Join the community today
Register Now

Restrict URL's not working with OVH?

Discussion in 'Other Web Apps usage' started by Teddy, Jul 11, 2023.

  1. Teddy

    Teddy New Member

    8
    0
    1
    Jul 11, 2023
    Ratings:
    +0
    Local Time:
    4:27 AM
    Latest
    latest
    Hello,


    I'm basically trying to put a username & password prompt at certain locations of my website, such as "/admin.php" and "/install"

    I've used the following in my domain.ssl.conf file to do so, but this doesn't seem to work. Not even rate limiting works, so I have a feeling it either has to do with the server or something went wrong somewhere..

    Code (Text):
    location /admin.php {
     
      auth_basic "Private";
      auth_basic_user_file /usr/local/nginx/conf/htpasswd;
      #include /usr/local/nginx/conf/php.conf;
      }
     
      location /install/ {
     
      auth_basic "Private";
      auth_basic_user_file /usr/local/nginx/conf/htpasswd;
      include /usr/local/nginx/conf/php.conf;
      }
    



    Does anyone have an idea why this isn't working?
    The server I use is an dedicated server from OVH, I selected CentOS 7 on the OS selection menu, which ended up installing CentOS 7.9.
     
  2. eva2000

    eva2000 Administrator Staff Member

    52,721
    12,073
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,599
    Local Time:
    12:27 PM
    Nginx 1.25.x
    MariaDB 10.x
    For /admin.php you have include file commented out/disabled /usr/local/nginx/conf/php.conf so ensure it's enabled without hash # in front

    When you create a new nginx vhost domain via centmin.sh menu option 2 or menu option 22 or via /usr/bin/nv cli command line, you will create the Nginx vhost files and directories. You will get an outputted the path location where it will create the domain name's vhost conf file named newdomain.com.conf (and newdomain.com.ssl.conf if you selected yes to self signed SSL)
    • Nginx vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.conf
    • Nginx HTTP/2 SSL vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf
    • Nginx Self-Signed SSL Certificate Directory at /usr/local/nginx/conf/ssl/newdomain.com
    • Vhost public web root will be at /home/nginx/domains/newdomain.com/public
    • Vhost log directory will be at /home/nginx/domains/newdomain.com/log
    Please post the contents of /usr/local/nginx/conf/conf.d/newdomain.com.conf and if applicable /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf wrapped in CODE tags (outlined at How to use forum BBCODE code tags)

    what is output of these commands in ssh
    Code (Text):
    curl -I https://domain.com/admin.php
    

    Code (Text):
    curl -I https://www.domain.com/admin.php
    

    Code (Text):
    curl -I http://domain.com/admin.php
    

    Code (Text):
    curl -I http://www.domain.com/admin.php
    


    Code (Text):
    curl -I https://domain.com/install/
    

    Code (Text):
    curl -I https://www.domain.com/install/
    

    Code (Text):
    curl -I http://domain.com/install/
    

    Code (Text):
    curl -I http://www.domain.com/install/
    

    wrap output in CODE tags

    and also how did you generate /usr/local/nginx/conf/htpasswd ?

    you can use htpasswd.sh script and instead use site specific /home/nginx/domains/yourdomain.com/htpasswd and change your nginx vhost's reference to /home/nginx/domains/yourdomain.com/htpasswd
    auth_basic_user_file file
    Code (Text):
    vhostname=yourdomain.com
    /usr/local/nginx/conf/htpasswd.sh create /home/nginx/domains/$vhostname/htpasswd USERNAME PASSWORD
    

    where, you change USERNAME to your desired username and PASSWORD to your password and change yourdomain.com to your wordpress site's domain name

    then restart nginx
    Code (Text):
    ngxrestart
     
  3. Teddy

    Teddy New Member

    8
    0
    1
    Jul 11, 2023
    Ratings:
    +0
    Local Time:
    4:27 AM
    Latest
    latest
    Hey thank you for your reply, I've been trying to figure this out since the post or even earlier to be fair but i figured out just now that for some reason my main domain `example.com` is using the `example.com.conf` for configuration instead of using `example.com.ssl.conf` which it's supposed to use, do you have any clue what i've done wrong that's causing the server to use the wrong configuration?

    I tested this by adding the same exact method of protecting the admin.php file & install directory to the `example.com.conf` file which ended up working (to protect those files/directories)

    but then again, it's not the right file that i want it to take the configuration from.


    This is my example.com.ssl.conf file which i changed the domain name of.
    Code:
    
    # Centmin Mod Getting Started Guide
    # must read https://centminmod.com/getstarted.html
    # For HTTP/2 SSL Setup
    # read https://centminmod.com/letsencrypt-freessl.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    # server {
    #       listen   80;
    #       server_name example.com www.example.com;
    #       return 302 https://$server_name$request_uri;
    # }
    
    #remove line below to remove redirects
    include /usr/local/nginx/conf/conf.d/redirects.conf;
    
    #rate limit
    limit_req_zone $binary_remote_addr zone=test:10m rate=1r/m;
    limit_req_zone $binary_remote_addr zone=public:10m rate=200r/m;
    
    server {
      listen 443 ssl http2 reuseport;
      server_name example.com www.example.com;
    
      include /usr/local/nginx/conf/ssl/example.com/example.com.crt.key.conf;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      #cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
      ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/example.com/origin.crt;
      ssl_verify_client on;
     
     
     
      # mozilla recommended
      ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
    
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      add_header X-Xss-Protection "1; mode=block" always;
      add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
      #add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()";
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
     
      # enable ocsp stapling
      resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=10m;
      resolver_timeout 10s;
      ssl_stapling on;
      ssl_stapling_verify on;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/example.com/log/access.log combined buffer=256k flush=5m;
      error_log /home/nginx/domains/example.com/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/example.com/autoprotect-example.com.conf;
      root /home/nginx/domains/example.com/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      location / {
     
        try_files $uri $uri/ /xf/index.php?$uri&$args;
        #index index.php index.html;
     
     
     
      #remove line below to stop request limiting
      limit_req zone=public burst=400 nodelay;
     
      include /usr/local/nginx/conf/503include-only.conf;
     
      if ( $redirect_uri ) {
     
      return 301 $redirect_uri;
     
      }
     
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Wordpress Permalinks example
      #try_files $uri $uri/ /index.php?q=$uri&$args;
    
      }
     
     location /admin.php {
         auth_basic "Private";
         auth_basic_user_file /usr/local/nginx/conf/htpasswd;
            include /usr/local/nginx/conf/php.conf;;
    }
     
    
    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass    127.0.0.1:9000;
        fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include         fastcgi_params;
    }
     
     
     
     
     
     
     
     
    
      include /usr/local/nginx/conf/php.conf;
     
      include /usr/local/nginx/conf/pre-staticfiles-local-example.com.conf;
      include /usr/local/nginx/conf/pre-staticfiles-global.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    

    and this is my example.com.conf file
    Code:
    
    # Centmin Mod Getting Started Guide
    # must read https://centminmod.com/getstarted.html
    
    # redirect from non-www to www
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    #server {
    #            listen   80;
    #            server_name example.com www.example.com;
    #            return 301 $scheme://www.example.com$request_uri;
    #       }
    
    server {
     
      server_name example.com www.example.com;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      #add_header X-Frame-Options SAMEORIGIN;
      add_header X-Xss-Protection "1; mode=block" always;
      add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
      #add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()";
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/example.com/log/access.log combined buffer=256k flush=5m;
      error_log /home/nginx/domains/example.com/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/example.com/autoprotect-example-com.conf;
      root /home/nginx/domains/example.com/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      # prevent access to ./directories and files
      #location ~ (?:^|/)\. {
      # deny all;
      #}
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Wordpress Permalinks example
      #try_files $uri $uri/ /index.php?q=$uri&$args;
    
      }
     
       location /admin.php {
         auth_basic "Private";
         auth_basic_user_file /usr/local/nginx/conf/htpasswd;
            include /usr/local/nginx/conf/php.conf;;
    }
    
      include /usr/local/nginx/conf/php.conf;
     
      include /usr/local/nginx/conf/pre-staticfiles-local-example.com.conf;
      include /usr/local/nginx/conf/pre-staticfiles-global.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    
    


    ----------------------------------------------

    output of the commands ~

    Code:
    
    HTTP/1.1 200 OK
    Date: Tue, 11 Jul 2023 07:18:56 GMT
    Content-Type: text/html; charset=utf-8
    Connection: keep-alive
    X-Frame-Options: SAMEORIGIN
    X-Content-Type-Options: nosniff
    X-Content-Type-Options: nosniff
    Last-Modified: Tue, 11 Jul 2023 07:18:56 GMT
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: private, no-cache, max-age=0
    Vary: Accept-Encoding
    Set-Cookie: xf_csrf=6opIdXPIloPB_dDZ; path=/; secure
    X-Powered-By: centminmod
    X-Xss-Protection: 1; mode=block
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7vR7FE5Z6K3oT0ZwgRnDAHZV1aIQcDGnl4WI6eJV4SnK10Da%2FqohjUEUFn2Oy3zeDTw%2BBaaEZDenIQs0Z6fxYFMxKjzBitu5uksS19NjJxP5jhx3LA7dPHW1xA%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 7e4f467c3ab20405-CDG
    alt-svc: h3=":443"; ma=86400
    
    
    Code:
    HTTP/1.1 200 OK
    Date: Tue, 11 Jul 2023 07:21:45 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    X-Frame-Options: SAMEORIGIN
    X-Content-Type-Options: nosniff
    X-Content-Type-Options: nosniff
    Last-Modified: Tue, 11 Jul 2023 07:21:45 GMT
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: private, no-cache, max-age=0
    Vary: Accept-Encoding
    Set-Cookie: xf_csrf=3jxyks7Dnd45v5_n; path=/; secure
    X-Powered-By: centminmod
    X-Xss-Protection: 1; mode=block
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vy7ubG6IgiHJuk%2FxUNib8YXwiEpYDwNKU3kxsXu2lUS7uvDoApGsnuRG8%2BmyUelIGqn%2FEvGS%2BklVxQ7%2BNttHm8%2Bij8RoS3X%2BIBRMBvqUJn9324HCEbYvqQBmn9452Nw%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 7e4f4a9c0a47d52a-CDG
    alt-svc: h3=":443"; ma=86400
    
    <!DOCTYPE html>
    <html id="XF" lang="en-US" dir="LTR"
            class="has-no-js p-adminLogin template-login_form" data-template="login_form"
            data-app="admin"
            data-cookie-prefix="xf_"
             data-run-jobs="">
    <head>
            <meta charset="utf-8" />
            <meta name="robots" content="noindex" />
            <meta http-equiv="X-UA-Compatible" content="IE=Edge" />
            <meta name="viewport" content="width=device-width, initial-scale=1">
    
            <title>Administrator login | Example.com</title>
    
    
    
    
    
    
    
    
            <link rel="preload" href="/styles/fonts/fa/fa-regular-400.woff2?_v=5.15.3" as="font" type="font/woff2" crossorigin="anonymous" />
    
    
            <link rel="preload" href="/styles/fonts/fa/fa-solid-900.woff2?_v=5.15.3" as="font" type="font/woff2" crossorigin="anonymous" />
    
    
    <link rel="preload" href="/styles/fonts/fa/fa-brands-400.woff2?_v=5.15.3" as="font" type="font/woff2" crossorigin="anonymous" />
    
            <link rel="stylesheet" href="/css.php?css=public%3Anormalize.css%2Cpublic%3Afa.css%2Cpublic%3Acore.less%2Cadmin%3Aapp.less&amp;s=0&amp;l=1&amp;d=1689032713&amp;k=ddf3b3de963ffa203c539c3dc932b0ee05dff3e3" />
    
            <link rel="stylesheet" href="/css.php?css=public%3Aextra.less&amp;s=0&amp;l=1&amp;d=1689032713&amp;k=291511d404c29f45c1c1b8c3f74b1f335691b2b3" />
    
    
                    <script src="/js/xf/preamble.min.js?_v=cb4680da"></script>
    
    
    </head>
    <body>
    
    <div class="adminLogin-wrapper">
            <div class="adminLogin-content ">
    
    
    
                            <form action="/admin.php?login/login" method="post" class="adminLogin-contentForm"
                                     data-xf-init="ajax-submit"
                            >
                                    <input type="hidden" name="_xfToken" value="1689060105,f8996e76e2c68afa6bd61733ae14afe6" />
    
            <div><a href="https://Example.com"><img src="/styles/default/xenforo/xenforo-logo.svg"
                    width="100" height="36" alt="XenForo Ltd." /></a></div>
            <!--<h1>Example.com</h1>-->
            <dl class="adminLogin-row">
                    <dt>Your name or email address:</dt>
                    <dd>
                            <input type="text" class="input" name="login" placeholder="Username or email…" aria-label="Username or email" autofocus="autofocus" />
                            <i class="fa--xf far fa-user" aria-hidden="true"></i>
                    </dd>
            </dl>
            <dl class="adminLogin-row">
                    <dt>Password:</dt>
                    <dd>
    
    
    
    
    
    <div data-xf-init=" password-hide-show"
            data-show-text="Show" data-hide-text="Hide">
    
                    <div class="inputGroup inputGroup--joined">
    
            <input type="password" name="password" value=""
                    class="input js-password input--passwordHideShow"  placeholder="Password…" aria-label="Password" />
    
                            <i class="fa--xf far fa-key" aria-hidden="true"></i>
                            <div class="inputGroup-text">
                                    <label class="iconic iconic--hideShow js-hideShowContainer"><input type="checkbox"  value="1" /><i aria-hidden="true"></i><span class="iconic-label">Show</span></label>
    
                            </div>
                    </div>
    
    
    
    </div>
                    </dd>
            </dl>
            <div class="adminLogin-row adminLogin-row--submit">
                    <button type="submit" class="button button--icon button--icon--login"><span class="button-text">Administrator login</span></button>
                    <div class="adminLogin-boardTitle">Example.com</div>
            </div>
    
    
                            </form>
    
    
            </div>
    </div>
    
    
    
            <script src="/js/vendor/jquery/jquery-3.5.1.min.js?_v=cb4680da"></script>
            <script src="/js/vendor/vendor-compiled.js?_v=cb4680da"></script>
            <script src="/js/xf/core-compiled.js?_v=cb4680da"></script>
            <script src="/js/xf/admin.min.js?_v=cb4680da"></script>
    
            <script>
                    jQuery.extend(true, XF.config, {
                            //
                            userId: 0,
                            enablePush: false,
                            pushAppServerKey: '',
                            url: {
                                    fullBase: 'https://www.Example.com/',
                                    basePath: '/',
                                    css: '/css.php?css=__SENTINEL__&s=0&l=1&d=1689032713',
                                    keepAlive: '/admin.php?login/keep-alive'
                            },
                            cookie: {
                                    path: '/',
                                    domain: '',
                                    prefix: 'xf_',
                                    secure: true,
                                    consentMode: 'disabled',
                                    consented: ["optional","_third_party"]
                            },
                            cacheKey: '29c4a85ed122115dfcf96153b148f2d2',
                            csrf: '1689060105,f8996e76e2c68afa6bd61733ae14afe6',
                            js: {"\/js\/xf\/admin.min.js?_v=cb4680da":true},
                            css: {"public:extra.less":true},
                            time: {
                                    now: 1689060105,
                                    today: 1689033600,
                                    todayDow: 2,
                                    tomorrow: 1689120000,
                                    yesterday: 1688947200,
                                    week: 1688515200
                            },
                            borderSizeFeature: '3px',
                            fontAwesomeWeight: 'r',
                            enableRtnProtect: true,
    
                            enableFormSubmitSticky: true,
                            uploadMaxFilesize: 838860800,
                            allowedVideoExtensions: ["m4v","mov","mp4","mp4v","mpeg","mpg","ogv","webm"],
                            allowedAudioExtensions: ["mp3","opus","ogg","wav"],
                            shortcodeToEmoji: true,
                            visitorCounts: {
                                    conversations_unread: '0',
                                    alerts_unviewed: '0',
                                    total_unread: '0',
                                    title_count: true,
                                    icon_indicator: true
                            },
                            jsState: {},
                            publicMetadataLogoUrl: '',
                            publicPushBadgeUrl: 'https://www.Example.com/styles/default/xenforo/bell.png'
                    });
    
                    jQuery.extend(XF.phrases, {
                            //
                            date_x_at_time_y: "{date} at {time}",
                            day_x_at_time_y:  "{day} at {time}",
                            yesterday_at_x:   "Yesterday at {time}",
                            x_minutes_ago:    "{minutes} minutes ago",
                            one_minute_ago:   "1 minute ago",
                            a_moment_ago:     "A moment ago",
                            today_at_x:       "Today at {time}",
                            in_a_moment:      "In a moment",
                            in_a_minute:      "In a minute",
                            in_x_minutes:     "In {minutes} minutes",
                            later_today_at_x: "Later today at {time}",
                            tomorrow_at_x:    "Tomorrow at {time}",
    
                            day0: "Sunday",
                            day1: "Monday",
                            day2: "Tuesday",
                            day3: "Wednesday",
                            day4: "Thursday",
                            day5: "Friday",
                            day6: "Saturday",
    
                            dayShort0: "Sun",
                            dayShort1: "Mon",
                            dayShort2: "Tue",
                            dayShort3: "Wed",
                            dayShort4: "Thu",
                            dayShort5: "Fri",
                            dayShort6: "Sat",
    
                            month0: "January",
                            month1: "February",
                            month2: "March",
                            month3: "April",
                            month4: "May",
                            month5: "June",
                            month6: "July",
                            month7: "August",
                            month8: "September",
                            month9: "October",
                            month10: "November",
                            month11: "December",
    
                            active_user_changed_reload_page: "The active user has changed. Reload the page for the latest version.",
                            server_did_not_respond_in_time_try_again: "The server did not respond in time. Please try again.",
                            oops_we_ran_into_some_problems: "Oops! We ran into some problems.",
                            oops_we_ran_into_some_problems_more_details_console: "Oops! We ran into some problems. Please try again later. More error details may be in the browser console.",
                            file_too_large_to_upload: "The file is too large to be uploaded.",
                            uploaded_file_is_too_large_for_server_to_process: "The uploaded file is too large for the server to process.",
                            files_being_uploaded_are_you_sure: "Files are still being uploaded. Are you sure you want to submit this form?",
                            attach: "Attach files",
                            rich_text_box: "Rich text box",
                            close: "Close",
                            link_copied_to_clipboard: "Link copied to clipboard.",
                            text_copied_to_clipboard: "Text copied to clipboard.",
                            loading: "Loading…",
                            you_have_exceeded_maximum_number_of_selectable_items: "You have exceeded the maximum number of selectable items.",
    
                            processing: "Processing",
                            'processing...': "Processing…",
    
                            showing_x_of_y_items: "Showing {count} of {total} items",
                            showing_all_items: "Showing all items",
                            no_items_to_display: "No items to display",
    
                            number_button_up: "Increase",
                            number_button_down: "Decrease",
    
                            push_enable_notification_title: "Push notifications enabled successfully at Example.com",
                            push_enable_notification_body: "Thank you for enabling push notifications!",
    
                            pull_down_to_refresh: "Pull down to refresh",
                            release_to_refresh: "Release to refresh",
                            refreshing: "Refreshing…"
                    });
            </script>
    
            <form style="display:none" hidden="hidden">
                    <input type="text" name="_xfClientLoadTime" value="" id="_xfClientLoadTime" title="_xfClientLoadTime" tabindex="-1" />
            </form>
    
    
    
    
            <script>
                    jQuery.extend(true, XF.config, {
                            job: {
                                    manualUrl: "/admin.php?tools/run-job"
                            },
                            visitorCounts: null
                    });
                    jQuery.extend(XF.phrases, {
                            cancel: "Cancel",
                            cancelling: "Cancelling",
                            no_items_matched_your_filter: "No items matched your filter."
                    });
            </script>
    
    
    </body>
    
    


    Code:
    
    HTTP/1.1 200 OK
    Date: Tue, 11 Jul 2023 07:23:43 GMT
    Content-Type: text/html; charset=utf-8
    Connection: keep-alive
    X-Frame-Options: SAMEORIGIN
    X-Content-Type-Options: nosniff
    X-Content-Type-Options: nosniff
    Last-Modified: Tue, 11 Jul 2023 07:23:43 GMT
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: private, no-cache, max-age=0
    Vary: Accept-Encoding
    Set-Cookie: xf_csrf=FTuT7Ork2Zm-kLKG; path=/
    X-Powered-By: centminmod
    X-Xss-Protection: 1; mode=block
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QPZOF3D0q%2BLlxXf3MgdpJh9ngKjCY3Q1Md5C6r%2BtVMTeDTqKCfpy6amYOSVIf1UKpUlWVK8fMt%2FrcqxvydHZfSASJ17WSoitcv8iWJtEC5rX%2F3oQVgaBZjIaww%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 7e4f4d7a9ced0224-CDG
    alt-svc: h3=":443"; ma=86400
    
    
    Code:
    HTTP/1.1 200 OK
    Date: Tue, 11 Jul 2023 07:24:34 GMT
    Content-Type: text/html; charset=utf-8
    Connection: keep-alive
    X-Frame-Options: SAMEORIGIN
    X-Content-Type-Options: nosniff
    X-Content-Type-Options: nosniff
    Last-Modified: Tue, 11 Jul 2023 07:24:34 GMT
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: private, no-cache, max-age=0
    Vary: Accept-Encoding
    Set-Cookie: xf_csrf=XZWvT0qQH8DcN1Tl; path=/
    X-Powered-By: centminmod
    X-Xss-Protection: 1; mode=block
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X%2B5PYFHc5d%2BQpfya0vLnqNiDZV8zefGOwyRjgcwTGEDTzY%2BQBUg2lheHzut1ieSu%2BPuwdHhbjluRaZ0tPycMzNBy74Q0kxrrVFVVNbdBFpBZYPRzxDOkm7Zbn0EWH8s%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 7e4f4eb9a892d68e-CDG
    alt-svc: h3=":443"; ma=86400
    

    Code:
    
    HTTP/1.1 301 Moved Permanently
    Date: Tue, 11 Jul 2023 07:25:01 GMT
    Content-Type: text/html
    Connection: keep-alive
    Location: http://example.com/install/
    X-Powered-By: centminmod
    X-Xss-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MdPR7XMTNrsqgZ88%2BaNn3WLv9OvBeRrdCkh%2BOQvT7qUuOuEI3TsDg26%2F2GaHVfs4%2FzvyOlpjJMUVCpYqB6HXOzuujnygsibKxsMGn13ntol335Zaelqb1vKGTA%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 7e4f4f6638a02a34-CDG
    alt-svc: h3=":443"; ma=86400
    
    Code:
    HTTP/1.1 301 Moved Permanently
    Date: Tue, 11 Jul 2023 07:25:55 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: keep-alive
    Location: http://www.example.com/install/
    X-Powered-By: centminmod
    X-Xss-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=45KvIM4B4ycksdl05fZMvD63gW6Sd3IsvQeGDQEFSv1BnEKNgE%2FS90%2F%2BdERA8v6N9GattmDYC4NED%2B6fEtpqWv4NnZ4mcVRn3lOf2qzhEfMokHcAXr9BdCdfY%2BAvlMQ%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 7e4f50b379df0492-CDG
    alt-svc: h3=":443"; ma=86400
    
    <html>
    <head><title>301 Moved Permanently</title></head>
    <body>
    <center><h1>301 Moved Permanently</h1></center>
    <hr><center>nginx</center>
    </body>
    </html>
    
    Code:
    HTTP/1.1 301 Moved Permanently
    Date: Tue, 11 Jul 2023 07:26:19 GMT
    Content-Type: text/html
    Connection: keep-alive
    Location: http://example.com/install/
    X-Powered-By: centminmod
    X-Xss-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5bas8A7YyRk6sMv7IPSXy6EmUBY%2F3uwv%2F%2FQ10NBI0QQTjZY8O3NVkUWEGKfFtP3u%2BBGg%2BOKeiGo%2FeaSS%2FVwa1YmcpTVaINCiPzsDqE8s0gXZafPeQ9xn2RnR5g%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 7e4f514a39f73c80-CDG
    alt-svc: h3=":443"; ma=86400
    
    

    Code:
    
    HTTP/1.1 301 Moved Permanently
    Date: Tue, 11 Jul 2023 07:27:19 GMT
    Content-Type: text/html
    Connection: keep-alive
    Location: http://www.example.com/install/
    X-Powered-By: centminmod
    X-Xss-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OlTYM1VgDOdCPbcRunINBf8i%2FDk2oCHjYD7woUyB6wP%2BCXHYRvHssHNOIh5jhukZLgZkODI94KZpxSpAHc8JsokLHfwnjFe%2F0VuSWlsB9I1CWl3YgnfNCIkc4ZjSylo%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 7e4f52c28d1dd502-CDG
    alt-svc: h3=":443"; ma=86400
    
    
     
    Last edited: Jul 11, 2023
  4. eva2000

    eva2000 Administrator Staff Member

    52,721
    12,073
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,599
    Local Time:
    12:27 PM
    Nginx 1.25.x
    MariaDB 10.x
    You use example.com.ssl.conf if you're using HTTPS
     
  5. eva2000

    eva2000 Administrator Staff Member

    52,721
    12,073
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,599
    Local Time:
    12:27 PM
    Nginx 1.25.x
    MariaDB 10.x
    Posted at centminmod.com/nginx_domain_dns_setup.html#httpsredirect is the correct way to set it up - pay attention to different way if you want redirect target being www version instead of non-www and vice versa and that the target version www or non-www is the only version listed in server_name for the 2nd/main server {} context.

    If you prefer www domain i.e. https://wwww.newdomain.com to be the intended redirect target, you will have add a 3rd server{} context to your Nginx HTTPS SSL vhost config file as outlined here.

    Code (Text):
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For HTTP/2 SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
     server {
       server_name newdomain.com www.newdomain.com;
       return 302 https://www.newdomain.com$request_uri;
     }
    
    server {
      listen 443 ssl http2;
      server_name newdomain.com;
      return 302 https://www.newdomain.com$request_uri;
    
      ssl_dhparam /usr/local/nginx/conf/ssl/newdomain.com/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    }
    
    server {
      listen 443 ssl http2;
      server_name www.newdomain.com;
    
      ssl_dhparam /usr/local/nginx/conf/ssl/newdomain.com/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    
    < snipped the rest of the nginx settings >

    Notice the middle server{} context tells Nginx to redirect non-www domain HTTPS requests to www domain HTTPS requests for www domain on third server{} context. While first server{} context tells Nginx to redirect both non-HTTPS non-www and www domain requests to HTTPS requests for www domain on third server{} context.

    key to testing is using 302 temp redirect first in a private incognito browser session otherwise the problems you can experience may end up being due to browser caching or 301 permanent redirects unless you clear browser cache and reboot local computer(s) and even then some web browsers don't let go of 301 permanent redirect browser cache that willingly :)

    You can test in SSH via curl to check headers for location field (where the redirect goes) using the following commands:
    Code (Text):
    curl -I http://domain.com
    

    Code (Text):
    curl -I http://www.domain.com
    
     
  6. Teddy

    Teddy New Member

    8
    0
    1
    Jul 11, 2023
    Ratings:
    +0
    Local Time:
    4:27 AM
    Latest
    latest
    I do use Https, i don't want to use www. though.

    It's not using the `example.com.ssl.conf`.

    So now I've did the disabling example.com.conf-disabled
    and then i uncommented the
    Code:
    #server {
    #       listen   80;
    #       server_name example.com www.example.com;
     #      return 302 https://$server_name$request_uri;
     #}
    
    but im just getting too many redirects constantly now.


    PS: there are no #'s before it in the file, i had to do this as the forum is not allowing me to post the code for some reason.
     
    Last edited: Jul 12, 2023
  7. eva2000

    eva2000 Administrator Staff Member

    52,721
    12,073
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,599
    Local Time:
    12:27 PM
    Nginx 1.25.x
    MariaDB 10.x
    Are you using Cloudflare? If using Cloudflare you can remove the nginx level 302 non-https to https redirect if you have Cloudflare Always Use HTTPS and rewrite non-HTTPS to HTTPS options.
     
  8. Teddy

    Teddy New Member

    8
    0
    1
    Jul 11, 2023
    Ratings:
    +0
    Local Time:
    4:27 AM
    Latest
    latest
    where exactly is that, im not good with nginx to be honest :(
    but yes i am using cloudflare.


    edit:

    I figured it out, but now it's showing me the default centminmod page instead of my forum.

    to be exact, the centminmod page that it's showing is supposed to be on a sub-domain (main.example.com) and my forum is supposed to be on (example.com).

    my virtual.conf file is like this:
    Code:
    
    server {
                listen 80 default_server backlog=16383 reuseport;
                server_name main.example.com;
                root   html;
    
            access_log              /var/log/nginx/localhost.access.log     combined buffer=256k flush=5m;
            error_log               /var/log/nginx/localhost.error.log      error;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
    # limit_conn limit_per_ip 16;
    # ssi  on;
    
            location /nginx_status {
            stub_status on;
            access_log   off;
            allow 127.0.0.1;
            #allow youripaddress;
            deny all;
            }
    
                location / {
               
                auth_basic "Private";
                auth_basic_user_file /usr/local/nginx/conf/htpasswd;
               
               
               
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
    #Enables directory listings when index file not found
    #autoindex  on;
    
    #Shows file listing times as local time
    #autoindex_localtime on;
    
    # Wordpress Permalinks example
    #try_files \$uri \$uri/ /index.php?q=\$uri&\$args;
               
                }
    
    include /usr/local/nginx/conf/php.conf;
    include /usr/local/nginx/conf/staticfiles.conf;
    include /usr/local/nginx/conf/include_opcache.conf;
    
    #include /usr/local/nginx/conf/phpstatus.conf;
    include /usr/local/nginx/conf/drop.conf;
    #include /usr/local/nginx/conf/errorpage.conf;
    #include /usr/local/nginx/conf/vts_mainserver.conf;
    
           }
    
     
  9. eva2000

    eva2000 Administrator Staff Member

    52,721
    12,073
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,599
    Local Time:
    12:27 PM
    Nginx 1.25.x
    MariaDB 10.x
    what is this? and this for?
    Code (Text):
      if ( $redirect_uri ) {
    
      return 301 $redirect_uri;
    
      }
    

    Ensure you have DNS A records for both www and non-www for your domain
    if you don't want www, then you need to setup redirect for www to non-www which you can do at Cloudflare level
     
  10. Teddy

    Teddy New Member

    8
    0
    1
    Jul 11, 2023
    Ratings:
    +0
    Local Time:
    4:27 AM
    Latest
    latest
    The 301 $redirect_uri; is supposed to make redirects work.
    the `redirects.conf` file has this inside
    Code:
    
    map $request_uri $redirect_uri {
    
    
        /403.html /404.html;
     
    }
    
    But my issue is that the file (example.com.ssl.conf) is not being used for configuration, and when i disable the (example.com.conf) file by renaming it to (example.com.conf-disabled) as suggested by the link you provided me earlier, it just makes it so that the default centminmod page is shown on my (example.com) domain, while it is only supposed to show on (main.example.com). And then it's supposed to show my forum on (example.com)


    edit: this is the page it shows on both (example.com) & (main.example.com): [​IMG]

    while it is only supposed to show on (main.example.com) and show the public directory for my domain on (example.com)
     
  11. eva2000

    eva2000 Administrator Staff Member

    52,721
    12,073
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,599
    Local Time:
    12:27 PM
    Nginx 1.25.x
    MariaDB 10.x
    Ensure you have Cloudflare SSL mode set to Full instead of Flexible SSL, as Flexible looks to non-https port 80 while Full SSL mode looks to https port 443.
     
  12. Teddy

    Teddy New Member

    8
    0
    1
    Jul 11, 2023
    Ratings:
    +0
    Local Time:
    4:27 AM
    Latest
    latest
    I set it to full, but now both domains are showing the public directory instead of the (main.example.com) showing the centminmod page.

    is there something in my configuration i did wrong?
     
  13. eva2000

    eva2000 Administrator Staff Member

    52,721
    12,073
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,599
    Local Time:
    12:27 PM
    Nginx 1.25.x
    MariaDB 10.x
    did you backup and remove example.com.conf-disabled? and restart nginx server
     
  14. Teddy

    Teddy New Member

    8
    0
    1
    Jul 11, 2023
    Ratings:
    +0
    Local Time:
    4:27 AM
    Latest
    latest
    i just deleted the file and used nprestart, but it didn't do anything. It's all still the same.
     
  15. eva2000

    eva2000 Administrator Staff Member

    52,721
    12,073
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,599
    Local Time:
    12:27 PM
    Nginx 1.25.x
    MariaDB 10.x
    what does contents of /usr/local/nginx/conf/conf.d/yourdomain.com.ssl.conf look like now?

    make sure DNS A records for your domain are correct
    Code (Text):
    dig A yourdomain.com +short
    dig A www.yourdomain.com +short
    dig A mainhost.yourdomain.com +short
    


    from you previous shown code, you also don't need
    Code (Text):
    location ~ \.php$ {
       try_files $uri =404;
       fastcgi_pass    127.0.0.1:9000;
       fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
       include         fastcgi_params;
    }
    

    and include file php.conf takes care of PHP
    Code (Text):
    include /usr/local/nginx/conf/php.conf;