Question

Error while setting up ssl, "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory)

Posted September 10, 2021 83 views
NginxCentOS

Hi all,

While setting up my ssl using lets encrypt, I keep getting the following error:

2021/09/10 18:32:08 [error] 18402#18402: *1546 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 122.174.182.129, server: example.com, request: "GET /favicon.ico HTTP/2.0", host: "www.example.com", referrer: "https://www.example.com/"

My nginx.conf file is:

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}
http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 4096;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;
    server {

    if ($host = www.example.com) {
 return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name example.com www.example.com;

   location = /favicon.ico { access_log off; log_not_found off; }

    location /static {
        root /home/ec2-user/buisness;
    }

    location / {
        proxy_set_header Host $http_host;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://unix:/home/ec2-user/buisness/buisness.sock;
    }

}
    server {
        listen       80;
        listen       [::]:80;
        server_name  _;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;
        error_page 404 /404.html;
        location = /404.html {
        }

        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }
    }

# Settings for a TLS enabled server.

    server {
        listen       443 ssl http2;
        listen       [::]:443 ssl http2;
        server_name  example.com www.example.com;
        root         /home/ec2-user/buisness;


        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        #        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;
        error_page 404 /404.html;
            location = /40x.html {
        }

       error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
}

}

The site was working perfectly without ssl/HTTPS, but after I installed it keeps showing the default page, How do I resolve it?

PS : UNABLE TO ADD Let’s encrypt as a tag in the bottom, ERROR: Tag list contains an invalid tag "Let's Encrypt"

Help much Appreciated

Thank you,
Madhav

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer

Hi there,

As far as I can see, your Nginx proxy rules are currently present only under the Nginx server block that serves port 80/http. You need to also carry over those rules to the Nginx server block for the port 443/https. Because at the moment you don’t have any proxy rules specified for port 443 so Nginx is not proxying the requests to your backend service.

Basically add the following rules to the server block for port 443:

    location / {
        proxy_set_header Host $http_host;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://unix:/home/ec2-user/buisness/buisness.sock;
    }

Then run a config test with:

sudo nginx -t

If you get Syntax OK then restart Nginx.

sudo systemctl restart nginx

Let me know how it goes!
Best,
Bobby

  • Heyyyy Bobby,
    So I added all of these rules of my server bock for port 443 and my nginx.conf file looks like so:

    # For more information on configuration, see:
    #   * Official English Documentation: http://nginx.org/en/docs/
    #   * Official Russian Documentation: http://nginx.org/ru/docs/
    
    user nginx;
    worker_processes auto;
    error_log /var/log/nginx/error.log;
    pid /run/nginx.pid;
    
    # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
    include /usr/share/nginx/modules/*.conf;
    
    events {
        worker_connections 1024;
    }
    http {
        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
                          '"$http_user_agent" "$http_x_forwarded_for"';
    
        access_log  /var/log/nginx/access.log  main;
    
        sendfile            on;
        tcp_nopush          on;
        tcp_nodelay         on;
        keepalive_timeout   65;
        types_hash_max_size 4096;
    
        include             /etc/nginx/mime.types;
        default_type        application/octet-stream;
    
        # Load modular configuration files from the /etc/nginx/conf.d directory.
        # See http://nginx.org/en/docs/ngx_core_module.html#include
        # for more information.
        include /etc/nginx/conf.d/*.conf;
        server {
    
        #if ($host = www.example.com) {
    
        #    return 301 https://$host$request_uri;
        #} # managed by Certbot
       #
       # if ($host = example.com) {
       #     return 301 https://$host$request_uri;
       # } # managed by Certbot
    
    
        listen 80;
        server_name example.com www.example.com;
        root /home/ec2-user/buisness;
        if ($host = www.example.com) {
            return 301 https://$server_name$request_uri;
        } # managed by Certbot
    
        if ($host = example.com) {
            return 301 https://$server_name$request_uri;
        } # managed by Certbot
        location = /favicon.ico { access_log off; log_not_found off; }
    
        location /static {
            root /home/ec2-user/buisness;
        }
    
        location / {
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_pass http://unix:/home/ec2-user/buisness/buisness.sock;
        }
    
    }
    
      #  server {
       #     listen       80;
        #    listen       [::]:80;
         #   server_name  _;
    
         #   root         /home/ec2-user/buisness;
    
            # Load configuration files for the default server block.
    #        include /etc/nginx/default.d/*.conf;
     #       error_page 404 /404.html;
      #      location = /404.html {
       #     }
    
        #    error_page 500 502 503 504 /50x.html;
         #   location = /50x.html {
          #  }
        #}
    
    # Settings for a TLS enabled server.
    
        server {
            listen       443 ssl http2;
            listen       [::]:443 ssl http2;
            server_name  www.example.com example.com;
            root         /home/ec2-user/buisness;
    
    
            ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
            ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
            ssl_session_cache shared:SSL:1m;
            ssl_session_timeout  10m;
            ssl_ciphers HIGH:!aNULL:!MD5;
            ssl_prefer_server_ciphers on;
    
            # Load configuration files for the default server block.
            #include /etc/nginx/default.d/*.conf;
            include /etc/nginx/conf.d/*.conf;
           # include /home/ec2-user/buisness/Main;
           if ($host = www.example.com) {
            return 301 https://$host$request_uri;
        } # managed by Certbot
    
        if ($host = example.com) {
    return 301 https://$host$request_uri;
        } # managed by Certbot
        location = /favicon.ico { access_log off; log_not_found off; }
    
        location /static {
            root /home/ec2-user/buisness;
        }
    
        location / {
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_pass http://unix:/home/ec2-user/buisness/buisness.sock;
        }
           #error_page 404 /404.html;
             #   location = /40x.html {
            #}
    
           #error_page 500 502 503 504 /50x.html;
             #   location = /50x.html {
            #}
    }
    
    }
    

    I then ran , sudo nginx -t , followed by sudo systemctl restart nginx,

    But now when I tried to load the site it said, page is not loading and when I checked the error log , I found out the following error :

    directory index of "/home/ec2-user/buisness/" is forbidden, client: 54.245.150.189, server: www.example.com, request: "GET / HTTP/1.1", host: "example.com"

    Btw thanks for helping me out here

    Thank you,
    Madhav

    • Hi there,

      It looks like that the content of the /home/ec2-user/business directory is trying to be served directly rather than going over the reverse proxy rule.

      I would recommend backing up your config file and then changing the server block for port 443 with the following content:

          server {
              listen       443 ssl http2;
              listen       [::]:443 ssl http2;
              server_name  www.example.com example.com;
      
              ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
              ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
              ssl_session_cache shared:SSL:1m;
              ssl_session_timeout  10m;
              ssl_ciphers HIGH:!aNULL:!MD5;
              ssl_prefer_server_ciphers on;
      
              # Load configuration files for the default server block.
              #include /etc/nginx/default.d/*.conf;
              include /etc/nginx/conf.d/*.conf;
              # include /home/ec2-user/buisness/Main;
      
              location = /favicon.ico { access_log off; log_not_found off; }
      
              location /static {      
                  root /home/ec2-user/buisness;
              }
      
              location / {
                  proxy_set_header Host $http_host;
                  proxy_set_header X-Real-IP $remote_addr;
                  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                  proxy_set_header X-Forwarded-Proto $scheme;
                  proxy_pass http://unix:/home/ec2-user/buisness/buisness.sock;
              }
      
          }
      

      Then save the file, run the config test again, and if you get syntax OK, restart Nginx.

      Let me know how it goes!
      Best,
      Bobby