Get the most out of your Centmin Mod LEMP stack
Become a Member

Add Your First Domain Name's Nginx Vhost Configuration.

Discussion in 'Install & Upgrades or Pre-Install Questions' started by yogaturtle, Dec 4, 2020.

Tags:
  1. yogaturtle

    yogaturtle New Member

    7
    0
    1
    Dec 4, 2020
    Ratings:
    +0
    Local Time:
    8:38 PM
    I am setting up my server by following the getting started guide. I have reached step 2:

    2. Add Your First Domain Name's Nginx Vhost Configuration.

    I am using New /usr/bin/nv SSH command line method.

    I entered this command in the terminal
    /usr/bin/nv -d newdomain.com -s y -u MYFTPUSERNAME

    I am reading where it says "If you want to enable auto index so you can see a directories listing of files when index.htm/index.php page doesn't exist, you need to uncomment autoindex on option and save newdomain.com.conf file and restart nginx server."

    How do I find and open this conf file?

    I have more questions, but first I want to get clear on this issue.


    I am using
    • CentOS Version: iCentOS 7 64bit on Linode
    • Centmin Mod Version Installed: 123.09beta01
    • Nginx Version Installed:
    • PHP Version Installed: 7.4
    • MariaDB MySQL Version Installed:
     
  2. eva2000

    eva2000 Administrator Staff Member

    46,238
    10,510
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,293
    Local Time:
    10:38 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    All Centmin Mod files/structures are outlined at Centmin Mod Configuration Files - CentminMod.com LEMP Nginx web stack for CentOS as well as when you create the Nginx vhost you will see the list of directory and config file paths outputted at the end too

    For nginx config domain vhost file
     
  3. yogaturtle

    yogaturtle New Member

    7
    0
    1
    Dec 4, 2020
    Ratings:
    +0
    Local Time:
    8:38 PM
  4. eva2000

    eva2000 Administrator Staff Member

    46,238
    10,510
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,293
    Local Time:
    10:38 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    Easiest way to edit configuration or any files on your server is via logging into your server via ssh and directly editing them using nano or vim linux text editors.

    For nano which you can read up more about nano here and here. For vim text editor read here and here and thread at WebPerf - Popular Vim Commands – a Comprehensive Vim Cheatsheet

    Also there's numerous online how to use guides for nano and vim you can search for via google :)

    Try both and see which you prefer. Test on a test text file you can create and edit. It's an age old debate vim vs nano :)

    I prefer nano :D
     
  5. yogaturtle

    yogaturtle New Member

    7
    0
    1
    Dec 4, 2020
    Ratings:
    +0
    Local Time:
    8:38 PM
    My question is more basic. How do I actually locate the files and open them in nano? I have used nano in the past. I have been using Linux for a few years, but I am still considered a newbie.
     
  6. eva2000

    eva2000 Administrator Staff Member

    46,238
    10,510
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,293
    Local Time:
    10:38 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    did you read the nano guides i linked to Add Your First Domain Name's Nginx Vhost Configuration. ? highly recommend you do. You can do google search for 'nano guides' to read more of them too

    you invoke nano with the filename to open it i.e.
    Code (Text):
    nano filename.txt
    nano /path/to/filename.txt

    or
    Code (Text):
    cd /directoryname
    nano fileinsidedirectory.txt


    Official FAQ item 16 also lists some Centmin Mod command shortcuts which when typed will also invoke nano editor and open directly the relevant config file/file for editing FAQ - CentminMod.com LEMP Nginx web stack for CentOS
     
  7. yogaturtle

    yogaturtle New Member

    7
    0
    1
    Dec 4, 2020
    Ratings:
    +0
    Local Time:
    8:38 PM
    I am now at the section titled How To Force Redirect From HTTP:// To HTTPS:// ?

    I followed the instructions for : (for redirecting Parked at Loopia and Parked at Loopia to https://newdomain.com)

    But when I go to my site it still doesn't go to the https. See code below. Why does my code have "listen 80:" in the code, but the example on your website does not? I am not sure why it isn't working.

    If I manually enter https://happytechteachers.com I can get to the secure site, but I am shown a warning sign first which says there might be a security risk.


    Also, I don't know why cloudflare is shown in the code. I am using Linode for the DNS, not cloudfare.


    Centmin Mod Getting Started Guide
    # must read Getting Started Guide - CentminMod.com LEMP Nginx web stack for CentOS
    # For HTTP/2 SSL Setup
    # read Nginx HTTP/2 & SPDY SSL Configuration - CentminMod.com LEMP Nginx web stack for CentOS

    # redirect from www to non-www forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    server {
    listen 80;
    server_name happytechteachers.com www.happytechteachers.com;
    return 301 https://happytechteachers.com$request_uri;
    }

    server {
    listen 443 ssl http2 reuseport;
    server_name happytechteachers.com www.happytechteachers.com;

    ssl_dhparam /usr/local/nginx/conf/ssl/happytechteachers.com/dhparam.pem;
    ssl_certificate /usr/local/nginx/conf/ssl/happytechteachers.com/happy
    techteachers.com.crt;
    ssl_certificate_key /usr/local/nginx/conf/ssl/happytechteachers.com/happy
    techteachers.com.key;
    include /usr/local/nginx/conf/ssl_include.conf;

    # cloudflare authenticated origin pull cert community.centminmod.com/threa
    ds/13847/
    @
     
    Last edited: Dec 7, 2020
  8. eva2000

    eva2000 Administrator Staff Member

    46,238
    10,510
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,293
    Local Time:
    10:38 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    For posting code or output from commands or nginx vhost/config file output to keep the formatting, you might want to use CODE tags for code How to use forum BBCODE code tags :)

    Nginx when listen directive is not listed it automatically defaults to listen 80 port.
    That is for Cloudflare Authenticated Origin Pull setups and is disabled by default with commented out line with hash # in front. See Cloudflare - Setting Up Cloudflare Authenticated Origin Pulls Protecting Your Origins so it's in the nginx vhost just for convenience for folks if they use Cloudflare, they can just uncomment and remove hash # in front of the line to enable it.

    Key to testing is using 302 temp redirect first in a private incognito browser session otherwise the problems you can experience may end up being due to browser caching or 301 permanent redirects unless you clear browser cache and reboot local computer(s) and even then some web browsers don't let go of 301 permanent redirect browser cache that willingly :)

    You can test in SSH via curl to check headers for location field (where the redirect goes) using the following commands:
    Code (Text):
    curl -I http://domain.com
    

    Code (Text):
    curl -I http://www.domain.com
    

    Code (Text):
    curl -I https://domain.com
    

    Code (Text):
    curl -I https://www.domain.com
    


    When you create a new nginx vhost domain via centmin.sh menu option 2 or menu option 22 or via /usr/bin/nv cli command line, you will create the Nginx vhost files and directories. You will get an outputted the path location where it will create the domain name's vhost conf file named newdomain.com.conf (and newdomain.com.ssl.conf if you selected yes to self signed SSL)
    • Nginx vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.conf
    • Nginx HTTP/2 SSL vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf
    • Nginx Self-Signed SSL Certificate Directory at /usr/local/nginx/conf/ssl/newdomain.com
    • Vhost public web root will be at /home/nginx/domains/newdomain.com/public
    • Vhost log directory will be at /home/nginx/domains/newdomain.com/log
    Please post the contents of /usr/local/nginx/conf/conf.d/newdomain.com.conf and if applicable /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf wrapped in CODE tags (outlined at How to use forum BBCODE code tags)
     
  9. yogaturtle

    yogaturtle New Member

    7
    0
    1
    Dec 4, 2020
    Ratings:
    +0
    Local Time:
    8:38 PM
    For the /usr/local/nginx/conf/conf.d/newdomain.com.conf file, it is currently disabled.

    Here is the /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf I had to save each page from nano editor and then combine them because I couldn't figure out how to export the entire contents of the file at one time. I could only print one screen at a time:

    Code:
      GNU nano 2.3.1      File: happytechteachers.com.ssl.conf                
    
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For HTTP/2 SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
     server {
           listen   80;
           server_name happytechteachers.com www.happytechteachers.com;
           return 301 https://happytechteachers.com$request_uri;
     }
    
    server {
      listen 443 ssl http2 reuseport;
      server_name happytechteachers.com www.happytechteachers.com;
    
      ssl_dhparam /usr/local/nginx/conf/ssl/happytechteachers.com/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/happytechteachers.com/happ$
      ssl_certificate_key  /usr/local/nginx/conf/ssl/happytechteachers.com/happ$
      include /usr/local/nginx/conf/ssl_include.conf;
    
      # cloudflare authenticated origin pull cert community.centminmod.com/thre$
                             [ Mouse support disabled ]
    ^G Get Help ^O WriteOut ^R Read File^Y Prev Page^K Cut Text ^C Cur Pos
    ^X Exit     ^J Justify  ^W Where Is ^V Next Page^U UnCut Tex^T To Spell
      # cloudflare authenticated origin pull cert community.centminmod.com/thre$
      #ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/happytechtea$
      #ssl_verify_client on;
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      http2_max_requests 50000;
      # mozilla recommended
      ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECD$
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
    
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_se$
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomain$
      #add_header X-Frame-Options SAMEORIGIN;
      add_header X-Xss-Protection "1; mode=block" always;
      add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
      #add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=$
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
    
      # enable ocsp stapling
                             [ Mouse support disabled ]
    ^G Get Help ^O WriteOut ^R Read File^Y Prev Page^K Cut Text ^C Cur Pos
    ^X Exit     ^J Justify  ^W Where Is ^V Next Page^U UnCut Tex^T To Spell
      # enable ocsp stapling
      #resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=10m;
      #resolver_timeout 10s;
      #ssl_stapling on;
      #ssl_stapling_verify on;
      #ssl_trusted_certificate /usr/local/nginx/conf/ssl/happytechteachers.com/$
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/happytechteachers.com/log/access.log combi$
      error_log /home/nginx/domains/happytechteachers.com/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/happytechteachers.com/autoprote$
      root /home/nginx/domains/happytechteachers.com/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
                             [ Mouse support disabled ]
    ^G Get Help ^O WriteOut ^R Read File^Y Prev Page^K Cut Text ^C Cur Pos
    ^X Exit     ^J Justify  ^W Where Is ^V Next Page^U UnCut Tex^T To Spell
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Wordpress Permalinks example
      #try_files $uri $uri/ /index.php?q=$uri&$args;
    
      }
    
      include /usr/local/nginx/conf/php.conf;
    
      include /usr/local/nginx/conf/pre-staticfiles-local-happytechteachers.com$
                             [ Mouse support disabled ]
    ^G Get Help ^O WriteOut ^R Read File^Y Prev Page^K Cut Text ^C Cur Pos
    ^X Exit     ^J Justify  ^W Where Is ^V Next Page^U UnCut Tex^T To Spell
    
      include /usr/local/nginx/conf/pre-staticfiles-local-happytechteachers.com$
      include /usr/local/nginx/conf/pre-staticfiles-global.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
                             [ Mouse support disabled ]
    ^G Get Help ^O WriteOut ^R Read File^Y Prev Page^K Cut Text ^C Cur Pos
    ^X Exit     ^J Justify  ^W Where Is ^V Next Page^U UnCut Tex^T To Spell
     
  10. eva2000

    eva2000 Administrator Staff Member

    46,238
    10,510
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,293
    Local Time:
    10:38 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    all you need to do to output contents of file in Linux is use cat command
    Code (Text):
    cat /usr/local/nginx/conf/conf.d/newdomain.com.conf


    Also ensure your SSH client's scrollback buffer is larger so it can output more lines so you can scrollback and view them all
     
  11. yogaturtle

    yogaturtle New Member

    7
    0
    1
    Dec 4, 2020
    Ratings:
    +0
    Local Time:
    8:38 PM

    Regarding /usr/local/nginx/conf/conf.d/newdomain.com.conf, I can't remember what I did earlier which changed the file to having a filename with disabled at the end of it. Does this need to be enabaled?

    Here is the code for /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf

    Code:
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For HTTP/2 SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
     server {
           listen   80;
           server_name happytechteachers.com www.happytechteachers.com;
           return 301 https://happytechteachers.com$request_uri;
     }
    
    server {
      listen 443 ssl http2 reuseport;
      server_name happytechteachers.com www.happytechteachers.com;
    
      ssl_dhparam /usr/local/nginx/conf/ssl/happytechteachers.com/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/happytechteachers.com/happytechteachers.com.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/happytechteachers.com/happytechteachers.com.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      # cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
      #ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/happytechteachers.com/origin.crt;
      #ssl_verify_client on;
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      http2_max_requests 50000;
      # mozilla recommended
      ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
    
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      add_header X-Xss-Protection "1; mode=block" always;
      add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
      #add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()";
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
     
      # enable ocsp stapling
      #resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=10m;
      #resolver_timeout 10s;
      #ssl_stapling on;
      #ssl_stapling_verify on;
      #ssl_trusted_certificate /usr/local/nginx/conf/ssl/happytechteachers.com/happytechteachers.com-trusted.crt; 
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/happytechteachers.com/log/access.log combined buffer=256k flush=5m;
      error_log /home/nginx/domains/happytechteachers.com/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/happytechteachers.com/autoprotect-happytechteachers.com.conf;
      root /home/nginx/domains/happytechteachers.com/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Wordpress Permalinks example
      #try_files $uri $uri/ /index.php?q=$uri&$args;
    
      }
    
      include /usr/local/nginx/conf/php.conf;
     
      include /usr/local/nginx/conf/pre-staticfiles-local-happytechteachers.com.conf;
      include /usr/local/nginx/conf/pre-staticfiles-global.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    
     
  12. eva2000

    eva2000 Administrator Staff Member

    46,238
    10,510
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,293
    Local Time:
    10:38 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    If you selected Letsencrypt with HTTPS default, then the non-HTTPS nginx vhost gets disabled this way so that is fine.

    here's your issue from centminmod.com/nginx_domain_dns_setup.html#httpsredirect is the correct way to set it up - pay attention to different way if you want redirect target being www version instead of non-www and vice versa and that the target version www or non-www is the only version listed in server_name for the 2nd/main server {} context.

    So target server_name directive only lists non-www version
    Code (Text):
     server {
          listen   80;
          server_name happytechteachers.com www.happytechteachers.com;
          return 301 https://happytechteachers.com$request_uri;
     }
    
    server {
      listen 443 ssl http2 reuseport;
      server_name happytechteachers.com;
    

    This tells nginx non-https non-www and www versions of domain redirect to https version of non-www domain

    If you want to redirect non-www non-https to https non-www, you will have add a 3rd server{} context to your Nginx HTTPS SSL vhost config file as outlined here.

    This tells nginx that non-https non-www/www domain redirects to https non-www domain and non-https www domain redirects to https non-www domain

    Code (Text):
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For HTTP/2 SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
     server {
       server_name newdomain.com www.newdomain.com;
       return 302 https://newdomain.com$request_uri;
     }
    
    server {
      listen 443 ssl http2;
      server_name www.newdomain.com;
      return 302 https://newdomain.com$request_uri;
    
      ssl_dhparam /usr/local/nginx/conf/ssl/newdomain.com/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    }
    
    server {
      listen 443 ssl http2;
      server_name newdomain.com;
    
      ssl_dhparam /usr/local/nginx/conf/ssl/newdomain.com/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    
    < snipped the rest of the nginx settings >

    Notice the middle server{} context tells Nginx to redirect www domain HTTPS requests to non-www domain HTTPS requests While first server{} context tells Nginx to redirect both non-HTTPS non-www and www domain requests to HTTPS requests for non-www domain on third server{} context.

    key to testing is using 302 temp redirect first in a private incognito browser session otherwise the problems you can experience may end up being due to browser caching or 301 permanent redirects unless you clear browser cache and reboot local computer(s) and even then some web browsers don't let go of 301 permanent redirect browser cache that willingly :)