Problem with NGINX config file root location

July 3, 2017 1.3k views
Nginx Ubuntu 16.04

Hello,

I'm having an issue with getting nginx to display my site after installing a certificate.

I've referenced the original location where the site files are within the root parameter in the file but i'm still getting the welcome to NGINX page.

this is my configuration

server {

        root /var/www/html;

        listen 443 ssl;

        server_name uptownecafe.com www.uptownecafe.com;

        ssl_certificate /etc/letsencrypt/live/uptownecafe.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/uptownecafe.com/privkey.pem;


        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_dhparam /etc/ssl/certs/dhparam.pem;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE$
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_stapling on;
        ssl_stapling_verify on;
        add_header Strict-Transport-Security max-age=15768000;


        # Add index.php to the list if you are using PHP
        index index.phpindex.html index.htm index.nginx-debian.html;

        server_name www.uptownecafe.com;

       location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #       include snippets/fastcgi-php.conf;
        #
        #       # With php7.0-cgi alone:
        #       fastcgi_pass 127.0.0.1:9000;
        #       # With php7.0-fpm:
        #       fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #       deny all;
        #}

        location ~ /.well-known {
                allow all;
        }
}


server {
    listen 80;
    server_name uptownecafe.com www.uptownecafe.com;
    return 301 https://$host$request_uri;
}

Thanks in advance!!

2 Answers

Hi @garfield1979

There's a couple of problems with your config, but is your web root location /var/www/html ?
Looking at your site right now, it looks like it's working - but only http, not https.

  • You're right 80 works ok.. I was messing with the file..

    and now i've gotten to the point where it is trying to download the php files instead of executing them

    here is my current file

    server {
    
            location ~ /.well-known {
                    allow all;
            }
    
            listen 443 ssl;
    
            server_name uptownecafe.com www.uptownecafe.com;
    
            ssl_certificate /etc/letsencrypt/live/uptownecafe.com/fullchain.pem;
            ssl_certificate_key /etc/letsencrypt/live/uptownecafe.com/privkey.pem;
    
    
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
            ssl_prefer_server_ciphers on;
            ssl_dhparam /etc/ssl/certs/dhparam.pem;
            ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE$
            ssl_session_timeout 1d;
            ssl_session_cache shared:SSL:50m;
            ssl_stapling on;
            ssl_stapling_verify on;
            add_header Strict-Transport-Security max-age=15768000;
    
            root /var/www/html;
    
            # Add index.php to the list if you are using PHP
            index index.php index.html index.htm index.nginx-debian.html;
    
            server_name _;
    
            location / {
                    # First attempt to serve request as file, then
                    # as directory, then fall back to displaying a 404.
                    try_files $uri $uri/ =404;
            }
    }
    
    
    server {
        listen 80;
        server_name uptownecafe.com www.uptownecafe.com;
        return 301 https://$host$request_uri;
    }
    
    • Okay, try this instead:

      server {
              server_name uptownecafe.com www.uptownecafe.com;
              listen 443 ssl;
      
              root /var/www/html;
      
              ssl_certificate /etc/letsencrypt/live/uptownecafe.com/fullchain.pem;
              ssl_certificate_key /etc/letsencrypt/live/uptownecafe.com/privkey.pem;
              ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
              ssl_prefer_server_ciphers on;
              ssl_dhparam /etc/ssl/certs/dhparam.pem;
              ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
              ssl_session_timeout 1d;
              ssl_session_cache shared:SSL:50m;
              ssl_stapling on;
              ssl_stapling_verify on;
              add_header Strict-Transport-Security max-age=15768000;
      
              location ~ /.well-known {
                      allow all;
              }
      
              index index.php index.html index.htm;
      
              location / {
                      # This has been changed to make sure WordPress pretty-links are supported
                      try_files $uri $uri/ /index.php?$args;
              }
      
              location ~ \.php$ {
                     include snippets/fastcgi-php.conf;
                     fastcgi_pass unix:/run/php/php7.0-fpm.sock;
              }
      }
      
      server {
          listen 80;
          server_name uptownecafe.com www.uptownecafe.com;
          return 301 https://$server_name$request_uri;
      }
      

@garfield1979
Okay, but if you used the WordPress One-Click-App, then it should already come with a configuration, where PHP-FPM is installed and Nginx is pointing to that.
It seems like you're using two configuration files then.
You need to make sure there's only one file located in /etc/nginx/sites-enabled/ - and that's the current file we want to edit.

Have another answer? Share your knowledge.