Hello,
i want to disable https and ssl in general when browsing certain subfolders of my server block.
At the moment i'm using the certbot application to manage certificates on my Raspbian Stretch OS, running on a raspberry Pi 2b.
The raspberry hosts phpmyadmin, some web interfaces with statistics and on top of that my LAN uses two Raspberry Zeros as redundant DNS servers.
Because of how certbot manages my server config files it's starting to get confusing and have no idea how to proceed. Can anyone assist me?
/etc/nginx/sites-available/DOMAIN.NAME:
# usato dal monitor netdata
upstream netdata {
server 127.0.0.1:19999;
keepalive 64;
}
server {
server_name DOMAIN.NAME;
root /var/www/DOMAIN.NAME;
index index.html;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
error_page 401 403 404 /404.html;
# HOMEPAGE, authentication
location / {
try_files $uri $uri/ =404;
auth_basic "Please authenticate";
auth_basic_user_file /etc/nginx/.htpasswd;
}
# PHPMYADMIN, HTTPS on
location /phpmyadmin {
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000; #php worker;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
# NETDATA, HTTPS on
location = /netdata {
return 301 /netdata/;
}
location ~ /netdata/(?<ndpath>.*) {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_pass_request_headers on;
proxy_set_header Connection "keep-alive";
proxy_store off;
proxy_pass http://netdata/$ndpath$is_args$args;
gzip on;
gzip_proxied any;
gzip_types *;
}
# Pi-hole 1 web interface, nginx is sitting in front of it as a reverse proxy
location /pihole1 {
proxy_pass http://192.168.1.3/admin/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Pi-hole 2 web interface, nginx is sitting in front of it as a reverse proxy
location /pihole2 {
proxy_pass http://192.168.1.4/admin/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Onion Omega2 IoT device, Should NOT use HTTPS!
location /onion {
proxy_pass http://192.168.1.31/OnionOS/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Grafana web interface, HTTPS on
location /grafana/ {
proxy_pass http://localhost:3000/;
proxy_set_header Authorization "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# HTTP -> HTTPS redirect
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/DOMAIN.NAME-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/DOMAIN.NAME-0001/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = DOMAIN.NAME) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name DOMAIN.NAME;
return 404; # managed by Certbot
}
server {
if ($host = DOMAIN.NAME) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name DOMAIN.NAME;
listen 80;
return 404; # managed by Certbot
}
i want to disable https and ssl in general when browsing certain subfolders of my server block.
At the moment i'm using the certbot application to manage certificates on my Raspbian Stretch OS, running on a raspberry Pi 2b.
The raspberry hosts phpmyadmin, some web interfaces with statistics and on top of that my LAN uses two Raspberry Zeros as redundant DNS servers.
Because of how certbot manages my server config files it's starting to get confusing and have no idea how to proceed. Can anyone assist me?
/etc/nginx/sites-available/DOMAIN.NAME:
# usato dal monitor netdata
upstream netdata {
server 127.0.0.1:19999;
keepalive 64;
}
server {
server_name DOMAIN.NAME;
root /var/www/DOMAIN.NAME;
index index.html;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
error_page 401 403 404 /404.html;
# HOMEPAGE, authentication
location / {
try_files $uri $uri/ =404;
auth_basic "Please authenticate";
auth_basic_user_file /etc/nginx/.htpasswd;
}
# PHPMYADMIN, HTTPS on
location /phpmyadmin {
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000; #php worker;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
# NETDATA, HTTPS on
location = /netdata {
return 301 /netdata/;
}
location ~ /netdata/(?<ndpath>.*) {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_pass_request_headers on;
proxy_set_header Connection "keep-alive";
proxy_store off;
proxy_pass http://netdata/$ndpath$is_args$args;
gzip on;
gzip_proxied any;
gzip_types *;
}
# Pi-hole 1 web interface, nginx is sitting in front of it as a reverse proxy
location /pihole1 {
proxy_pass http://192.168.1.3/admin/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Pi-hole 2 web interface, nginx is sitting in front of it as a reverse proxy
location /pihole2 {
proxy_pass http://192.168.1.4/admin/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Onion Omega2 IoT device, Should NOT use HTTPS!
location /onion {
proxy_pass http://192.168.1.31/OnionOS/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Grafana web interface, HTTPS on
location /grafana/ {
proxy_pass http://localhost:3000/;
proxy_set_header Authorization "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# HTTP -> HTTPS redirect
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/DOMAIN.NAME-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/DOMAIN.NAME-0001/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = DOMAIN.NAME) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name DOMAIN.NAME;
return 404; # managed by Certbot
}
server {
if ($host = DOMAIN.NAME) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name DOMAIN.NAME;
listen 80;
return 404; # managed by Certbot
}