By Frunobulax
I created a new droplet (Ubuntu 16.04), and successfully went through all stages of setting up the LEMP stack and Let’s Encrypt. Wordpress is supposedly ready to start the install process.
My intended setup is to have /var/www/html serving page.com, and /var/www/html/blog (where Wordpress is) serving blog.page.com.
CNAMES are already configured for www and blog. Let’s Encrypt was configured with page.com, www.page.com and blog.page.com, and right now there are 2 nginx config files, default and blog.page.com - both with aliases on /etc/nginx/enabled-sites, and with nginx -t giving it an OK.
However, all configurations for nginx so far are only leading me to the “Welcome to Nginx” page in both page.com and blog.page.com, and I’m not being able to find out what is going on. If I try to access anything other than the base page, it 404’s, even though the files are all there on /var/www/html. Here’s the current content of default and blog.page.com after quite a few tries moving stuff:
default:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name page.com www.page.com;
return 301 https://$server_name$request_uri;
root /var/www/html;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location ~ /.well-known {
allow all;
}
}
server {
# SSL configuration
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
include snippets/ssl-page.com.conf;
include snippets/ssl-params.conf;
}
server {
# Server subdomain host
server_name blog.page.com;
# Server port
listen 80;
listen [::]:80;
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
location / {
return 301 https://blog.page.com$request_uri;
try_files $uri $uri/ /index.php$is_args$args;
}
index index.php
# Server subdomain root folder
root /var/www/html/blog;
# Custom locations and settings
location ~ \.php$ {
fastcgi_pass unix:/var/run/php7.0-fpm.sock;
include snippets/fastcgi-php.conf;
}
}
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Accepted Answer
Ok, stuff is solved thanks to some IRC help. The tutorials apparently do not really set the SSL part correctly or do not make it evident enough. Here are the working files.
Default page (www.page.com or plain page.com):
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name page.com www.page.com;
return 301 https://$server_name$request_uri;
root /var/www/html;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location ~ /.well-known {
allow all;
}
}
server {
# SSL configuration
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name page.com www.page.com;
include snippets/ssl-page.com.conf;
include snippets/ssl-params.conf;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location ~ /.well-known {
allow all;
}
}
Blog subdomain (also accessible through page.com/blog/):
server {
listen 80;
listen [::]:80;
server_name blog.page.com www.blog.page.com;
return 301 https://blog.page.com$request_uri;
root /var/www/html/blog;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
}
server {
# SSL configuration
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name blog.page.com www.blog.page.com;
include snippets/ssl-page.com.conf;
include snippets/ssl-params.conf;
root /var/www/html/blog;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location ~ /.well-known {
allow all;
}
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
}
Alright, I found out that nginx is ignoring my ‘root’ settings, putting /usr/share/nginx instead of /var/www by itself. I tried chmodding /var/www/html for www:data (again), to no avail.
If I try to put root on the SSL server block instead, I get 403 errors in any combination.
So, it’s impossible to make it work. Not only I did all steps correctly, I tried to further set-up permissions making sure nginx worker process could deal with the html folder, to no avail. Everything I try to access is either 403 or 404 because a hidden fault on the configuration file makes it default somehow to /usr/share/nginx. trying a symlink between it and my actual html folder only made more 403s.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.