Restrict URL's not working with OVH?

Teddy · Jul 11, 2023

Hello,

I'm basically trying to put a username & password prompt at certain locations of my website, such as "/admin.php" and "/install"

I've used the following in my domain.ssl.conf file to do so, but this doesn't seem to work. Not even rate limiting works, so I have a feeling it either has to do with the server or something went wrong somewhere..
Code (Text):
location /admin.php {
 
  auth_basic "Private";
  auth_basic_user_file /usr/local/nginx/conf/htpasswd;
  #include /usr/local/nginx/conf/php.conf;
  }
 
  location /install/ {
 
  auth_basic "Private";
  auth_basic_user_file /usr/local/nginx/conf/htpasswd;
  include /usr/local/nginx/conf/php.conf;
  }
Does anyone have an idea why this isn't working?
The server I use is an dedicated server from OVH, I selected CentOS 7 on the OS selection menu, which ended up installing CentOS 7.9.

eva2000 · Jul 11, 2023

For /admin.php you have include file commented out/disabled /usr/local/nginx/conf/php.conf so ensure it's enabled without hash # in front

When you create a new nginx vhost domain via centmin.sh menu option 2 or menu option 22 or via /usr/bin/nv cli command line, you will create the Nginx vhost files and directories. You will get an outputted the path location where it will create the domain name's vhost conf file named newdomain.com.conf (and newdomain.com.ssl.conf if you selected yes to self signed SSL)

Nginx vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.conf

Nginx HTTP/2 SSL vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf

Nginx Self-Signed SSL Certificate Directory at /usr/local/nginx/conf/ssl/newdomain.com

Vhost public web root will be at /home/nginx/domains/newdomain.com/public

Vhost log directory will be at /home/nginx/domains/newdomain.com/log

Please post the contents of /usr/local/nginx/conf/conf.d/newdomain.com.conf and if applicable /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf wrapped in CODE tags (outlined at How to use forum BBCODE code tags)

what is output of these commands in ssh
Code (Text):
curl -I https://domain.com/admin.php
Code (Text):
curl -I https://www.domain.com/admin.php
Code (Text):
curl -I http://domain.com/admin.php
Code (Text):
curl -I http://www.domain.com/admin.php
Code (Text):
curl -I https://domain.com/install/
Code (Text):
curl -I https://www.domain.com/install/
Code (Text):
curl -I http://domain.com/install/
Code (Text):
curl -I http://www.domain.com/install/
wrap output in CODE tags

and also how did you generate /usr/local/nginx/conf/htpasswd ?

you can use htpasswd.sh script and instead use site specific /home/nginx/domains/yourdomain.com/htpasswd and change your nginx vhost's reference to /home/nginx/domains/yourdomain.com/htpasswd
auth_basic_user_file file
Code (Text):
vhostname=yourdomain.com
/usr/local/nginx/conf/htpasswd.sh create /home/nginx/domains/$vhostname/htpasswd USERNAME PASSWORD
where, you change USERNAME to your desired username and PASSWORD to your password and change yourdomain.com to your wordpress site's domain name

then restart nginx
Code (Text):
ngxrestart

Teddy · Jul 11, 2023

eva2000 said: ↑

For /admin.php you have include file commented out/disabled /usr/local/nginx/conf/php.conf so ensure it's enabled without hash # in front

When you create a new nginx vhost domain via centmin.sh menu option 2 or menu option 22 or via /usr/bin/nv cli command line, you will create the Nginx vhost files and directories. You will get an outputted the path location where it will create the domain name's vhost conf file named newdomain.com.conf (and newdomain.com.ssl.conf if you selected yes to self signed SSL)

Nginx vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.conf

Nginx HTTP/2 SSL vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf

Nginx Self-Signed SSL Certificate Directory at /usr/local/nginx/conf/ssl/newdomain.com

Vhost public web root will be at /home/nginx/domains/newdomain.com/public

Vhost log directory will be at /home/nginx/domains/newdomain.com/log

Please post the contents of /usr/local/nginx/conf/conf.d/newdomain.com.conf and if applicable /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf wrapped in CODE tags (outlined at How to use forum BBCODE code tags)

what is output of these commands in ssh
Code (Text):
curl -I https://domain.com/admin.php
Code (Text):
curl -I https://www.domain.com/admin.php
Code (Text):
curl -I http://domain.com/admin.php
Code (Text):
curl -I http://www.domain.com/admin.php
Code (Text):
curl -I https://domain.com/install/
Code (Text):
curl -I https://www.domain.com/install/
Code (Text):
curl -I http://domain.com/install/
Code (Text):
curl -I http://www.domain.com/install/
wrap output in CODE tags

and also how did you generate /usr/local/nginx/conf/htpasswd ?

you can use htpasswd.sh script and instead use site specific /home/nginx/domains/yourdomain.com/htpasswd and change your nginx vhost's reference to /home/nginx/domains/yourdomain.com/htpasswd
auth_basic_user_file file
Code (Text):
vhostname=yourdomain.com
/usr/local/nginx/conf/htpasswd.sh create /home/nginx/domains/$vhostname/htpasswd USERNAME PASSWORD
where, you change USERNAME to your desired username and PASSWORD to your password and change yourdomain.com to your wordpress site's domain name

then restart nginx
Code (Text):
ngxrestart
Click to expand...

Hey thank you for your reply, I've been trying to figure this out since the post or even earlier to be fair but i figured out just now that for some reason my main domain `example.com` is using the `example.com.conf` for configuration instead of using `example.com.ssl.conf` which it's supposed to use, do you have any clue what i've done wrong that's causing the server to use the wrong configuration?

I tested this by adding the same exact method of protecting the admin.php file & install directory to the `example.com.conf` file which ended up working (to protect those files/directories)

but then again, it's not the right file that i want it to take the configuration from.

This is my example.com.ssl.conf file which i changed the domain name of.

Code:


# Centmin Mod Getting Started Guide
# must read https://centminmod.com/getstarted.html
# For HTTP/2 SSL Setup
# read https://centminmod.com/letsencrypt-freessl.html

# redirect from www to non-www  forced SSL
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
# server {
#       listen   80;
#       server_name example.com www.example.com;
#       return 302 https://$server_name$request_uri;
# }

#remove line below to remove redirects
include /usr/local/nginx/conf/conf.d/redirects.conf;

#rate limit
limit_req_zone $binary_remote_addr zone=test:10m rate=1r/m;
limit_req_zone $binary_remote_addr zone=public:10m rate=200r/m;

server {
  listen 443 ssl http2 reuseport;
  server_name example.com www.example.com;

  include /usr/local/nginx/conf/ssl/example.com/example.com.crt.key.conf;
  include /usr/local/nginx/conf/ssl_include.conf;

  #cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
  ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/example.com/origin.crt;
  ssl_verify_client on;
 
 
 
  # mozilla recommended
  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
  ssl_prefer_server_ciphers   on;
  #add_header Alternate-Protocol  443:npn-spdy/3;

  # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
  #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  #add_header X-Frame-Options SAMEORIGIN;
  add_header X-Xss-Protection "1; mode=block" always;
  add_header X-Content-Type-Options "nosniff" always;
  #add_header Referrer-Policy "strict-origin-when-cross-origin";
  #add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()";
  #spdy_headers_comp 5;
  ssl_buffer_size 1369;
  ssl_session_tickets on;
 
  # enable ocsp stapling
  resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=10m;
  resolver_timeout 10s;
  ssl_stapling on;
  ssl_stapling_verify on;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/example.com/log/access.log combined buffer=256k flush=5m;
  error_log /home/nginx/domains/example.com/log/error.log;

  include /usr/local/nginx/conf/autoprotect/example.com/autoprotect-example.com.conf;
  root /home/nginx/domains/example.com/public;
  # uncomment cloudflare.conf include if using cloudflare for
  # server and/or vhost site
  include /usr/local/nginx/conf/cloudflare.conf;
  include /usr/local/nginx/conf/503include-main.conf;

  location / {
 
    try_files $uri $uri/ /xf/index.php?$uri&$args;
    #index index.php index.html;
 
 
 
  #remove line below to stop request limiting
  limit_req zone=public burst=400 nodelay;
 
  include /usr/local/nginx/conf/503include-only.conf;
 
  if ( $redirect_uri ) {
 
  return 301 $redirect_uri;
 
  }
 

# block common exploits, sql injections etc
#include /usr/local/nginx/conf/block.conf;

  # Enables directory listings when index file not found
  #autoindex  on;

  # Shows file listing times as local time
  #autoindex_localtime on;

  # Wordpress Permalinks example
  #try_files $uri $uri/ /index.php?q=$uri&$args;

  }
 
 location /admin.php {
     auth_basic "Private";
     auth_basic_user_file /usr/local/nginx/conf/htpasswd;
        include /usr/local/nginx/conf/php.conf;;
}
 

location ~ \.php$ {
    try_files $uri =404;
    fastcgi_pass    127.0.0.1:9000;
    fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include         fastcgi_params;
}
 
 
 
 
 
 
 
 

  include /usr/local/nginx/conf/php.conf;
 
  include /usr/local/nginx/conf/pre-staticfiles-local-example.com.conf;
  include /usr/local/nginx/conf/pre-staticfiles-global.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}

and this is my example.com.conf file

Code:


# Centmin Mod Getting Started Guide
# must read https://centminmod.com/getstarted.html

# redirect from non-www to www
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
#server {
#            listen   80;
#            server_name example.com www.example.com;
#            return 301 $scheme://www.example.com$request_uri;
#       }

server {
 
  server_name example.com www.example.com;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  #add_header X-Frame-Options SAMEORIGIN;
  add_header X-Xss-Protection "1; mode=block" always;
  add_header X-Content-Type-Options "nosniff" always;
  #add_header Referrer-Policy "strict-origin-when-cross-origin";
  #add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()";

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/example.com/log/access.log combined buffer=256k flush=5m;
  error_log /home/nginx/domains/example.com/log/error.log;

  include /usr/local/nginx/conf/autoprotect/example.com/autoprotect-example-com.conf;
  root /home/nginx/domains/example.com/public;
  # uncomment cloudflare.conf include if using cloudflare for
  # server and/or vhost site
  include /usr/local/nginx/conf/cloudflare.conf;
  include /usr/local/nginx/conf/503include-main.conf;

  # prevent access to ./directories and files
  #location ~ (?:^|/)\. {
  # deny all;
  #}

  location / {
  include /usr/local/nginx/conf/503include-only.conf;

# block common exploits, sql injections etc
#include /usr/local/nginx/conf/block.conf;

  # Enables directory listings when index file not found
  #autoindex  on;

  # Shows file listing times as local time
  #autoindex_localtime on;

  # Wordpress Permalinks example
  #try_files $uri $uri/ /index.php?q=$uri&$args;

  }
 
   location /admin.php {
     auth_basic "Private";
     auth_basic_user_file /usr/local/nginx/conf/htpasswd;
        include /usr/local/nginx/conf/php.conf;;
}

  include /usr/local/nginx/conf/php.conf;
 
  include /usr/local/nginx/conf/pre-staticfiles-local-example.com.conf;
  include /usr/local/nginx/conf/pre-staticfiles-global.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}

----------------------------------------------

output of the commands ~

Code:


HTTP/1.1 200 OK
Date: Tue, 11 Jul 2023 07:18:56 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Content-Type-Options: nosniff
Last-Modified: Tue, 11 Jul 2023 07:18:56 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private, no-cache, max-age=0
Vary: Accept-Encoding
Set-Cookie: xf_csrf=6opIdXPIloPB_dDZ; path=/; secure
X-Powered-By: centminmod
X-Xss-Protection: 1; mode=block
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7vR7FE5Z6K3oT0ZwgRnDAHZV1aIQcDGnl4WI6eJV4SnK10Da%2FqohjUEUFn2Oy3zeDTw%2BBaaEZDenIQs0Z6fxYFMxKjzBitu5uksS19NjJxP5jhx3LA7dPHW1xA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7e4f467c3ab20405-CDG
alt-svc: h3=":443"; ma=86400

Code:

HTTP/1.1 200 OK
Date: Tue, 11 Jul 2023 07:21:45 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Content-Type-Options: nosniff
Last-Modified: Tue, 11 Jul 2023 07:21:45 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private, no-cache, max-age=0
Vary: Accept-Encoding
Set-Cookie: xf_csrf=3jxyks7Dnd45v5_n; path=/; secure
X-Powered-By: centminmod
X-Xss-Protection: 1; mode=block
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vy7ubG6IgiHJuk%2FxUNib8YXwiEpYDwNKU3kxsXu2lUS7uvDoApGsnuRG8%2BmyUelIGqn%2FEvGS%2BklVxQ7%2BNttHm8%2Bij8RoS3X%2BIBRMBvqUJn9324HCEbYvqQBmn9452Nw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7e4f4a9c0a47d52a-CDG
alt-svc: h3=":443"; ma=86400

<!DOCTYPE html>
<html id="XF" lang="en-US" dir="LTR"
        class="has-no-js p-adminLogin template-login_form" data-template="login_form"
        data-app="admin"
        data-cookie-prefix="xf_"
         data-run-jobs="">
<head>
        <meta charset="utf-8" />
        <meta name="robots" content="noindex" />
        <meta http-equiv="X-UA-Compatible" content="IE=Edge" />
        <meta name="viewport" content="width=device-width, initial-scale=1">

        <title>Administrator login | Example.com</title>








        <link rel="preload" href="/styles/fonts/fa/fa-regular-400.woff2?_v=5.15.3" as="font" type="font/woff2" crossorigin="anonymous" />


        <link rel="preload" href="/styles/fonts/fa/fa-solid-900.woff2?_v=5.15.3" as="font" type="font/woff2" crossorigin="anonymous" />


<link rel="preload" href="/styles/fonts/fa/fa-brands-400.woff2?_v=5.15.3" as="font" type="font/woff2" crossorigin="anonymous" />

        <link rel="stylesheet" href="/css.php?css=public%3Anormalize.css%2Cpublic%3Afa.css%2Cpublic%3Acore.less%2Cadmin%3Aapp.less&amp;s=0&amp;l=1&amp;d=1689032713&amp;k=ddf3b3de963ffa203c539c3dc932b0ee05dff3e3" />

        <link rel="stylesheet" href="/css.php?css=public%3Aextra.less&amp;s=0&amp;l=1&amp;d=1689032713&amp;k=291511d404c29f45c1c1b8c3f74b1f335691b2b3" />


                <script src="/js/xf/preamble.min.js?_v=cb4680da"></script>


</head>
<body>

<div class="adminLogin-wrapper">
        <div class="adminLogin-content ">



                        <form action="/admin.php?login/login" method="post" class="adminLogin-contentForm"
                                 data-xf-init="ajax-submit"
                        >
                                <input type="hidden" name="_xfToken" value="1689060105,f8996e76e2c68afa6bd61733ae14afe6" />

        <div><a href="https://Example.com"><img src="/styles/default/xenforo/xenforo-logo.svg"
                width="100" height="36" alt="XenForo Ltd." /></a></div>
        <!--<h1>Example.com</h1>-->
        <dl class="adminLogin-row">
                <dt>Your name or email address:</dt>
                <dd>
                        <input type="text" class="input" name="login" placeholder="Username or email…" aria-label="Username or email" autofocus="autofocus" />
                        <i class="fa--xf far fa-user" aria-hidden="true"></i>
                </dd>
        </dl>
        <dl class="adminLogin-row">
                <dt>Password:</dt>
                <dd>





<div data-xf-init=" password-hide-show"
        data-show-text="Show" data-hide-text="Hide">

                <div class="inputGroup inputGroup--joined">

        <input type="password" name="password" value=""
                class="input js-password input--passwordHideShow"  placeholder="Password…" aria-label="Password" />

                        <i class="fa--xf far fa-key" aria-hidden="true"></i>
                        <div class="inputGroup-text">
                                <label class="iconic iconic--hideShow js-hideShowContainer"><input type="checkbox"  value="1" /><i aria-hidden="true"></i><span class="iconic-label">Show</span></label>

                        </div>
                </div>



</div>
                </dd>
        </dl>
        <div class="adminLogin-row adminLogin-row--submit">
                <button type="submit" class="button button--icon button--icon--login"><span class="button-text">Administrator login</span></button>
                <div class="adminLogin-boardTitle">Example.com</div>
        </div>


                        </form>


        </div>
</div>



        <script src="/js/vendor/jquery/jquery-3.5.1.min.js?_v=cb4680da"></script>
        <script src="/js/vendor/vendor-compiled.js?_v=cb4680da"></script>
        <script src="/js/xf/core-compiled.js?_v=cb4680da"></script>
        <script src="/js/xf/admin.min.js?_v=cb4680da"></script>

        <script>
                jQuery.extend(true, XF.config, {
                        //
                        userId: 0,
                        enablePush: false,
                        pushAppServerKey: '',
                        url: {
                                fullBase: 'https://www.Example.com/',
                                basePath: '/',
                                css: '/css.php?css=__SENTINEL__&s=0&l=1&d=1689032713',
                                keepAlive: '/admin.php?login/keep-alive'
                        },
                        cookie: {
                                path: '/',
                                domain: '',
                                prefix: 'xf_',
                                secure: true,
                                consentMode: 'disabled',
                                consented: ["optional","_third_party"]
                        },
                        cacheKey: '29c4a85ed122115dfcf96153b148f2d2',
                        csrf: '1689060105,f8996e76e2c68afa6bd61733ae14afe6',
                        js: {"\/js\/xf\/admin.min.js?_v=cb4680da":true},
                        css: {"public:extra.less":true},
                        time: {
                                now: 1689060105,
                                today: 1689033600,
                                todayDow: 2,
                                tomorrow: 1689120000,
                                yesterday: 1688947200,
                                week: 1688515200
                        },
                        borderSizeFeature: '3px',
                        fontAwesomeWeight: 'r',
                        enableRtnProtect: true,

                        enableFormSubmitSticky: true,
                        uploadMaxFilesize: 838860800,
                        allowedVideoExtensions: ["m4v","mov","mp4","mp4v","mpeg","mpg","ogv","webm"],
                        allowedAudioExtensions: ["mp3","opus","ogg","wav"],
                        shortcodeToEmoji: true,
                        visitorCounts: {
                                conversations_unread: '0',
                                alerts_unviewed: '0',
                                total_unread: '0',
                                title_count: true,
                                icon_indicator: true
                        },
                        jsState: {},
                        publicMetadataLogoUrl: '',
                        publicPushBadgeUrl: 'https://www.Example.com/styles/default/xenforo/bell.png'
                });

                jQuery.extend(XF.phrases, {
                        //
                        date_x_at_time_y: "{date} at {time}",
                        day_x_at_time_y:  "{day} at {time}",
                        yesterday_at_x:   "Yesterday at {time}",
                        x_minutes_ago:    "{minutes} minutes ago",
                        one_minute_ago:   "1 minute ago",
                        a_moment_ago:     "A moment ago",
                        today_at_x:       "Today at {time}",
                        in_a_moment:      "In a moment",
                        in_a_minute:      "In a minute",
                        in_x_minutes:     "In {minutes} minutes",
                        later_today_at_x: "Later today at {time}",
                        tomorrow_at_x:    "Tomorrow at {time}",

                        day0: "Sunday",
                        day1: "Monday",
                        day2: "Tuesday",
                        day3: "Wednesday",
                        day4: "Thursday",
                        day5: "Friday",
                        day6: "Saturday",

                        dayShort0: "Sun",
                        dayShort1: "Mon",
                        dayShort2: "Tue",
                        dayShort3: "Wed",
                        dayShort4: "Thu",
                        dayShort5: "Fri",
                        dayShort6: "Sat",

                        month0: "January",
                        month1: "February",
                        month2: "March",
                        month3: "April",
                        month4: "May",
                        month5: "June",
                        month6: "July",
                        month7: "August",
                        month8: "September",
                        month9: "October",
                        month10: "November",
                        month11: "December",

                        active_user_changed_reload_page: "The active user has changed. Reload the page for the latest version.",
                        server_did_not_respond_in_time_try_again: "The server did not respond in time. Please try again.",
                        oops_we_ran_into_some_problems: "Oops! We ran into some problems.",
                        oops_we_ran_into_some_problems_more_details_console: "Oops! We ran into some problems. Please try again later. More error details may be in the browser console.",
                        file_too_large_to_upload: "The file is too large to be uploaded.",
                        uploaded_file_is_too_large_for_server_to_process: "The uploaded file is too large for the server to process.",
                        files_being_uploaded_are_you_sure: "Files are still being uploaded. Are you sure you want to submit this form?",
                        attach: "Attach files",
                        rich_text_box: "Rich text box",
                        close: "Close",
                        link_copied_to_clipboard: "Link copied to clipboard.",
                        text_copied_to_clipboard: "Text copied to clipboard.",
                        loading: "Loading…",
                        you_have_exceeded_maximum_number_of_selectable_items: "You have exceeded the maximum number of selectable items.",

                        processing: "Processing",
                        'processing...': "Processing…",

                        showing_x_of_y_items: "Showing {count} of {total} items",
                        showing_all_items: "Showing all items",
                        no_items_to_display: "No items to display",

                        number_button_up: "Increase",
                        number_button_down: "Decrease",

                        push_enable_notification_title: "Push notifications enabled successfully at Example.com",
                        push_enable_notification_body: "Thank you for enabling push notifications!",

                        pull_down_to_refresh: "Pull down to refresh",
                        release_to_refresh: "Release to refresh",
                        refreshing: "Refreshing…"
                });
        </script>

        <form style="display:none" hidden="hidden">
                <input type="text" name="_xfClientLoadTime" value="" id="_xfClientLoadTime" title="_xfClientLoadTime" tabindex="-1" />
        </form>




        <script>
                jQuery.extend(true, XF.config, {
                        job: {
                                manualUrl: "/admin.php?tools/run-job"
                        },
                        visitorCounts: null
                });
                jQuery.extend(XF.phrases, {
                        cancel: "Cancel",
                        cancelling: "Cancelling",
                        no_items_matched_your_filter: "No items matched your filter."
                });
        </script>


</body>

Code:


HTTP/1.1 200 OK
Date: Tue, 11 Jul 2023 07:23:43 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Content-Type-Options: nosniff
Last-Modified: Tue, 11 Jul 2023 07:23:43 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private, no-cache, max-age=0
Vary: Accept-Encoding
Set-Cookie: xf_csrf=FTuT7Ork2Zm-kLKG; path=/
X-Powered-By: centminmod
X-Xss-Protection: 1; mode=block
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QPZOF3D0q%2BLlxXf3MgdpJh9ngKjCY3Q1Md5C6r%2BtVMTeDTqKCfpy6amYOSVIf1UKpUlWVK8fMt%2FrcqxvydHZfSASJ17WSoitcv8iWJtEC5rX%2F3oQVgaBZjIaww%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7e4f4d7a9ced0224-CDG
alt-svc: h3=":443"; ma=86400

Code:

HTTP/1.1 200 OK
Date: Tue, 11 Jul 2023 07:24:34 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Content-Type-Options: nosniff
Last-Modified: Tue, 11 Jul 2023 07:24:34 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private, no-cache, max-age=0
Vary: Accept-Encoding
Set-Cookie: xf_csrf=XZWvT0qQH8DcN1Tl; path=/
X-Powered-By: centminmod
X-Xss-Protection: 1; mode=block
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X%2B5PYFHc5d%2BQpfya0vLnqNiDZV8zefGOwyRjgcwTGEDTzY%2BQBUg2lheHzut1ieSu%2BPuwdHhbjluRaZ0tPycMzNBy74Q0kxrrVFVVNbdBFpBZYPRzxDOkm7Zbn0EWH8s%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7e4f4eb9a892d68e-CDG
alt-svc: h3=":443"; ma=86400

Code:


HTTP/1.1 301 Moved Permanently
Date: Tue, 11 Jul 2023 07:25:01 GMT
Content-Type: text/html
Connection: keep-alive
Location: http://example.com/install/
X-Powered-By: centminmod
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MdPR7XMTNrsqgZ88%2BaNn3WLv9OvBeRrdCkh%2BOQvT7qUuOuEI3TsDg26%2F2GaHVfs4%2FzvyOlpjJMUVCpYqB6HXOzuujnygsibKxsMGn13ntol335Zaelqb1vKGTA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7e4f4f6638a02a34-CDG
alt-svc: h3=":443"; ma=86400

Code:

HTTP/1.1 301 Moved Permanently
Date: Tue, 11 Jul 2023 07:25:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://www.example.com/install/
X-Powered-By: centminmod
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=45KvIM4B4ycksdl05fZMvD63gW6Sd3IsvQeGDQEFSv1BnEKNgE%2FS90%2F%2BdERA8v6N9GattmDYC4NED%2B6fEtpqWv4NnZ4mcVRn3lOf2qzhEfMokHcAXr9BdCdfY%2BAvlMQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7e4f50b379df0492-CDG
alt-svc: h3=":443"; ma=86400

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>

Code:

HTTP/1.1 301 Moved Permanently
Date: Tue, 11 Jul 2023 07:26:19 GMT
Content-Type: text/html
Connection: keep-alive
Location: http://example.com/install/
X-Powered-By: centminmod
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5bas8A7YyRk6sMv7IPSXy6EmUBY%2F3uwv%2F%2FQ10NBI0QQTjZY8O3NVkUWEGKfFtP3u%2BBGg%2BOKeiGo%2FeaSS%2FVwa1YmcpTVaINCiPzsDqE8s0gXZafPeQ9xn2RnR5g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7e4f514a39f73c80-CDG
alt-svc: h3=":443"; ma=86400

Code:


HTTP/1.1 301 Moved Permanently
Date: Tue, 11 Jul 2023 07:27:19 GMT
Content-Type: text/html
Connection: keep-alive
Location: http://www.example.com/install/
X-Powered-By: centminmod
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OlTYM1VgDOdCPbcRunINBf8i%2FDk2oCHjYD7woUyB6wP%2BCXHYRvHssHNOIh5jhukZLgZkODI94KZpxSpAHc8JsokLHfwnjFe%2F0VuSWlsB9I1CWl3YgnfNCIkc4ZjSylo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7e4f52c28d1dd502-CDG
alt-svc: h3=":443"; ma=86400

eva2000 · Jul 11, 2023

You use example.com.ssl.conf if you're using HTTPS

eva2000 · Jul 11, 2023

Posted at centminmod.com/nginx_domain_dns_setup.html#httpsredirect is the correct way to set it up - pay attention to different way if you want redirect target being www version instead of non-www and vice versa and that the target version www or non-www is the only version listed in server_name for the 2nd/main server {} context.

If you prefer www domain i.e. https://wwww.newdomain.com to be the intended redirect target, you will have add a 3rd server{} context to your Nginx HTTPS SSL vhost config file as outlined here.
Code (Text):
# Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html
# For HTTP/2 SSL Setup
# read http://centminmod.com/nginx_configure_https_ssl_spdy.html

# redirect from www to non-www  forced SSL
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
 server {
   server_name newdomain.com www.newdomain.com;
   return 302 https://www.newdomain.com$request_uri;
 }

server {
  listen 443 ssl http2;
  server_name newdomain.com;
  return 302 https://www.newdomain.com$request_uri;

  ssl_dhparam /usr/local/nginx/conf/ssl/newdomain.com/dhparam.pem;
  ssl_certificate      /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com.crt;
  ssl_certificate_key  /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com.key;
  include /usr/local/nginx/conf/ssl_include.conf;
}

server {
  listen 443 ssl http2;
  server_name www.newdomain.com;

  ssl_dhparam /usr/local/nginx/conf/ssl/newdomain.com/dhparam.pem;
  ssl_certificate      /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com.crt;
  ssl_certificate_key  /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com.key;
  include /usr/local/nginx/conf/ssl_include.conf;

< snipped the rest of the nginx settings >
Notice the middle server{} context tells Nginx to redirect non-www domain HTTPS requests to www domain HTTPS requests for www domain on third server{} context. While first server{} context tells Nginx to redirect both non-HTTPS non-www and www domain requests to HTTPS requests for www domain on third server{} context.

key to testing is using 302 temp redirect first in a private incognito browser session otherwise the problems you can experience may end up being due to browser caching or 301 permanent redirects unless you clear browser cache and reboot local computer(s) and even then some web browsers don't let go of 301 permanent redirect browser cache that willingly

You can test in SSH via curl to check headers for location field (where the redirect goes) using the following commands:
Code (Text):
curl -I http://domain.com
Code (Text):
curl -I http://www.domain.com

Teddy · Jul 12, 2023

eva2000 said: ↑
Posted at centminmod.com/nginx_domain_dns_setup.html#httpsredirect is the correct way to set it up - pay attention to different way if you want redirect target being www version instead of non-www and vice versa and that the target version www or non-www is the only version listed in server_name for the 2nd/main server {} context.

If you prefer www domain i.e. https://wwww.newdomain.com to be the intended redirect target, you will have add a 3rd server{} context to your Nginx HTTPS SSL vhost config file as outlined here.
Code (Text):
# Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html
# For HTTP/2 SSL Setup
# read http://centminmod.com/nginx_configure_https_ssl_spdy.html

# redirect from www to non-www  forced SSL
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
 server {
   server_name newdomain.com www.newdomain.com;
   return 302 https://www.newdomain.com$request_uri;
 }

server {
  listen 443 ssl http2;
  server_name newdomain.com;
  return 302 https://www.newdomain.com$request_uri;

  ssl_dhparam /usr/local/nginx/conf/ssl/newdomain.com/dhparam.pem;
  ssl_certificate      /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com.crt;
  ssl_certificate_key  /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com.key;
  include /usr/local/nginx/conf/ssl_include.conf;
}

server {
  listen 443 ssl http2;
  server_name www.newdomain.com;

  ssl_dhparam /usr/local/nginx/conf/ssl/newdomain.com/dhparam.pem;
  ssl_certificate      /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com.crt;
  ssl_certificate_key  /usr/local/nginx/conf/ssl/newdomain.com/newdomain.com.key;
  include /usr/local/nginx/conf/ssl_include.conf;

< snipped the rest of the nginx settings >
Notice the middle server{} context tells Nginx to redirect non-www domain HTTPS requests to www domain HTTPS requests for www domain on third server{} context. While first server{} context tells Nginx to redirect both non-HTTPS non-www and www domain requests to HTTPS requests for www domain on third server{} context.

key to testing is using 302 temp redirect first in a private incognito browser session otherwise the problems you can experience may end up being due to browser caching or 301 permanent redirects unless you clear browser cache and reboot local computer(s) and even then some web browsers don't let go of 301 permanent redirect browser cache that willingly

You can test in SSH via curl to check headers for location field (where the redirect goes) using the following commands:
Code (Text):
curl -I http://domain.com
Code (Text):
curl -I http://www.domain.com
Click to expand...
I do use Https, i don't want to use www. though.

It's not using the `example.com.ssl.conf`.

So now I've did the disabling example.com.conf-disabled
and then i uncommented the
Code:
#server {
#       listen   80;
#       server_name example.com www.example.com;
 #      return 302 https://$server_name$request_uri;
 #}
but im just getting too many redirects constantly now.

PS: there are no #'s before it in the file, i had to do this as the forum is not allowing me to post the code for some reason.

eva2000 · Jul 12, 2023

Teddy said: ↑

but im just getting "too many redirects" constantly now.
Click to expand...

Are you using Cloudflare? If using Cloudflare you can remove the nginx level 302 non-https to https redirect if you have Cloudflare Always Use HTTPS and rewrite non-HTTPS to HTTPS options.

Teddy · Jul 12, 2023

where exactly is that, im not good with nginx to be honest

but yes i am using cloudflare.

edit:

I figured it out, but now it's showing me the default centminmod page instead of my forum.

to be exact, the centminmod page that it's showing is supposed to be on a sub-domain (main.example.com) and my forum is supposed to be on (example.com).

my virtual.conf file is like this:

Code:


server {
            listen 80 default_server backlog=16383 reuseport;
            server_name main.example.com;
            root   html;

        access_log              /var/log/nginx/localhost.access.log     combined buffer=256k flush=5m;
        error_log               /var/log/nginx/localhost.error.log      error;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

# limit_conn limit_per_ip 16;
# ssi  on;

        location /nginx_status {
        stub_status on;
        access_log   off;
        allow 127.0.0.1;
        #allow youripaddress;
        deny all;
        }

            location / {
           
            auth_basic "Private";
            auth_basic_user_file /usr/local/nginx/conf/htpasswd;
           
           
           

# block common exploits, sql injections etc
#include /usr/local/nginx/conf/block.conf;

#Enables directory listings when index file not found
#autoindex  on;

#Shows file listing times as local time
#autoindex_localtime on;

# Wordpress Permalinks example
#try_files \$uri \$uri/ /index.php?q=\$uri&\$args;
           
            }

include /usr/local/nginx/conf/php.conf;
include /usr/local/nginx/conf/staticfiles.conf;
include /usr/local/nginx/conf/include_opcache.conf;

#include /usr/local/nginx/conf/phpstatus.conf;
include /usr/local/nginx/conf/drop.conf;
#include /usr/local/nginx/conf/errorpage.conf;
#include /usr/local/nginx/conf/vts_mainserver.conf;

       }

eva2000 · Jul 12, 2023

Teddy said: ↑
Code (Text):
#remove line below to remove redirects
include /usr/local/nginx/conf/conf.d/redirects.conf;
Click to expand...
what is this? and this for?
Code (Text):
  if ( $redirect_uri ) {

  return 301 $redirect_uri;

  }
Ensure you have DNS A records for both www and non-www for your domain

Teddy said: ↑

I do use Https, i don't want to use www. though.
Click to expand...

if you don't want www, then you need to setup redirect for www to non-www which you can do at Cloudflare level

Teddy · Jul 12, 2023

eva2000 said: ↑
what is this? and this for?
Code (Text):
  if ( $redirect_uri ) {

  return 301 $redirect_uri;

  }
Ensure you have DNS A records for both www and non-www for your domain

if you don't want www, then you need to setup redirect for www to non-www which you can do at Cloudflare level
Click to expand...
The 301 $redirect_uri; is supposed to make redirects work.
the `redirects.conf` file has this inside
Code:
map $request_uri $redirect_uri {


    /403.html /404.html;
 
}
But my issue is that the file (example.com.ssl.conf) is not being used for configuration, and when i disable the (example.com.conf) file by renaming it to (example.com.conf-disabled) as suggested by the link you provided me earlier, it just makes it so that the default centminmod page is shown on my (example.com) domain, while it is only supposed to show on (main.example.com). And then it's supposed to show my forum on (example.com)

edit: this is the page it shows on both (example.com) & (main.example.com):

while it is only supposed to show on (main.example.com) and show the public directory for my domain on (example.com)

eva2000 · Jul 12, 2023

Ensure you have Cloudflare SSL mode set to Full instead of Flexible SSL, as Flexible looks to non-https port 80 while Full SSL mode looks to https port 443.

Teddy · Jul 12, 2023

eva2000 said: ↑

Ensure you have Cloudflare SSL mode set to Full instead of Flexible SSL, as Flexible looks to non-https port 80 while Full SSL mode looks to https port 443.
Click to expand...

I set it to full, but now both domains are showing the public directory instead of the (main.example.com) showing the centminmod page.

is there something in my configuration i did wrong?

eva2000 · Jul 12, 2023

did you backup and remove example.com.conf-disabled? and restart nginx server

Teddy · Jul 12, 2023

eva2000 said: ↑

did you backup and remove example.com.conf-disabled? and restart nginx server
Click to expand...

i just deleted the file and used nprestart, but it didn't do anything. It's all still the same.

eva2000 · Jul 12, 2023

what does contents of /usr/local/nginx/conf/conf.d/yourdomain.com.ssl.conf look like now?

make sure DNS A records for your domain are correct
Code (Text):
dig A yourdomain.com +short
dig A www.yourdomain.com +short
dig A mainhost.yourdomain.com +short
from you previous shown code, you also don't need
Code (Text):
location ~ \.php$ {
   try_files $uri =404;
   fastcgi_pass    127.0.0.1:9000;
   fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
   include         fastcgi_params;
}
and include file php.conf takes care of PHP
Code (Text):
include /usr/local/nginx/conf/php.conf;

Log in / Register

Forums

Get the most out of your Centmin Mod LEMP stack

Restrict URL's not working with OVH?

Teddy New Member

eva2000 Administrator Staff Member

Teddy New Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

Teddy New Member

eva2000 Administrator Staff Member

Teddy New Member

eva2000 Administrator Staff Member

Teddy New Member

eva2000 Administrator Staff Member

Teddy New Member

eva2000 Administrator Staff Member

Teddy New Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Get the most out of your Centmin Mod LEMP stack

Restrict URL's not working with OVH?

Teddy New Member

eva2000 Administrator Staff Member

Teddy New Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

Teddy New Member

eva2000 Administrator Staff Member

Teddy New Member

eva2000 Administrator Staff Member

Teddy New Member

eva2000 Administrator Staff Member

Teddy New Member

eva2000 Administrator Staff Member

Teddy New Member

eva2000 Administrator Staff Member

.