I am totally new to nginx deployment and having problem setting up the subdomain for rails app which is running in passenger. My app structure is like this
-- sss.com (parent domain)
-- sub.sss.com (subdomain)
-- zzz.com (which will be redirected to sub.sss.com)
For more clear perspective, think of the gmail structure
-- google.com (parent domain)
- mail.google.com (subdomain)
-- gmail.com (which will be redirected to mail.google.com)
And remember sub.sss.com is not just a directory under sss, its completely a different rails app.
To setup a similar structure i have configured nginx like this
server {
listen 80;
server_name sss.com *.sss.com;
rewrite ^(.*) http://sss.com$1 permanent;
}
server {
listen 80;
server_name sss.com;
passenger_enabled on;
access_log logs/sss.log;
error_log logs/sss_error.log;
root /var/www/sss/public;
}
server {
listen 80;
server_name sub.sss.com;
passenger_enabled on;
access_log logs/sub.log;
error_log logs/sub_error.log;
root /var/www/sub/public;
}
server {
listen 80;
server_name zzz.com;
rewrite ^(.*) http://sub.sss.com$1 permanent;
}
When i start nginx i got this warning message
nginx: [warn] conflicting server name "sss.com" on 0.0.0.0:80, ignored
And got this message when tried to access the url www.sss.com
Chrome - Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects.
FF - Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
But when i access zzz.com, it successfully redirects to sub.sss.com with a same error.
Seems its messed up in some kind of loop. anybody got a idea how to solve this?
In your first server you define the sss.com like server in the second too. You just need delete from first. like that :
server {
listen 80;
server_name *.sss.com;
rewrite ^(.*) http://sss.com$1 permanent;
}
server {
listen 80;
server_name sss.com;
passenger_enabled on;
access_log logs/sss.log;
error_log logs/sss_error.log;
root /var/www/sss/public;
}
server {
listen 80;
server_name sub.sss.com;
passenger_enabled on;
access_log logs/sub.log;
error_log logs/sub_error.log;
root /var/www/sub/public;
}
server {
listen 80;
server_name zzz.com;
rewrite ^(.*) http://sub.sss.com$1 permanent;
}
You have 3 domains/subdamians and there should be only 3 server blocks instead of the four you had.
Try ...
server {
# This server block serves sss.com
listen 80;
server_name sss.com;
passenger_enabled on;
access_log logs/sss.log;
error_log logs/sss_error.log;
root /var/www/sss/public;
}
server {
# This server block serves sub.sss.com
listen 80;
server_name sub.sss.com;
passenger_enabled on;
access_log logs/sub.log;
error_log logs/sub_error.log;
root /var/www/sub/public;
}
server {
# This server block redirects zzz.com to sub.sss.com
listen 80;
server_name zzz.com;
rewrite ^ http://sub.sss.com$request_uri? permanent;
}
Related
we have a website where each user will have his own subdomain, lets's call the domain example.com.
when user1 gets created, he should be able to access his page through user1.example.com
right now when the user access user1.example.com he gets
"Your connection is not private" error message.
We are using rails 7 and we are hosted on AWS lightsail.
the SSL certificate is created using AWS certmanager and attached to the loadbalancer.
our simple Nginx config
listen 80;
listen [::]:80;
server_name _;
root /home/ubuntu/link/to/application/public;
passenger_enabled on;
passenger_app_env production;
location /cable {
passenger_app_group_name myapp_websocket;
passenger_force_max_concurrent_requests_per_process 0;
}
# Allow uploads up to 100MB in size
client_max_body_size 5m;
location ~ ^/(assets|packs) {
expires max;
gzip_static on;
}
}
EDIT 1:
we got a new wildcard certificate from letsencrypt certbot and updated ngnix with the following:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /home/ubuntu/link/to/app/current/public;
server_name domain.com www.domain;
passenger_enabled on;
passenger_app_env production;
location /cable {
passenger_app_group_name myapp_websocket;
passenger_force_max_concurrent_requests_per_process 0;
}
# Allow uploads up to 100MB in size
client_max_body_size 5m;
location ~ ^/(assets|packs) {
expires max;
gzip_static on;
}
listen 443 ssl; # managed by Certbot
# RSA certificate
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
# Redirect non-https traffic to https
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
}
now both domain.com and www.domain.com has SSL certificates, but I still can have user1.domain.com to have that certificate
I have a site that I built using ruby on rails on nginx server with passenger. My client decided to install ssl certificate.I am a newbie to that kind of issues and I have never did it before and I need to confirm that my sites-enabled/default file is configured properly.
My current configuration is :
server {
listen 80;
listen [::]:80 ipv6only=on;
server_name www.mysite.com;
passenger_enabled on;
rails_env production;
root /home/directory;
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
and for adding ssl certificate, I will add another server block like below:
server {
listen 443;
server_name www.mysite.com;
passenger_enabled on;
rails_env production;
root /home/directory;
ssl on;
ssl_certificate /etc/ssl/my_certificate;
ssl_certificate_key /etc/ssl/my_private_key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_stapling on
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
is that a right way and parameters to configure nginx or I need to combine them in one server block ?
is there any thing missing should I add to the previous config ?
in the :server_name www.mysite.com;
can I replace it with my IP address instead of the domain name ?
Thanks for your time in advance
You can have HTTP and HTTPS servers in the same server section
server {
listen 80;
listen [::]:80 ipv6only=on;
listen 443 ssl;
...
}
For complete SSL related configuration I would recommend to use Mozilla generator
Yes, but you shouldn't. Nginx will match your first server section even if you haven't set server_name properly, but such configuration is hard to support and troubleshoot
I need to configure nginx for one of my rails application to route some pages through SSL but facing problem with configuration.
I've a SSL certificate where common name is example.com and my site is routing to example.com from www.example.com
Here is my nginx.conf:
upstream unicorn {
server unix:/tmp/unicorn.sock fail_timeout=0;
}
server {
listen 80;
server_name www.example.com;
return 301 $scheme://example.com$request_uri;
}
server {
listen 443 ssl;
server_name example.com;
return 301 $scheme://example.com$request_uri;
ssl on;
ssl_certificate /certificate path;
ssl_certificate_key /key path;
}
server {
listen 80 default deferred;
root /public path;
try_files $uri/index.html $uri #unicorn;
location #unicorn {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://unicorn;
}
client_max_body_size 50M;
}
I've tried different configuration as well but nothing work. Any suggestion would be appreciated. Thanks in advance for that.
Not sure if this help.
I have had a same problem. I struggle with it for a longtime until I redirect from ApplicationController
In the ApplicationController:
before_filter :redirect_subdomain
def redirect_subdomain
if request.host == 'www.example.com.au'
redirect_to 'https://example.com.au' + request.fullpath
end
end
My issue has been resolved by doing modifications below, answering this as it might help someone else:
Removed ssl_certificate and ssl_certificate_key from default_server block.
Removed URL overwriting from SSL server block.
Added ssl_protocols and ssl_ciphers to SSL server block
The configuration look like below after modification:
upstream unicorn {
server unix:/tmp/unicorn.sock fail_timeout=0;
}
server {
listen 80;
server_name www.example.com;
return 301 $scheme://example.com$request_uri;
}
server {
listen 80 default_server;
root /example.com/current/public;
try_files $uri/index.html $uri #unicorn;
......
}
server {
listen 443 ssl;
server_name example.com www.example.com;
ssl on;
ssl_certificate /example.com.crt;
ssl_certificate_key /example.com.key;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
......
}
so I have an nginx setup in such a way that when you access example.com it redirects you to www.example.com. However, I would like to skip that behavior if I access a certain IP instead of example.com (for instance I go to 123.456.789.123 it shouldn't redirect). Any ideas?
server {
listen 80;
server_name example.com;
return 301 http://www.example.com$request_uri;
}
server {
listen 80;
server_name www.example.com;
passenger_enabled on;
rails_env production;
root /home/{{app_user}}/app/current/public;
}
I'm hosing a rails application on digital ocean. Its working perfectly. I would like to host a Sinatra application on the same VPS. I have setup the nameservers and DNS.
My opt/nginx/conf/nginx.conf is:
worker_processes 1;
events {
worker_connections 1024;
}
http {
passenger_root /home/deploy/.rvm/gems/ruby-2.0.0-p0/gems/passenger-4.0.0.rc6;
passenger_ruby /home/deploy/.rvm/wrappers/ruby-2.0.0-p0/ruby;
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name domain1.com;
charset utf-8;
root /home/deploy/apps/domain1/current/public;
passenger_enabled on;
rails_spawn_method smart;
rails_env production;
}
server {
listen 80;
server_name domain2.com www.domain2.com;
charset utf-8;
root /home/deploy/apps/domain2-path/public;
passenger_enabled on;
rails_spawn_method smart;
}
}
Now when I go domain2.com it loads the application of domain1.com, what am I doing wrong.
PS: Domain1.com is rails applicion and Domain2.com is sinatra application.
You cannot do it only by defining another DNS address.
You should run the other app on different URL.
Then do something like this:
upstream rails {
server 127.0.0.1:8000;
}
upstream sinatra {
server 127.0.0.1:7000;
}
server {
location /rails {
proxy_pass http://rails;
}
location /sinatra {
proxy_pass http://sinatra;
}
}