Issue
Facing a unique type of issue for hosting multiple port (5000, 5001) in ubuntu server. I am using Nginx to configure two subdomains in the directory "/etc/nginx/site-availabe" and I delink default configuration. but the main issue is when listen to port ":80" is working fine for both subdomain but when configured for both SSL cert file and listen to 443 is only pointing to port 5000 for both subdomain, not for 5001 port. I will share my config file if I have any config problem.
This setting for 5001 port
server {
listen 80;
server_name lenderapp.xxx.in;
return 301 https://lenderapp.xxx.in$request_uri;
# rewrite ^(.*) https://lenderapp.xxx.in$1 permanent;
}
server {
listen 443;
ssl on;
server_name www.lenderapp.xxx.in;
#root /home/dmin/OProjects/lender_demo;
error_log /var/log/nginx/error_lenderapp.log error;
access_log /var/log/nginx/lenderapp_access.log;
ssl_certificate /home/admin/OProjects/ssl_cert/lender_cert/ssl_cert.cert;
ssl_certificate_key /home/admin/OProjects/ssl_cert/lender_cert/ssl_cert_key.key;
location /{
proxy_pass http://0.0.0.0:5001;
root /home/admin/OProjects/lender_demo;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Now 2nd setting for port 5000
server {
listen 80;
server_name bcadmin.xxx.in;
return 301 https://bcadmin.xxx.in$request_uri;
#rewrite ^(.*) https://bcadmin.xxx.in$1 permanent;
}
server {
listen 443 ssl http2;
server_name www.bcadmin.tradefi.in;
root /home/admin/OProjects/admin_console;
error_log /var/log/nginx/lenderapp.log error;
access_log /var/log/nginx/lenderapp_access.log;
ssl_certificate /home/admin/OProjects/ssl_cert/ssl_cert.cert;
ssl_certificate_key /home/admin/OProjects/ssl_cert/ssl_cert_key.key;
location /{
proxy_pass 'http://0.0.0.0:5000';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Please help me guys... I need help badly
Solution
Cannot see a real error in you config on first glance. But using 0.0.0.0
as target IP - this IP is kind of "any IP". You should stick to 127.0.0.1
for local redirects. Also ssl on
is deprecated since 06/2018...
I would recommend to split your config into several files to keep a better overview. It will make the config more readable and will really help you on daily routines (and enhancements).
For your config my approach would be the following. I am using this config for > 35 domains without problems on one of my servers. It will not just work, but also give you an A+ rating on SSLtest. This config adopts your log- and cert file names - that in my opinion are not optimal ;)
Main Config
# This block redirect any :80 traffic to its https counterpart.
server {
listen 80 default_server;
listen [::]:80 default_server; # <-- ipv6
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2; # <-- ipv6
server_name www.lenderapp.xxx.in;
error_log /var/log/nginx/error_lenderapp.log error;
access_log /var/log/nginx/lenderapp_access.log;
include params/ssl;
ssl_certificate /home/admin/OProjects/ssl_cert/lender_cert/ssl_cert.cert;
ssl_certificate_key /home/admin/OProjects/ssl_cert/lender_cert/ssl_cert_key.key;
location / {
proxy_pass http://127.0.0.1:5001;
include params/proxy_full;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2; # <-- ipv6
server_name www.bcadmin.tradefi.in;
error_log /var/log/nginx/lenderapp.log error;
access_log /var/log/nginx/lenderapp_access.log;
include params/ssl;
ssl_certificate /home/admin/OProjects/ssl_cert/ssl_cert.cert;
ssl_certificate_key /home/admin/OProjects/ssl_cert/ssl_cert_key.key;
location / {
proxy_pass http://127.0.0.1:5000;
include params/proxy_full;
}
}
params/ssl
(for my /etc/nginx/params/proxy_full
)
Caution: You'll need a dhparam
file inside params
to make it work. Use openssl dhparam -out /etc/nginx/params/dhparam.pem 4096
to create one if not existent.
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_dhparam params/dhparam.pem;
ssl_ecdh_curve secp384r1;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4;
resolver_timeout 5s;
params/proxy_full
(for my /etc/nginx/params/proxy_full
)
add_header X-Upstream $upstream_addr;
proxy_http_version 1.1;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto https;
Answered By - boppy Answer Checked By - David Goodson (PHPFixing Volunteer)
0 Comments:
Post a Comment
Note: Only a member of this blog may post a comment.