Nginx default configuration file issue











up vote
1
down vote

favorite












I'm using NGINX as a proxy server at port 80 and 443 for SSL, Apache at port 8082, and Varnish at port 81.



The reason for using NGINX is to send HTTP and HTTPS requests to Varnish and then Varnish will send it to the Apache server.



Below is my default NGINX configuration file:



#Redirect http www to https no-www
server {
server_name _;
access_log off;
}

#Redirect http no-www to https no-www
server {
// listening to port 80
listen "actual-server-ip";
listen [::]:80;
server_name localhost;
root /home/maindir;
index index.php;
access_log off;
port_in_redirect off;

location / {
allow 127.0.0.1;
auth_basic "Please enter username";
auth_basic_user_file /etc/nginx/.passfile1;
}

}

server {
// listening to port 443 for https requests
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
server_name localhost;
port_in_redirect off;
access_log off;
ssl_certificate /main/ssl/eth0___localhost.pem;
ssl_certificate_key /main/ssl/eth0___localhost.key;
ssl_trusted_certificate /main/ssl/eth0___localhost.ca;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_dhparam /root/dhparams.pem;
ssl_prefer_server_ciphers on;
ssl_ecdh_curve secp384r1;
root /home/maindir;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
index index.php index.html index.htm;

location / {
proxy_pass http://127.0.0.1:81; // to direct requests to varnish
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header HTTPS "on";
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_redirect off;
}

location ~ /.ht {
deny all;
}

}


But I have the following issues:




  1. It does not direct HTTP requests to HTTPS

  2. it does not direct non-www to www


So, is the following command right:



proxy_pass  http://127.0.0.1:81;  


to direct requests from NGINX to Varnish or should 127.0.0.1 be the actual server address?

Please, can you give me the right configuration for the default NGINX file?










share|improve this question




























    up vote
    1
    down vote

    favorite












    I'm using NGINX as a proxy server at port 80 and 443 for SSL, Apache at port 8082, and Varnish at port 81.



    The reason for using NGINX is to send HTTP and HTTPS requests to Varnish and then Varnish will send it to the Apache server.



    Below is my default NGINX configuration file:



    #Redirect http www to https no-www
    server {
    server_name _;
    access_log off;
    }

    #Redirect http no-www to https no-www
    server {
    // listening to port 80
    listen "actual-server-ip";
    listen [::]:80;
    server_name localhost;
    root /home/maindir;
    index index.php;
    access_log off;
    port_in_redirect off;

    location / {
    allow 127.0.0.1;
    auth_basic "Please enter username";
    auth_basic_user_file /etc/nginx/.passfile1;
    }

    }

    server {
    // listening to port 443 for https requests
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;
    server_name localhost;
    port_in_redirect off;
    access_log off;
    ssl_certificate /main/ssl/eth0___localhost.pem;
    ssl_certificate_key /main/ssl/eth0___localhost.key;
    ssl_trusted_certificate /main/ssl/eth0___localhost.ca;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_dhparam /root/dhparams.pem;
    ssl_prefer_server_ciphers on;
    ssl_ecdh_curve secp384r1;
    root /home/maindir;
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-Content-Type-Options nosniff;
    index index.php index.html index.htm;

    location / {
    proxy_pass http://127.0.0.1:81; // to direct requests to varnish
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header X-Forwarded-Port 443;
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-Host $http_host;
    proxy_set_header HTTPS "on";
    proxy_read_timeout 90;
    proxy_connect_timeout 90;
    proxy_redirect off;
    }

    location ~ /.ht {
    deny all;
    }

    }


    But I have the following issues:




    1. It does not direct HTTP requests to HTTPS

    2. it does not direct non-www to www


    So, is the following command right:



    proxy_pass  http://127.0.0.1:81;  


    to direct requests from NGINX to Varnish or should 127.0.0.1 be the actual server address?

    Please, can you give me the right configuration for the default NGINX file?










    share|improve this question


























      up vote
      1
      down vote

      favorite









      up vote
      1
      down vote

      favorite











      I'm using NGINX as a proxy server at port 80 and 443 for SSL, Apache at port 8082, and Varnish at port 81.



      The reason for using NGINX is to send HTTP and HTTPS requests to Varnish and then Varnish will send it to the Apache server.



      Below is my default NGINX configuration file:



      #Redirect http www to https no-www
      server {
      server_name _;
      access_log off;
      }

      #Redirect http no-www to https no-www
      server {
      // listening to port 80
      listen "actual-server-ip";
      listen [::]:80;
      server_name localhost;
      root /home/maindir;
      index index.php;
      access_log off;
      port_in_redirect off;

      location / {
      allow 127.0.0.1;
      auth_basic "Please enter username";
      auth_basic_user_file /etc/nginx/.passfile1;
      }

      }

      server {
      // listening to port 443 for https requests
      listen 443 ssl default_server;
      listen [::]:443 ssl default_server;
      server_name localhost;
      port_in_redirect off;
      access_log off;
      ssl_certificate /main/ssl/eth0___localhost.pem;
      ssl_certificate_key /main/ssl/eth0___localhost.key;
      ssl_trusted_certificate /main/ssl/eth0___localhost.ca;
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
      ssl_dhparam /root/dhparams.pem;
      ssl_prefer_server_ciphers on;
      ssl_ecdh_curve secp384r1;
      root /home/maindir;
      add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
      add_header X-Frame-Options SAMEORIGIN;
      add_header X-Content-Type-Options nosniff;
      index index.php index.html index.htm;

      location / {
      proxy_pass http://127.0.0.1:81; // to direct requests to varnish
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto https;
      proxy_set_header X-Forwarded-Port 443;
      proxy_set_header Host $http_host;
      proxy_set_header X-Forwarded-Host $http_host;
      proxy_set_header HTTPS "on";
      proxy_read_timeout 90;
      proxy_connect_timeout 90;
      proxy_redirect off;
      }

      location ~ /.ht {
      deny all;
      }

      }


      But I have the following issues:




      1. It does not direct HTTP requests to HTTPS

      2. it does not direct non-www to www


      So, is the following command right:



      proxy_pass  http://127.0.0.1:81;  


      to direct requests from NGINX to Varnish or should 127.0.0.1 be the actual server address?

      Please, can you give me the right configuration for the default NGINX file?










      share|improve this question















      I'm using NGINX as a proxy server at port 80 and 443 for SSL, Apache at port 8082, and Varnish at port 81.



      The reason for using NGINX is to send HTTP and HTTPS requests to Varnish and then Varnish will send it to the Apache server.



      Below is my default NGINX configuration file:



      #Redirect http www to https no-www
      server {
      server_name _;
      access_log off;
      }

      #Redirect http no-www to https no-www
      server {
      // listening to port 80
      listen "actual-server-ip";
      listen [::]:80;
      server_name localhost;
      root /home/maindir;
      index index.php;
      access_log off;
      port_in_redirect off;

      location / {
      allow 127.0.0.1;
      auth_basic "Please enter username";
      auth_basic_user_file /etc/nginx/.passfile1;
      }

      }

      server {
      // listening to port 443 for https requests
      listen 443 ssl default_server;
      listen [::]:443 ssl default_server;
      server_name localhost;
      port_in_redirect off;
      access_log off;
      ssl_certificate /main/ssl/eth0___localhost.pem;
      ssl_certificate_key /main/ssl/eth0___localhost.key;
      ssl_trusted_certificate /main/ssl/eth0___localhost.ca;
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
      ssl_dhparam /root/dhparams.pem;
      ssl_prefer_server_ciphers on;
      ssl_ecdh_curve secp384r1;
      root /home/maindir;
      add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
      add_header X-Frame-Options SAMEORIGIN;
      add_header X-Content-Type-Options nosniff;
      index index.php index.html index.htm;

      location / {
      proxy_pass http://127.0.0.1:81; // to direct requests to varnish
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto https;
      proxy_set_header X-Forwarded-Port 443;
      proxy_set_header Host $http_host;
      proxy_set_header X-Forwarded-Host $http_host;
      proxy_set_header HTTPS "on";
      proxy_read_timeout 90;
      proxy_connect_timeout 90;
      proxy_redirect off;
      }

      location ~ /.ht {
      deny all;
      }

      }


      But I have the following issues:




      1. It does not direct HTTP requests to HTTPS

      2. it does not direct non-www to www


      So, is the following command right:



      proxy_pass  http://127.0.0.1:81;  


      to direct requests from NGINX to Varnish or should 127.0.0.1 be the actual server address?

      Please, can you give me the right configuration for the default NGINX file?







      proxy redirection nginx






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 20 at 23:16









      Blackwood

      2,68161727




      2,68161727










      asked Nov 20 at 21:24









      Dany

      61




      61



























          active

          oldest

          votes











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "3"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1377107%2fnginx-default-configuration-file-issue%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown






























          active

          oldest

          votes













          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Super User!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1377107%2fnginx-default-configuration-file-issue%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          AnyDesk - Fatal Program Failure

          How to calibrate 16:9 built-in touch-screen to a 4:3 resolution?

          QoS: MAC-Priority for clients behind a repeater