Learn about Centmin Mod LEMP Stack today
Become a Member

SSL Cloudflare Nginx conf file with Cloudflare SSL

Discussion in 'Domains, DNS, Email & SSL Certificates' started by iotivedo, Jul 21, 2021.

  1. iotivedo

    iotivedo New Member

    7
    2
    3
    Apr 13, 2019
    Ratings:
    +3
    Local Time:
    7:21 AM
    1.15
    Maria DB 10.3
    Hello, i need to add some rewrite rules on my nginx domain conf. But, using Cloudflare, I have no configuration file in the conf.d folder, no mydomain.ext.ssl.conf file.


    How do I add:
    Code:
     # START Nginx Rewrites for Rank Math Sitemaps
     rewrite ^/sitemap_index.xml$ /index.php?sitemap=1 last;
     rewrite ^/([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
     # END Nginx Rewrites for Rank Math Sitemaps
    If I don't have the usual configuration file to use for this purpose?
     
  2. eva2000

    eva2000 Administrator Staff Member

    47,202
    10,670
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,575
    Local Time:
    3:21 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    How was your nginx site & vhost config created then?

    When you create a new nginx vhost domain via centmin.sh menu option 2 or menu option 22 or via /usr/bin/nv cli command line, you will create the Nginx vhost files and directories. You will get an outputted the path location where it will create the domain name's vhost conf file named newdomain.com.conf (and newdomain.com.ssl.conf if you selected yes to self signed SSL)
    • Nginx vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.conf
    • Nginx HTTP/2 SSL vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf
    • Nginx Self-Signed SSL Certificate Directory at /usr/local/nginx/conf/ssl/newdomain.com
    • Vhost public web root will be at /home/nginx/domains/newdomain.com/public
    • Vhost log directory will be at /home/nginx/domains/newdomain.com/log
    Please post the contents of /usr/local/nginx/conf/conf.d/newdomain.com.conf and if applicable /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf wrapped in CODE tags (outlined at How to use forum BBCODE code tags)

    what is output of these commands in ssh
    Code (Text):
    curl -I https://domain.com
    

    Code (Text):
    curl -I https://www.domain.com
    

    Code (Text):
    curl -I http://domain.com
    

    Code (Text):
    curl -I http://www.domain.com
    

    wrap output in CODE tags
     
  3. iotivedo

    iotivedo New Member

    7
    2
    3
    Apr 13, 2019
    Ratings:
    +3
    Local Time:
    7:21 AM
    1.15
    Maria DB 10.3
    /usr/local/nginx/conf/conf.d/newdomain.com.conf:
    Code:
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    
    # redirect from non-www to www
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    #server {
    #            listen   80;
    #            server_name forfarma.it;
    #            return 301 $scheme://www.forfarma.it$request_uri;
    #       }
    
    server {
    
      server_name forfarma.it www.forfarma.it;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      #add_header X-Frame-Options SAMEORIGIN;
      add_header X-Xss-Protection "1; mode=block" always;
      add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
      #add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()";
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/forfarma.it/log/access.log combined buffer=256k flush=5m;
      error_log /home/nginx/domains/forfarma.it/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/forfarma.it/autoprotect-forfarma.it.conf;
      root /home/nginx/domains/forfarma.it/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
    # START Nginx Rewrites for Rank Math Sitemaps
    rewrite ^/sitemap_index.xml$ /index.php?sitemap=1 last;
    rewrite ^/([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
    # END Nginx Rewrites for Rank Math Sitemaps
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Wordpress Permalinks example
      try_files $uri $uri/ /index.php?q=$uri&$args;
      }
    
      include /usr/local/nginx/conf/php.conf;
    
    
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    Code:
    curl -I https://forfarma.it
    
    HTTP/1.1 200 OK
    Date: Thu, 22 Jul 2021 07:03:19 GMT
    Content-Type: text/html; charset=UTF-8
    Connection: keep-alive
    Vary: Accept-Encoding
    Set-Cookie: PHPSESSID=t5taq6tj4ndt1k52cm605ol4sp; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Pragma: no-cache
    Link: <https://forfarma.it/wp-json/>; rel="https://api.w.org/"
    Link: <https://forfarma.it/wp-json/wp/v2/pages/2>; rel="alternate"; type="application/json"
    Link: <https://forfarma.it/>; rel=shortlink
    X-Powered-By: centminmod
    X-Xss-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    CF-Cache-Status: DYNAMIC
    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=us4ygobqfFY%2FYaovS8%2F%2F5QLiCndIiyRt748O2zMG8ymxCfhwJYmuGvLgYFqkBfMk6ylONTqlFmZE4%2Bwbss%2BYpUkyJzJvYYcwbZXayTiGa9ljFSEEuQWOGD9KKBQW92xb3JdiranKS4sUOg%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 672acefa0cb6dfbf-FRA
    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
    Code:
    curl -I https://www.forfarma.it
    
    HTTP/1.1 301 Moved Permanently
    Date: Thu, 22 Jul 2021 07:06:12 GMT
    Content-Type: text/html; charset=UTF-8
    Connection: keep-alive
    Set-Cookie: PHPSESSID=kjhek1k8fi39gfimi4gu268ook; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Pragma: no-cache
    X-Redirect-By: WordPress
    Location: https://forfarma.it/
    X-Powered-By: centminmod
    X-Xss-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    CF-Cache-Status: DYNAMIC
    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q6YukJ7LoOU1Lx2PA8nkVc69qiG1d3xpfEKmGifjQAZ4QXP7eA1k%2Fbk94iRReoKxSJ5sRLxTG9acyBNeVJG8fiz0%2FAKXdASZ6htWJqrTgmGaf7DUqc%2BwPbO%2F27Bb5uxe2QXNoV%2BcsZthttgLkac%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 672ad3317de42b95-FRA
    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
    Code:
    curl -I http://forfarma.it
    
    HTTP/1.1 301 Moved Permanently
    Date: Thu, 22 Jul 2021 07:07:13 GMT
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Thu, 22 Jul 2021 08:07:13 GMT
    Location: https://forfarma.it/
    cf-request-id: 0b6ea3431200002c26158f3000000001
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i926AwDZ07IqiyJQxgnY5D%2F1OSSzFh9qw446F17YQ53NplrqB1lt4%2FgYCnUrmJP%2BZK39cG9obXx37sKNdxhsJ9RUzfyBCauW4joo6P%2BFaJUTwk3nEAZRo061JO3Zzxq4LH%2Fh9Sq3KWt83g%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 672ad4b1bae22c26-FRA
    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
    Code:
    curl -I http://www.forfarma.it
    
    HTTP/1.1 301 Moved Permanently
    Date: Thu, 22 Jul 2021 07:07:59 GMT
    Connection: keep-alive
    Cache-Control: max-age=3600
    Expires: Thu, 22 Jul 2021 08:07:59 GMT
    Location: https://www.forfarma.it/
    cf-request-id: 0b6ea3f74800004e1a028d4000000001
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K4Go46IvPd3y%2B4lMjn2mVPHNp98B0Vog4HrClLJ%2FwheIAiTfFWbzCQV7FD%2BvxxVudER1QAz8rm%2F6H3sG0XExulfRs2LyO4Xz7H4rSHt%2BcWP3CaTXfoXfatwGMKKC38k4gP%2Fhs9PcAZ9oWCMLi9o%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 672ad5d208c84e1a-FRA
    alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
    The /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf file is not present.
     
  4. eva2000

    eva2000 Administrator Staff Member

    47,202
    10,670
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,575
    Local Time:
    3:21 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    Looks like you created a non-HTTPS nginx vhost domain and already have rankmath rewrite rules in your non-HTTPS nginx vhost for your domain at /usr/local/nginx/conf/conf.d/forfarma.it.conf and use Cloudflare proxy in front with Flexible SSL so don't need a HTTPS nginx vhost like /usr/local/nginx/conf/conf.d/forfarma.it.ssl.conf really. Unless you want to change to using Cloudflare with Full SSL instead of Flexible SSL? So don't need to do anything.

    If you want to change to using Cloudflare with Full SSL instead of Flexible SSL, then you need to create a HTTPS nginx vhost for /usr/local/nginx/conf/conf.d/forfarma.it.ssl.conf. You can do that by following method 3's 'existing non-HTTPS Nginx vhost sites migration to HTTPS' link below to migrate your non-HTTPS nginx vhost to HTTPS vhost.

    There's generally 3 ways of setting up HTTPS SSL certificate for Centmin Mod Nginx HTTP/2 based HTTPS

    Method 1. The traditional way via centmin.sh menu option 2, 22 but ensuring you set LETSENCRYPT_DETECT='y' in persistent config file created at /etc/centminmod/custom_config.inc before you run centmin.sh menu option 2 or 22 for wordpress. You can do that using command below - only need to do this step once and every subsequent run of centmin.sh menu option 2 or 22 will have letsencrypt ssl certificate support enabled
    Code (Text):
    # enable letsencrypt ssl certificate integration https://centminmod.com/acmetool/
    touch /etc/centminmod/custom_config.inc
    echo "LETSENCRYPT_DETECT='y'" >> /etc/centminmod/custom_config.inc
    


    Method 2. Using and testing Centmin Mod 123.09beta01's new addons/acmetool.sh addon which is still in beta testing only for integrating Letsencrypt SSL certificates. And has both auto and manual methods.

    Method 3. Fully manual method for free Letsencrypt SSL certificates.