Hey Guys -
I have used Nginx for Windows for a while now in my home lab which I use for various purposes including hosting an internal website (uses Organizr v2) and reverse proxy. It listens on 80 & 443 but forwards all requests to 80 to 443 as I also have installed a 3rd party signed SSL vert for my home domain.
This worked well until a recent migration of my Nginx installation to a new system. Now when I visit my homepage, I can view the content loaded from the actual root of the site, but not anything reverse-proxy pulls from an HTTP source. The only way I can view it is to click the small shield icon to the right of Chrome's address bar and choose to "Load unsafe scripts." Although able to view it afterwards, the URL changes to "Not Secure." I didn't have this issue with my old install and for the most part, nginx.conf is the same even though there are minor differences with the version of Nginx & PHP.
Below are details of my environment, a few notes, and finally the beginning of my nginx.conf (assuming that's where the issue will be resolved.) Any assistance would be appreciated...
Environment
- Windows 10 x64 1809
- Nginx 1.15.8 (for Windows)
- PHP 7.3.0-nts-Win32-VC15-x64
Notes
- I compared the old and new conf files side by side using NotePad++ but didn't see anything notable which was different. I would have copied the exact old conf and use it, but was having issues with hosting being really slow on that old system recently which I know wasn't related to resources
- Following the "/files" location shown at the end of the snippet below, there are approximately 15 additional locations - each with fairly similar formatting and are the only parts of the conf file I left out to keep it clean. The only other change was changing the name of the domain
- I only apply PHP config to root instead of entire site as there is another app referenced by reverse proxy which has it's own different PHP installation. Prior to applying it only to the root, I was unable to use that app via RP
- Other than the issue described, the service starts & everything works well
- Windows Firewall is disabled (all 3) and there are no other firewalls on my PC
- Issue exists on multiple PCs & multiple browsers
nginx.conf Snippet
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
#Redirect requests for port 80 to 443
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name mydomain.com;
return 301 https://$host$request_uri;
}
# Configures Logging Options
log_format main 'site="$server_name" server="$host” dest_port="$server_port" dest_ip="$server_addr" '
'src="$remote_addr" src_ip="$realip_remote_addr" user="$remote_user" '
'time_local="$time_local" protocol="$server_protocol" status="$status" '
'bytes_out="$body_bytes_sent" bytes_in="$upstream_response_length" '
'http_referer="$http_referer" http_user_agent="$http_user_agent" '
'nginx_version="$nginx_version" http_x_forwarded_for="$http_x_forwarded_for" '
'http_x_header="$http_x_header" uri_query="$query_string" uri_path="$uri" '
'http_method="$request_method" response_time="$upstream_response_time" '
'cookie="$http_cookie" request_time="$request_time" ';
access_log logs/access.log;
error_log logs/error.log;
# Configures NGINX to listen on 443 with SSL
server {
listen 443 ssl;
server_name mydomain.com;
send_timeout 100m;
ssl_certificate c:/nginx/ssl/mydomaincombined.crt;
ssl_certificate_key c:/nginx/ssl/mydomain.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:AES128-SHA;
ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security max-age=31536000;
resolver 8.8.4.4 8.8.8.8 valid=300s;
resolver_timeout 10s;
ssl_stapling off;
ssl_stapling_verify off;
#PHP Config in Root Only
location / {
root html;
index index.php index.html index.htm;
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
# Defines location of robots.txt
location /robots.txt {
alias C:/nginx/global/robots.txt;
}
gzip on;
gzip_vary on;
gzip_min_length 1000;
gzip_proxied any;
gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
gzip_disable "MSIE [1-6]\.";
client_max_body_size 100M;
# The below section configures reverse proxy for locally hosted services
#CrushFTP Configuration
location /files {
proxy_pass http://192.168.0.35:4333/files;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_buffering off;
}
...
...
...
Any suggestions? Happy to post more details if needed. Thanks!
I have used Nginx for Windows for a while now in my home lab which I use for various purposes including hosting an internal website (uses Organizr v2) and reverse proxy. It listens on 80 & 443 but forwards all requests to 80 to 443 as I also have installed a 3rd party signed SSL vert for my home domain.
This worked well until a recent migration of my Nginx installation to a new system. Now when I visit my homepage, I can view the content loaded from the actual root of the site, but not anything reverse-proxy pulls from an HTTP source. The only way I can view it is to click the small shield icon to the right of Chrome's address bar and choose to "Load unsafe scripts." Although able to view it afterwards, the URL changes to "Not Secure." I didn't have this issue with my old install and for the most part, nginx.conf is the same even though there are minor differences with the version of Nginx & PHP.
Below are details of my environment, a few notes, and finally the beginning of my nginx.conf (assuming that's where the issue will be resolved.) Any assistance would be appreciated...
Environment
- Windows 10 x64 1809
- Nginx 1.15.8 (for Windows)
- PHP 7.3.0-nts-Win32-VC15-x64
Notes
- I compared the old and new conf files side by side using NotePad++ but didn't see anything notable which was different. I would have copied the exact old conf and use it, but was having issues with hosting being really slow on that old system recently which I know wasn't related to resources
- Following the "/files" location shown at the end of the snippet below, there are approximately 15 additional locations - each with fairly similar formatting and are the only parts of the conf file I left out to keep it clean. The only other change was changing the name of the domain
- I only apply PHP config to root instead of entire site as there is another app referenced by reverse proxy which has it's own different PHP installation. Prior to applying it only to the root, I was unable to use that app via RP
- Other than the issue described, the service starts & everything works well
- Windows Firewall is disabled (all 3) and there are no other firewalls on my PC
- Issue exists on multiple PCs & multiple browsers
nginx.conf Snippet
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
#Redirect requests for port 80 to 443
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name mydomain.com;
return 301 https://$host$request_uri;
}
# Configures Logging Options
log_format main 'site="$server_name" server="$host” dest_port="$server_port" dest_ip="$server_addr" '
'src="$remote_addr" src_ip="$realip_remote_addr" user="$remote_user" '
'time_local="$time_local" protocol="$server_protocol" status="$status" '
'bytes_out="$body_bytes_sent" bytes_in="$upstream_response_length" '
'http_referer="$http_referer" http_user_agent="$http_user_agent" '
'nginx_version="$nginx_version" http_x_forwarded_for="$http_x_forwarded_for" '
'http_x_header="$http_x_header" uri_query="$query_string" uri_path="$uri" '
'http_method="$request_method" response_time="$upstream_response_time" '
'cookie="$http_cookie" request_time="$request_time" ';
access_log logs/access.log;
error_log logs/error.log;
# Configures NGINX to listen on 443 with SSL
server {
listen 443 ssl;
server_name mydomain.com;
send_timeout 100m;
ssl_certificate c:/nginx/ssl/mydomaincombined.crt;
ssl_certificate_key c:/nginx/ssl/mydomain.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:AES128-SHA;
ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security max-age=31536000;
resolver 8.8.4.4 8.8.8.8 valid=300s;
resolver_timeout 10s;
ssl_stapling off;
ssl_stapling_verify off;
#PHP Config in Root Only
location / {
root html;
index index.php index.html index.htm;
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
# Defines location of robots.txt
location /robots.txt {
alias C:/nginx/global/robots.txt;
}
gzip on;
gzip_vary on;
gzip_min_length 1000;
gzip_proxied any;
gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
gzip_disable "MSIE [1-6]\.";
client_max_body_size 100M;
# The below section configures reverse proxy for locally hosted services
#CrushFTP Configuration
location /files {
proxy_pass http://192.168.0.35:4333/files;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_buffering off;
}
...
...
...
Any suggestions? Happy to post more details if needed. Thanks!