Migration from Litespeed to Ngninx = 502 Bad Gateway nginx

CZ Eddie · Jul 14, 2024

Migrating from Centos7/Litespeed/letsencrypt to Almalinux9/centmin/Nginx.
I haven't been able to fully test on my bench because letsencrypt won't validate me because the old server is still in production.

I'm going to create the new server with a self-signed cert and no letsencrypt, until after the DNS is moved over.
Then, I'll install letsencrypt.

So, I'm wondering if anything special needs to be done when going from litespeed to nginx?
Versus just migrating from one litespeed to another litespeed.

I read somewhere the .htaccess isn't used by nginx.
Do I need any special conf file configuration or should i just use the same config.php files from the old server?

Board URL and database and everything will remain the same.

CZ Eddie · Jul 15, 2024

Actually, I'm plagued by this after importing my database and files:

502 Bad Gateway nginx

Mouth · Jul 15, 2024

CZ Eddie said:
Actually, I'm plagued by this after importing my database and files:

502 Bad Gateway nginx

nginx is trying to communicate with something upstream, but cannot.
php-fpm issue or firewall issue?
Check your nginx logs for details.

Also, https://xenforo.com/docs/xf2/friendly-urls/#nginx

CZ Eddie · Jul 15, 2024

I just noticed my production forum uses mywebsite.org/forums while the default xenforo uses mywebsite.org/index.php.

Wondering if that might be part of the issue.
i'll check the php-fpm. I haven't setup any firewall yet. Tks!

CZ Eddie · Jul 15, 2024

The logs show it looking in the wrong place for favicon and also having an issue with URL's.
My forum's node listing can be found at mywebsite.org/forums, not mywebsite.org/index.php.

I've tried messing with mywebsite.org.ssl.conf but can't seem to fix it.

Code:

[20:17][root@localhost.localdomain public]# sudo tail -f /home/nginx/domains/mywebsite.org/log/error.log
2024/07/14 20:07:32 [error] 1060#1060: *66 "/home/nginx/domains/mywebsite.org/public/forums/index.php" is not found (2: No such file or directory), client: 192.168.10.103, server: mywebsite.org, request: "GET /forums/ HTTP/2.0", host: "mywebsite.org"
2024/07/14 20:07:32 [error] 1060#1060: *66 open() "/home/nginx/domains/mywebsite.org/public/favicon.ico" failed (2: No such file or directory), client: 192.168.10.103, server: mywebsite.org, request: "GET /favicon.ico HTTP/2.0", host: "mywebsite.org", referrer: "https://mywebsite.org/forums/"
2024/07/14 20:07:44 [error] 1060#1060: *67 open() "/home/nginx/domains/mywebsite.org/public/forums" failed (2: No such file or directory), client: 192.168.10.103, server: mywebsite.org, request: "GET /forums HTTP/2.0", host: "mywebsite.org"
2024/07/14 20:07:44 [error] 1061#1061: *68 open() "/home/nginx/domains/mywebsite.org/public/forums" failed (2: No such file or directory), client: 192.168.10.103, server: mywebsite.org, request: "GET /forums HTTP/1.1", host: "mywebsite.org"
2024/07/14 20:07:44 [error] 1061#1061: *68 open() "/home/nginx/domains/mywebsite.org/public/favicon.ico" failed (2: No such file or directory), client: 192.168.10.103, server: mywebsite.org, request: "GET /favicon.ico HTTP/1.1", host: "mywebsite.org", referrer: "http://mywebsite.org/forums"
2024/07/14 20:07:51 [error] 1060#1060: *67 open() "/home/nginx/domains/mywebsite.org/public/forums" failed (2: No such file or directory), client: 192.168.10.103, server: mywebsite.org, request: "GET /forums HTTP/2.0", host: "mywebsite.org"
2024/07/14 20:07:51 [error] 1060#1060: *67 open() "/home/nginx/domains/mywebsite.org/public/favicon.ico" failed (2: No such file or directory), client: 192.168.10.103, server: mywebsite.org, request: "GET /favicon.ico HTTP/2.0", host: "mywebsite.org", referrer: "https://mywebsite.org/forums"
2024/07/14 20:10:45 [error] 1061#1061: *73 open() "/home/nginx/domains/mywebsite.org/public/forums" failed (2: No such file or directory), client: 192.168.10.103, server: mywebsite.org, request: "GET /forums HTTP/2.0", host: "mywebsite.org"
2024/07/14 20:19:58 [error] 1060#1060: *74 "/home/nginx/domains/mywebsite.org/public/forums/index.php" is not found (2: No such file or directory), client: 192.168.10.103, server: mywebsite.org, request: "GET /forums/ HTTP/2.0", host: "mywebsite.org"
2024/07/14 20:19:58 [error] 1060#1060: *74 open() "/home/nginx/domains/mywebsite.org/public/favicon.ico" failed (2: No such file or directory), client: 192.168.10.103, server: mywebsite.org, request: "GET /favicon.ico HTTP/2.0", host: "mywebsite.org", referrer: "https://mywebsite.org/forums/"

Already added these mods but it didn't help.
I verified ACP has friendly URL's enabled.

Code:

touch /home/nginx/domains/mywebsite.org/public/library/.autoprotect-bypass
touch /home/nginx/domains/mywebsite.org/public/internal_data/.autoprotect-bypass
touch /home/nginx/domains/mywebsite.org/public/src/.autoprotect-bypass

CZ Eddie · Jul 15, 2024

I set up a blank xenforo forum and then enabled Friendly URL's in ACP but it's still not using them.
So, I'm clearly not setting up friendly URL's properly.

centmin mod 1.40 & PHP 8.3 and XF 2.3

ENF · Jul 15, 2024

CZ Eddie said:
I set up a blank xenforo forum and then enabled Friendly URL's in ACP but it's still not using them.
So, I'm clearly not setting up friendly URL's properly.

Did you setup the .conf file with the Xenforo URL rules? (you should have a .conf file in /usr/local/nginx/conf/conf.d/[yourdomain]/)

Friendly URLs | Manual | XenForo

End-user documentation for XenForo

xenforo.com

CZ Eddie · Jul 15, 2024

I did, yes. Unless I did it wrong.

Code:

server {
  listen 443 ssl http2 reuseport;

  server_name mywebsite.org www.mywebsite.org;

  ssl_dhparam /usr/local/nginx/conf/ssl/mywebsite.org/dhparam.pem;
  ssl_certificate      /usr/local/nginx/conf/ssl/mywebsite.org/mywebsite.org.crt;
  ssl_certificate_key  /usr/local/nginx/conf/ssl/mywebsite.org/mywebsite.org.key;
  include /usr/local/nginx/conf/ssl_include.conf;


  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
  ssl_prefer_server_ciphers   on;

  add_header X-Xss-Protection "1; mode=block" always;
  add_header X-Content-Type-Options "nosniff" always;

  ssl_buffer_size 1369;
  ssl_session_tickets on;

  access_log /home/nginx/domains/mywebsite.org/log/access.log combined buffer=256k flush=5m;

  error_log /home/nginx/domains/mywebsite.org/log/error.log;

  include /usr/local/nginx/conf/autoprotect/mywebsite.org/autoprotect-mywebsite.org.conf;
  root /home/nginx/domains/mywebsite.org/public;

  include /usr/local/nginx/conf/503include-main.conf;

location /xf/ {
    try_files $uri $uri/ /xf/index.php?$uri&$args;
    index index.php index.html;
}

location ^~ /xf/install/data/ {
    internal;
}
location ^~ /xf/install/templates/ {
    internal;
}
location ^~ /xf/internal_data/ {
    internal;
}
location ^~ /xf/library/ { #legacy
    internal;
}
location ^~ /xf/src/ {
    internal;
}

location ~ \.php$ {
    try_files $uri =404;
    fastcgi_pass    127.0.0.1:9000;
    fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include         fastcgi_params;
}


  include /usr/local/nginx/conf/php.conf;

  include /usr/local/nginx/conf/pre-staticfiles-local-mywebsite.org.conf;
  include /usr/local/nginx/conf/pre-staticfiles-global.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}[

ENF · Jul 15, 2024

CZ Eddie said:

I did, yes. Unless I did it wrong.

Code:

server {
  listen 443 ssl http2 reuseport;

  server_name mywebsite.org www.mywebsite.org;

  ssl_dhparam /usr/local/nginx/conf/ssl/mywebsite.org/dhparam.pem;
  ssl_certificate      /usr/local/nginx/conf/ssl/mywebsite.org/mywebsite.org.crt;
  ssl_certificate_key  /usr/local/nginx/conf/ssl/mywebsite.org/mywebsite.org.key;
  include /usr/local/nginx/conf/ssl_include.conf;


  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
  ssl_prefer_server_ciphers   on;

  add_header X-Xss-Protection "1; mode=block" always;
  add_header X-Content-Type-Options "nosniff" always;

  ssl_buffer_size 1369;
  ssl_session_tickets on;

  access_log /home/nginx/domains/mywebsite.org/log/access.log combined buffer=256k flush=5m;

  error_log /home/nginx/domains/mywebsite.org/log/error.log;

  include /usr/local/nginx/conf/autoprotect/mywebsite.org/autoprotect-mywebsite.org.conf;
  root /home/nginx/domains/mywebsite.org/public;

  include /usr/local/nginx/conf/503include-main.conf;

location /xf/ {
    try_files $uri $uri/ /xf/index.php?$uri&$args;
    index index.php index.html;
}

location ^~ /xf/install/data/ {
    internal;
}
location ^~ /xf/install/templates/ {
    internal;
}
location ^~ /xf/internal_data/ {
    internal;
}
location ^~ /xf/library/ { #legacy
    internal;
}
location ^~ /xf/src/ {
    internal;
}

location ~ \.php$ {
    try_files $uri =404;
    fastcgi_pass    127.0.0.1:9000;
    fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include         fastcgi_params;
}


  include /usr/local/nginx/conf/php.conf;

  include /usr/local/nginx/conf/pre-staticfiles-local-mywebsite.org.conf;
  include /usr/local/nginx/conf/pre-staticfiles-global.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}[

It's wrong if you're using the copy & paste from the manual... you need to replace /xf/ with your forum root.
If it's at the root, remove /xf/

Code:

location ^~ /xf/install/data/ {
    internal;

To

Code:

location ^~ /install/data/ {
    internal;

If it's in a sub-folder, replace 'xf' with that sub folder.

Like:

Code:

location ^~ /myforum/install/data/ {
    internal;

...for each entry.

This is what one of my sites looks like with the fourm installed at the root of the site:

Code:

location / {
        try_files $uri $uri/ /index.php?$uri&$args;
        index index.php index.html;
}

location /install/data/ {
        internal;
}
location /install/templates/ {
        internal;
}
location /internal_data/ {
        internal;
}
location /library/ {
        internal;
}

location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass    127.0.0.1:9000;
        fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include         fastcgi_params;
}

For another site, with a subfolder:

Code:

location /enf/{
        try_files $uri $uri/ /enf/index.php?$uri&$args;
        index index.php index.html;
}

location /enf/install/data/ {
        internal;
}
location /enf/install/templates/ {
        internal;
}
location /enf/internal_data/ {
        internal;
}
location /enf/library/ {
        internal;
}

location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass    127.0.0.1:9000;
        fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include         fastcgi_params;
}

Edit: last by not least, if you're using centminmod (good choice) just use the nprestart command to take up the .conf file changes on each edit.

CZ Eddie · Jul 15, 2024

I actually did remove the /xf/ but my copy/paste into the thread here was incorrect.
But something else in your location has made a positive change on my blank test forum.
So, I'm going to try it out in the restored-data one now.
Thanks!

ENF · Jul 15, 2024

CZ Eddie said:
I actually did remove the /xf/ but my copy/paste into the thread here was incorrect.
But something else in your location has made a positive change on my blank test forum.
So, I'm going to try it out in the restored-data one now.
Thanks!

Ok, I just assumed you were showing a live copy of the .conf file (with a privacy change).
Guess one good thing came out of it at least.

Good luck.

CZ Eddie · Jul 15, 2024

I tried to but copied/pasted the wrong thing!

Okay, my restored-from-backup test server is working for HTTP (no self-signed or letsencrypt setup).
I'll try doing a self-signed tomorrow to see if that works also.

CZ Eddie · Jul 15, 2024

Darn, still can't get it working with my self-signed setup. Which I really want to get working before I migrate.

Here's the ssl:

Code:

  GNU nano 5.6.1                                                                                               mywebsite.org.ssl.conf

  ssl_buffer_size 1369;
  ssl_session_tickets on;



  access_log /home/nginx/domains/mywebsite.org/log/access.log combined buffer=256k flush=5m;

  error_log /home/nginx/domains/mywebsite.org/log/error.log;

  include /usr/local/nginx/conf/autoprotect/mywebsite.org/autoprotect-mywebsite.org.conf;
  root /home/nginx/domains/mywebsite.org/public;

  include /usr/local/nginx/conf/503include-main.conf;

location / {
        try_files $uri $uri/ /index.php?$uri&$args;
        index index.php index.html;
}

location /install/data/ {
        internal;
}
location /install/templates/ {
        internal;
}
location /internal_data/ {
        internal;
}
location /library/ {
        internal;
}

location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass    127.0.0.1:9000;
        fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include         fastcgi_params;
}

  include /usr/local/nginx/conf/php.conf;

  include /usr/local/nginx/conf/pre-staticfiles-local-mywebsite.org.conf;
  include /usr/local/nginx/conf/pre-staticfiles-global.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}

And here's the non-SSL that seems to be working fine on my test site for HTTP-only.

Code:

server {
  listen   80;

  server_name labusas.org www.mywebsite.org;


  add_header X-Xss-Protection "1; mode=block" always;
  add_header X-Content-Type-Options "nosniff" always;

  access_log /home/nginx/domains/mywebsite.org/log/access.log combined buffer=256k flush=5m;
  error_log /home/nginx/domains/mywebsite.org/log/error.log;

  include /usr/local/nginx/conf/autoprotect/mywebsite.org/autoprotect-labusas.org.conf;
  root /home/nginx/domains/mywebsite.org/public;
  include /usr/local/nginx/conf/503include-main.conf;


location / {
        try_files $uri $uri/ /index.php?$uri&$args;
        index index.php index.html;
}

location /install/data/ {
        internal;
}
location /install/templates/ {
        internal;
}
location /internal_data/ {
        internal;
}
location /library/ {
        internal;
}

location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass    127.0.0.1:9000;
        fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include         fastcgi_params;
}


  include /usr/local/nginx/conf/php.conf;

  #include /usr/local/nginx/conf/pre-staticfiles-local-labusas.org.conf;
  #include /usr/local/nginx/conf/pre-staticfiles-global.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}

Even the regular http stops working when I switch to self-signed.

ENF · Jul 15, 2024

CZ Eddie said:
Even the regular http stops working when I switch to self-signed.

Ok, I'm not even seeing much SSL config in there at all.

For reference, here's my SSL block in my main .conf file, this is a fully configured SSL version.

Code:

server {
 
server_name enf.jp www.enf.jp;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
ssl_certificate /usr/local/nginx/conf/ssl/enf.jp/enf_jp-full.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/enf.jp/enf_jp.key;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
ssl_dhparam /usr/local/nginx/conf/ssl/enf.jp/enf_jp.pem;
ssl_session_cache shared:TLS:2m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_session_timeout 10m;
ssl_ecdh_curve secp384r1;
resolver 8.8.8.8;
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';

I haven't done an actual self-signed cert on centminmod in awhile, so I need to go look at that to see how it's configured. But, the above config will help you with your final config. The above config scores an A+ on the SSL Test (here), but please examine the options that you need for yourself.

I'm looking at how the self-signed sets itself up, will get back to you.

ENF · Jul 15, 2024

CZ Eddie said:
Darn, still can't get it working with my self-signed setup. Which I really want to get working before I migrate.

I spent some time with this and if you used the centminmod tools to create the vhost site and the option for a self-signed cert, it creates two .conf files at /usr/local/nginx/conf/conf.d/. If this happened, then the self-signed cert should be working. Of course, it's not entirely useful since it's only good for local use only, it's not vetted so browsers won't recognize it as 'legit' unless you create your own CA, which really isn't worth the time to do.

You should be able to test the overall function of the site without a valid SSL, so I don't think this is super critical to worry too much about. I would just make sure you know how to implement the SSL on the server once you move the site over, there will be some trial and error but it's too hard. The most common problem I've seen is people putting brackets ([, ]) in the wrong spots or having too many (or little) which causes config issues when trying to restart the nginx service.

CZ Eddie · Jul 15, 2024

ENF said:
You should be able to test the overall function of the site without a valid SSL

The problem is everyone has bookmarked our https address.
So, when I bring the site back online, nobody will be able to connect to it until I have secured SSL.
I just tested and confirmed that the HTTPS is not redirecting to HTTP for me.

And the process to convert to SSL seems complicated for centmin, with all documentation being several years old/outdated.
I was hoping to figure it out on my test bench before the migration.

I didn't want to do the migration and then spend eight hours stumbling through the SSL setup. hahah

Thanks for your help on this!

CZ Eddie · Jul 15, 2024

I could be wrong, but I think that if I configure self-signed, then the users can still access the board through HTTPS.
And they simply need to go through a couple of "are you sure you want to continue" clicks before continuing the the page.

If true, then this will give me time to properly set up letsencrtypt or another permanent SSL option.

It would also help me test Friendly URL configuration for https.

ENF · Jul 15, 2024

CZ Eddie said:
I could be wrong, but I think that if I configure self-signed, then the users can still access the board through HTTPS.
And they simply need to go through a couple of "are you sure you want to continue" clicks before continuing the the page.

Edit: And after writing all that below, it just clicked in my mind that you're not using a traditional cert. I don't have any letsencrypt sites operating right now. Everything under my support or control is using a normal single site cert or a wildcard cert. Sorry about that.

This link is still accurate as far as I know: https://centminmod.com/letsencrypt-acmetool-https.html - from what I remember, it doesn't long to setup this up. But, you need to do this with the vhost creation from the start to make it simplified.

Leaving the below in place in case someone else needs it later on.

This is correct, but in reality if you preconfigure SSL properly, it only takes a few minutes to switch it on.
You can setup your .conf with all the necessary SSL information and just comment it out before you switch to the real SSL.

If you look at my example config for one of my sites (above), you just need to have that information setup correctly and put the .cert .key and .pem files in the right location. As soon as you have it set, you can uncomment the config lines and restart NGINX and your SSL will be live.

Example of commenting out the lines before you need them:

Code:

#ssl_certificate /usr/local/nginx/conf/ssl/enf.jp/enf_jp-full.crt;
#ssl_certificate_key /usr/local/nginx/conf/ssl/enf.jp/enf_jp.key;
#ssl_protocols TLSv1.3 TLSv1.2;
#ssl_prefer_server_ciphers on;
#ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
#ssl_dhparam /usr/local/nginx/conf/ssl/enf.jp/enf_jp.pem;
#ssl_session_cache shared:TLS:2m;
#ssl_stapling on;
#ssl_stapling_verify on;
#ssl_session_timeout 10m;
#ssl_ecdh_curve secp384r1;
#resolver 8.8.8.8;

If you are copying stuff over from an existing server, those files, except maybe the .pem file should just be directly transferred into the SSL folder for your site. (Would be /usr/local/nginx/conf/ssl and there should be one folder under there for your site, or you can make the folder and copy the relative files into that location.)

For your site .conf file you can use a forced redirect like this below:

Code:

server {
    listen       80;
    server_name  yourwebsite.com;
    return       301 https://yourwebsite.com$request_uri;
}

This will force everyone over to HTTPS and just redirect from HTTP if someone comes from that route.

CZ Eddie · Jul 16, 2024

Thank you very much.

I actually wanted the reverse. To force https traffic to http, because I wasn't able to set up ssl.
That seems to be working with this ssl cert:

Code:

server {
    listen 443 ssl http2 reuseport;
    server_name mywebsite.org www.mywebsite.org;

    ssl_certificate /usr/local/nginx/conf/ssl/mywebsite.org/mywebsite.org.crt;
    ssl_certificate_key /usr/local/nginx/conf/ssl/mywebsite.org/mywebsite.org.key;
    ssl_dhparam /usr/local/nginx/conf/ssl/mywebsite.org/dhparam.pem;
    include /usr/local/nginx/conf/ssl_include.conf;

    location / {
        return 301 http://$host$request_uri;
    }

    access_log /home/nginx/domains/mywebsite.org/log/access.log combined buffer=256k flush=5m;
    error_log /home/nginx/domains/mywebsite.org/log/error.log;
}

CZ Eddie · Jul 16, 2024

I'm wondering if it would be best to set up centminmod ahead of time with everything I want EXCEPT for the vhost.
Then, after I switch over DNS, I would setup the vhost at that time and let it do it's thing with letsencrypt.

Do you know if that's all handled by the centmin script automatically?
I guess I need to read that thread you linked. It's around seven years old, which worries me and why I haven't read it already.
But it should get me in the ballpark.

Migration from Litespeed to Ngninx = 502 Bad Gateway nginx

Active member

Active member

502 Bad Gateway nginx​

Well-known member

502 Bad Gateway nginx​

Active member

Active member

Active member

Well-known member

Active member

Well-known member

Active member

Well-known member

Active member

Active member

Well-known member

Well-known member

Active member

Active member

Well-known member

Active member

Active member

Similar threads

We value your privacy

502 Bad Gateway nginx

502 Bad Gateway nginx