Want to subscribe to topics you're interested in?
Become a Member

Website refused to connect after server reboot?

Discussion in 'System Administration' started by CarpCharacin, Jan 7, 2018.

  1. eva2000

    eva2000 Administrator Staff Member

    35,513
    7,833
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,072
    Local Time:
    9:33 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    might need to filter command a bit more
    Code (Text):
    grep -rn 'server_name' /usr/local/nginx/conf | grep -v backup | grep -C8 'utahfishkeepers'
    


    exact steps ? as just adduser isn't enough to create a proper sudo user that works at root user level
     
  2. CarpCharacin

    CarpCharacin Member

    250
    19
    18
    Oct 13, 2016
    Salt Lake City
    Ratings:
    +30
    Local Time:
    5:33 AM
    1.13.9
    MariaDB 10
    Here is the output:
    Code (Text):
    /usr/local/nginx/conf/uwsgi_params.default:17:uwsgi_param  SERVER_NAME        $server_name;
    /usr/local/nginx/conf/php-rediscache.conf:81:fastcgi_param  SERVER_NAME        $server_name;
    /usr/local/nginx/conf/fastcgi.conf.default:23:fastcgi_param  SERVER_NAME        $server_name;
    /usr/local/nginx/conf/php-pool5.conf:70:fastcgi_param  SERVER_NAME        $server_name;
    /usr/local/nginx/conf/conf.d/utahfishkeepers.us.ssl.conf:13:    server_name utahfishkeepers.us www.utahfishkeepers.us;
    /usr/local/nginx/conf/conf.d/utahfishkeepers.us.ssl.conf:26:    server_name utahfishkeepers.us www.utahfishkeepers.us;
    /usr/local/nginx/conf/conf.d/utahfishkeepers.us.ssl.conf:33:    server_name utahfishkeepers.us www.utahfishkeepers.us;
    /usr/local/nginx/conf/conf.d/ssl.conf:5:#    server_name  localhost;
    /usr/local/nginx/conf/conf.d/demodomain.com.conf:5:            server_name demodomain.com;
    /usr/local/nginx/conf/conf.d/demodomain.com.conf:12:            server_name www.demodomain.com;
    /usr/local/nginx/conf/conf.d/virtual.conf:4:            server_name li227-82.members.linode.com;
    /usr/local/nginx/conf/conf.d/carpcharacin.rocks.ssl.conf:6:   server_name carpcharacin.rocks www.carpcharacin.rocks;
    /usr/local/nginx/conf/conf.d/carpcharacin.rocks.ssl.conf:14:  server_name carpcharacin.rocks www.carpcharacin.rocks;
    /usr/local/nginx/conf/phpssl.conf:62:fastcgi_param  SERVER_NAME        $server_name;
    /usr/local/nginx/conf/fastcgi.conf:23:fastcgi_param  SERVER_NAME        $server_name;
    

    I can't remember, it was I think in October or November 2016, well over a year ago.
     
  3. eva2000

    eva2000 Administrator Staff Member

    35,513
    7,833
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,072
    Local Time:
    9:33 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    contents of /usr/local/nginx/conf/conf.d/utahfishkeepers.us.ssl.conf ? you have 3 instances listed from output
     
  4. CarpCharacin

    CarpCharacin Member

    250
    19
    18
    Oct 13, 2016
    Salt Lake City
    Ratings:
    +30
    Local Time:
    5:33 AM
    1.13.9
    MariaDB 10
    Code (Text):
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For HTTP/2 SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    # ipv4
    server {
        listen   80;
        listen [2600:3c01::f03c:91ff:fe2c:f69e]:80;
        server_name utahfishkeepers.us www.utahfishkeepers.us;
    
      include /usr/local/nginx/conf/ssl/utahfishkeepers.us/utahfishkeepers.us.crt.key.conf;
      include /usr/local/nginx/conf/ssl_include.conf;
    
    
        return 302 https://www.utahfishkeepers.us$request_uri;
        }
    
    
    server {
        listen   80;
        listen [2600:3c01::f03c:91ff:fe2c:f69e]:80;
        server_name utahfishkeepers.us www.utahfishkeepers.us;
        return 301 https://www.utahfishkeepers.us$request_uri;
        }
    
    server {
        listen   443 ssl http2;
        listen [2600:3c01::f03c:91ff:fe2c:f69e]:443 ssl http2;
        server_name utahfishkeepers.us www.utahfishkeepers.us;
    
    
    
    
      include /usr/local/nginx/conf/ssl/utahfishkeepers.us/utahfishkeepers.us.crt.key.conf;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # dual cert supported ssl ciphers
      ssl_ciphers     EECDH+CHACHA20-draft:EECDH+CHACHA20:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
    
      # enable ocsp stapling
      resolver 8.8.8.8 8.8.4.4 valid=10m;
      resolver_timeout 10s;
      ssl_stapling on;
      ssl_stapling_verify on;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/utahfishkeepers.us/log/access.log combined buffer=256k flush=60m;
      error_log /home/nginx/domains/utahfishkeepers.us/log/error.log;
    
      root /home/nginx/domains/utahfishkeepers.us/public;
    
    location /[phpmyadmin location] {
        auth_basic                      "Restricted Access";
        auth_basic_user_file             /usr/local/nginx/pass/my_pass;
        root /usr/share/;
        include /usr/local/nginx/conf/staticfiles.conf;
        include /usr/local/nginx/conf/php.conf;
    #     include /usr/local/nginx/conf/drop.conf;
    #       include /usr/local/nginx/conf/errorpage.conf;
        }
    
    location /webmail {
    #    auth_basic                      "Restricted Access";
    #    auth_basic_user_file             /usr/local/nginx/pass/my_pass;
        root /usr/share/;
        include /usr/local/nginx/conf/staticfiles.conf;
        include /usr/local/nginx/conf/php.conf;
    #       include /usr/local/nginx/conf/drop.conf;
    #       include /usr/local/nginx/conf/errorpage.conf;
        }
    
    
    location / {
         index index.php index.html index.htm;
         try_files $uri $uri/ /index.php?$uri&$args;
    }
    
    location /admin.php {
    #     auth_basic "Private";
    #     auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php;
            include /usr/local/nginx/conf/php.conf;
            allow 127.0.0.1;
    #        allow 173.255.217.82;
    #        deny all;
    }
    
    location /install/ {
    #     auth_basic "Private";
    #     auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php;
            include /usr/local/nginx/conf/php.conf;
            allow 127.0.0.1;
    #        allow 173.255.217.82;
    #        deny all;
    }
    
    location /internal_data/ {
         internal;
         allow 127.0.0.1;
         allow 173.255.217.82;
         deny all;
    }
    
    location /library/ {
         internal;
         allow 127.0.0.1;
         allow 173.255.217.82;
         deny all;
    }
    
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    
     
  5. eva2000

    eva2000 Administrator Staff Member

    35,513
    7,833
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,072
    Local Time:
    9:33 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    top part should be like below

    where ssl key includes incorrectly added to non-https vhost in 1st server context and 2nd server context needs removing as it's duplicate of first just with 301 instead of 302 redirect and 3rd server context needs removing non-www version from server_name as your www is the target redirect for http to https
    Code (Text):
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For HTTP/2 SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    # ipv4
    server {
       listen   80;
       listen [2600:3c01::f03c:91ff:fe2c:f69e]:80;
       server_name utahfishkeepers.us www.utahfishkeepers.us;
       return 302 https://www.utahfishkeepers.us$request_uri;
       }
    
    server {
       listen   443 ssl http2;
       listen [2600:3c01::f03c:91ff:fe2c:f69e]:443 ssl http2;
       server_name www.utahfishkeepers.us;
    


    so when non-https www and non-www version of domain accessed from non-HTTPS port 80 do 302 redirect to www version of HTTPS
     
    • Informative Informative x 1
  6. CarpCharacin

    CarpCharacin Member

    250
    19
    18
    Oct 13, 2016
    Salt Lake City
    Ratings:
    +30
    Local Time:
    5:33 AM
    1.13.9
    MariaDB 10
    So I should remove this part too before changing it?
    Code (Text):
      include /usr/local/nginx/conf/ssl/utahfishkeepers.us/utahfishkeepers.us.crt.key.conf;
      include /usr/local/nginx/conf/ssl_include.conf;
    
     
  7. eva2000

    eva2000 Administrator Staff Member

    35,513
    7,833
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,072
    Local Time:
    9:33 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
  8. CarpCharacin

    CarpCharacin Member

    250
    19
    18
    Oct 13, 2016
    Salt Lake City
    Ratings:
    +30
    Local Time:
    5:33 AM
    1.13.9
    MariaDB 10
    So like this?
    Code (Text):
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For HTTP/2 SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    # ipv4
    server {
       listen   80;
       listen [2600:3c01::f03c:91ff:fe2c:f69e]:80;
       server_name utahfishkeepers.us www.utahfishkeepers.us;
       return 302 https://www.utahfishkeepers.us$request_uri;
       }
    
    server {
       listen   443 ssl http2;
       listen [2600:3c01::f03c:91ff:fe2c:f69e]:443 ssl http2;
       server_name www.utahfishkeepers.us
    
    
    
    
      include /usr/local/nginx/conf/ssl/utahfishkeepers.us/utahfishkeepers.us.crt.key.conf;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # dual cert supported ssl ciphers
      ssl_ciphers     EECDH+CHACHA20-draft:EECDH+CHACHA20:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
    
      # enable ocsp stapling
      resolver 8.8.8.8 8.8.4.4 valid=10m;
      resolver_timeout 10s;
      ssl_stapling on;
      ssl_stapling_verify on;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/utahfishkeepers.us/log/access.log combined buffer=256k flush=60m;
      error_log /home/nginx/domains/utahfishkeepers.us/log/error.log;
    
      root /home/nginx/domains/utahfishkeepers.us/public;
    
    location /[phpmyadmin location] {
       auth_basic                      "Restricted Access";
       auth_basic_user_file             /usr/local/nginx/pass/my_pass;
       root /usr/share/;
       include /usr/local/nginx/conf/staticfiles.conf;
       include /usr/local/nginx/conf/php.conf;
    #     include /usr/local/nginx/conf/drop.conf;
    #       include /usr/local/nginx/conf/errorpage.conf;
       }
    
    location /webmail {
    #    auth_basic                      "Restricted Access";
    #    auth_basic_user_file             /usr/local/nginx/pass/my_pass;
       root /usr/share/;
       include /usr/local/nginx/conf/staticfiles.conf;
       include /usr/local/nginx/conf/php.conf;
    #       include /usr/local/nginx/conf/drop.conf;
    #       include /usr/local/nginx/conf/errorpage.conf;
       }
    
    
    location / {
        index index.php index.html index.htm;
        try_files $uri $uri/ /index.php?$uri&$args;
    }
    
    location /admin.php {
    #     auth_basic "Private";
    #     auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php;
           include /usr/local/nginx/conf/php.conf;
           allow 127.0.0.1;
    #        allow 173.255.217.82;
    #        deny all;
    }
    
    location /install/ {
    #     auth_basic "Private";
    #     auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php;
           include /usr/local/nginx/conf/php.conf;
           allow 127.0.0.1;
    #        allow 173.255.217.82;
    #        deny all;
    }
    
    location /internal_data/ {
        internal;
        allow 127.0.0.1;
        allow 173.255.217.82;
        deny all;
    }
    
    location /library/ {
        internal;
        allow 127.0.0.1;
        allow 173.255.217.82;
        deny all;
    }
    
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
     
  9. CarpCharacin

    CarpCharacin Member

    250
    19
    18
    Oct 13, 2016
    Salt Lake City
    Ratings:
    +30
    Local Time:
    5:33 AM
    1.13.9
    MariaDB 10
    Is that the correct vhost configuration? Also, what should I add if I want to redirect /portal to just the forum list?
     
  10. eva2000

    eva2000 Administrator Staff Member

    35,513
    7,833
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,072
    Local Time:
    9:33 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
..