/ Register

Discover Centmin Mod today
Register Now

Website refused to connect after server reboot?

Discussion in 'System Administration' started by CarpCharacin, Jan 7, 2018.

Previous Thread Next Thread
Loading...
Page 2 of 2
  1. Jan 20, 2018 #21
    eva2000

    eva2000 Administrator Staff Member

    55,903
    12,281
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,868
    Local Time:
    12:18 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    might need to filter command a bit more
    Code (Text):
    grep -rn 'server_name' /usr/local/nginx/conf | grep -v backup | grep -C8 'utahfishkeepers'


    exact steps ? as just adduser isn't enough to create a proper sudo user that works at root user level
     
  2. Jan 21, 2018 #22
    CarpCharacin

    CarpCharacin Member

    267
    21
    18
    Oct 13, 2016
    Salt Lake City
    Ratings:
    +34
    Local Time:
    8:18 PM
    1.15.x
    MariaDB 10.1
    Here is the output:
    Code (Text):
    /usr/local/nginx/conf/uwsgi_params.default:17:uwsgi_param  SERVER_NAME        $server_name;
/usr/local/nginx/conf/php-rediscache.conf:81:fastcgi_param  SERVER_NAME        $server_name;
/usr/local/nginx/conf/fastcgi.conf.default:23:fastcgi_param  SERVER_NAME        $server_name;
/usr/local/nginx/conf/php-pool5.conf:70:fastcgi_param  SERVER_NAME        $server_name;
/usr/local/nginx/conf/conf.d/utahfishkeepers.us.ssl.conf:13:    server_name utahfishkeepers.us www.utahfishkeepers.us;
/usr/local/nginx/conf/conf.d/utahfishkeepers.us.ssl.conf:26:    server_name utahfishkeepers.us www.utahfishkeepers.us;
/usr/local/nginx/conf/conf.d/utahfishkeepers.us.ssl.conf:33:    server_name utahfishkeepers.us www.utahfishkeepers.us;
/usr/local/nginx/conf/conf.d/ssl.conf:5:#    server_name  localhost;
/usr/local/nginx/conf/conf.d/demodomain.com.conf:5:            server_name demodomain.com;
/usr/local/nginx/conf/conf.d/demodomain.com.conf:12:            server_name www.demodomain.com;
/usr/local/nginx/conf/conf.d/virtual.conf:4:            server_name li227-82.members.linode.com;
/usr/local/nginx/conf/conf.d/carpcharacin.rocks.ssl.conf:6:   server_name carpcharacin.rocks www.carpcharacin.rocks;
/usr/local/nginx/conf/conf.d/carpcharacin.rocks.ssl.conf:14:  server_name carpcharacin.rocks www.carpcharacin.rocks;
/usr/local/nginx/conf/phpssl.conf:62:fastcgi_param  SERVER_NAME        $server_name;
/usr/local/nginx/conf/fastcgi.conf:23:fastcgi_param  SERVER_NAME        $server_name;

    I can't remember, it was I think in October or November 2016, well over a year ago.
     
  3. Jan 21, 2018 #23
    eva2000

    eva2000 Administrator Staff Member

    55,903
    12,281
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,868
    Local Time:
    12:18 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    contents of /usr/local/nginx/conf/conf.d/utahfishkeepers.us.ssl.conf ? you have 3 instances listed from output
     
  4. Jan 21, 2018 #24
    CarpCharacin

    CarpCharacin Member

    267
    21
    18
    Oct 13, 2016
    Salt Lake City
    Ratings:
    +34
    Local Time:
    8:18 PM
    1.15.x
    MariaDB 10.1
    Code (Text):
    # Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html
# For HTTP/2 SSL Setup
# read http://centminmod.com/nginx_configure_https_ssl_spdy.html

# redirect from www to non-www  forced SSL
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
# ipv4
server {
    listen   80;
    listen [2600:3c01::f03c:91ff:fe2c:f69e]:80;
    server_name utahfishkeepers.us www.utahfishkeepers.us;

  include /usr/local/nginx/conf/ssl/utahfishkeepers.us/utahfishkeepers.us.crt.key.conf;
  include /usr/local/nginx/conf/ssl_include.conf;


    return 302 https://www.utahfishkeepers.us$request_uri;
    }


server {
    listen   80;
    listen [2600:3c01::f03c:91ff:fe2c:f69e]:80;
    server_name utahfishkeepers.us www.utahfishkeepers.us;
    return 301 https://www.utahfishkeepers.us$request_uri;
    }

server {
    listen   443 ssl http2;
    listen [2600:3c01::f03c:91ff:fe2c:f69e]:443 ssl http2;
    server_name utahfishkeepers.us www.utahfishkeepers.us;




  include /usr/local/nginx/conf/ssl/utahfishkeepers.us/utahfishkeepers.us.crt.key.conf;
  include /usr/local/nginx/conf/ssl_include.conf;

  http2_max_field_size 16k;
  http2_max_header_size 32k;
  # dual cert supported ssl ciphers
  ssl_ciphers     EECDH+CHACHA20-draft:EECDH+CHACHA20:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
  ssl_prefer_server_ciphers   on;
  #add_header Alternate-Protocol  443:npn-spdy/3;
  #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  #add_header X-Frame-Options SAMEORIGIN;
  #add_header X-Xss-Protection "1; mode=block" always;
  #add_header X-Content-Type-Options "nosniff" always;
  #spdy_headers_comp 5;
  ssl_buffer_size 1369;
  ssl_session_tickets on;

  # enable ocsp stapling
  resolver 8.8.8.8 8.8.4.4 valid=10m;
  resolver_timeout 10s;
  ssl_stapling on;
  ssl_stapling_verify on;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/utahfishkeepers.us/log/access.log combined buffer=256k flush=60m;
  error_log /home/nginx/domains/utahfishkeepers.us/log/error.log;

  root /home/nginx/domains/utahfishkeepers.us/public;

location /[phpmyadmin location] {
    auth_basic                      "Restricted Access";
    auth_basic_user_file             /usr/local/nginx/pass/my_pass;
    root /usr/share/;
    include /usr/local/nginx/conf/staticfiles.conf;
    include /usr/local/nginx/conf/php.conf;
#     include /usr/local/nginx/conf/drop.conf;
#       include /usr/local/nginx/conf/errorpage.conf;
    }

location /webmail {
#    auth_basic                      "Restricted Access";
#    auth_basic_user_file             /usr/local/nginx/pass/my_pass;
    root /usr/share/;
    include /usr/local/nginx/conf/staticfiles.conf;
    include /usr/local/nginx/conf/php.conf;
#       include /usr/local/nginx/conf/drop.conf;
#       include /usr/local/nginx/conf/errorpage.conf;
    }


location / {
     index index.php index.html index.htm;
     try_files $uri $uri/ /index.php?$uri&$args;
}

location /admin.php {
#     auth_basic "Private";
#     auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php;
        include /usr/local/nginx/conf/php.conf;
        allow 127.0.0.1;
#        allow 173.255.217.82;
#        deny all;
}

location /install/ {
#     auth_basic "Private";
#     auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php;
        include /usr/local/nginx/conf/php.conf;
        allow 127.0.0.1;
#        allow 173.255.217.82;
#        deny all;
}

location /internal_data/ {
     internal;
     allow 127.0.0.1;
     allow 173.255.217.82;
     deny all;
}

location /library/ {
     internal;
     allow 127.0.0.1;
     allow 173.255.217.82;
     deny all;
}

  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}
     
  5. Jan 21, 2018 #25
    eva2000

    eva2000 Administrator Staff Member

    55,903
    12,281
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,868
    Local Time:
    12:18 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    top part should be like below

    where ssl key includes incorrectly added to non-https vhost in 1st server context and 2nd server context needs removing as it's duplicate of first just with 301 instead of 302 redirect and 3rd server context needs removing non-www version from server_name as your www is the target redirect for http to https
    Code (Text):
    # Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html
# For HTTP/2 SSL Setup
# read http://centminmod.com/nginx_configure_https_ssl_spdy.html

# redirect from www to non-www  forced SSL
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
# ipv4
server {
   listen   80;
   listen [2600:3c01::f03c:91ff:fe2c:f69e]:80;
   server_name utahfishkeepers.us www.utahfishkeepers.us;
   return 302 https://www.utahfishkeepers.us$request_uri;
   }

server {
   listen   443 ssl http2;
   listen [2600:3c01::f03c:91ff:fe2c:f69e]:443 ssl http2;
   server_name www.utahfishkeepers.us;


    so when non-https www and non-www version of domain accessed from non-HTTPS port 80 do 302 redirect to www version of HTTPS
     
  6. Feb 2, 2018 #26
    CarpCharacin

    CarpCharacin Member

    267
    21
    18
    Oct 13, 2016
    Salt Lake City
    Ratings:
    +34
    Local Time:
    8:18 PM
    1.15.x
    MariaDB 10.1
    So I should remove this part too before changing it?
    Code (Text):
      include /usr/local/nginx/conf/ssl/utahfishkeepers.us/utahfishkeepers.us.crt.key.conf;
  include /usr/local/nginx/conf/ssl_include.conf;
     
  7. Feb 2, 2018 #27
    eva2000

    eva2000 Administrator Staff Member

    55,903
    12,281
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,868
    Local Time:
    12:18 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  8. Mar 14, 2018 #28
    CarpCharacin

    CarpCharacin Member

    267
    21
    18
    Oct 13, 2016
    Salt Lake City
    Ratings:
    +34
    Local Time:
    8:18 PM
    1.15.x
    MariaDB 10.1
    So like this?
    Code (Text):
    # Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html
# For HTTP/2 SSL Setup
# read http://centminmod.com/nginx_configure_https_ssl_spdy.html

# redirect from www to non-www  forced SSL
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
# ipv4
server {
   listen   80;
   listen [2600:3c01::f03c:91ff:fe2c:f69e]:80;
   server_name utahfishkeepers.us www.utahfishkeepers.us;
   return 302 https://www.utahfishkeepers.us$request_uri;
   }

server {
   listen   443 ssl http2;
   listen [2600:3c01::f03c:91ff:fe2c:f69e]:443 ssl http2;
   server_name www.utahfishkeepers.us




  include /usr/local/nginx/conf/ssl/utahfishkeepers.us/utahfishkeepers.us.crt.key.conf;
  include /usr/local/nginx/conf/ssl_include.conf;

  http2_max_field_size 16k;
  http2_max_header_size 32k;
  # dual cert supported ssl ciphers
  ssl_ciphers     EECDH+CHACHA20-draft:EECDH+CHACHA20:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
  ssl_prefer_server_ciphers   on;
  #add_header Alternate-Protocol  443:npn-spdy/3;
  #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  #add_header X-Frame-Options SAMEORIGIN;
  #add_header X-Xss-Protection "1; mode=block" always;
  #add_header X-Content-Type-Options "nosniff" always;
  #spdy_headers_comp 5;
  ssl_buffer_size 1369;
  ssl_session_tickets on;

  # enable ocsp stapling
  resolver 8.8.8.8 8.8.4.4 valid=10m;
  resolver_timeout 10s;
  ssl_stapling on;
  ssl_stapling_verify on;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/utahfishkeepers.us/log/access.log combined buffer=256k flush=60m;
  error_log /home/nginx/domains/utahfishkeepers.us/log/error.log;

  root /home/nginx/domains/utahfishkeepers.us/public;

location /[phpmyadmin location] {
   auth_basic                      "Restricted Access";
   auth_basic_user_file             /usr/local/nginx/pass/my_pass;
   root /usr/share/;
   include /usr/local/nginx/conf/staticfiles.conf;
   include /usr/local/nginx/conf/php.conf;
#     include /usr/local/nginx/conf/drop.conf;
#       include /usr/local/nginx/conf/errorpage.conf;
   }

location /webmail {
#    auth_basic                      "Restricted Access";
#    auth_basic_user_file             /usr/local/nginx/pass/my_pass;
   root /usr/share/;
   include /usr/local/nginx/conf/staticfiles.conf;
   include /usr/local/nginx/conf/php.conf;
#       include /usr/local/nginx/conf/drop.conf;
#       include /usr/local/nginx/conf/errorpage.conf;
   }


location / {
    index index.php index.html index.htm;
    try_files $uri $uri/ /index.php?$uri&$args;
}

location /admin.php {
#     auth_basic "Private";
#     auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php;
       include /usr/local/nginx/conf/php.conf;
       allow 127.0.0.1;
#        allow 173.255.217.82;
#        deny all;
}

location /install/ {
#     auth_basic "Private";
#     auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php;
       include /usr/local/nginx/conf/php.conf;
       allow 127.0.0.1;
#        allow 173.255.217.82;
#        deny all;
}

location /internal_data/ {
    internal;
    allow 127.0.0.1;
    allow 173.255.217.82;
    deny all;
}

location /library/ {
    internal;
    allow 127.0.0.1;
    allow 173.255.217.82;
    deny all;
}

  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}
     
  9. Mar 18, 2018 #29
    CarpCharacin

    CarpCharacin Member

    267
    21
    18
    Oct 13, 2016
    Salt Lake City
    Ratings:
    +34
    Local Time:
    8:18 PM
    1.15.x
    MariaDB 10.1
    Is that the correct vhost configuration? Also, what should I add if I want to redirect /portal to just the forum list?
     
  10. Mar 18, 2018 #30
    eva2000

    eva2000 Administrator Staff Member

    55,903
    12,281
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,868
    Local Time:
    12:18 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
Previous Thread Next Thread
Loading...
Page 2 of 2

.