Discover Centmin Mod today
Register Now

Nginx Issue with server

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by dooma, Jan 14, 2018.

  1. dooma

    dooma Active Member

    295
    31
    28
    Oct 15, 2016
    Cairo
    Ratings:
    +44
    Local Time:
    5:21 AM
    Please fill in any relevant information that applies to you:
    • CentOS Version: i.e. CentOS 7 64bit ?
    • Centmin Mod Version Installed: i.e. 123.09beta01
    • Nginx Version Installed: i.e. 1.13.8
    • PHP Version Installed: i.e. 5.6.30
    • MariaDB MySQL Version Installed: i.e. 10.0.21 or 10.1.21

    Hello

    I have an issue that I am not able to define it.

    I have installed my website and centminmod successfully and then I tried to make some edits with conf file to rewrite rules of my website links then I think I made a mistake and the nginx not able to be restarted then I disabled the main conf file at this moment the website send me to centminmod main page(although my website is installed).

    I used SSL conf file and installed my SSL and it's now working fine but the website giving me to the centminmod install page not my website.


    Code (Text):
    # cat /usr/local/nginx/conf/conf.d/mydomain.net.ssl.conf
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For HTTP/2 SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    # server {
    #       listen   80;
    #       server_name mydomain.net www.mydomain.net;
    #       return 302 https://$server_name$request_uri;
    # }
    
    server {
      listen 443 ssl http2;
      server_name mydomain.net www.mydomain.net;
    
      ssl_dhparam /usr/local/nginx/conf/ssl/mydomain.net/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/mydomainnet/ssl-unified.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/mydomainnet/mydomain_net.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # mozilla recommended
      ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
    
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
    
      # enable ocsp stapling
      #resolver 8.8.8.8 8.8.4.4 valid=10m;
      #resolver_timeout 10s;
      #ssl_stapling on;
      #ssl_stapling_verify on;
      #ssl_trusted_certificate /usr/local/nginx/conf/ssl/mydomain.net/mydomain.net-trusted.crt;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/mydomain.net/log/access.log combined buffer=256k flush=5m;
      error_log /home/nginx/domains/mydomain.net/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/mydomain.net/autoprotect-mydomain.net.conf;
      root /home/nginx/domains/mydomain.net/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Wordpress Permalinks example
      #try_files $uri $uri/ /index.php?q=$uri&$args;
    
      }
    
      include /usr/local/nginx/conf/pre-staticfiles-local-mydomain.net.conf;
      include /usr/local/nginx/conf/pre-staticfiles-global.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
    
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }


    ** the centminmod files are deleted and i uploaded my website file so from where I'm getting it ??!

    Thanks
     
  2. eva2000

    eva2000 Administrator Staff Member

    36,055
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    1:21 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    always backup your files before editing the vhosts just in case :)

    Each time you upgrade Nginx an auto backup of nginx conf files and ssl directories is generated. See http://centminmod.com/nginx.html#autobackup and http://centminmod.com/configfiles.html
    So if you accidentally deleted your Nginx vhost files at /usr/local/nginx/conf/conf.d/ and/or SSL files at /usr/local/nginx/conf/ssl/ you can restore a previous copy from /usr/local/nginxbackup which has 2 directories
    1. /usr/local/nginxbackup/confbackup which is backup for everything within /usr/local/nginx/conf including subdirectories like /usr/local/nginx/conf/conf.d/
    2. /usr/local/nginxbackup/nginxdirbackup which is backup for everything within /usr/local/nginx/ including subdirectories
    Code (Text):
    ls -lah /usr/local/nginxbackup
    total 32K
    drwxr-xr-x.   4 root root 4.0K Apr  4  2017 .
    drwxr-xr-x.  22 root root 4.0K Sep  9 05:27 ..
    drwxr-xr-x. 212 root root  12K Nov 20 00:25 confbackup
    drwxr-xr-x. 212 root root  12K Nov 20 00:25 nginxdirbackup
    

    So for instance for backup dated 310817 = 31 August, 2017 at /usr/local/nginxbackup/confbackup/conf_310817-005457/conf.d/ would have Nginx vhost config files which were backed up from /usr/local/nginx/conf/conf.d/
    Code (Text):
    ls -lah /usr/local/nginxbackup/confbackup/conf_310817-005457/conf.d/
    
    -rw-r--r--  1 root root 1.1K Aug 30 18:55 demodomain.com.conf
    -rw-r--r--  1 root root 2.0K Aug 30 18:55 domain1.com.conf
    -rw-r--r--  1 root root 3.3K Aug 30 18:55 domain1.com.ssl.conf
    -rw-r--r--  1 root root  846 Aug 30 18:55 ssl.conf
    -rw-r--r--  1 root root 2.6K Aug 30 18:55 virtual.conf
    

    and /usr/local/nginxbackup/confbackup/conf_310817-005457/ssl would contain the nginx ssl certificate files backed up from /usr/local/nginx/conf/ssl

    So contents of /usr/local/nginxbackup/confbackup/conf_310817-005457/ssl
    Code (Text):
    ls -lah /usr/local/nginxbackup/confbackup/conf_310817-005457/ssl
    
    drwxr-xr-x. 2 root root 4.0K Apr  4  2017 domain1.com
    

    has /usr/local/nginxbackup/confbackup/conf_310817-005457/ssl/domain1.com backups for /usr/local/nginx/conf/ssl/domain1.com
    Code (Text):
    ls -lah /usr/local/nginxbackup/confbackup/conf_310817-005457/ssl/domain1.com
    total 40K
    drwxr-xr-x. 2 root root 4.0K Apr  4  2017 .
    drwxr-xr-x. 6 root root 4.0K Jun 23 11:24 ..
    -rw-r--r--. 1 root root  424 Apr  4  2017 dhparam.pem
    -rw-r--r--. 1 root root  952 Apr  4  2017 domain1.com-backup.csr
    -rw-r--r--. 1 root root 1.7K Apr  4  2017 domain1.com-backup.key
    -rw-r--r--. 1 root root 1.1K Apr  4  2017 domain1.com.crt
    -rw-r--r--. 1 root root  952 Apr  4  2017 domain1.com.csr
    -rw-r--r--. 1 root root 1.7K Apr  4  2017 domain1.com.key
    -rw-r--r--. 1 root root   45 Apr  4  2017 hpkp-info-primary-pin.txt
    -rw-r--r--. 1 root root   45 Apr  4  2017 hpkp-info-secondary-pin.txt
    


    you deleted them yourself or the accidentally deleted somehow ?

    so /home/nginx/domains/mydomain.net and subdirectories like public web root at /home/nginx/domains/mydomain.net/public are deleted ?
     
  3. dooma

    dooma Active Member

    295
    31
    28
    Oct 15, 2016
    Cairo
    Ratings:
    +44
    Local Time:
    5:21 AM
    The website is giving me the default message although I have deleted the files from public folder by myself.

    This page is used to test the proper operation of the Centmin Mod based Nginx HTTP server after it has been installed. If you can read this page, it means that the Nginx HTTP server installed at this site is working properly.
     
  4. dooma

    dooma Active Member

    295
    31
    28
    Oct 15, 2016
    Cairo
    Ratings:
    +44
    Local Time:
    5:21 AM
    update : this folder nginxbackup is not found (no such file or directory).
     
  5. eva2000

    eva2000 Administrator Staff Member

    36,055
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    1:21 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    so you only deleted files within public web root at /home/nginx/domains/mydomain.net/public not deleting the directories and subdirectories at /home/nginx/domains/mydomain.net/ ?

    /usr/local/nginxbackup directory is created the first time you run centmin.sh menu option 4 to upgrade nginx. If it's a new server and have yet to run upgrade for nginx, there will be no /usr/local/nginxbackup directory and no backups available

    which main conf file ? at /usr/local/nginx/conf/conf.d/virtual.conf ? do not disable that
     
  6. dooma

    dooma Active Member

    295
    31
    28
    Oct 15, 2016
    Cairo
    Ratings:
    +44
    Local Time:
    5:21 AM
    I disabled this :
    /usr/local/nginx/conf/conf.d/mydomain.net.conf

    Thanks
     
  7. eva2000

    eva2000 Administrator Staff Member

    36,055
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    1:21 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    oh that yes if you domain DNS point to IP still with A record and that vhost is disabled, then visiting domain will go to main default nginx page. If you re-enable your mydomain.net.conf vhost, visiting domain should go back to your domain's site
     
  8. dooma

    dooma Active Member

    295
    31
    28
    Oct 15, 2016
    Cairo
    Ratings:
    +44
    Local Time:
    5:21 AM
    Thanks for your replay. :)

    How can I re enable it ?

    and

    I have another server which this file is disabled too and the link goes to the main website not the default . why ?
     
  9. eva2000

    eva2000 Administrator Staff Member

    36,055
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    1:21 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    How did you disable it ? just reverse what you did. If you deleted the vhost config file, then you need to re-create it at that location.
     
    • Like Like x 1
  10. dooma

    dooma Active Member

    295
    31
    28
    Oct 15, 2016
    Cairo
    Ratings:
    +44
    Local Time:
    5:21 AM
    when I reversed it, the website becomes down :

    Code (Text):
    mv /usr/local/nginx/conf/conf.d/mydomain.net.conf-disabled /usr/local/nginx/conf/conf.d/mydomain.net.conf
    [15:56][[email protected] ~]# nprestart
    Restarting nginx (via systemctl):  Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
                                                               [FAILED]
    Gracefully shutting down php-fpm . done
    Starting php-fpm [14-Jan-2018 15:56:35] NOTICE: PHP message: PHP Warning:  Cannot load module 'redis' because required module 'igbinary' is not loaded in Unknown on line 0
     done
    [15:56][[email protected] ~]# systemctl status nginx.service
    ‚óŹ nginx.service - SYSV: Nginx is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3 proxy server
       Loaded: loaded (/etc/rc.d/init.d/nginx; bad; vendor preset: disabled)
       Active: failed (Result: exit-code) since Sun 2018-01-14 15:56:34 UTC; 1min 20s ago
         Docs: man:systemd-sysv-generator(8)
      Process: 30850 ExecStop=/etc/rc.d/init.d/nginx stop (code=exited, status=0/SUCCESS)
      Process: 30863 ExecStart=/etc/rc.d/init.d/nginx start (code=exited, status=1/FAILURE)
     Main PID: 23142 (code=exited, status=0/SUCCESS)
    
    Jan 14 15:56:34 server2.mydomain.net systemd[1]: Starting SYSV: Nginx is an ....
    Jan 14 15:56:34 server2.mydomain.net nginx[30863]: Starting nginx: nginx: [em...
    Jan 14 15:56:34 server2.mydomain.net nginx[30863]: [FAILED]
    Jan 14 15:56:34 server2.mydomain.net systemd[1]: nginx.service: control proc...1
    Jan 14 15:56:34 server2.mydomain.net systemd[1]: Failed to start SYSV: Nginx....
    Jan 14 15:56:34 server2.mydomain.net systemd[1]: Unit nginx.service entered ....
    Jan 14 15:56:34 server2.mydomain.net systemd[1]: nginx.service failed.
    Hint: Some lines were ellipsized, use -l to show in full.
    
     
  11. eva2000

    eva2000 Administrator Staff Member

    36,055
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    1:21 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    when misconfigured vhosts cause nginx to not start up

    run nginx test config command to report what the error is
    Code (Text):
    nginx -t
     
  12. dooma

    dooma Active Member

    295
    31
    28
    Oct 15, 2016
    Cairo
    Ratings:
    +44
    Local Time:
    5:21 AM
    Code (Text):
     nginx -t
    nginx: [emerg] unexpected end of file, expecting "}" in /usr/local/nginx/conf/conf.d/mydomain.net.conf:68
    nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
     
  13. eva2000

    eva2000 Administrator Staff Member

    36,055
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    1:21 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    missing a closing curly bracket in your vhost file at /usr/local/nginx/conf/conf.d/mydomain.net.conf so double check the opening/closing paired {} brackets exist for each section in your vhost
     
  14. dooma

    dooma Active Member

    295
    31
    28
    Oct 15, 2016
    Cairo
    Ratings:
    +44
    Local Time:
    5:21 AM
    Thank you and the website is back but when tried to force the ssl according to the centminmod doc.. the website comes down now although the nginx is restarting fine:

    Code (Text):
    cat mydomain.net.ssl.conf
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For HTTP/2 SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
     server {
           listen   80;
           server_name mydomain.net www.mydomain.net;
           return 302 https://$server_name$request_uri;
     }
    
    server {
      listen 443 ssl http2;
      server_name mydomain.net www.mydomain.net;
    
      ssl_dhparam /usr/local/nginx/conf/ssl/mydomain.net/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/mydomainnet/ssl-unified.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/mydomainnet/mydomain_net.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # mozilla recommended
      ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
    
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
    
      # enable ocsp stapling
      #resolver 8.8.8.8 8.8.4.4 valid=10m;
      #resolver_timeout 10s;
      #ssl_stapling on;
      #ssl_stapling_verify on;
      #ssl_trusted_certificate /usr/local/nginx/conf/ssl/mydomain.net/mydomain.net-trusted.crt;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/mydomain.net/log/access.log combined buffer=256k flush=5m;
      error_log /home/nginx/domains/mydomain.net/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/mydomain.net/autoprotect-mydomain.net.conf;
      root /home/nginx/domains/mydomain.net/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Wordpress Permalinks example
      #try_files $uri $uri/ /index.php?q=$uri&$args;
    
      }
    
      include /usr/local/nginx/conf/pre-staticfiles-local-mydomain.net.conf;
      include /usr/local/nginx/conf/pre-staticfiles-global.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
    
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    


    I disabled it according to Nginx Vhost & NSD DNS Setup - CentminMod.com LEMP Nginx web stack for CentOS

    Code (Text):
    cat mydomain.net.conf-disabled
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    
    # redirect from non-www to www
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    #  server {
    #            listen   80;
    #            server_name mydomain.net www.mydomain.net;
    #            return 302 https://mydomain.net$request_uri;
    #       }
    
    server {
    
      server_name mydomain.net www.mydomain.net;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/mydomain.net/log/access.log combined buffer=256k flush=5m;
      error_log /home/nginx/domains/mydomain.net/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/mydomain.net/autoprotect-mydomain.net.conf;
      root /home/nginx/domains/mydomain.net/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      # prevent access to ./directories and files
      #location ~ (?:^|/)\. {
      # deny all;
      #}
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Wordpress Permalinks example
      #try_files $uri $uri/ /index.php?q=$uri&$args;
    
      include /usr/local/nginx/conf/pre-staticfiles-local-mydomain.net.conf;
      include /usr/local/nginx/conf/pre-staticfiles-global.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
    
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    }
     
  15. dooma

    dooma Active Member

    295
    31
    28
    Oct 15, 2016
    Cairo
    Ratings:
    +44
    Local Time:
    5:21 AM
    Hello @eva2000 , can you tell me what is your opinion please about the last replay?

    Thanks alot
     
  16. eva2000

    eva2000 Administrator Staff Member

    36,055
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    1:21 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Posted at centminmod.com/nginx_domain_dns_setup.html#httpsredirect

    key to testing is using 302 temp redirect first in a private incognito browser session otherwise the problems you can experience may end up being due to browser caching or 301 permanent redirects unless you clear browser cache and reboot local computer(s) and even then some web browsers don't let go of 301 permanent redirect browser cache that willingly :)

    You can test in SSH via curl to check headers for location field (where the redirect goes) using the following commands:
    Code (Text):
    curl -I http://domain.com
    

    Code (Text):
    curl -I http://www.domain.com
    

    Code (Text):
    curl -I https://domain.com
    

    Code (Text):
    curl -I https://www.domain.com
    

    what output do you get first

    You probably in redirect loop as your main server context lists both www and non-www domain in server_name, it should just list the one you want to redirect to
    Code (Text):
     server {
          listen   80;
          server_name mydomain.net www.mydomain.net;
          return 302 https://$server_name$request_uri;
     }
    
    server {
      listen 443 ssl http2;
      server_name mydomain.net www.mydomain.net;
    

    So if non-www is preferred one, change 1st server context $server_name to mydomain.net and 2nd server context server_name to preferred one
    Code (Text):
     server {
          listen   80;
          server_name mydomain.net www.mydomain.net;
          return 302 https://mydomain.net$request_uri;
     }
    
    server {
      listen 443 ssl http2;
      server_name mydomain.net;
    
     
  17. dooma

    dooma Active Member

    295
    31
    28
    Oct 15, 2016
    Cairo
    Ratings:
    +44
    Local Time:
    5:21 AM
    Hello,

    I modified the ssl conf file as u said and still the issue despite clearing the cache of my browser and the mydomain.net.conf file is disabled.

    Code (Text):
    cat /usr/local/nginx/conf/conf.d/mydomain.net.ssl.conf
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For HTTP/2 SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
     server {
           listen   80;
           server_name mydomain.net www.mydomain.net;
           return 302 https://mydomain.net$request_uri;
     }
    
    server {
      listen 443 ssl http2;
      server_name mydomain.net;
    
      ssl_dhparam /usr/local/nginx/conf/ssl/mydomain.net/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/mydomainnet/ssl-unified.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/mydomainnet/mydomain_net.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # mozilla recommended
      ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
    
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
    
      # enable ocsp stapling
      #resolver 8.8.8.8 8.8.4.4 valid=10m;
      #resolver_timeout 10s;
      #ssl_stapling on;
      #ssl_stapling_verify on;
      #ssl_trusted_certificate /usr/local/nginx/conf/ssl/mydomain.net/mydomain.net-trusted.crt;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/mydomain.net/log/access.log combined buffer=256k flush=5m;
      error_log /home/nginx/domains/mydomain.net/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/mydomain.net/autoprotect-mydomain.net.conf;
      root /home/nginx/domains/mydomain.net/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Wordpress Permalinks example
      #try_files $uri $uri/ /index.php?q=$uri&$args;
    
      }
    
      include /usr/local/nginx/conf/pre-staticfiles-local-mydomain.net.conf;
      include /usr/local/nginx/conf/pre-staticfiles-global.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
    
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    


    may be php issue ?

    Code (Text):
     nprestart
    Restarting nginx (via systemctl):                          [  OK  ]
    Gracefully shutting down php-fpm . done
    Starting php-fpm [15-Jan-2018 20:05:02] NOTICE: PHP message: PHP Warning:  Cannot load module 'redis' because required module 'igbinary' is not loaded in Unknown on line 0
     done
    
     
  18. dooma

    dooma Active Member

    295
    31
    28
    Oct 15, 2016
    Cairo
    Ratings:
    +44
    Local Time:
    5:21 AM
    Hello @eva2000 do you have any comments regarding that ? sorry for disturbing you
     
  19. eva2000

    eva2000 Administrator Staff Member

    36,055
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    1:21 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    • What version of Centmin Mod ? 123.08stable or 123.09beta01 ? Was it fresh install or upgrade ? How long ago did you install Centmin Mod ? There's numerous code changes, bug fixes over time, so ensure you have latest Centmin Mod code installed by upgrading your Centmin Mod code as instructed below.
    • What version of PHP used ? Did you upgrade or downgrade PHP recently ?
    • If you upgraded and you get some PHP warnings that some PHP extensions are unable to load, all you need to do is delete the relevant *.ini files for them and then reinstall if you require the PHP extension
    Example of error on restart PHP-FPM
    Code (Text):
    fpmrestart
    Gracefully shutting down php-fpm . done
    Starting php-fpm [06-Nov-2014 01:25:37] NOTICE: PHP message: PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/local/lib/php/extensions/no-debug-non-zts-20140815/geoip.so' - /usr/local/lib/php/extensions/no-debug-non-zts-20140815/geoip.so: cannot open shared object file: No such file or directory in Unknown on line 0
    [06-Nov-2014 01:25:37] NOTICE: PHP message: PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/local/lib/php/extensions/no-debug-non-zts-20140815/igbinary.so' - /usr/local/lib/php/extensions/no-debug-non-zts-20140815/igbinary.so: cannot open shared object file: No such file or directory in Unknown on line 0
    [06-Nov-2014 01:25:37] NOTICE: PHP message: PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/local/lib/php/extensions/no-debug-non-zts-20140815/imagick.so' - /usr/local/lib/php/extensions/no-debug-non-zts-20140815/imagick.so: cannot open shared object file: No such file or directory in Unknown on line 0
    [06-Nov-2014 01:25:37] NOTICE: PHP message: PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/local/lib/php/extensions/no-debug-non-zts-20140815/memcache.so' - /usr/local/lib/php/extensions/no-debug-non-zts-20140815/memcache.so: cannot open shared object file: No such file or directory in Unknown on line 0
    [06-Nov-2014 01:25:37] NOTICE: PHP message: PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/local/lib/php/extensions/no-debug-non-zts-20140815/memcached.so' - /usr/local/lib/php/extensions/no-debug-non-zts-20140815/memcached.so: cannot open shared object file: No such file or directory in Unknown on line 0
    done
    

    find the paths to the *.ini files
    Code (Text):
    php --ini 2>/devnull
    Configuration File (php.ini) Path: /usr/local/lib
    Loaded Configuration File:         /usr/local/lib/php.ini
    Scan for additional .ini files in: /etc/centminmod/php.d
    Additional .ini files parsed:      /etc/centminmod/php.d/curlcainfo.ini,
    /etc/centminmod/php.d/custom_php.ini,
    /etc/centminmod/php.d/geoip.ini,
    /etc/centminmod/php.d/igbinary.ini,
    /etc/centminmod/php.d/imagick.ini,
    /etc/centminmod/php.d/memcache.ini,
    /etc/centminmod/php.d/memcached.ini,
    /etc/centminmod/php.d/zendopcache.ini
    

    delete ones that are reported as unable to load so if geoip.so, igbinary.so, imagick.so, memcache.so and memcached.so are reported as unable to load, remove their respective *.ini files
    Code (Text):
    rm -rf /etc/centminmod/php.d/geoip.ini
    rm -rf /etc/centminmod/php.d/igbinary.ini
    rm -rf /etc/centminmod/php.d/imagick.ini
    rm -rf /etc/centminmod/php.d/memcache.ini
    rm -rf /etc/centminmod/php.d/memcached.ini
    

    then restart PHP-FPM again
    Code (Text):
    fpmrestart
    Gracefully shutting down php-fpm . done
    Starting php-fpm  done
    

    Code (Text):
    php -v
    PHP 7.0.0-dev (cli) (built: Nov  6 2014 00:54:07)
    Copyright (c) 1997-2014 The PHP Group
    Zend Engine v2.8.0-dev, Copyright (c) 1998-2014 Zend Technologies
        with Zend OPcache v7.0.4-dev, Copyright (c) 1999-2014, by Zend Technologies
    


    Manually reinstall PHP extension



    For reported PHP extensions that do not load, i.e. "PHP Startup: Unable to load dynamic" and references PHPEXTENSIONNAME.so, some can be installed again via centmin.sh menu. For instance menu options 7, 9, 10, 12, 15, 18, and 19.

    for 123.08stable
    Code (Text):
    --------------------------------------------------------
    Centmin Mod 1.2.3-eva2000.08
    --------------------------------------------------------
                       Centmin Mod Menu        
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  XCache Re-install
    7).  APC Cache Re-install
    8).  XCache Install
    9).  APC Cache Install
    10). Memcached Server Re-install
    11). MariaDB 5.2, 5.5, 10 Upgrade Sub-Menu
    12). Zend OpCache Install/Re-install
    13). Install ioping.sh vbtechsupport.com/1239/
    14). SELinux disable
    15). Install/Re-install ImageMagick PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: pigz,pbzip2,lbzip2,p7zip etc
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Re-install
    21). Update - Nginx + PHP-FPM + Siege
    22). Add Wordpress Nginx vhost + WP Super Cache
    23). Exit
    --------------------------------------------------------
    Enter option [ 1 - 23 ]
    --------------------------------------------------------
    


    for 123.09beta01 - menu options 7, 9, 10, 12, 13 (for redis), 15, 18, and 19 are relevant menu options that can be used only if the specific PHP extension is reporting as unable to load
    Code (Text):
    --------------------------------------------------------
         Centmin Mod Menu 123.09beta01 centminmod.com 
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  XCache Re-install
    7).  APC Cache Re-install
    8).  XCache Install
    9).  APC Cache Install
    10). Memcached Server Re-install
    11). MariaDB 5.2/5.5 & 10.x Upgrade Sub-Menu
    12). Zend OpCache Install/Re-install
    13). Install/Reinstall Redis PHP Extension
    14). SELinux disable
    15). Install/Reinstall ImagicK PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: pigz,pbzip2,lbzip2...
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Install/Re-Install
    21). Update - Nginx + PHP-FPM + Siege
    22). Add Wordpress Nginx vhost + Cache Plugin
    23). Update Centmin Mod Code Base
    24). Exit
    --------------------------------------------------------
    Enter option [ 1 - 24 ]
    


    Upgrading Centmin Mod Code to Latest Version



    Getting Started Guide step 19 outlines also how to keep Centmin Mod code updated or how to switch version branches.

    Centmin Mod LEMP stack's script code is constantly updated for improvements, bug fixes and security fixes so keeping the Centmin Mod code up to date is important. With Centmin Mod 1.2.3-eva2000.08) (123.08stable) and higher releases, a newly added centmin.sh menu option 23 allows much easier code updates and version branch swicthing via Git backed environment you can setup. For full details read the following links:
    Upgrading Centmin Mod involves 2 parts.
    1. Upgrading the actual Centmin Mod code outlined at Upgrade Centmin Mod. This is heart of Centmin Mod where the code is the engine that runs centmin.sh shell based menu and all the automation you're accustomed to. You can easily update within a Centmin Mod version branch or switch version branches via centmin.sh menu option 23 outlined here.
    2. Upgrade software that Centmin Mod installed or manages. For this part following outline at How to upgrade Centmin Mod software installed on your server.
     
  20. dooma

    dooma Active Member

    295
    31
    28
    Oct 15, 2016
    Cairo
    Ratings:
    +44
    Local Time:
    5:21 AM
    Hi @eva2000

    I installed another fresh server and its proberly installed. I opened FTP and I removed the contents of public folder and uploaded my site files but the websites is giving me 403 forbidden despite deleting cach and using another browser at another laptop.

    This issue never happened before?

    Thanks
     
  21. eva2000

    eva2000 Administrator Staff Member

    36,055
    7,910
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,192
    Local Time:
    1:21 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    If on Centmin Mod 123.09beta01, you may have ran into the new tools/autoprotect.sh cronjob feature outlined at Beta Branch - autoprotect.sh - apache .htaccess check & migration to nginx deny all | Centmin Mod Community You uploaded scripts may have .htaccess deny from all type files in their directories which may need bypassing autoprotect. It's a security feature that no other nginx based stack has as far as I know :)

    So instead, all .htaccess 'deny from all' detected directories now get auto generated Nginx equivalent location match and deny all setups except if you want to manually bypass the directory from auto protection via a .autoprotect-bypass file - details below here.

    You can read a few threads below on how autoprotect.sh may have caught some folks web apps falsely and the workarounds or improvements made to autoprotect.sh with the help of users feedback and troubleshooting.
     
    • Like Like x 1
..