re: Nginx only serves 1 App

Moshe Katz May 16, 2018 09:16AM

Re: Nginx only serves 1 App

Nginx-Chris May 23, 2018 04:14PM

Re: Nginx only serves 1 App

Nginx-Chris May 23, 2018 04:14PM

Re: Nginx only serves 1 App

Moshe Katz May 23, 2018 09:30PM

Re: Nginx only serves 1 App

Nginx-Chris May 23, 2018 11:50PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 65
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready