Ive got a working config for my DO droplet to handle the Ubiquiti Unifi Controller installed on the droplet...i figured this config out and ive had this working for ages with no issues
Basically it bumps the subdomain url from http to https and uses the port 8443 where Tomcat is running, and uses letsencrypt
But now i need to run another web server for a basic page on the same server
Ive installed lighttpd and set the port to 88, the html files are under /var/www/html/admin (/var/www/html being the correct root folder for lighttpd)
But no matter what i do adding another service or location tot he existing config leads to nothing being displayed and the usual 404 500 or 502 errors
I could use a fresh pair of eyes, ive been going around in circles for hours :)
Ive read plenty of articles, but none the wiser, im sure its something simple im missing...
Thanks in advance for any suggestions
Current config below:
#/etc/nginx/sites-enabled/default
server_tokens off;
add_header X-Frame-Options SAMEORIGIN;
add_header X-XSS-Protection "1; mode=block";
server {
listen 80;
server_name default_server;
error_log /var/log/unifi/nginx.log;
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root /var/www/html/letsencrypt;
}
}
server {
listen 443 ssl default_server http2;
server_name wifi.domain.com.au;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_certificate /etc/letsencrypt/live/wifi.domain.com.au/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wifi.domain.com.au/privkey.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
keepalive_timeout 300;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA;
add_header Strict-Transport-Security max-age=31536000;
add_header X-Frame-Options DENY;
error_log /var/log/unifi/nginx.log;
client_max_body_size 8M;
proxy_cache off;
proxy_store off;
location / {
include /etc/nginx/proxy_params;
proxy_pass https://127.0.0.1:8443$request_uri;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
Basically it bumps the subdomain url from http to https and uses the port 8443 where Tomcat is running, and uses letsencrypt
But now i need to run another web server for a basic page on the same server
Ive installed lighttpd and set the port to 88, the html files are under /var/www/html/admin (/var/www/html being the correct root folder for lighttpd)
But no matter what i do adding another service or location tot he existing config leads to nothing being displayed and the usual 404 500 or 502 errors
I could use a fresh pair of eyes, ive been going around in circles for hours :)
Ive read plenty of articles, but none the wiser, im sure its something simple im missing...
Thanks in advance for any suggestions
Current config below:
#/etc/nginx/sites-enabled/default
server_tokens off;
add_header X-Frame-Options SAMEORIGIN;
add_header X-XSS-Protection "1; mode=block";
server {
listen 80;
server_name default_server;
error_log /var/log/unifi/nginx.log;
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root /var/www/html/letsencrypt;
}
}
server {
listen 443 ssl default_server http2;
server_name wifi.domain.com.au;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_certificate /etc/letsencrypt/live/wifi.domain.com.au/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wifi.domain.com.au/privkey.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
keepalive_timeout 300;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA;
add_header Strict-Transport-Security max-age=31536000;
add_header X-Frame-Options DENY;
error_log /var/log/unifi/nginx.log;
client_max_body_size 8M;
proxy_cache off;
proxy_store off;
location / {
include /etc/nginx/proxy_params;
proxy_pass https://127.0.0.1:8443$request_uri;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}