Question

How to make a Wordpress subdomain on Nginx with SSL?

I created a new droplet (Ubuntu 16.04), and successfully went through all stages of setting up the LEMP stack and Let’s Encrypt. Wordpress is supposedly ready to start the install process.

My intended setup is to have /var/www/html serving page.com, and /var/www/html/blog (where Wordpress is) serving blog.page.com.

CNAMES are already configured for www and blog. Let’s Encrypt was configured with page.com, www.page.com and blog.page.com, and right now there are 2 nginx config files, default and blog.page.com - both with aliases on /etc/nginx/enabled-sites, and with nginx -t giving it an OK.

However, all configurations for nginx so far are only leading me to the “Welcome to Nginx” page in both page.com and blog.page.com, and I’m not being able to find out what is going on. If I try to access anything other than the base page, it 404’s, even though the files are all there on /var/www/html. Here’s the current content of default and blog.page.com after quite a few tries moving stuff:

default:

server {
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name page.com www.page.com;
        return 301 https://$server_name$request_uri;

        root /var/www/html;

        index index.php index.html index.htm;

        location / {
                try_files $uri $uri/ =404;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }

        location ~ /\.ht {
                deny all;
        }

        location ~ /.well-known {
                allow all;
        }
}

server {

    # SSL configuration

    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    include snippets/ssl-page.com.conf;
    include snippets/ssl-params.conf;
}

blog.page.com:

server {
# Server subdomain host
        server_name     blog.page.com;

# Server port
        listen          80;
        listen          [::]:80;


        location = /favicon.ico { log_not_found off; access_log off; }
        location = /robots.txt { log_not_found off; access_log off; allow all; }
        location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
                expires max;
                log_not_found off;
            }
        location / {
                return          301 https://blog.page.com$request_uri;
                try_files $uri $uri/ /index.php$is_args$args;
        }

        index index.php
# Server subdomain root folder
        root            /var/www/html/blog;

# Custom locations and settings
        location ~ \.php$ {
        fastcgi_pass   unix:/var/run/php7.0-fpm.sock;
        include        snippets/fastcgi-php.conf;
  }
}


Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer

Ok, stuff is solved thanks to some IRC help. The tutorials apparently do not really set the SSL part correctly or do not make it evident enough. Here are the working files.

Default page (www.page.com or plain page.com):

server {
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name page.com www.page.com;
        return 301 https://$server_name$request_uri;

        root /var/www/html;

        index index.php index.html index.htm;

        location / {
                try_files $uri $uri/ =404;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }

        location ~ /\.ht {
                deny all;
        }

        location ~ /.well-known {
                allow all;
        }
}

server {

        # SSL configuration
        listen 443 ssl http2 default_server;
        listen [::]:443 ssl http2 default_server;
        server_name page.com www.page.com;
        include snippets/ssl-page.com.conf;
        include snippets/ssl-params.conf;

        location / {
                try_files $uri $uri/ =404;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }

        location ~ /\.ht {
                deny all;
        }

        location ~ /.well-known {
                allow all;
        }

}

Blog subdomain (also accessible through page.com/blog/):

server {
        listen 80;
        listen [::]:80;
        server_name blog.page.com www.blog.page.com;
        return 301 https://blog.page.com$request_uri;

        root /var/www/html/blog;

        index index.php index.html index.htm;

        location / {
                try_files $uri $uri/ =404;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }

        location ~ /\.ht {
                deny all;
        }

        location = /favicon.ico { log_not_found off; access_log off; }
        location = /robots.txt { log_not_found off; access_log off; allow all; }
        location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
                expires max;
                log_not_found off;
            }

}

server {

        # SSL configuration
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name blog.page.com www.blog.page.com;
        include snippets/ssl-page.com.conf;
        include snippets/ssl-params.conf;
        root /var/www/html/blog;

        location / {
                try_files $uri $uri/ =404;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }

        location ~ /\.ht {
                deny all;
        }

        location ~ /.well-known {
                allow all;
        }

        location = /favicon.ico { log_not_found off; access_log off; }
        location = /robots.txt { log_not_found off; access_log off; allow all; }
        location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
                expires max;
                log_not_found off;
            }

}

So, it’s impossible to make it work. Not only I did all steps correctly, I tried to further set-up permissions making sure nginx worker process could deal with the html folder, to no avail. Everything I try to access is either 403 or 404 because a hidden fault on the configuration file makes it default somehow to /usr/share/nginx. trying a symlink between it and my actual html folder only made more 403s.

Alright, I found out that nginx is ignoring my ‘root’ settings, putting /usr/share/nginx instead of /var/www by itself. I tried chmodding /var/www/html for www:data (again), to no avail.

If I try to put root on the SSL server block instead, I get 403 errors in any combination.

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Featured on Community

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
Animation showing a Droplet being created in the DigitalOcean Cloud console