Welcome! Log In Create A New Profile

Re: Nginx only serves 1 App

Forum List Message List New Topic Print View

Moshe Katz

May 15, 2018 11:46PM

That last "# managed by Certbot" section looks wrong - it shouldn't be
using "if ($host = ...", since that's inefficient and there are much better
ways to do it.

I have a very similar server, so here are the config files I use for it. I
don't like pasting them into emails, so I made a GitHub Gist:
https://gist.github.com/kohenkatz/08a74d757e0695f4ec3dc34c44ea4369 (that
also means I can edit it later if it doesn't work for you).

Note that with this configuration you have to run Certbot in "certonly"
mode instead of nginx mode. However, that is very easy.
I have eight servers configured in this exact way (though most of them with
applications other than Seafile and Mattermost, but it doesn't matter).

Here is the certbot command I use:
sudo certbot certonly --webroot -w /usr/share/nginx/html -d
domain-name-here.example.com
(If you changed the path for `.well-known` in the config files in my Gist,
you will also need to change it here.)

Let me know how this works for you.

Moshe

--
Moshe Katz
-- kohenkatz@gmail.com
-- +1(301)867-3732

On Tue, May 15, 2018 at 4:32 PM Nginx-Chris <nginx-forum@forum.nginx.org>
wrote:

> Dear Moshe
>
> I did switch off the seafile configuration and that means that the normal
> chat.mydomain.com works again with nginx.,
>
> I did then do
>
> > sudo certbot --nginx
>
> and the sitechat.mydomain.com now runs on with SSL.
>
> So then I switch seafile conf on again --> Seafile works as always.
>
> AND mattermost on chat.mydomain.com works, but ONLY if I add https:// in
> front of the web address.
>
> So:
>
> chat.mydomain.com <-- does only work when seafile off (then redirects)
> http://chat.mydomain.com <-- does only work when seafile off (then
> redirects)
>
> https://chat.mydomain.com <-- works when seafile is on and/or off.
>
> Why does nginx not redirect the chat.mydomain.com to https?
>
> The new config for chat.mydomain.com is this. it got changed by certbot
> automatically.
>
> MATTERMOST:
>
> server 127.0.0.1:8065;
> }
>
> proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m
> max_size=3g inactive=120m use_temp_path=off;
>
> server {
> server_name chat.mydomain.com;
>
> location ~/api/v[0-9]+/(users/)?websocket$ {
> proxy_set_header Upgrade $http_upgrade;
> proxy_set_header Connection "upgrade";
> client_max_body_size 50M;
> proxy_set_header Host $http_host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header X-Forwarded-Proto $scheme;
> proxy_set_header X-Frame-Options SAMEORIGIN;
> proxy_buffers 256 16k;
> proxy_buffer_size 16k;
> proxy_read_timeout 600s;
> proxy_pass http://backend;
> }
>
> location / {
> client_max_body_size 50M;
> proxy_set_header Connection "";
> proxy_set_header Host $http_host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header X-Forwarded-Proto $scheme;
> proxy_set_header X-Frame-Options SAMEORIGIN;
> proxy_buffers 256 16k;
> proxy_buffer_size 16k;
> proxy_read_timeout 600s;
> proxy_cache mattermost_cache;
> proxy_cache_revalidate on;
> proxy_cache_min_uses 2;
> proxy_cache_use_stale timeout;
> proxy_cache_lock on;
> proxy_pass http://backend;
> }
>
> listen 443 ssl; # managed by Certbot
> ssl_certificate /etc/letsencrypt/live/chat.mydomain.com/fullchain.pem;
> #
> managed by Certbot
> ssl_certificate_key /etc/letsencrypt/live/
> chat.mydomain.com/privkey.pem;
> # managed by Certbot
> include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
> ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
>
> }
>
>
> server {
> if ($host = chat.mydomain.com) {
> return 301 https://$host$request_uri;
> } # managed by Certbot
>
>
>
> listen 80;
> server_name chat.mydomain.com;
> return 404; # managed by Certbot
>
> Posted at Nginx Forum:
> https://forum.nginx.org/read.php?2,279794,279806#msg-279806
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
Nginx only serves 1 App	Nginx-Chris	May 15, 2018 04:35AM
Re: Nginx only serves 1 App	wickedhangover	May 15, 2018 07:30AM
Re: Nginx only serves 1 App	Moshe Katz	May 15, 2018 09:18AM
Re: Nginx only serves 1 App	Nginx-Chris	May 15, 2018 04:32PM
Re: Nginx only serves 1 App	Moshe Katz	May 15, 2018 11:46PM
Re: Nginx only serves 1 App	Nginx-Chris	May 16, 2018 01:08AM
Re: Nginx only serves 1 App	Nginx-Chris	May 16, 2018 01:12AM
Re: Nginx only serves 1 App	Nginx-Chris	May 16, 2018 01:41AM
Re: Nginx only serves 1 App	Moshe Katz	May 16, 2018 09:16AM
Re: Nginx only serves 1 App	Nginx-Chris	May 23, 2018 04:14PM
Re: Nginx only serves 1 App	Nginx-Chris	May 23, 2018 04:14PM
Re: Nginx only serves 1 App	Moshe Katz	May 23, 2018 09:30PM
Re: Nginx only serves 1 App	Nginx-Chris	May 23, 2018 11:50PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 315

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018