DigitalOcean

Report this

What is the reason for this report?
Question

NGINX | Ubuntu | IP:PORT | WordPress | Multiple VHost | How to Add new Site in this setup?

Posted on May 15, 2017
Let's Encrypt
Nginx
Linux Basics
WordPress
Ubuntu
Sykat

By Sykat

Ok, I dont know specificly which info to share so I am sharing it all. I followed this guide by DO to setup a wordpress multisite network. Here is the config of my multisite,

server {
	listen 443 ssl;
    server_name siteA.com *.siteA.com  siteB.com www.siteB.com siteC.org www.siteC.org siteD.com www.siteD.com;
    root /var/www;
    index index.php index.html index.htm;
	include /var/www/nginx.conf;
	ssl_certificate /etc/letsencrypt/live/siteA.com-0001/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/siteA.com-0001/privkey.pem;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_dhparam /etc/ssl/certs/dhparam.pem;
	ssl_ciphers 'some texts here';
	ssl_session_timeout 1d;
	ssl_session_cache shared:SSL:50m;
	ssl_stapling on;
	ssl_stapling_verify on;
	add_header Strict-Transport-Security max-age=15768000;
	location ~* .(woff|eot|ttf|svg|mp4|webm|jpg|jpeg|png|gif|ico|css|js|mp3)$ {
    expires 365d;
	}
	location ~ /.well-known {
		allow all;
	}
    location ~*  \.(pdf)$ {
        expires 30d;
    }
    location / {
        try_files $uri $uri/ /index.php?$args ;
    }

    location ~ /favicon.ico {
        access_log off;
        log_not_found off;
    }

    location ~ \.php$ {
        try_files $uri /index.php;
        include fastcgi_params;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
    }
	 ## Block SQL injections
    set $block_sql_injections 0;
    if ($query_string ~ "union.*select.*\(") {
        set $block_sql_injections 1;
    }
    if ($query_string ~ "union.*all.*select.*") {
        set $block_sql_injections 1;
    }
    if ($query_string ~ "concat.*\(") {
        set $block_sql_injections 1;
    }
    if ($block_sql_injections = 1) {
        return 403;
    }

    ## Block file injections
    set $block_file_injections 0;
    if ($query_string ~ "[a-zA-Z0-9_]=http://") {
        set $block_file_injections 1;
    }
    if ($query_string ~ "[a-zA-Z0-9_]=(\.\.//?)+") {
        set $block_file_injections 1;
    }
    if ($query_string ~ "[a-zA-Z0-9_]=/([a-z0-9_.]//?)+") {
        set $block_file_injections 1;
    }
    if ($block_file_injections = 1) {
        return 403;
    }

    ## Block common exploits
    set $block_common_exploits 0;
    if ($query_string ~ "(<|%3C).*script.*(>|%3E)") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "proc/self/environ") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|\%3D)") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "base64_(en|de)code\(.*\)") {
        set $block_common_exploits 1;
    }
    if ($block_common_exploits = 1) {
        return 403;
    }

    ## Block spam
    set $block_spam 0;
    if ($query_string ~ "\b(ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo)\b") {
        set $block_spam 1;
    }
    if ($query_string ~ "\b(erections|hoodia|huronriveracres|impotence|levitra|libido)\b") {
        set $block_spam 1;
    }
    if ($query_string ~ "\b(ambien|blue\spill|cialis|cocaine|ejaculation|erectile)\b") {
        set $block_spam 1;
    }
    if ($query_string ~ "\b(lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby)\b") {
        set $block_spam 1;
    }
    if ($block_spam = 1) {
        return 403;
    }

    ## Block user agents
    set $block_user_agents 0;

    # Don't disable wget if you need it to run cron jobs!
    #if ($http_user_agent ~ "Wget") {
    #    set $block_user_agents 1;
    #}

    # Disable Akeeba Remote Control 2.5 and earlier
    if ($http_user_agent ~ "Indy Library") {
        set $block_user_agents 1;
    }

    # Common bandwidth hoggers and hacking tools.
    if ($http_user_agent ~ "libwww-perl") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "GetRight") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "GetWeb!") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "Go!Zilla") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "Download Demon") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "Go-Ahead-Got-It") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "TurnitinBot") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "GrabNet") {
        set $block_user_agents 1;
    }

    if ($block_user_agents = 1) {
        return 403;
    }

    access_log  /var/log/nginx/$host-access.log;
    error_log   /var/log/nginx/wpms-error.log;
}
server {
    listen 80;
    server_name siteA.com *.siteA.com  siteB.com www.siteB.com siteC.org www.siteC.org siteD.com www.siteD.com;
    return 301 https://$host$request_uri;
}

All is good. it is working perfectly. But I want to add another seperated server block and add a site siteE.com to that server block seperately. I made a directory /var/pm and added index.php there. Below is the nginx setting for this new block.

server {
	listen xx.xx.xx.xx:8080;
    server_name siteE.com www.siteE.com;
    root /var/pm;
    index index.php index.html index.htm;
	location ~* .(woff|eot|ttf|svg|mp4|webm|jpg|jpeg|png|gif|ico|css|js|mp3)$ {
    expires 365d;
	}
    location ~*  \.(pdf)$ {
        expires 30d;
    }
    location / {
        try_files $uri $uri/ /index.php?$args ;
    }

    location ~ /favicon.ico {
        access_log off;
        log_not_found off;
    }

    location ~ \.php$ {
        try_files $uri /index.php;
        include fastcgi_params;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
    }

    access_log  /var/log/nginx/$host-access.log;
    error_log   /var/log/nginx/pm-error.log;
}

Now I can access this new site by typing IP:port but I cant access it by typing siteE.com it redirects to https://siteE.com which it should not. This domain was added through cloudflare. there is only an A record in cloudflare siteE points to xx.xx.xx.xx (no port here), and the digitalocean>networking>domain has below settings an A record: siteE.com to xx.xx.xx.xx 2 Cname record: *.siteE.com, www.siteE.com are alias of siteE.com 3 of Digitalocean NS added by default.



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
Flamber Hansen
Flamber Hansen
May 15, 2017

Accepted Answer

Hi @Sykat

Modify your siteE top configuration to this:

server {
    listen 80;
    server_name siteE.com www.siteE.com;

And restart Nginx with this command sudo service nginx restart.

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.