I'm using LetsEncrypt on an Nginx server over at my domain memorisemedicine.com.
I added a server block at the end of this 'memorise-frontend.conf' file located in /etc/nginx/sites-available that is supposed to redirect non SSL traffic to SSL (https).
Now when I go visit the site without using https://, I notice that sometimes I am redirected correctly now. But notably in Firefox this isn't working for me & I can still access http:// pages on this domain, which I want to never be possible. Does anybody know what's wrong with my .conf file here? I tried editing the nginx.conf file as well, but it seems like it doesn't take server blocks well.
server {
charset utf-8;
client_max_body_size 128M;
listen 80; ## listen for ipv4
#listen [::]:80 default_server ipv6only=on; ## listen for ipv6
server_name memorisemedicine.com www.memorisemedicine.com;
root /srv/memorise/frontend/web;
index index.php;
# access_log /path/to/basic/log/access.log;
# error_log /path/to/basic/log/error.log;
location / {
# Redirect everything that isn't a real file to index.php
try_files $uri $uri/ /index.php$is_args$args;
}
# uncomment to avoid processing of calls to non-existing static files by Yii
#location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
# try_files $uri =404;
#}
#error_page 404 /404.html;
# deny accessing php files for the /assets directory
location ~ ^/assets/.*\.php$ {
deny all;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
try_files $uri =404;
}
location ~* /\. {
deny all;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/memorisemedicine.com/fullchain.pem; # man$
ssl_certificate_key /etc/letsencrypt/live/memorisemedicine.com/privkey.pem; # m$
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
}
server {
return 301 https://memorisemedicine.com$request_uri;
}
In your nginx configuration i can not see the server part which listens to port 443 for ssl. I will add my configuration so you can edit it to your own need:
server {
listen 80;
listen [::]:80;
return 301 https://$server_name$request_uri;
access_log /var/log/nginx/api.example.com-access.log timed;
error_log /var/log/nginx/api.example.com-error.log;
root /var/www/example/html/public;
server_name api.example.com;
location / {
index index.html index.php;
try_files $uri $uri/ @php;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME /var/www/example/html/public/index.php;
include fastcgi_params;
}
location ~ /.well-known {
allow all;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
access_log /var/log/nginx/api.example.com-access.log timed;
error_log /var/log/nginx/api.example.com-error.log;
root /var/www/example/html/public;
server_name api.example.com;
include snippets/ssl-api.example.com.conf;
include snippets/ssl-params.conf;
location / {
index index.html index.php;
try_files $uri $uri/ /index.php?q=$uri&$args;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME /var/www/example/html/public/index.php;
include fastcgi_params;
}
location ~ /.well-known {
allow all;
}
}
My include snippets/ssl-api.example.com.conf; includes the fullchain and private from certbot .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.