Website refused to connect after server reboot?

eva2000 · Jan 20, 2018

might need to filter command a bit more
Code (Text):
grep -rn 'server_name' /usr/local/nginx/conf | grep -v backup | grep -C8 'utahfishkeepers'
CarpCharacin said: ↑

I think with just adduser.
Click to expand...

exact steps ? as just adduser isn't enough to create a proper sudo user that works at root user level

CarpCharacin · Jan 21, 2018

Here is the output:

Code (Text):

/usr/local/nginx/conf/uwsgi_params.default:17:uwsgi_param  SERVER_NAME        $server_name;
/usr/local/nginx/conf/php-rediscache.conf:81:fastcgi_param  SERVER_NAME        $server_name;
/usr/local/nginx/conf/fastcgi.conf.default:23:fastcgi_param  SERVER_NAME        $server_name;
/usr/local/nginx/conf/php-pool5.conf:70:fastcgi_param  SERVER_NAME        $server_name;
/usr/local/nginx/conf/conf.d/utahfishkeepers.us.ssl.conf:13:    server_name utahfishkeepers.us www.utahfishkeepers.us;
/usr/local/nginx/conf/conf.d/utahfishkeepers.us.ssl.conf:26:    server_name utahfishkeepers.us www.utahfishkeepers.us;
/usr/local/nginx/conf/conf.d/utahfishkeepers.us.ssl.conf:33:    server_name utahfishkeepers.us www.utahfishkeepers.us;
/usr/local/nginx/conf/conf.d/ssl.conf:5:#    server_name  localhost;
/usr/local/nginx/conf/conf.d/demodomain.com.conf:5:            server_name demodomain.com;
/usr/local/nginx/conf/conf.d/demodomain.com.conf:12:            server_name www.demodomain.com;
/usr/local/nginx/conf/conf.d/virtual.conf:4:            server_name li227-82.members.linode.com;
/usr/local/nginx/conf/conf.d/carpcharacin.rocks.ssl.conf:6:   server_name carpcharacin.rocks www.carpcharacin.rocks;
/usr/local/nginx/conf/conf.d/carpcharacin.rocks.ssl.conf:14:  server_name carpcharacin.rocks www.carpcharacin.rocks;
/usr/local/nginx/conf/phpssl.conf:62:fastcgi_param  SERVER_NAME        $server_name;
/usr/local/nginx/conf/fastcgi.conf:23:fastcgi_param  SERVER_NAME        $server_name;

I can't remember, it was I think in October or November 2016, well over a year ago.

eva2000 · Jan 21, 2018

contents of /usr/local/nginx/conf/conf.d/utahfishkeepers.us.ssl.conf ? you have 3 instances listed from output

CarpCharacin · Jan 21, 2018

Code (Text):

# Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html
# For HTTP/2 SSL Setup
# read http://centminmod.com/nginx_configure_https_ssl_spdy.html

# redirect from www to non-www  forced SSL
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
# ipv4
server {
    listen   80;
    listen [2600:3c01::f03c:91ff:fe2c:f69e]:80;
    server_name utahfishkeepers.us www.utahfishkeepers.us;

  include /usr/local/nginx/conf/ssl/utahfishkeepers.us/utahfishkeepers.us.crt.key.conf;
  include /usr/local/nginx/conf/ssl_include.conf;


    return 302 https://www.utahfishkeepers.us$request_uri;
    }


server {
    listen   80;
    listen [2600:3c01::f03c:91ff:fe2c:f69e]:80;
    server_name utahfishkeepers.us www.utahfishkeepers.us;
    return 301 https://www.utahfishkeepers.us$request_uri;
    }

server {
    listen   443 ssl http2;
    listen [2600:3c01::f03c:91ff:fe2c:f69e]:443 ssl http2;
    server_name utahfishkeepers.us www.utahfishkeepers.us;




  include /usr/local/nginx/conf/ssl/utahfishkeepers.us/utahfishkeepers.us.crt.key.conf;
  include /usr/local/nginx/conf/ssl_include.conf;

  http2_max_field_size 16k;
  http2_max_header_size 32k;
  # dual cert supported ssl ciphers
  ssl_ciphers     EECDH+CHACHA20-draft:EECDH+CHACHA20:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
  ssl_prefer_server_ciphers   on;
  #add_header Alternate-Protocol  443:npn-spdy/3;
  #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  #add_header X-Frame-Options SAMEORIGIN;
  #add_header X-Xss-Protection "1; mode=block" always;
  #add_header X-Content-Type-Options "nosniff" always;
  #spdy_headers_comp 5;
  ssl_buffer_size 1369;
  ssl_session_tickets on;

  # enable ocsp stapling
  resolver 8.8.8.8 8.8.4.4 valid=10m;
  resolver_timeout 10s;
  ssl_stapling on;
  ssl_stapling_verify on;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/utahfishkeepers.us/log/access.log combined buffer=256k flush=60m;
  error_log /home/nginx/domains/utahfishkeepers.us/log/error.log;

  root /home/nginx/domains/utahfishkeepers.us/public;

location /[phpmyadmin location] {
    auth_basic                      "Restricted Access";
    auth_basic_user_file             /usr/local/nginx/pass/my_pass;
    root /usr/share/;
    include /usr/local/nginx/conf/staticfiles.conf;
    include /usr/local/nginx/conf/php.conf;
#     include /usr/local/nginx/conf/drop.conf;
#       include /usr/local/nginx/conf/errorpage.conf;
    }

location /webmail {
#    auth_basic                      "Restricted Access";
#    auth_basic_user_file             /usr/local/nginx/pass/my_pass;
    root /usr/share/;
    include /usr/local/nginx/conf/staticfiles.conf;
    include /usr/local/nginx/conf/php.conf;
#       include /usr/local/nginx/conf/drop.conf;
#       include /usr/local/nginx/conf/errorpage.conf;
    }


location / {
     index index.php index.html index.htm;
     try_files $uri $uri/ /index.php?$uri&$args;
}

location /admin.php {
#     auth_basic "Private";
#     auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php;
        include /usr/local/nginx/conf/php.conf;
        allow 127.0.0.1;
#        allow 173.255.217.82;
#        deny all;
}

location /install/ {
#     auth_basic "Private";
#     auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php;
        include /usr/local/nginx/conf/php.conf;
        allow 127.0.0.1;
#        allow 173.255.217.82;
#        deny all;
}

location /internal_data/ {
     internal;
     allow 127.0.0.1;
     allow 173.255.217.82;
     deny all;
}

location /library/ {
     internal;
     allow 127.0.0.1;
     allow 173.255.217.82;
     deny all;
}

  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}

eva2000 · Jan 21, 2018

top part should be like below

where ssl key includes incorrectly added to non-https vhost in 1st server context and 2nd server context needs removing as it's duplicate of first just with 301 instead of 302 redirect and 3rd server context needs removing non-www version from server_name as your www is the target redirect for http to https
Code (Text):
# Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html
# For HTTP/2 SSL Setup
# read http://centminmod.com/nginx_configure_https_ssl_spdy.html

# redirect from www to non-www  forced SSL
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
# ipv4
server {
   listen   80;
   listen [2600:3c01::f03c:91ff:fe2c:f69e]:80;
   server_name utahfishkeepers.us www.utahfishkeepers.us;
   return 302 https://www.utahfishkeepers.us$request_uri;
   }

server {
   listen   443 ssl http2;
   listen [2600:3c01::f03c:91ff:fe2c:f69e]:443 ssl http2;
   server_name www.utahfishkeepers.us;
so when non-https www and non-www version of domain accessed from non-HTTPS port 80 do 302 redirect to www version of HTTPS

CarpCharacin · Feb 2, 2018

So I should remove this part too before changing it?
Code (Text):
  include /usr/local/nginx/conf/ssl/utahfishkeepers.us/utahfishkeepers.us.crt.key.conf;
  include /usr/local/nginx/conf/ssl_include.conf;

eva2000 · Feb 2, 2018

only remove instance in non-https port 80 server{} context not in https port 443 server{} context as outlined at Website refused to connect after server reboot?

CarpCharacin · Mar 14, 2018

So like this?

Code (Text):

# Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html
# For HTTP/2 SSL Setup
# read http://centminmod.com/nginx_configure_https_ssl_spdy.html

# redirect from www to non-www  forced SSL
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
# ipv4
server {
   listen   80;
   listen [2600:3c01::f03c:91ff:fe2c:f69e]:80;
   server_name utahfishkeepers.us www.utahfishkeepers.us;
   return 302 https://www.utahfishkeepers.us$request_uri;
   }

server {
   listen   443 ssl http2;
   listen [2600:3c01::f03c:91ff:fe2c:f69e]:443 ssl http2;
   server_name www.utahfishkeepers.us




  include /usr/local/nginx/conf/ssl/utahfishkeepers.us/utahfishkeepers.us.crt.key.conf;
  include /usr/local/nginx/conf/ssl_include.conf;

  http2_max_field_size 16k;
  http2_max_header_size 32k;
  # dual cert supported ssl ciphers
  ssl_ciphers     EECDH+CHACHA20-draft:EECDH+CHACHA20:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
  ssl_prefer_server_ciphers   on;
  #add_header Alternate-Protocol  443:npn-spdy/3;
  #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  #add_header X-Frame-Options SAMEORIGIN;
  #add_header X-Xss-Protection "1; mode=block" always;
  #add_header X-Content-Type-Options "nosniff" always;
  #spdy_headers_comp 5;
  ssl_buffer_size 1369;
  ssl_session_tickets on;

  # enable ocsp stapling
  resolver 8.8.8.8 8.8.4.4 valid=10m;
  resolver_timeout 10s;
  ssl_stapling on;
  ssl_stapling_verify on;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/utahfishkeepers.us/log/access.log combined buffer=256k flush=60m;
  error_log /home/nginx/domains/utahfishkeepers.us/log/error.log;

  root /home/nginx/domains/utahfishkeepers.us/public;

location /[phpmyadmin location] {
   auth_basic                      "Restricted Access";
   auth_basic_user_file             /usr/local/nginx/pass/my_pass;
   root /usr/share/;
   include /usr/local/nginx/conf/staticfiles.conf;
   include /usr/local/nginx/conf/php.conf;
#     include /usr/local/nginx/conf/drop.conf;
#       include /usr/local/nginx/conf/errorpage.conf;
   }

location /webmail {
#    auth_basic                      "Restricted Access";
#    auth_basic_user_file             /usr/local/nginx/pass/my_pass;
   root /usr/share/;
   include /usr/local/nginx/conf/staticfiles.conf;
   include /usr/local/nginx/conf/php.conf;
#       include /usr/local/nginx/conf/drop.conf;
#       include /usr/local/nginx/conf/errorpage.conf;
   }


location / {
    index index.php index.html index.htm;
    try_files $uri $uri/ /index.php?$uri&$args;
}

location /admin.php {
#     auth_basic "Private";
#     auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php;
       include /usr/local/nginx/conf/php.conf;
       allow 127.0.0.1;
#        allow 173.255.217.82;
#        deny all;
}

location /install/ {
#     auth_basic "Private";
#     auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php;
       include /usr/local/nginx/conf/php.conf;
       allow 127.0.0.1;
#        allow 173.255.217.82;
#        deny all;
}

location /internal_data/ {
    internal;
    allow 127.0.0.1;
    allow 173.255.217.82;
    deny all;
}

location /library/ {
    internal;
    allow 127.0.0.1;
    allow 173.255.217.82;
    deny all;
}

  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}

CarpCharacin · Mar 18, 2018

Is that the correct vhost configuration? Also, what should I add if I want to redirect /portal to just the forum list?

eva2000 · Mar 18, 2018

yup that vhost looks ok for http to https redirect

As to other rewrites you'd be on your own. I'd check out these guides

Module ngx_http_rewrite_module

Converting rewrite rules

How to Create NGINX Rewrite Rules | NGINX

Convert Apache Rewrite Rules to NGINX Rewrite Rules | NGINX

How To Create Temporary and Permanent Redirects with Nginx | DigitalOcean

Log in / Register

Forums

Want to subscribe to topics you're interested in?

Website refused to connect after server reboot?

eva2000 Administrator Staff Member

CarpCharacin Member

eva2000 Administrator Staff Member

CarpCharacin Member

eva2000 Administrator Staff Member

CarpCharacin Member

eva2000 Administrator Staff Member

CarpCharacin Member

CarpCharacin Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Want to subscribe to topics you're interested in?

Website refused to connect after server reboot?

eva2000 Administrator Staff Member

CarpCharacin Member

eva2000 Administrator Staff Member

CarpCharacin Member

eva2000 Administrator Staff Member

CarpCharacin Member

eva2000 Administrator Staff Member

CarpCharacin Member

CarpCharacin Member

eva2000 Administrator Staff Member

.