How to make a Wordpress subdomain on Nginx with SSL?

July 17, 2016 709 views
Nginx WordPress Let's Encrypt Ubuntu 16.04

I created a new droplet (Ubuntu 16.04), and successfully went through all stages of setting up the LEMP stack and Let's Encrypt. Wordpress is supposedly ready to start the install process.

My intended setup is to have /var/www/html serving page.com, and /var/www/html/blog (where Wordpress is) serving blog.page.com.

CNAMES are already configured for www and blog. Let's Encrypt was configured with page.com, www.page.com and blog.page.com, and right now there are 2 nginx config files, default and blog.page.com - both with aliases on /etc/nginx/enabled-sites, and with nginx -t giving it an OK.

However, all configurations for nginx so far are only leading me to the "Welcome to Nginx" page in both page.com and blog.page.com, and I'm not being able to find out what is going on. If I try to access anything other than the base page, it 404's, even though the files are all there on /var/www/html. Here's the current content of default and blog.page.com after quite a few tries moving stuff:

default:

server {
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name page.com www.page.com;
        return 301 https://$server_name$request_uri;

        root /var/www/html;

        index index.php index.html index.htm;

        location / {
                try_files $uri $uri/ =404;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }

        location ~ /\.ht {
                deny all;
        }

        location ~ /.well-known {
                allow all;
        }
}

server {

    # SSL configuration

    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    include snippets/ssl-page.com.conf;
    include snippets/ssl-params.conf;
}

blog.page.com:

server {
# Server subdomain host
        server_name     blog.page.com;

# Server port
        listen          80;
        listen          [::]:80;


        location = /favicon.ico { log_not_found off; access_log off; }
        location = /robots.txt { log_not_found off; access_log off; allow all; }
        location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
                expires max;
                log_not_found off;
            }
        location / {
                return          301 https://blog.page.com$request_uri;
                try_files $uri $uri/ /index.php$is_args$args;
        }

        index index.php
# Server subdomain root folder
        root            /var/www/html/blog;

# Custom locations and settings
        location ~ \.php$ {
        fastcgi_pass   unix:/var/run/php7.0-fpm.sock;
        include        snippets/fastcgi-php.conf;
  }
}

3 Answers
Frunobulax July 18, 2016
Accepted Answer

Ok, stuff is solved thanks to some IRC help. The tutorials apparently do not really set the SSL part correctly or do not make it evident enough. Here are the working files.

Default page (www.page.com or plain page.com):

server {
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name page.com www.page.com;
        return 301 https://$server_name$request_uri;

        root /var/www/html;

        index index.php index.html index.htm;

        location / {
                try_files $uri $uri/ =404;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }

        location ~ /\.ht {
                deny all;
        }

        location ~ /.well-known {
                allow all;
        }
}

server {

        # SSL configuration
        listen 443 ssl http2 default_server;
        listen [::]:443 ssl http2 default_server;
        server_name page.com www.page.com;
        include snippets/ssl-page.com.conf;
        include snippets/ssl-params.conf;

        location / {
                try_files $uri $uri/ =404;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }

        location ~ /\.ht {
                deny all;
        }

        location ~ /.well-known {
                allow all;
        }

}

Blog subdomain (also accessible through page.com/blog/):

server {
        listen 80;
        listen [::]:80;
        server_name blog.page.com www.blog.page.com;
        return 301 https://blog.page.com$request_uri;

        root /var/www/html/blog;

        index index.php index.html index.htm;

        location / {
                try_files $uri $uri/ =404;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }

        location ~ /\.ht {
                deny all;
        }

        location = /favicon.ico { log_not_found off; access_log off; }
        location = /robots.txt { log_not_found off; access_log off; allow all; }
        location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
                expires max;
                log_not_found off;
            }

}

server {

        # SSL configuration
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name blog.page.com www.blog.page.com;
        include snippets/ssl-page.com.conf;
        include snippets/ssl-params.conf;
        root /var/www/html/blog;

        location / {
                try_files $uri $uri/ =404;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }

        location ~ /\.ht {
                deny all;
        }

        location ~ /.well-known {
                allow all;
        }

        location = /favicon.ico { log_not_found off; access_log off; }
        location = /robots.txt { log_not_found off; access_log off; allow all; }
        location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
                expires max;
                log_not_found off;
            }

}

Alright, I found out that nginx is ignoring my 'root' settings, putting /usr/share/nginx instead of /var/www by itself. I tried chmodding /var/www/html for www:data (again), to no avail.

If I try to put root on the SSL server block instead, I get 403 errors in any combination.

So, it's impossible to make it work. Not only I did all steps correctly, I tried to further set-up permissions making sure nginx worker process could deal with the html folder, to no avail. Everything I try to access is either 403 or 404 because a hidden fault on the configuration file makes it default somehow to /usr/share/nginx. trying a symlink between it and my actual html folder only made more 403s.

Have another answer? Share your knowledge.