Question
How to make a Wordpress subdomain on Nginx with SSL?
- Posted July 17, 2016
- NginxWordPressLet's EncryptUbuntu 16.04
I created a new droplet (Ubuntu 16.04), and successfully went through all stages of setting up the LEMP stack and Let’s Encrypt. Wordpress is supposedly ready to start the install process.
My intended setup is to have /var/www/html serving page.com, and /var/www/html/blog (where Wordpress is) serving blog.page.com.
CNAMES are already configured for www and blog. Let’s Encrypt was configured with page.com, www.page.com and blog.page.com, and right now there are 2 nginx config files, default and blog.page.com - both with aliases on /etc/nginx/enabled-sites, and with nginx -t giving it an OK.
However, all configurations for nginx so far are only leading me to the “Welcome to Nginx” page in both page.com and blog.page.com, and I’m not being able to find out what is going on. If I try to access anything other than the base page, it 404’s, even though the files are all there on /var/www/html. Here’s the current content of default and blog.page.com after quite a few tries moving stuff:
default:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name page.com www.page.com;
return 301 https://$server_name$request_uri;
root /var/www/html;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location ~ /.well-known {
allow all;
}
}
server {
# SSL configuration
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
include snippets/ssl-page.com.conf;
include snippets/ssl-params.conf;
}
server {
# Server subdomain host
server_name blog.page.com;
# Server port
listen 80;
listen [::]:80;
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
location / {
return 301 https://blog.page.com$request_uri;
try_files $uri $uri/ /index.php$is_args$args;
}
index index.php
# Server subdomain root folder
root /var/www/html/blog;
# Custom locations and settings
location ~ \.php$ {
fastcgi_pass unix:/var/run/php7.0-fpm.sock;
include snippets/fastcgi-php.conf;
}
}
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Ok, stuff is solved thanks to some IRC help. The tutorials apparently do not really set the SSL part correctly or do not make it evident enough. Here are the working files.
Default page (www.page.com or plain page.com):
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name page.com www.page.com;
return 301 https://$server_name$request_uri;
root /var/www/html;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location ~ /.well-known {
allow all;
}
}
server {
# SSL configuration
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name page.com www.page.com;
include snippets/ssl-page.com.conf;
include snippets/ssl-params.conf;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location ~ /.well-known {
allow all;
}
}
Blog subdomain (also accessible through page.com/blog/):
server {
listen 80;
listen [::]:80;
server_name blog.page.com www.blog.page.com;
return 301 https://blog.page.com$request_uri;
root /var/www/html/blog;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
}
server {
# SSL configuration
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name blog.page.com www.blog.page.com;
include snippets/ssl-page.com.conf;
include snippets/ssl-params.conf;
root /var/www/html/blog;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location ~ /.well-known {
allow all;
}
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
}
So, it’s impossible to make it work. Not only I did all steps correctly, I tried to further set-up permissions making sure nginx worker process could deal with the html folder, to no avail. Everything I try to access is either 403 or 404 because a hidden fault on the configuration file makes it default somehow to /usr/share/nginx. trying a symlink between it and my actual html folder only made more 403s.
Alright, I found out that nginx is ignoring my ‘root’ settings, putting /usr/share/nginx instead of /var/www by itself. I tried chmodding /var/www/html for www:data (again), to no avail.
If I try to put root on the SSL server block instead, I get 403 errors in any combination.