Hi,
i'm just new to nginx and need help.
I wan't to activate two sites, both with listen 443 and the same certificate:
1.) Owncloud
2.) FHEM with Reverse Proxy port 8083
They're both installed on the same maschine, but i can't ghet both to work, just if i change the port for one of the config files.
owncloud-config file:
-----
upstream php-handler {
server 127.0.0.1:9000;
#server unix:/var/run/php5-fpm.sock;
}
server {
listen 80;
server_name test;
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name test;
ssl_certificate /etc/ssl/nginx/test.cert;
ssl_certificate_key /etc/ssl/nginx/test.key;
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
# Path to the root of your installation
root /opt/;
# set max upload size
client_max_body_size 16G;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location /fhem {
proxy_pass http://localhost:8083/fhem;
proxy_redirect off;
proxy_buffering off;
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/.htpasswd;
access_log /var/log/nginx/fhem.access.log;
error_log /var/log/nginx/fhem.error.log;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){
deny all;
}
location /owncloud/ {
rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
# The following 2 rules are only needed with webfinger
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
rewrite ^/(/core/doc/[^\/]+/)$ $1/index.html;
try_files $uri $uri/ /index.php;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
}
# Adding the cache control header for js and css files
location ~* \.(?:css|js)$ {
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
# Optional: Don't log access to assets
access_log off;
}
# Optional: Don't log access to other assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
access_log off;
}
}
fhem config file:
-----
server {
listen 443 ssl;
server_name test;
ssl_certificate /etc/ssl/nginx/test.cert;
ssl_certificate_key /etc/ssl/nginx/test.key;
access_log /var/log/nginx/fhem.access.log;
error_log /var/log/nginx/fhem.error.log;
location /fhem {
proxy_pass http://localhost:8083/fhem;
proxy_redirect off;
proxy_buffering off;
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}
----
Can somebody please tell me how or why it can't be done,
thank you very much.
Regards,
Klaus
i'm just new to nginx and need help.
I wan't to activate two sites, both with listen 443 and the same certificate:
1.) Owncloud
2.) FHEM with Reverse Proxy port 8083
They're both installed on the same maschine, but i can't ghet both to work, just if i change the port for one of the config files.
owncloud-config file:
-----
upstream php-handler {
server 127.0.0.1:9000;
#server unix:/var/run/php5-fpm.sock;
}
server {
listen 80;
server_name test;
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name test;
ssl_certificate /etc/ssl/nginx/test.cert;
ssl_certificate_key /etc/ssl/nginx/test.key;
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
# Path to the root of your installation
root /opt/;
# set max upload size
client_max_body_size 16G;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location /fhem {
proxy_pass http://localhost:8083/fhem;
proxy_redirect off;
proxy_buffering off;
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/.htpasswd;
access_log /var/log/nginx/fhem.access.log;
error_log /var/log/nginx/fhem.error.log;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){
deny all;
}
location /owncloud/ {
rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
# The following 2 rules are only needed with webfinger
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
rewrite ^/(/core/doc/[^\/]+/)$ $1/index.html;
try_files $uri $uri/ /index.php;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
}
# Adding the cache control header for js and css files
location ~* \.(?:css|js)$ {
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
# Optional: Don't log access to assets
access_log off;
}
# Optional: Don't log access to other assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
access_log off;
}
}
fhem config file:
-----
server {
listen 443 ssl;
server_name test;
ssl_certificate /etc/ssl/nginx/test.cert;
ssl_certificate_key /etc/ssl/nginx/test.key;
access_log /var/log/nginx/fhem.access.log;
error_log /var/log/nginx/fhem.error.log;
location /fhem {
proxy_pass http://localhost:8083/fhem;
proxy_redirect off;
proxy_buffering off;
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}
----
Can somebody please tell me how or why it can't be done,
thank you very much.
Regards,
Klaus