• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

SSL through nginx

optrex

Well-known member
#1
I'm suffering in trying to get my test server up as SSL in readiness for my main server to move across.
Non php pages display ok. I've got the forced www redirect working and the https redirect working, but as soon as I go to view a php file using https I get a page not found.

This is my mail nginx.conf file
I'd also like to add the rewites for freindly urls.

Code:
user  nginx;
worker_processes  auto;
#worker_priority -10;
worker_rlimit_nofile 100000;

timer_resolution 100ms;
pcre_jit on;

error_log  /var/log/nginx/error.log crit;
pid        /var/run/nginx.pid;


events {
    worker_connections  3500;
    use epoll;
    #accept_mutex on;
    #accept_mutex_delay 200ms;
    multi_accept on;
}

http    {



server {
    listen         80;
listen [::]:80;
listen 443 ssl http2;
server_name domain.com www.domain.com;
ssl on;
ssl_certificate /etc/nginx/ssl/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/myserver.key;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
if ($scheme = http) {
return 301 https://www.domain.com$request_uri;
   }



# Config for Free SSL (LetEncrypt) - Do not Delete !
location ~ /.well-known {
        allow all;
        root /home/domain.com/public_html;
    }

        location ~ \.php$ {
try_files $uri =404;
include         fastcgi_params;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
                include /etc/nginx/fastcgi_params;
                fastcgi_pass 127.0.0.1:9000;
                fastcgi_index index.php;
                fastcgi_connect_timeout 60;
                fastcgi_send_timeout 180;
                fastcgi_read_timeout 180;
                fastcgi_buffer_size 256k;
                fastcgi_buffers 4 256k;
                fastcgi_busy_buffers_size 256k;
                fastcgi_temp_file_write_size 256k;
                fastcgi_intercept_errors on;
                fastcgi_param SCRIPT_FILENAME /home/domain.com/public_html$fastcgi_script_name;
                fastcgi_param   HTTPS               on;
                fastcgi_param   HTTP_SCHEME         https;
        }


location / {
        try_files $uri $uri/ /index.php?$uri&$args;
        index index.php index.html index.htm;
}




}



    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
include /etc/nginx/conf/ddos1.conf;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
more_set_headers    "Server: Nginx";
more_set_headers "X-Powered-By: VPSSIM"
    access_log  off;
    sendfile on;
    sendfile_max_chunk 512k;
I'd appreciate some help as to where I've gone wrong please. Cheers
 

optrex

Well-known member
#2
I know some clever person is going to look at this and come back with a simple fix where I've done something obviously wrong. But for the last 18 hours it's been driving me nuts. I'm at a complete road block.
 

Mouth

Well-known member
#3
Code:
    location ~ [^/]\.php(/|$) {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
[...]
 

Robust

Well-known member
#6
Try:

Code:
location ~ \.php$ {
    try_files $uri =404;
    fastcgi_pass    127.0.0.1:9000;
    fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include         fastcgi_params;
}
It's not a big change, but that's the kind of setup you should be using regardless.

Move the rest of your params into fastcgi_params.

If that doesn't work, post the relevant section of your error log as Mouth said. We don't really have a leg to stand on to know what is causing the issue otherwise.
 

optrex

Well-known member
#7
I've got the nginx error log on 'info' and there is nothing logging that's of any use. It basically says it's listening and that's it.
 

Mouth

Well-known member
#8
I've got the nginx error log on 'info' and there is nothing logging that's of any use. It basically says it's listening and that's it.
You have no problem with nginx since you said ssl static files are being shown correctly, thus nginx log unlikely to show much.
You likely need to activate php logging, via your php.ini. Look for log_errors, error_reporting, and error_log
 

optrex

Well-known member
#9
Ok so long story short. I couldn't get any logging to actually work. Turns out it was a repeat issue in my distro via vpssim. During my searches to fix it, I found a post by @eva2000 comparing vpssim to centmin mod. He also raised a few issues around security on vpssim so I gave centmin a go to compare it.

Turned out to be really easy to install and without any of the issues. SSL works with no problems and I've got logging, with php7 and centos 7. Thanks both for your help but thanks also to @eva2000 for a great distro with easy to follow guides. Now to move all my websites over ready for XF 2
 

eva2000

Well-known member
#10
Ok so long story short. I couldn't get any logging to actually work. Turns out it was a repeat issue in my distro via vpssim. During my searches to fix it, I found a post by @eva2000 comparing vpssim to centmin mod. He also raised a few issues around security on vpssim so I gave centmin a go to compare it.

Turned out to be really easy to install and without any of the issues. SSL works with no problems and I've got logging, with php7 and centos 7. Thanks both for your help but thanks also to @eva2000 for a great distro with easy to follow guides. Now to move all my websites over ready for XF 2
Nice so you're viralpoet https://community.centminmod.com/posts/45801/ ? Glad to hear Centmin Mod helped another Xenforo out.

If you're playing with Xenforo 2.0 Dev Preview releases, you'd want to read https://community.centminmod.com/posts/45274/ :D