Nginx only serves 1 App

Moshe Katz kohenkatz at gmail.com
Wed May 16 03:44:10 UTC 2018


That last "# managed by Certbot" section looks wrong - it shouldn't be
using "if ($host = ...", since that's inefficient and there are much better
ways to do it.

I have a very similar server, so here are the config files I use for it. I
don't like pasting them into emails, so I made a GitHub Gist:
https://gist.github.com/kohenkatz/08a74d757e0695f4ec3dc34c44ea4369 (that
also means I can edit it later if it doesn't work for you).

Note that with this configuration you have to run Certbot in "certonly"
mode instead of nginx mode. However, that is very easy.
I have eight servers configured in this exact way (though most of them with
applications other than Seafile and Mattermost, but it doesn't matter).

Here is the certbot command I use:
sudo certbot certonly --webroot -w  /usr/share/nginx/html -d
domain-name-here.example.com
(If you changed the path for `.well-known` in the config files in my Gist,
you will also need to change it here.)

Let me know how this works for you.

Moshe

--
Moshe Katz
-- kohenkatz at gmail.com
-- +1(301)867-3732


On Tue, May 15, 2018 at 4:32 PM Nginx-Chris <nginx-forum at forum.nginx.org>
wrote:

> Dear Moshe
>
> I did switch off the seafile configuration and that means that the normal
> chat.mydomain.com works again with nginx.,
>
> I did then do
>
> > sudo certbot --nginx
>
> and the sitechat.mydomain.com now runs on with SSL.
>
> So then I switch seafile conf on again --> Seafile works as always.
>
> AND mattermost on chat.mydomain.com works, but ONLY if I add https:// in
> front of the web address.
>
> So:
>
> chat.mydomain.com <-- does only work when seafile off (then redirects)
> http://chat.mydomain.com <--  does only work when seafile off (then
> redirects)
>
> https://chat.mydomain.com <-- works when seafile is on and/or off.
>
> Why does nginx not redirect the chat.mydomain.com to https?
>
> The new config for chat.mydomain.com is this. it got changed by certbot
> automatically.
>
> MATTERMOST:
>
>    server 127.0.0.1:8065;
> }
>
> proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m
> max_size=3g inactive=120m use_temp_path=off;
>
> server {
>    server_name chat.mydomain.com;
>
>    location ~/api/v[0-9]+/(users/)?websocket$ {
>        proxy_set_header Upgrade $http_upgrade;
>        proxy_set_header Connection "upgrade";
>        client_max_body_size 50M;
>        proxy_set_header Host $http_host;
>        proxy_set_header X-Real-IP $remote_addr;
>        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>        proxy_set_header X-Forwarded-Proto $scheme;
>        proxy_set_header X-Frame-Options SAMEORIGIN;
>        proxy_buffers 256 16k;
>        proxy_buffer_size 16k;
>        proxy_read_timeout 600s;
>        proxy_pass http://backend;
>    }
>
>    location / {
>        client_max_body_size 50M;
>        proxy_set_header Connection "";
>        proxy_set_header Host $http_host;
>        proxy_set_header X-Real-IP $remote_addr;
>        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>        proxy_set_header X-Forwarded-Proto $scheme;
>        proxy_set_header X-Frame-Options SAMEORIGIN;
>        proxy_buffers 256 16k;
>        proxy_buffer_size 16k;
>        proxy_read_timeout 600s;
>        proxy_cache mattermost_cache;
>        proxy_cache_revalidate on;
>        proxy_cache_min_uses 2;
>        proxy_cache_use_stale timeout;
>        proxy_cache_lock on;
>        proxy_pass http://backend;
>    }
>
>     listen 443 ssl; # managed by Certbot
>     ssl_certificate /etc/letsencrypt/live/chat.mydomain.com/fullchain.pem;
> #
> managed by Certbot
>     ssl_certificate_key /etc/letsencrypt/live/
> chat.mydomain.com/privkey.pem;
> # managed by Certbot
>     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
>     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
>
> }
>
>
> server {
>     if ($host = chat.mydomain.com) {
>         return 301 https://$host$request_uri;
>     } # managed by Certbot
>
>
>
>    listen 80;
>    server_name chat.mydomain.com;
>     return 404; # managed by Certbot
>
> Posted at Nginx Forum:
> https://forum.nginx.org/read.php?2,279794,279806#msg-279806
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20180515/43c49b0a/attachment-0001.html>


More information about the nginx mailing list