Question

Nginx + php + Wordpress trying to download .DMS file on http, browsing to site on https is fine.

nginx config:

# You may add here your
# server {
#       ...
# }
# statements for each of your virtual hosts to this file

##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

server {

        root /var/www/beautifuldisaster.group;
        index index.php index.html index.htm;
        listen 443 ssl http2;
        listen   [::]:443 ssl http2;
        ssl_certificate /etc/letsencrypt/live/beautifuldisaster.group/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/beautifuldisaster.group/privkey.pem;
        ssl_protocols  TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_dhparam /etc/ssl/dhparams.pem;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_stapling on;
        ssl_stapling_verify on;
        add_header Strict-Transport-Security max-age=15768000;
        # Make site accessible from http://localhost/
        server_name beautifuldisaster.group www.beautifuldisaster.group;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
#                try_files $uri $uri/ =404;
                # Uncomment to enable naxsi on this location
                # include /etc/nginx/naxsi.rules
        try_files $uri $uri/ /index.php?$args;
        }

        # Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests
        #location /RequestDenied {
        #       proxy_pass http://127.0.0.1:8080;    
        #}

        location ~ /.well-known {
                allow all;
        }

        #error_page 404 /404.html;

        # redirect server error pages to the static page /50x.html
        #
        #error_page 500 502 503 504 /50x.html;
        #location = /50x.html {
        #       root /usr/share/nginx/html;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
           location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    }

    location ~ /\.ht {
        deny all;
    }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #       deny all;
        #}
}


# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
#       listen 8000;
#       listen somename:8080;
#       server_name somename alias another.alias;
#       root html;
#       index index.html index.htm;
#
#       location / {
#               try_files $uri $uri/ =404;
#       }
#}


# HTTPS server
#
#server {
#       listen 443;
#       server_name localhost;
#
#       root html;
#       index index.html index.htm;
#
#       ssl on;
#       ssl_certificate cert.pem;
#       ssl_certificate_key cert.key;
#
#       ssl_session_timeout 5m;
#
#       ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
#       ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
#       ssl_prefer_server_ciphers on;
#
#       location / {
#               try_files $uri $uri/ =404;
#       }
#}


server {
        listen 80;
        server_name beautifuldisaster.group www.beautifuldisaster.group;
        return 301 https://$host$request_uri;
}

browsing to the site using https loads the site fine in any browser, using http downloads a DMS file instead of loading the site. I just read that http2 only works for port 443 and I accidentally enabled it for port 80 for over 24 hours. is this just a matter of telling people to browse to the site using https for x amount of time for the browser cache to expire or to clear browsing data?


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

@zcluff Okay, I’m not sure where your site is actually located. Can you please confirm that the directory is /var/www/beautifuldisaster.group ? When there’s time to play around, then get back to me (or post a new question to find other people willing to help), because it’s almost impossible working with configuration files that we cannot play around with. And I have no idea why it’s saying conflicting server name, so my only guess would be that you have a lingering configuration file somewhere, so we might need to cleanup/redo the configuration for each site.

every file in /etc/nginx/sites-enabled/ that doesn’t have a suffex (.group, .life, .us) is a subdomain of beautifuldisaster.group, and a bunch use the same SSL certificate as beautifuldaster.group (probably not the best idea and may be the problem.)

/etc/nginx/sites-enabled/zoesworld:26:         ssl_certificate /etc/letsencrypt/live/zoesworld.beautifuldisaster.group/fullchain.pem;
/etc/nginx/sites-enabled/zoesworld:27:         ssl_certificate_key /etc/letsencrypt/live/zoesworld.beautifuldisaster.group/privkey.pem;
/etc/nginx/sites-enabled/zoesworld:38:        server_name zoesworld.beautifuldisaster.group www.zoesworld.beautifuldisaster.group;
/etc/nginx/sites-enabled/zoesworld:128:       server_name zoesworld.beautifuldisaster.group www.zoesworld.beautifuldisaster.group;
/etc/nginx/sites-enabled/figment:26:        ssl_certificate /etc/letsencrypt/live/www.figment.beautifuldisaster.group/fullchain.pem;
/etc/nginx/sites-enabled/figment:27:        ssl_certificate_key /etc/letsencrypt/live/www.figment.beautifuldisaster.group/privkey.pem;
/etc/nginx/sites-enabled/figment:38:        server_name www.figment.beautifuldisaster.group figment.beautifuldisaster.group;
/etc/nginx/sites-enabled/figment:128:        server_name figment.beautifuldisaster.group www.figment.beautifuldisaster.group;
/etc/nginx/sites-enabled/netdata:10:         ssl_certificate /etc/letsencrypt/live/netdata.beautifuldisaster.group/fullchain.pem;
/etc/nginx/sites-enabled/netdata:11:    ssl_certificate_key /etc/letsencrypt/live/netdata.beautifuldisaster.group/privkey.pem;
/etc/nginx/sites-enabled/netdata:13:    server_name netdata.beautifuldisaster.group;
/etc/nginx/sites-enabled/beautifuldisaster.group:22:        root /var/www/beautifuldisaster.group;
/etc/nginx/sites-enabled/beautifuldisaster.group:26:        ssl_certificate /etc/letsencrypt/live/beautifuldisaster.group/fullchain.pem;
/etc/nginx/sites-enabled/beautifuldisaster.group:27:        ssl_certificate_key /etc/letsencrypt/live/beautifuldisaster.group/privkey.pem;
/etc/nginx/sites-enabled/beautifuldisaster.group:38:        server_name beautifuldisaster.group www.beautifuldisaster.group;
/etc/nginx/sites-enabled/beautifuldisaster.group:128:        server_name beautifuldisaster.group www.beautifuldisaster.group;
/etc/nginx/sites-enabled/alice:26:        ssl_certificate /etc/letsencrypt/live/goingdowntherabbithole.beautifuldisaster.group/fullchain.pem;
/etc/nginx/sites-enabled/alice:27:        ssl_certificate_key /etc/letsencrypt/live/goingdowntherabbithole.beautifuldisaster.group/privkey.pem;
/etc/nginx/sites-enabled/alice:38:        server_name goingdowntherabbithole.beautifuldisaster.group www.goingdowntherabbithole.beautifuldisaster.group;
/etc/nginx/sites-enabled/alice:128:        server_name goingdowntherabbithole.beautifuldisaster.group www.goingdowntherabbithole.beautifuldisaster.group;
/etc/nginx/sites-enabled/processing:26:        ssl_certificate /etc/letsencrypt/live/processing.beautifuldisaster.group/fullchain.pem;
/etc/nginx/sites-enabled/processing:27:        ssl_certificate_key /etc/letsencrypt/live/processing.beautifuldisaster.group/privkey.pem;
/etc/nginx/sites-enabled/processing:38:        server_name processing.beautifuldisaster.group www.processing.beautifuldisaster.group;
/etc/nginx/sites-enabled/processing:128:        server_name processing.beautifuldisaster.group www.processing.beautifuldisaster.group;

@zcluff Starting a new thread, since it was getting a little narrow. Can you make sure there is nothing in any of other configuration files (specially default) that has anything to do with beautifuldisaster.group. You can run this command to find files+line that contains beautifuldisaster.group:

grep -rn "beautifuldisaster.group" /etc/nginx/