1 Topic by bmarkey

  • bmarkey
  • Member
  • Offline
  • Registered: 2016-07-28
  • Posts: 3

Topic: Nginx config question.

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- Related log if you're reporting an issue:
====

iRedMail - 0.9.5-1
Debian jessie
MySQL
Nginx
No pro.


Everything works. This is an nginx question.  I've only briefly used nginx, I'm used to apache.   

What I'm trying to do is host a site on this server also.   Here is what I've done.

1. Change redirect in /var/www/index.html
2. Create new directory in /var/www = /var/www/website
3.Move files to that new directory.

Here's where I'm not sure what needs changed.  I constantly get file not found if I go to the site via https.  Works fine via http.

So reading about nginx I get that the regular and ssl server are separate.  Since the php-catchall.tmpl is called from both sections of /etc/nginx/conf.d/00-default.conf then the location section is there.   

Like I said, I know this is mostly an nginx question but I'm trying to not break everything else.

Thanks

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,165

Re: Nginx config question.

It's better to show us your Nginx config file for this website. It's hard for us to help troubleshoot without it.

3 Reply by bmarkey (edited by bmarkey 2016-07-28 20:00:44)

  • bmarkey
  • Member
  • Offline
  • Registered: 2016-07-28
  • Posts: 3

Re: Nginx config question.

ZhangHuangbin wrote:

It's better to show us your Nginx config file for this website. It's hard for us to help troubleshoot without it.

Ok. I didn't post it since it was the default.  Here you go.

So all I want to be able to do is hit www.domain.com or domain.com and get a website.  It works via http but not via https.

This is assuming that my site files would use /var/www/ as the root directory.  I'd remove the index.html that does the redirect to /mail/.

Thanks

Nginx.conf.

    user www-data;
    worker_processes 1;
    pid /var/run/nginx.pid;

    events {
    worker_connections 1024;
    }

    http {
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    # Hide Nginx version number
    server_tokens off;

    gzip on;
    keepalive_timeout 600;
    sendfile on;

    client_max_body_size 12m;
    types_hash_max_size 2048;

    upstream php_workers {
        server unix:/var/run/php-fpm.socket;
    }

    include /etc/nginx/conf.d/*.conf;
    }





/etc/nginx/conf.d/00-default.conf

    # HTTP
    server {
    # Listen on ipv4
    listen 80;
    # Listen on ipv6.
    # Note: this setting listens on both ipv4 and ipv6 with Nginx release
    #       shipped in some Linux/BSD distributions.
    #listen [::]:80;
    server_name _;

    root /var/www;
    index index.php index.html;

    location / {
        root /var/www;
    }

    include /etc/nginx/templates/php-catchall.tmpl;
    include /etc/nginx/templates/redirect_to_https.tmpl;
    include /etc/nginx/templates/misc.tmpl;
    }

    # HTTPS
    server {
    listen 443;
    server_name _;

    ssl on;
    ssl_certificate /etc/letsencrypt/live/mail.xxxxxxx.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mail.xxxxxxx.com/privkey.pem;
    #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_protocols TLSv1.2;

    # Fix 'The Logjam Attack'.
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/ssl/dh2048_param.pem;

    index index.php index.html;

    location / {
        root /var/www;
    }

    # HTTP Strict Transport Security (HSTS)
    #include /etc/nginx/templates/hsts.tmpl;

    # Web applications.
    include /etc/nginx/templates/roundcube.tmpl;
    include /etc/nginx/templates/iredadmin.tmpl;
    include /etc/nginx/templates/sogo.tmpl;

    # PHP applications. WARNING: php-catchall.tmpl should be loaded after
    # other php web applications.
    include /etc/nginx/templates/php-catchall.tmpl;

    include /etc/nginx/templates/misc.tmpl;
    }






/etc/nginx/templates/php-catchall.tmpl

    # Normal PHP scripts
    location ~ \.php$ {
    include fastcgi_params;
    fastcgi_pass php_workers;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }

4 Reply by bmarkey

  • bmarkey
  • Member
  • Offline
  • Registered: 2016-07-28
  • Posts: 3

Re: Nginx config question.

Got this answered elsewhere.

In case anyone is curious.

Just add

root /var/www;

to the https section of /etc/nginx/conf.d/00-default.conf  and remove the index.html page that redirects.

Enjoy