Share

Question

Hello,

I’m having an issue with getting nginx to display my site after installing a certificate.

I’ve referenced the original location where the site files are within the root parameter in the file but i’m still getting the welcome to NGINX page.

this is my configuration

server {

        root /var/www/html;

        listen 443 ssl;

        server_name uptownecafe.com www.uptownecafe.com;

        ssl_certificate /etc/letsencrypt/live/uptownecafe.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/uptownecafe.com/privkey.pem;


        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_dhparam /etc/ssl/certs/dhparam.pem;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE$
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_stapling on;
        ssl_stapling_verify on;
        add_header Strict-Transport-Security max-age=15768000;


        # Add index.php to the list if you are using PHP
        index index.phpindex.html index.htm index.nginx-debian.html;

        server_name www.uptownecafe.com;

       location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #       include snippets/fastcgi-php.conf;
        #
        #       # With php7.0-cgi alone:
        #       fastcgi_pass 127.0.0.1:9000;
        #       # With php7.0-fpm:
        #       fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #       deny all;
        #}

        location ~ /.well-known {
                allow all;
        }
}


server {
    listen 80;
    server_name uptownecafe.com www.uptownecafe.com;
    return 301 https://$host$request_uri;
}

Thanks in advance!!

Answer 1

hansen July 3, 2017

Hi @garfield1979

There’s a couple of problems with your config, but is your web root location /var/www/html ?
Looking at your site right now, it looks like it’s working - but only http, not https.

Reply Report

garfield1979 July 3, 2017

You’re right 80 works ok.. I was messing with the file..

and now i’ve gotten to the point where it is trying to download the php files instead of executing them

here is my current file

server {

        location ~ /.well-known {
                allow all;
        }

        listen 443 ssl;

        server_name uptownecafe.com www.uptownecafe.com;

        ssl_certificate /etc/letsencrypt/live/uptownecafe.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/uptownecafe.com/privkey.pem;


        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_dhparam /etc/ssl/certs/dhparam.pem;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE$
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_stapling on;
        ssl_stapling_verify on;
        add_header Strict-Transport-Security max-age=15768000;

        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.php index.html index.htm index.nginx-debian.html;

        server_name _;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }
}


server {
    listen 80;
    server_name uptownecafe.com www.uptownecafe.com;
    return 301 https://$host$request_uri;
}

Reply Report

hansen July 3, 2017

Okay, try this instead:

server {
        server_name uptownecafe.com www.uptownecafe.com;
        listen 443 ssl;

        root /var/www/html;

        ssl_certificate /etc/letsencrypt/live/uptownecafe.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/uptownecafe.com/privkey.pem;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_dhparam /etc/ssl/certs/dhparam.pem;
        ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_stapling on;
        ssl_stapling_verify on;
        add_header Strict-Transport-Security max-age=15768000;

        location ~ /.well-known {
                allow all;
        }

        index index.php index.html index.htm;

        location / {
                # This has been changed to make sure WordPress pretty-links are supported
                try_files $uri $uri/ /index.php?$args;
        }

        location ~ \.php$ {
               include snippets/fastcgi-php.conf;
               fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }
}

server {
    listen 80;
    server_name uptownecafe.com www.uptownecafe.com;
    return 301 https://$server_name$request_uri;
}

Reply Report

garfield1979 July 3, 2017

That leads to Bad Gateway now

I’ve attempted a reboot.
Reply Report
- hansen July 3, 2017
  
  @garfield1979 But have you installed PHP-FPM ?
  
  Reply Report
  
  garfield1979 July 3, 2017
  
  I used the wordpress droplet creaton from here and followed the tutorial how to configure a certificate
  
  Reply Report
hansen July 3, 2017
Totally overlooked this listen 443 ssl;. Change that to this instead:

listen 443 ssl http2;
Reply Report

Answer 2

garfield1979 July 3, 2017

You’re right 80 works ok.. I was messing with the file..

and now i’ve gotten to the point where it is trying to download the php files instead of executing them

here is my current file

server {

        location ~ /.well-known {
                allow all;
        }

        listen 443 ssl;

        server_name uptownecafe.com www.uptownecafe.com;

        ssl_certificate /etc/letsencrypt/live/uptownecafe.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/uptownecafe.com/privkey.pem;


        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_dhparam /etc/ssl/certs/dhparam.pem;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE$
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_stapling on;
        ssl_stapling_verify on;
        add_header Strict-Transport-Security max-age=15768000;

        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.php index.html index.htm index.nginx-debian.html;

        server_name _;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }
}


server {
    listen 80;
    server_name uptownecafe.com www.uptownecafe.com;
    return 301 https://$host$request_uri;
}

Reply Report

hansen July 3, 2017

Okay, try this instead:

server {
        server_name uptownecafe.com www.uptownecafe.com;
        listen 443 ssl;

        root /var/www/html;

        ssl_certificate /etc/letsencrypt/live/uptownecafe.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/uptownecafe.com/privkey.pem;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_dhparam /etc/ssl/certs/dhparam.pem;
        ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_stapling on;
        ssl_stapling_verify on;
        add_header Strict-Transport-Security max-age=15768000;

        location ~ /.well-known {
                allow all;
        }

        index index.php index.html index.htm;

        location / {
                # This has been changed to make sure WordPress pretty-links are supported
                try_files $uri $uri/ /index.php?$args;
        }

        location ~ \.php$ {
               include snippets/fastcgi-php.conf;
               fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }
}

server {
    listen 80;
    server_name uptownecafe.com www.uptownecafe.com;
    return 301 https://$server_name$request_uri;
}

Reply Report

garfield1979 July 3, 2017

That leads to Bad Gateway now

I’ve attempted a reboot.
Reply Report
- hansen July 3, 2017
  
  @garfield1979 But have you installed PHP-FPM ?
  
  Reply Report
  
  garfield1979 July 3, 2017
  
  I used the wordpress droplet creaton from here and followed the tutorial how to configure a certificate
  
  Reply Report
hansen July 3, 2017
Totally overlooked this listen 443 ssl;. Change that to this instead:

listen 443 ssl http2;
Reply Report

Answer 3

hansen July 3, 2017

@garfield1979
Okay, but if you used the WordPress One-Click-App, then it should already come with a configuration, where PHP-FPM is installed and Nginx is pointing to that.
It seems like you’re using two configuration files then.
You need to make sure there’s only one file located in /etc/nginx/sites-enabled/ - and that’s the current file we want to edit.

Reply Report

hansen July 3, 2017

@garfield1979 As far as I can see, it’s working fine right now. What did you do?
Reply Report
- garfield1979 July 3, 2017
  
  ok i did
  sudo apt-get install php-fpm php-mysql
  
  as outlined in
  https://www.digitalocean.com/community/tutorials/how-to-install-linux-nginx-mysql-php-lemp-stack-in-ubuntu-16-04
  
  and you’re right it looks like it works now!
  
  How To Install Linux, Nginx, MySQL, PHP (LEMP stack) in Ubuntu 16.04
  by Justin Ellingwood
  The LEMP software stack is a group of software that can be used to serve dynamic web pages and web applications. This is an acronym that describes a Linux operating system, with an Nginx web server. The backend data is stored in the MySQL database and the dynamic processing...
  
  Reply Report
  
  hansen July 3, 2017
  
  Ahh, so you didn’t use the One-Click-App, but followed a tutorial. Yes, then you need to manually install php-fpm among other.
  
  Reply Report
  
  garfield1979 July 3, 2017
  
  I used the droplet with wordpress already installed. not the one click app (at least i dont think thats what i used)
  
  Reply Report
- garfield1979 July 3, 2017
  
  Thanks so much for pointing me in the right direction!
  
  Reply Report
  
  hansen July 3, 2017
  
  Now go to this:
  https://www.uptownecafe.com/wp-admin/options-general.php
  And change WordPress Address (URL) and Site Address (URL) to this:
  
  https://www.uptownecafe.com
  
  Reply Report
  
  garfield1979 July 3, 2017
  
  Thanks I was trying to figure out how to make that so.!
  
  Reply Report

Answer 4

hansen July 3, 2017

@garfield1979 As far as I can see, it’s working fine right now. What did you do?
Reply Report
- garfield1979 July 3, 2017
  
  ok i did
  sudo apt-get install php-fpm php-mysql
  
  as outlined in
  https://www.digitalocean.com/community/tutorials/how-to-install-linux-nginx-mysql-php-lemp-stack-in-ubuntu-16-04
  
  and you’re right it looks like it works now!
  
  How To Install Linux, Nginx, MySQL, PHP (LEMP stack) in Ubuntu 16.04
  by Justin Ellingwood
  The LEMP software stack is a group of software that can be used to serve dynamic web pages and web applications. This is an acronym that describes a Linux operating system, with an Nginx web server. The backend data is stored in the MySQL database and the dynamic processing...
  
  Reply Report
  
  hansen July 3, 2017
  
  Ahh, so you didn’t use the One-Click-App, but followed a tutorial. Yes, then you need to manually install php-fpm among other.
  
  Reply Report
  
  garfield1979 July 3, 2017
  
  I used the droplet with wordpress already installed. not the one click app (at least i dont think thats what i used)
  
  Reply Report
- garfield1979 July 3, 2017
  
  Thanks so much for pointing me in the right direction!
  
  Reply Report
  
  hansen July 3, 2017
  
  Now go to this:
  https://www.uptownecafe.com/wp-admin/options-general.php
  And change WordPress Address (URL) and Site Address (URL) to this:
  
  https://www.uptownecafe.com
  
  Reply Report
  
  garfield1979 July 3, 2017
  
  Thanks I was trying to figure out how to make that so.!
  
  Reply Report

Question

Problem with NGINX config file root location

Leave a comment

Looking for something else?

Share

Share your Question

Question

Problem with NGINX config file root location

Leave a comment

Related

question

ERR_TOO_MANY_REDIRECTS

question

How to prevent bad caching on Users Browsers with Virtual Hosts on NGINX

question

Prosper 202 Install not working and getting an error

question

nginx welcome page home page

Looking for something else?

Almost there!