Share

Question

I am trying to change those Apache rewrite rules to Nginx, but auto converter fails. And I am not very good at them. Can anyone help please?

RewriteEngine On
RewriteBase /
RewriteCond %{HTTP:X-HTTPS} !1
RewriteCond %{REQUESTURI} !^/exchange1СOpencart.php$
RewriteCond %{REQUESTURI} !^/TEMP$
RewriteRule ^(.)$ https://%{HTTPHOST}/$1 [R=301,L]
RewriteCond %{HTTP:X-HTTPS} 1 [NC]
RewriteCond %{REQUESTURI} ^/exchange1СOpencart.php$
RewriteCond %{REQUEST_URI} ^/TEMP$
RewriteRule ^(.)$ http://%{HTTP_HOST}/$1 [R=301,L]

2 variant

RewriteEngine On
RewriteBase /
RewriteCond %{SERVERPORT} 80
RewriteCond %{REQUESTURI} !^/exchange1СOpencart.php$ [NC]
RewriteCond %{REQUESTURI} !^/TEMP$ [NC]
RewriteRule ^(.*)$ https://%{HTTPHOST}/$1 [R=301,L,QSA]
RewriteCond %{SERVERPORT} 443
RewriteRule ^(/exchange1СOpencart.php)$ http://%{HTTPHOST}/$1 [R=301,L,QSA]
RewriteRule ^(/TEMP)$ http://%{HTTP_HOST}/$1 [R=301,L,QSA]

Answer 1

hansen May 15, 2017

@mianofv
Wow, that’s a difficult config to read - specially if you’re new to Nginx, so I understand why you can’t figure it out.

Instead of trying to hack around with http vs https, maybe we should simply look at exchange_1С_Opencart.php file and see why it doesn’t work with https (because it should work without any problems, since you’re already redirecting http to https).
Can you contact the developer to get it fixed?

Otherwise, you need to not use the CentMinMod wizard anymore, since it might overwrite some of the changes you’re going to make.
It’s a little difficult to figure out the configuration, since there’s so many includes.
This might work - but it might “explode”, so make a copy of domain.com.ssl.conf before replacing with this.
Remember to replace all the domain.com with the correct domain.

server {
  server_name domain.com www.domain.com;
  root /home/nginx/domains/domain.com/public;

  access_log /home/nginx/domains/domain.com/log/access.log combined buffer=256k flush=60m;
  error_log /home/nginx/domains/domain.com/log/error.log;

  location = /exchange_1С_Opencart.php {
    include /usr/local/nginx/conf/php.conf;
    break;
  }
  location = /TEMP {
    include /usr/local/nginx/conf/staticfiles.conf;
    break;
  }

  location / {
    return 302 https://$server_name/$request_uri;
  }
}

server {
  listen 443 ssl http2;
  server_name domain.com www.domain.com;

  root /home/nginx/domains/domain.com/public;

  access_log /home/nginx/domains/domain.com/log/access.log combined buffer=256k flush=60m;
  error_log /home/nginx/domains/domain.com/log/error.log;

  ssl_dhparam /usr/local/nginx/conf/ssl/domain.com/dhparam.pem;
  ssl_certificate      /usr/local/nginx/conf/ssl/domain.com/domain.com-acme.cer;
  ssl_certificate_key  /usr/local/nginx/conf/ssl/domain.com/domain.com-acme.key;
  include /usr/local/nginx/conf/ssl_include.conf;
  http2_max_field_size 16k;
  http2_max_header_size 32k;
  ssl_ciphers     EECDH+CHACHA20-draft:EECDH+CHACHA20:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
  ssl_prefer_server_ciphers   on;
  ssl_buffer_size 1369;
  ssl_session_tickets on;
  resolver 8.8.8.8 8.8.4.4 valid=10m;
  resolver_timeout 10s;
  ssl_stapling on;
  ssl_stapling_verify on;
  ssl_trusted_certificate /usr/local/nginx/conf/ssl/domain.com/domain.com-acme.cer;

  location = /exchange_1С_Opencart.php {
    return 302 http://$server_name/$request_uri;
  }
  location = /TEMP {
    return 302 http://$server_name/$request_uri;
  }

  location ~* \.(ttf|ttc|otf|eot|woff|woff2|font.css|css)$ {
    add_header Access-Control-Allow-Origin *;
  }

  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/drop.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}

Are you’ve change the configuration, then you need to test the config and restart Nginx:

sudo nginx -s configtest
sudo nginx -s restart

Reply Report

mianofv May 15, 2017

Thanks I am also trying to contact developer. When testing NGINX it gives me error:

nginx: [emerg] location "[^/]\.php(/|$)" cannot be inside the exact location "/exchange_1?_Opencart.php" in /usr/local/nginx/conf/php.conf:1
nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed

Reply Report

hansen May 15, 2017

Okay, can you post the content of these two files:
/usr/local/nginx/conf/staticfiles.conf
/usr/local/nginx/conf/php.conf

Reply Report

mianofv May 15, 2017

staticfiles.conf

    # prepare for letsencrypt 
    # https://community.centminmod.com/posts/17774/
    location ~ /.well-known {
        location ~ /.well-known/acme-challenge/(.*) {
            more_set_headers    "Content-Type: text/plain";
        }
    }

    location ~* \.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso)$ {
    gzip_static off;
    #add_header Pragma public;
    add_header Cache-Control "public, must-revalidate, proxy-revalidate";
    access_log off;
    expires 30d;
    break;
        }

    location ~* \.(js)$ {
    #add_header Pragma public;
    add_header Cache-Control "public, must-revalidate, proxy-revalidate";
    access_log off;
    expires 30d;
    break;
        }

    location ~* \.(css)$ {
    #add_header Pragma public;
    add_header Cache-Control "public, must-revalidate, proxy-revalidate";
    access_log off;
    expires 30d;
    break;
        }

    location ~* \.(html|htm|txt)$ {
    #add_header Pragma public;
    add_header Cache-Control "public, must-revalidate, proxy-revalidate";
    access_log off;
    expires 1d;
    break;
        }

    location ~* \.(eot|svg|ttf|woff|woff2)$ {
    #add_header Pragma public;
    add_header Cache-Control "public, must-revalidate, proxy-revalidate";
    access_log off;
    expires 30d;
    break;
        }

php.conf

location ~ [^/]\.php(/|$) {
  include /usr/local/nginx/conf/503include-only.conf;
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
    if (!-f $document_root$fastcgi_script_name) {
        return 404;
    }
    fastcgi_pass   127.0.0.1:9000;
    #fastcgi_pass   unix:/tmp/php5-fpm.sock;
    fastcgi_index  index.php;
    #fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    fastcgi_param  SCRIPT_FILENAME    $request_filename;
    #fastcgi_param PHP_ADMIN_VALUE open_basedir=$document_root/:/usr/local/lib/php/:/tmp/;

# might shave 200+ ms off PHP requests
# which don't pass on a content length header
# slightly faster page response time at the
# expense of throughput / scalability
#sendfile on;
#tcp_nopush off;
#keepalive_requests 0;

fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 512k;
fastcgi_buffers 512 16k;
fastcgi_busy_buffers_size 1m;
fastcgi_temp_file_write_size 4m;
fastcgi_max_temp_file_size 4m;
fastcgi_intercept_errors off;

# next 3 lines when uncommented / enabled
# allow Nginx to handle uploads which then 
# passes back the completed upload to PHP
#fastcgi_pass_request_body off;
#client_body_in_file_only clean;
#fastcgi_param  REQUEST_BODY_FILE  $request_body_file;

#new .04+ map method
fastcgi_param HTTPS $server_https;

# comment out PATH_TRANSLATED line if /usr/local/lib/php.ini sets following:
# cgi.fix_pathinfo=0 
# as of centminmod v1.2.3-eva2000.01 default is set to cgi.fix_pathinfo=1

fastcgi_param  PATH_INFO          $fastcgi_path_info;
fastcgi_param  PATH_TRANSLATED    $document_root$fastcgi_path_info;

fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  REQUEST_SCHEME     $scheme;
fastcgi_param  HTTPS              $https if_not_empty;
fastcgi_param  HTTP_PROXY         "";

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# Set php-fpm geoip variables
fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
fastcgi_param GEOIP_COUNTRY_CODE3 $geoip_country_code3;
fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name;
fastcgi_param GEOIP_CITY_COUNTRY_CODE $geoip_city_country_code;
fastcgi_param GEOIP_CITY_COUNTRY_CODE3 $geoip_city_country_code3;
fastcgi_param GEOIP_CITY_COUNTRY_NAME $geoip_city_country_name;
fastcgi_param GEOIP_REGION $geoip_region;
fastcgi_param GEOIP_CITY $geoip_city;
fastcgi_param GEOIP_POSTAL_CODE $geoip_postal_code;
fastcgi_param GEOIP_CITY_CONTINENT_CODE $geoip_city_continent_code;
fastcgi_param GEOIP_LATITUDE $geoip_latitude;
fastcgi_param GEOIP_LONGITUDE $geoip_longitude;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

                   }

Reply Report

hansen May 15, 2017
@mianofv
Okay, try replacing the HTTP server location block with this:

location = /exchange_1С_Opencart.php { try_files $uri =404; } location = /TEMP { try_files $uri $uri/ =404; } include /usr/local/nginx/conf/php.conf; include /usr/local/nginx/conf/staticfiles.conf;

Again, it’s a mess. If it doesn’t work, then contact the developer to fix the PHP file.
Otherwise you need to redo the entire Nginx configuration from beginning without a wizard.
Reply Report

hansen May 16, 2017

@mianofv
By the way, made a little error in the config.
This $server_name/$request_uri should be $server_name$request_uri
Reply Report

Answer 2

mianofv May 15, 2017

Thanks I am also trying to contact developer. When testing NGINX it gives me error:

nginx: [emerg] location "[^/]\.php(/|$)" cannot be inside the exact location "/exchange_1?_Opencart.php" in /usr/local/nginx/conf/php.conf:1
nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed

Reply Report

hansen May 15, 2017

Okay, can you post the content of these two files:
/usr/local/nginx/conf/staticfiles.conf
/usr/local/nginx/conf/php.conf

Reply Report

mianofv May 15, 2017

staticfiles.conf

    # prepare for letsencrypt 
    # https://community.centminmod.com/posts/17774/
    location ~ /.well-known {
        location ~ /.well-known/acme-challenge/(.*) {
            more_set_headers    "Content-Type: text/plain";
        }
    }

    location ~* \.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso)$ {
    gzip_static off;
    #add_header Pragma public;
    add_header Cache-Control "public, must-revalidate, proxy-revalidate";
    access_log off;
    expires 30d;
    break;
        }

    location ~* \.(js)$ {
    #add_header Pragma public;
    add_header Cache-Control "public, must-revalidate, proxy-revalidate";
    access_log off;
    expires 30d;
    break;
        }

    location ~* \.(css)$ {
    #add_header Pragma public;
    add_header Cache-Control "public, must-revalidate, proxy-revalidate";
    access_log off;
    expires 30d;
    break;
        }

    location ~* \.(html|htm|txt)$ {
    #add_header Pragma public;
    add_header Cache-Control "public, must-revalidate, proxy-revalidate";
    access_log off;
    expires 1d;
    break;
        }

    location ~* \.(eot|svg|ttf|woff|woff2)$ {
    #add_header Pragma public;
    add_header Cache-Control "public, must-revalidate, proxy-revalidate";
    access_log off;
    expires 30d;
    break;
        }

php.conf

location ~ [^/]\.php(/|$) {
  include /usr/local/nginx/conf/503include-only.conf;
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
    if (!-f $document_root$fastcgi_script_name) {
        return 404;
    }
    fastcgi_pass   127.0.0.1:9000;
    #fastcgi_pass   unix:/tmp/php5-fpm.sock;
    fastcgi_index  index.php;
    #fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    fastcgi_param  SCRIPT_FILENAME    $request_filename;
    #fastcgi_param PHP_ADMIN_VALUE open_basedir=$document_root/:/usr/local/lib/php/:/tmp/;

# might shave 200+ ms off PHP requests
# which don't pass on a content length header
# slightly faster page response time at the
# expense of throughput / scalability
#sendfile on;
#tcp_nopush off;
#keepalive_requests 0;

fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 512k;
fastcgi_buffers 512 16k;
fastcgi_busy_buffers_size 1m;
fastcgi_temp_file_write_size 4m;
fastcgi_max_temp_file_size 4m;
fastcgi_intercept_errors off;

# next 3 lines when uncommented / enabled
# allow Nginx to handle uploads which then 
# passes back the completed upload to PHP
#fastcgi_pass_request_body off;
#client_body_in_file_only clean;
#fastcgi_param  REQUEST_BODY_FILE  $request_body_file;

#new .04+ map method
fastcgi_param HTTPS $server_https;

# comment out PATH_TRANSLATED line if /usr/local/lib/php.ini sets following:
# cgi.fix_pathinfo=0 
# as of centminmod v1.2.3-eva2000.01 default is set to cgi.fix_pathinfo=1

fastcgi_param  PATH_INFO          $fastcgi_path_info;
fastcgi_param  PATH_TRANSLATED    $document_root$fastcgi_path_info;

fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  REQUEST_SCHEME     $scheme;
fastcgi_param  HTTPS              $https if_not_empty;
fastcgi_param  HTTP_PROXY         "";

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# Set php-fpm geoip variables
fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
fastcgi_param GEOIP_COUNTRY_CODE3 $geoip_country_code3;
fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name;
fastcgi_param GEOIP_CITY_COUNTRY_CODE $geoip_city_country_code;
fastcgi_param GEOIP_CITY_COUNTRY_CODE3 $geoip_city_country_code3;
fastcgi_param GEOIP_CITY_COUNTRY_NAME $geoip_city_country_name;
fastcgi_param GEOIP_REGION $geoip_region;
fastcgi_param GEOIP_CITY $geoip_city;
fastcgi_param GEOIP_POSTAL_CODE $geoip_postal_code;
fastcgi_param GEOIP_CITY_CONTINENT_CODE $geoip_city_continent_code;
fastcgi_param GEOIP_LATITUDE $geoip_latitude;
fastcgi_param GEOIP_LONGITUDE $geoip_longitude;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

                   }

Reply Report

hansen May 15, 2017
@mianofv
Okay, try replacing the HTTP server location block with this:

location = /exchange_1С_Opencart.php { try_files $uri =404; } location = /TEMP { try_files $uri $uri/ =404; } include /usr/local/nginx/conf/php.conf; include /usr/local/nginx/conf/staticfiles.conf;

Again, it’s a mess. If it doesn’t work, then contact the developer to fix the PHP file.
Otherwise you need to redo the entire Nginx configuration from beginning without a wizard.
Reply Report

hansen May 16, 2017

@mianofv
By the way, made a little error in the config.
This $server_name/$request_uri should be $server_name$request_uri
Reply Report

Answer 3

hansen May 15, 2017

Hi @mianofv

.htaccess does not exists in Nginx. That’s one of the reasons why Nginx is so fast, since nothing is loaded dynamically as Apache.

Can you use the code-button in this editor, because currently it removes underscores and other characters.
Is the idea to load some elements over HTTP and not HTTPS? Why?

Reply Report

Answer 4

jtittle1 May 15, 2017

@mianofv

Since basic formatting tends to distort code, would you mind reposting those in a code block? You can do this by using the </> icon in the editor. Using a code block ensures proper formatting remains and we can then take a look at the rules.

Reply Report

Answer 5

mianofv May 15, 2017

Thank you for your answers. I have a program installed on my computer in my shop which synchronizes products to my OpenCart . My OpenCart is with HTTPS, but that OpenCart module works only with HTTP. So I need to force those files to redirect to HTTP only. The developer only gave Apache rules.

RewriteEngine On 
RewriteBase / 
RewriteCond %{HTTP:X-HTTPS} !1 
RewriteCond %{REQUESTURI} !^/exchange1СOpencart.php$ 
RewriteCond %{REQUESTURI} !^/TEMP$ 
RewriteRule ^(.)$ https://%{HTTPHOST}/$1 [R=301,L] 
RewriteCond %{HTTP:X-HTTPS} 1 [NC] 
RewriteCond %{REQUESTURI} ^/exchange1СOpencart.php$ 
RewriteCond %{REQUEST_URI} ^/TEMP$ 
RewriteRule ^(.)$ http://%{HTTP_HOST}/$1 [R=301,L]

RewriteEngine On 
RewriteBase / 
RewriteCond %{SERVERPORT} 80 
RewriteCond %{REQUESTURI} !^/exchange1СOpencart.php$ [NC] 
RewriteCond %{REQUESTURI} !^/TEMP$ [NC] 
RewriteRule ^(.*)$ https://%{HTTPHOST}/$1 [R=301,L,QSA] 
RewriteCond %{SERVERPORT} 443 
RewriteRule ^(/exchange1СOpencart.php)$ http://%{HTTPHOST}/$1 [R=301,L,QSA]
RewriteRule ^(/TEMP)$ http://%{HTTP_HOST}/$1 [R=301,L,QSA]

Reply Report

hansen May 15, 2017

You need to copy your original code and place it within the code-tags - not the one from the first post, since it’s already distorted.

Reply Report

mianofv May 15, 2017

Ok, sorry. This should be ok.

RewriteEngine On 
RewriteBase / 
RewriteCond %{HTTP:X-HTTPS} !1 
RewriteCond %{REQUEST_URI} !^/exchange_1С_Opencart.php$ 
RewriteCond %{REQUEST_URI} !^/TEMP$ 
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L] 
RewriteCond %{HTTP:X-HTTPS} 1 [NC] 
RewriteCond %{REQUEST_URI} ^/exchange_1С_Opencart.php$ 
RewriteCond %{REQUEST_URI} ^/TEMP$ 
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L] 


RewriteEngine On 
RewriteBase / 
RewriteCond %{SERVER_PORT} 80 
RewriteCond %{REQUEST_URI} !^/exchange_1С_Opencart.php$ [NC] 
RewriteCond %{REQUEST_URI} !^/TEMP$ [NC] 
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L,QSA] 
RewriteCond %{SERVER_PORT} 443 
RewriteRule ^(/exchange_1С_Opencart.php)$ http://%{HTTP_HOST}/$1 [R=301,L,QSA]
RewriteRule ^(/TEMP)$ http://%{HTTP_HOST}/$1 [R=301,L,QSA]

Reply Report

hansen May 15, 2017

@mianofv

Can you also post your entire server block? It would be easier for us to make a complete server block example then. You can replace your domain with domain.com if you want to keep it private.

Reply Report

mianofv May 15, 2017

Here is my domain.com.ssl.conf I don’t have non-ssl version. Only this one.

# Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html
# For HTTP/2 SSL Setup
# read http://centminmod.com/nginx_configure_https_ssl_spdy.html

# redirect from www to non-www  forced SSL
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
 server {
   server_name domain.com www.domain.com;
    return 302 https://domain.com$request_uri;
 }

server {
  listen 443 ssl http2;
  server_name domain.com www.domain.com;

  ssl_dhparam /usr/local/nginx/conf/ssl/domain.com/dhparam.pem;
  ssl_certificate      /usr/local/nginx/conf/ssl/domain.com/domain.com-acme.cer;
  ssl_certificate_key  /usr/local/nginx/conf/ssl/domain.com/domain.com-acme.key;
  include /usr/local/nginx/conf/ssl_include.conf;

  http2_max_field_size 16k;
  http2_max_header_size 32k;
  # dual cert supported ssl ciphers
  ssl_ciphers     EECDH+CHACHA20-draft:EECDH+CHACHA20:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
  ssl_prefer_server_ciphers   on;
  #add_header Alternate-Protocol  443:npn-spdy/3;
  #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  #add_header X-Frame-Options SAMEORIGIN;
  #add_header X-Xss-Protection "1; mode=block" always;
  #add_header X-Content-Type-Options "nosniff" always;
  #spdy_headers_comp 5;
  ssl_buffer_size 1369;
  ssl_session_tickets on;

  # enable ocsp stapling
  resolver 8.8.8.8 8.8.4.4 valid=10m;
  resolver_timeout 10s;
  ssl_stapling on;
  ssl_stapling_verify on;
  ssl_trusted_certificate /usr/local/nginx/conf/ssl/domain.com/domain.com-acme.cer;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/domain.com/log/access.log combined buffer=256k flush=60m;
  error_log /home/nginx/domains/domain.com/log/error.log;

  root /home/nginx/domains/domain.com/public;

  location / {

# block common exploits, sql injections etc
#include /usr/local/nginx/conf/block.conf;

  # Enables directory listings when index file not found
  #autoindex  on;

  # Shows file listing times as local time
  #autoindex_localtime on;

  # Enable for vBulletin usage WITHOUT vbSEO installed
  # More example Nginx vhost configurations at
  # http://centminmod.com/nginx_configure.html
  #try_files    $uri $uri/ /index.php;

  }
    location ~* \.(ttf|ttc|otf|eot|woff|woff2|font.css|css)$ {
    add_header Access-Control-Allow-Origin *;
}

  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}

Reply Report

Answer 6

hansen May 15, 2017

You need to copy your original code and place it within the code-tags - not the one from the first post, since it’s already distorted.

Reply Report

mianofv May 15, 2017

Ok, sorry. This should be ok.

RewriteEngine On 
RewriteBase / 
RewriteCond %{HTTP:X-HTTPS} !1 
RewriteCond %{REQUEST_URI} !^/exchange_1С_Opencart.php$ 
RewriteCond %{REQUEST_URI} !^/TEMP$ 
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L] 
RewriteCond %{HTTP:X-HTTPS} 1 [NC] 
RewriteCond %{REQUEST_URI} ^/exchange_1С_Opencart.php$ 
RewriteCond %{REQUEST_URI} ^/TEMP$ 
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L] 


RewriteEngine On 
RewriteBase / 
RewriteCond %{SERVER_PORT} 80 
RewriteCond %{REQUEST_URI} !^/exchange_1С_Opencart.php$ [NC] 
RewriteCond %{REQUEST_URI} !^/TEMP$ [NC] 
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L,QSA] 
RewriteCond %{SERVER_PORT} 443 
RewriteRule ^(/exchange_1С_Opencart.php)$ http://%{HTTP_HOST}/$1 [R=301,L,QSA]
RewriteRule ^(/TEMP)$ http://%{HTTP_HOST}/$1 [R=301,L,QSA]

Reply Report

hansen May 15, 2017

@mianofv

Can you also post your entire server block? It would be easier for us to make a complete server block example then. You can replace your domain with domain.com if you want to keep it private.

Reply Report

mianofv May 15, 2017

Here is my domain.com.ssl.conf I don’t have non-ssl version. Only this one.

# Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html
# For HTTP/2 SSL Setup
# read http://centminmod.com/nginx_configure_https_ssl_spdy.html

# redirect from www to non-www  forced SSL
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
 server {
   server_name domain.com www.domain.com;
    return 302 https://domain.com$request_uri;
 }

server {
  listen 443 ssl http2;
  server_name domain.com www.domain.com;

  ssl_dhparam /usr/local/nginx/conf/ssl/domain.com/dhparam.pem;
  ssl_certificate      /usr/local/nginx/conf/ssl/domain.com/domain.com-acme.cer;
  ssl_certificate_key  /usr/local/nginx/conf/ssl/domain.com/domain.com-acme.key;
  include /usr/local/nginx/conf/ssl_include.conf;

  http2_max_field_size 16k;
  http2_max_header_size 32k;
  # dual cert supported ssl ciphers
  ssl_ciphers     EECDH+CHACHA20-draft:EECDH+CHACHA20:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
  ssl_prefer_server_ciphers   on;
  #add_header Alternate-Protocol  443:npn-spdy/3;
  #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  #add_header X-Frame-Options SAMEORIGIN;
  #add_header X-Xss-Protection "1; mode=block" always;
  #add_header X-Content-Type-Options "nosniff" always;
  #spdy_headers_comp 5;
  ssl_buffer_size 1369;
  ssl_session_tickets on;

  # enable ocsp stapling
  resolver 8.8.8.8 8.8.4.4 valid=10m;
  resolver_timeout 10s;
  ssl_stapling on;
  ssl_stapling_verify on;
  ssl_trusted_certificate /usr/local/nginx/conf/ssl/domain.com/domain.com-acme.cer;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/domain.com/log/access.log combined buffer=256k flush=60m;
  error_log /home/nginx/domains/domain.com/log/error.log;

  root /home/nginx/domains/domain.com/public;

  location / {

# block common exploits, sql injections etc
#include /usr/local/nginx/conf/block.conf;

  # Enables directory listings when index file not found
  #autoindex  on;

  # Shows file listing times as local time
  #autoindex_localtime on;

  # Enable for vBulletin usage WITHOUT vbSEO installed
  # More example Nginx vhost configurations at
  # http://centminmod.com/nginx_configure.html
  #try_files    $uri $uri/ /index.php;

  }
    location ~* \.(ttf|ttc|otf|eot|woff|woff2|font.css|css)$ {
    add_header Access-Control-Allow-Origin *;
}

  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}

Reply Report

Answer 7

mianofv May 16, 2017

Thanks! Module is connecting. But not uploading the files… I guess only a developer of that module can fix that.

Reply Report

Question

.htaccess config to Nginx?

Leave a comment

Looking for something else?

Share

Share your Question

Question

.htaccess config to Nginx?

Leave a comment

Related

question

how to set up 2 sites on one server Linux in conjunction nginx + apache

question

HTTPS not working for webpath links. ERROR mixed contents Nginx

question

Nginx test page instead of homepage

question

phpMyAdmin, Centos 7, Nginx, Apache, not working

Looking for something else?

Almost there!