frostless
By:
frostless

how to make example.com for webapp while example.com/single for static web

April 24, 2017 666 views
Nginx Ubuntu 16.04

I have followed this tutorial to setup the nginx as a reverse server Example link

2 comments
  • Sorry I cannot seem to edit my original question and the questions is actually incompleted..I am trying to put the actual situation here:

    This is the current setting in my nginx:

    # HTTP - redirect all requests to HTTPS:
         server {
            listen 80;
            listen [::]:80 default_server ipv6only=on;
            return 301 https://$host$request_uri;
        }
    
    # HTTPS - proxy requests on to local Node.js app:
         server {
            listen 443;
            server_name your_domain_name;
    
            ssl on;
            # Use certificate and key provided by Let's Encrypt:
            ssl_certificate /etc/letsencrypt/live/your_domain_name/fullchain.pem;
            ssl_certificate_key /etc/letsencrypt/live/your_domain_name/privkey.pem;
            ssl_session_timeout 5m;
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
            ssl_prefer_server_ciphers on;
            ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
    
            # Pass requests for / to localhost:8080:
             location / {
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header X-NginX-Proxy true;
                    proxy_pass http://localhost:8080/;
                    proxy_ssl_session_reuse off;
                    proxy_set_header Host $http_host;
                    proxy_cache_bypass $http_upgrade;
                    proxy_redirect off;
            }
        }
    

    So now when I type example.com I will be redirected to https://example.com thus accessing my web app listening to port 8000.

    But I also uploaded my static web in the path `/home/ftp/single/

    I would like to make it accessible via example.com/home/ftp/single/.

    So I added a server block:

         server {
           listen 80;
          server_name example.com;
              location /single {
                    root /home/ftp;
                    index index.html;
                    try_files $uri $uri/ =404;
                    }
    }
    
    

    However, if I type example.com/single/ I would be redirected to https://example.com/single/ and I cannot access the static web.

    If I commented out the setting

          server {
            listen 80;
            listen [::]:80 default_server ipv6only=on;
            return 301 https://$host$request_uri;
     }
    

    my static web example.con/single/ will become accessible but my web app is not accessible via example.con anymore. As the https redirection is invalid.

    what is the best way to make example.com for webapp and example.com/single for static web both working?

    edited by asb
  • this is my current setting :

    server {
            listen 80;
            listen [::]:80 default_server ipv6only=on;
            return 301 https://$host$request_uri;
    }
    
    # HTTPS - proxy requests on to local Node.js app:
    server {
            listen 443;
            server_name your_domain_name;
    
            ssl on;
            # Use certificate and key provided by Let's Encrypt:
            ssl_certificate /etc/letsencrypt/live/your_domain_name/fullchain.pem;
            ssl_certificate_key /etc/letsencrypt/live/your_domain_name/privkey.pem;
            ssl_session_timeout 5m;
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
            ssl_prefer_server_ciphers on;
            ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
    
            # Pass requests for / to localhost:8080:
            location / {
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header X-NginX-Proxy true;
                    proxy_pass http://localhost:8080/;
                    proxy_ssl_session_reuse off;
                    proxy_set_header Host $http_host;
                    proxy_cache_bypass $http_upgrade;
                    proxy_redirect off;
            }
    }
    
3 Answers

@frostless

You can add additional location blocks to your main server block and set explicit paths.

For example, if we use the server block that was provided in that guide:

server {
    listen 80;

    server_name example.com;

    location / {
        proxy_pass http://localhost:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

We can add a new location block below the first. For the purpose of this example, I'll use /static.

server {
    listen 80;

    server_name example.com;

    location / {
        proxy_pass http://localhost:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    location /static {
        root /path/to/static/files;
    }
}

In the above, we're telling NGINX to pass requests for ./static/..... to the /static location block, which defines a root directory -- this would be the full path to where the static files are location.

So if your static files were located in, for example, /home/username/htdocs/static, that's the path you would use.

You'll need to reload or restart NGINX after changes are made to configuration.

  • Thanks for the prompt reply but I also follow that guide and make all the http requests redirected to https:

    and my current setting is actually like this:

    server {
            listen 80;
            listen [::]:80 default_server ipv6only=on;
            return 301 https://$host$request_uri;
    }
    
    # HTTPS - proxy requests on to local Node.js app:
    server {
            listen 443;
            server_name your_domain_name;
    
            ssl on;
            # Use certificate and key provided by Let's Encrypt:
            ssl_certificate /etc/letsencrypt/live/your_domain_name/fullchain.pem;
            ssl_certificate_key /etc/letsencrypt/live/your_domain_name/privkey.pem;
            ssl_session_timeout 5m;
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
            ssl_prefer_server_ciphers on;
            ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
    
            # Pass requests for / to localhost:8080:
            location / {
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header X-NginX-Proxy true;
                    proxy_pass http://localhost:8080/;
                    proxy_ssl_session_reuse off;
                    proxy_set_header Host $http_host;
                    proxy_cache_bypass $http_upgrade;
                    proxy_redirect off;
            }
    }
    

    would that method still work in my case?

  • I dont know Why I cannot edit my questions and why all my comments were all rejected.. My current setting actually redirect all http requests to https and I think that is where the problem lies.

  • my current configuration is actually like this:

    server {
            listen 80;
            listen [::]:80 default_server ipv6only=on;
            return 301 https://$host$request_uri;
    }
    
    # HTTPS - proxy requests on to local Node.js app:
    server {
            listen 443;
            server_name your_domain_name;
    
            ssl on;
            # Use certificate and key provided by Let's Encrypt:
            ssl_certificate /etc/letsencrypt/live/your_domain_name/fullchain.pem;
            ssl_certificate_key /etc/letsencrypt/live/your_domain_name/privkey.pem;
            ssl_session_timeout 5m;
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
            ssl_prefer_server_ciphers on;
            ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
    
            # Pass requests for / to localhost:8080:
            location / {
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header X-NginX-Proxy true;
                    proxy_pass http://localhost:8080/;
                    proxy_ssl_session_reuse off;
                    proxy_set_header Host $http_host;
                    proxy_cache_bypass $http_upgrade;
                    proxy_redirect off;
            }
    }
    
  • What if I configure the Https ?

  • But actually my setting is like this:

    server {
            listen 80;
            listen [::]:80 default_server ipv6only=on;
            return 301 https://$host$request_uri;
    }
    

I dont know why my comments keep being rejected

But actually my current setting is like this, followed by the guide:

server {
        listen 80;
        listen [::]:80 default_server ipv6only=on;
        return 301 https://$host$request_uri;
}
server {
        listen 443;
        server_name your_domain_name;

        ssl on;
        # Use certificate and key provided by Let's Encrypt:
        ssl_certificate /etc/letsencrypt/live/your_domain_name/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/your_domain_name/privkey.pem;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

        # Pass requests for / to localhost:8080:
        location / {
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-NginX-Proxy true;
                proxy_pass http://localhost:8080/;
                proxy_ssl_session_reuse off;
                proxy_set_header Host $http_host;
                proxy_cache_bypass $http_upgrade;
                proxy_redirect off;
        }
}

@frostless

Looks like they all came through at once :-). There are preventative measures on the community in an attempt to deter spam, though sometimes various things seem to trigger it, so if you don't see your post immediately, allow it a few minutes. It could be due to a filter or due to the cache not being up to date.

...

As for the configuration, even with the SSL configuration, you'd simply add:

    location /static {
        root /path/to/static/files;
    }

to your second sever block, below the first location block. You'd simply modify the path to match where your static files are located.

Have another answer? Share your knowledge.