Differences

This shows you the differences between two versions of the page.

--- nginx_ssl [2015/04/05 23:07] – luke7858
+++ nginx_ssl [2024/05/23 07:26] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
-You will need two server blocks for this:
+==Files:==
+^ Directive               ^ Path to Enter                              |
+| ssl_certificate         | Certificate file + Intermidiate bundle  path |
+| ssl_certificate_key     | Key file path                                |
+ssl_certificate = .crt + .ca \\
+ssl_certificate = 'cat Intermediate.txt >> your_domain_com.bundle'
+------------
+\\
+To configure and redirect nginx properly and cleanly you need 3 nginx server blocks.
+\\
+The blocks below show a site that is redirected to https://non-www.domain
+\\
+A quick overview of these nginx blocks can be found below:
+<code>
+server 80  -> Used to redirect
+Domains          : ALL domains
+DocRoot specified: NO (: YES if site is combo of http and https)
+Redirect         : https://domain # note non-www (: NO if site is combo of http and https)
+server 443 -> Used to redirect
+Domains          : www.domain
+DocRoot specified: NO
+Redirect         : https://domain # note non-www
+server 443 -> Delivers content
+Domains          : ONLY non-www
+DocRoot specified: YES
+Redirect         : NO
+</code>
+\\
+------------
+\\
+\\
+If the customers application is taking care of the redirects then we can use the following example. \\
+The example below shows configuration with 2 nginx files
 <sxh bash>
 server {
     listen 80;
-    server_name www.lukeslinux.co.uk lukeslinux.co.uk;
+    server_name www.example.co.uk example.co.uk;
-    #rewrite ^ https://lukeslinux.co.uk$request_uri? permanent;
+    return 301 https://example.co.uk$request_uri; #note: this line actually forces https, you may not wish to have this, in which case you will just remove the line or comment it out
-    return 301 https://lukeslinux.co.uk$request_uri; #note: this line actually forces https, you may not wish to have this, in which case you will just remove the line of comment it out
 }
 server{
     listen 443;
-    server_name lukeslinux.co.uk www.lukeslinux.co.uk;
+    server_name example.co.uk www.example.co.uk;
-    root /var/www/vhosts/wiki.lukeslinux.co.uk;
+    root /var/www/vhosts/example.co.uk;
     index index.html index.htm index.php;
-    access_log /var/log/nginx/wiki.lukeslinux.co.uk.access.log;
+    access_log /var/log/nginx/example.co.uk.access.log;
-    error_log /var/log/nginx/wiki.lukeslinux.co.uk.access.log;
+    error_log /var/log/nginx/example.co.uk.error.log;
+    location / {
+        index index.html index.htm index.php;
+        try_files $uri $uri/ =404;
+    }
     ssl on;
-    ssl_certificate /etc/httpd/conf/ssl/ssl.crt/lukeslinux_co_uk.crt;
+    ssl_certificate /etc/httpd/conf/ssl/ssl.crt/example.co.uk.crt;
-    ssl_certificate_key /etc/httpd/conf/ssl/ssl.key/lukeslinux_co_uk.key;
+    ssl_certificate_key /etc/httpd/conf/ssl/ssl.key/example.co.uk.key;
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #used to prevent poodle attacks for outdated protocols
-location / {
-        rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
-        rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
-        rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
-        rewrite ^/(?!lib/)(.*) /doku.php?id=$1&$args last;
-}
 location ~ \.php$ {
@@ Line 34: / Line 65: @@
     fastcgi_pass  127.0.0.1:9000;
     fastcgi_index index.php;
-    fastcgi_param SCRIPT_FILENAME /var/www/vhosts/wiki.lukeslinux.co.uk$fastcgi_script_name;
+    fastcgi_param SCRIPT_FILENAME /var/www/vhosts/example.co.uk$fastcgi_script_name;
     }
 }
 </sxh>
+\\
+\\