By zcluff
nginx config:
# You may add here your
# server {
# ...
# }
# statements for each of your virtual hosts to this file
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
server {
root /var/www/beautifuldisaster.group;
index index.php index.html index.htm;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/beautifuldisaster.group/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/beautifuldisaster.group/privkey.pem;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/dhparams.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;
# Make site accessible from http://localhost/
server_name beautifuldisaster.group www.beautifuldisaster.group;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# try_files $uri $uri/ =404;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
try_files $uri $uri/ /index.php?$args;
}
# Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests
#location /RequestDenied {
# proxy_pass http://127.0.0.1:8080;
#}
location ~ /.well-known {
allow all;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root /usr/share/nginx/html;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# root html;
# index index.html index.htm;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
# HTTPS server
#
#server {
# listen 443;
# server_name localhost;
#
# root html;
# index index.html index.htm;
#
# ssl on;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
#
# ssl_session_timeout 5m;
#
# ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
# ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
# ssl_prefer_server_ciphers on;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
server {
listen 80;
server_name beautifuldisaster.group www.beautifuldisaster.group;
return 301 https://$host$request_uri;
}
browsing to the site using https loads the site fine in any browser, using http downloads a DMS file instead of loading the site. I just read that http2 only works for port 443 and I accidentally enabled it for port 80 for over 24 hours. is this just a matter of telling people to browse to the site using https for x amount of time for the browser cache to expire or to clear browsing data?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Hi @zcluff
Let’s clean up the config, so it’s easier to read by removing the comments. This should work. Replace your config with this and then run the following commands:
sudo service nginx configtest
sudo service nginx restart
server {
server_name beautifuldisaster.group www.beautifuldisaster.group;
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /var/www/beautifuldisaster.group;
ssl_certificate /etc/letsencrypt/live/beautifuldisaster.group/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/beautifuldisaster.group/privkey.pem;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/dhparams.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ /.well-known {
allow all;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
server {
server_name beautifuldisaster.group www.beautifuldisaster.group;
listen 80;
listen [::]:80;
return 301 https://$server_name$request_uri;
}
every file in /etc/nginx/sites-enabled/ that doesn’t have a suffex (.group, .life, .us) is a subdomain of beautifuldisaster.group, and a bunch use the same SSL certificate as beautifuldaster.group (probably not the best idea and may be the problem.)
/etc/nginx/sites-enabled/zoesworld:26: ssl_certificate /etc/letsencrypt/live/zoesworld.beautifuldisaster.group/fullchain.pem;
/etc/nginx/sites-enabled/zoesworld:27: ssl_certificate_key /etc/letsencrypt/live/zoesworld.beautifuldisaster.group/privkey.pem;
/etc/nginx/sites-enabled/zoesworld:38: server_name zoesworld.beautifuldisaster.group www.zoesworld.beautifuldisaster.group;
/etc/nginx/sites-enabled/zoesworld:128: server_name zoesworld.beautifuldisaster.group www.zoesworld.beautifuldisaster.group;
/etc/nginx/sites-enabled/figment:26: ssl_certificate /etc/letsencrypt/live/www.figment.beautifuldisaster.group/fullchain.pem;
/etc/nginx/sites-enabled/figment:27: ssl_certificate_key /etc/letsencrypt/live/www.figment.beautifuldisaster.group/privkey.pem;
/etc/nginx/sites-enabled/figment:38: server_name www.figment.beautifuldisaster.group figment.beautifuldisaster.group;
/etc/nginx/sites-enabled/figment:128: server_name figment.beautifuldisaster.group www.figment.beautifuldisaster.group;
/etc/nginx/sites-enabled/netdata:10: ssl_certificate /etc/letsencrypt/live/netdata.beautifuldisaster.group/fullchain.pem;
/etc/nginx/sites-enabled/netdata:11: ssl_certificate_key /etc/letsencrypt/live/netdata.beautifuldisaster.group/privkey.pem;
/etc/nginx/sites-enabled/netdata:13: server_name netdata.beautifuldisaster.group;
/etc/nginx/sites-enabled/beautifuldisaster.group:22: root /var/www/beautifuldisaster.group;
/etc/nginx/sites-enabled/beautifuldisaster.group:26: ssl_certificate /etc/letsencrypt/live/beautifuldisaster.group/fullchain.pem;
/etc/nginx/sites-enabled/beautifuldisaster.group:27: ssl_certificate_key /etc/letsencrypt/live/beautifuldisaster.group/privkey.pem;
/etc/nginx/sites-enabled/beautifuldisaster.group:38: server_name beautifuldisaster.group www.beautifuldisaster.group;
/etc/nginx/sites-enabled/beautifuldisaster.group:128: server_name beautifuldisaster.group www.beautifuldisaster.group;
/etc/nginx/sites-enabled/alice:26: ssl_certificate /etc/letsencrypt/live/goingdowntherabbithole.beautifuldisaster.group/fullchain.pem;
/etc/nginx/sites-enabled/alice:27: ssl_certificate_key /etc/letsencrypt/live/goingdowntherabbithole.beautifuldisaster.group/privkey.pem;
/etc/nginx/sites-enabled/alice:38: server_name goingdowntherabbithole.beautifuldisaster.group www.goingdowntherabbithole.beautifuldisaster.group;
/etc/nginx/sites-enabled/alice:128: server_name goingdowntherabbithole.beautifuldisaster.group www.goingdowntherabbithole.beautifuldisaster.group;
/etc/nginx/sites-enabled/processing:26: ssl_certificate /etc/letsencrypt/live/processing.beautifuldisaster.group/fullchain.pem;
/etc/nginx/sites-enabled/processing:27: ssl_certificate_key /etc/letsencrypt/live/processing.beautifuldisaster.group/privkey.pem;
/etc/nginx/sites-enabled/processing:38: server_name processing.beautifuldisaster.group www.processing.beautifuldisaster.group;
/etc/nginx/sites-enabled/processing:128: server_name processing.beautifuldisaster.group www.processing.beautifuldisaster.group;
@zcluff
Okay, I’m not sure where your site is actually located. Can you please confirm that the directory is /var/www/beautifuldisaster.group ?
When there’s time to play around, then get back to me (or post a new question to find other people willing to help), because it’s almost impossible working with configuration files that we cannot play around with. And I have no idea why it’s saying conflicting server name, so my only guess would be that you have a lingering configuration file somewhere, so we might need to cleanup/redo the configuration for each site.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.