SSL Cloudflare Nginx conf file with Cloudflare SSL

iotivedo · Jul 21, 2021

Hello, i need to add some rewrite rules on my nginx domain conf. But, using Cloudflare, I have no configuration file in the conf.d folder, no mydomain.ext.ssl.conf file.

How do I add:
Code:
 # START Nginx Rewrites for Rank Math Sitemaps
 rewrite ^/sitemap_index.xml$ /index.php?sitemap=1 last;
 rewrite ^/([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
 # END Nginx Rewrites for Rank Math Sitemaps
If I don't have the usual configuration file to use for this purpose?

eva2000 · Jul 22, 2021

iotivedo said: ↑

If I don't have the usual configuration file to use for this purpose?
Click to expand...

How was your nginx site & vhost config created then?

When you create a new nginx vhost domain via centmin.sh menu option 2 or menu option 22 or via /usr/bin/nv cli command line, you will create the Nginx vhost files and directories. You will get an outputted the path location where it will create the domain name's vhost conf file named newdomain.com.conf (and newdomain.com.ssl.conf if you selected yes to self signed SSL)

Nginx vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.conf

Nginx HTTP/2 SSL vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf

Nginx Self-Signed SSL Certificate Directory at /usr/local/nginx/conf/ssl/newdomain.com

Vhost public web root will be at /home/nginx/domains/newdomain.com/public

Vhost log directory will be at /home/nginx/domains/newdomain.com/log

Please post the contents of /usr/local/nginx/conf/conf.d/newdomain.com.conf and if applicable /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf wrapped in CODE tags (outlined at How to use forum BBCODE code tags)

what is output of these commands in ssh
Code (Text):
curl -I https://domain.com
Code (Text):
curl -I https://www.domain.com
Code (Text):
curl -I http://domain.com
Code (Text):
curl -I http://www.domain.com
wrap output in CODE tags

iotivedo · Jul 22, 2021

/usr/local/nginx/conf/conf.d/newdomain.com.conf:

Code:

# Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html

# redirect from non-www to www
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
#server {
#            listen   80;
#            server_name forfarma.it;
#            return 301 $scheme://www.forfarma.it$request_uri;
#       }

server {

  server_name forfarma.it www.forfarma.it;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  #add_header X-Frame-Options SAMEORIGIN;
  add_header X-Xss-Protection "1; mode=block" always;
  add_header X-Content-Type-Options "nosniff" always;
  #add_header Referrer-Policy "strict-origin-when-cross-origin";
  #add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()";

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/forfarma.it/log/access.log combined buffer=256k flush=5m;
  error_log /home/nginx/domains/forfarma.it/log/error.log;

  include /usr/local/nginx/conf/autoprotect/forfarma.it/autoprotect-forfarma.it.conf;
  root /home/nginx/domains/forfarma.it/public;
  # uncomment cloudflare.conf include if using cloudflare for
  # server and/or vhost site
  #include /usr/local/nginx/conf/cloudflare.conf;
  include /usr/local/nginx/conf/503include-main.conf;

# START Nginx Rewrites for Rank Math Sitemaps
rewrite ^/sitemap_index.xml$ /index.php?sitemap=1 last;
rewrite ^/([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
# END Nginx Rewrites for Rank Math Sitemaps

  location / {
  include /usr/local/nginx/conf/503include-only.conf;

# block common exploits, sql injections etc
#include /usr/local/nginx/conf/block.conf;

  # Enables directory listings when index file not found
  #autoindex  on;
  # Shows file listing times as local time
  #autoindex_localtime on;

  # Wordpress Permalinks example
  try_files $uri $uri/ /index.php?q=$uri&$args;
  }

  include /usr/local/nginx/conf/php.conf;


  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}

Code:

curl -I https://forfarma.it

HTTP/1.1 200 OK
Date: Thu, 22 Jul 2021 07:03:19 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: PHPSESSID=t5taq6tj4ndt1k52cm605ol4sp; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Link: <https://forfarma.it/wp-json/>; rel="https://api.w.org/"
Link: <https://forfarma.it/wp-json/wp/v2/pages/2>; rel="alternate"; type="application/json"
Link: <https://forfarma.it/>; rel=shortlink
X-Powered-By: centminmod
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=us4ygobqfFY%2FYaovS8%2F%2F5QLiCndIiyRt748O2zMG8ymxCfhwJYmuGvLgYFqkBfMk6ylONTqlFmZE4%2Bwbss%2BYpUkyJzJvYYcwbZXayTiGa9ljFSEEuQWOGD9KKBQW92xb3JdiranKS4sUOg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 672acefa0cb6dfbf-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

Code:

curl -I https://www.forfarma.it

HTTP/1.1 301 Moved Permanently
Date: Thu, 22 Jul 2021 07:06:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Set-Cookie: PHPSESSID=kjhek1k8fi39gfimi4gu268ook; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Redirect-By: WordPress
Location: https://forfarma.it/
X-Powered-By: centminmod
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q6YukJ7LoOU1Lx2PA8nkVc69qiG1d3xpfEKmGifjQAZ4QXP7eA1k%2Fbk94iRReoKxSJ5sRLxTG9acyBNeVJG8fiz0%2FAKXdASZ6htWJqrTgmGaf7DUqc%2BwPbO%2F27Bb5uxe2QXNoV%2BcsZthttgLkac%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 672ad3317de42b95-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

Code:

curl -I http://forfarma.it

HTTP/1.1 301 Moved Permanently
Date: Thu, 22 Jul 2021 07:07:13 GMT
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 22 Jul 2021 08:07:13 GMT
Location: https://forfarma.it/
cf-request-id: 0b6ea3431200002c26158f3000000001
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i926AwDZ07IqiyJQxgnY5D%2F1OSSzFh9qw446F17YQ53NplrqB1lt4%2FgYCnUrmJP%2BZK39cG9obXx37sKNdxhsJ9RUzfyBCauW4joo6P%2BFaJUTwk3nEAZRo061JO3Zzxq4LH%2Fh9Sq3KWt83g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 672ad4b1bae22c26-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

Code:

curl -I http://www.forfarma.it

HTTP/1.1 301 Moved Permanently
Date: Thu, 22 Jul 2021 07:07:59 GMT
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 22 Jul 2021 08:07:59 GMT
Location: https://www.forfarma.it/
cf-request-id: 0b6ea3f74800004e1a028d4000000001
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K4Go46IvPd3y%2B4lMjn2mVPHNp98B0Vog4HrClLJ%2FwheIAiTfFWbzCQV7FD%2BvxxVudER1QAz8rm%2F6H3sG0XExulfRs2LyO4Xz7H4rSHt%2BcWP3CaTXfoXfatwGMKKC38k4gP%2Fhs9PcAZ9oWCMLi9o%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 672ad5d208c84e1a-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

The /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf file is not present.

eva2000 · Jul 22, 2021

iotivedo said: ↑

The /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf file is not present.
Click to expand...

Looks like you created a non-HTTPS nginx vhost domain and already have rankmath rewrite rules in your non-HTTPS nginx vhost for your domain at /usr/local/nginx/conf/conf.d/forfarma.it.conf and use Cloudflare proxy in front with Flexible SSL so don't need a HTTPS nginx vhost like /usr/local/nginx/conf/conf.d/forfarma.it.ssl.conf really. Unless you want to change to using Cloudflare with Full SSL instead of Flexible SSL? So don't need to do anything.

If you want to change to using Cloudflare with Full SSL instead of Flexible SSL, then you need to create a HTTPS nginx vhost for /usr/local/nginx/conf/conf.d/forfarma.it.ssl.conf. You can do that by following method 3's 'existing non-HTTPS Nginx vhost sites migration to HTTPS' link below to migrate your non-HTTPS nginx vhost to HTTPS vhost.

There's generally 3 ways of setting up HTTPS SSL certificate for Centmin Mod Nginx HTTP/2 based HTTPS

Method 1. The traditional way via centmin.sh menu option 2, 22 but ensuring you set LETSENCRYPT_DETECT='y' in persistent config file created at /etc/centminmod/custom_config.inc before you run centmin.sh menu option 2 or 22 for wordpress. You can do that using command below - only need to do this step once and every subsequent run of centmin.sh menu option 2 or 22 will have letsencrypt ssl certificate support enabled
Code (Text):
# enable letsencrypt ssl certificate integration https://centminmod.com/acmetool/
touch /etc/centminmod/custom_config.inc
echo "LETSENCRYPT_DETECT='y'" >> /etc/centminmod/custom_config.inc
Method 2. Using and testing Centmin Mod 123.09beta01's new addons/acmetool.sh addon which is still in beta testing only for integrating Letsencrypt SSL certificates. And has both auto and manual methods.

Method 3. Fully manual method for free Letsencrypt SSL certificates.

For existing non-HTTPS Nginx vhost sites migration to HTTPS as outlined at Migrating Existing Nginx Vhost From HTTP to HTTP/2 based HTTPS With Letsencrypt SSL Certificates

For brand new Nginx vhosts not yet created on server use this guide Using Centmin Mod acmetool.sh addon for Nginx HTTP/2 based HTTPS with free Letsencrypt SSL certificates

Log in / Register

Forums

Want more timely Centmin Mod News Updates?

SSL Cloudflare Nginx conf file with Cloudflare SSL

iotivedo New Member

eva2000 Administrator Staff Member

iotivedo New Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Want more timely Centmin Mod News Updates?

SSL Cloudflare Nginx conf file with Cloudflare SSL

iotivedo New Member

eva2000 Administrator Staff Member

iotivedo New Member

eva2000 Administrator Staff Member

.