Join Log in
Score:0
jabroni avatar Server

Moving from Apache2 to NGINX configuration

kp flag
jabroni

I have been trying to get my website up after moving from apache2 to nginx on my AWS Ubuntu 20.04 server. I have translated the relevant files from apache2 over to my nginx configuration, however I can't seem to get secure https access through page. Are my configs able to be sanity checked?

I have allocated an elastic IP on the AWS end and re-routed that with an A name on our web host platform. I have been able to generate the SSL certificates by running: sudo certbot certonly --webroot --agree-tos -w /etc/letsencrypt/ --expand -d mywebsite.com,mywebsite.blah.com.

I am also able to directly load the website by entering the elastic IP address directly into my search bar and the web page loads, but with https crossed out and an invalid certificate message.

/etc/nginx/nginx.conf

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log debug;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    server_names_hash_bucket_size       128;
    include /etc/nginx/sites-enabled/*;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    include       /etc/nginx/mime.types;

    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    #include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*.conf;


    disable_symlinks off;
}

/etc/apache2/sites-available/website.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        ServerName mywebsite.com
        ServerAlias mywebsite.com mywebsite.blah.com
        SSLEngine on
        SSLProxyEngine on
        SSLCertificateFile /etc/letsencrypt/live/mywebsite.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/mywebsite.com/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf

    RewriteEngine On

    RewriteCond %{HTTP:Upgrade} =websocket               [NC]
    RewriteRule /(.*)           ws://amazon-ec2-instance.com:8080/$1  [P,L]

        ProxyPreserveHost On
        ProxyRequests Off
        ProxyPass / http://amazon-ec2-instance.com:8080/
        ProxyPassReverse / http://amazon-ec2-instance.com:8080/
        ProxyPassReverseCookieDomain / http://amazon-ec2-instance.com:8080/
        ProxyPassReverseCookiePath / http://amazon-ec2-instance.com:8080/

        ProxyPass /api/ws wss://amazon-ec2-instance.com:8080/
        ProxyPassReverse /api/ws wss://amazon-ec2-instance.com:8080/
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        <Directory />
          Options FollowSymLinks
          AllowOverride All
        </Directory>

</VirtualHost>
</IfModule>

/etc/nginx/sites-available/website.conf

server {
    if ($host = mywebsite.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

server {
       listen 80;
        listen [::]:80;

       server_name mywebsite.com mywebsite.blah.com;

       root /var/www/html;
       index index.html;

       #passenger_enabled on;

       location / {
                rewrite ^(.*)$ https://$http_host:8080$request_uri redirect;
                try_files $uri $uri/ =404;
        }

        location !/\.ht {
                deny all;
        }

        location ~ \.php$ {
                # include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php7.4-fpm.sock;
        }
}

/etc/apache2/sites-available/website-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        ServerName mywebsite
        ServerAlias mywebsite.com mywebsite.blah.com
        SSLEngine on
        SSLProxyEngine on
        Include /etc/letsencrypt/options-ssl-apache.conf
        RewriteEngine On


        RewriteCond %{HTTP:Upgrade} =websocket [NC]
    RewriteRule /(.*) ws://amazon-ec2-instance.com:8080/$1 [P,L]

    ProxyPreserveHost On
    ProxyRequests Off
        ProxyPass / http://amazon-ec2-instance.com:8080/
        ProxyPassReverse / http://amazon-ec2-instance.com:8080/
        ProxyPassReverseCookieDomain / http://amazon-ec2-instance.com:8080/
        ProxyPassReverseCookiePath / http://amazon-ec2-instance.com:8080/

        ProxyPass /api/ws wss://amazon-ec2-instance.com:8080/
        ProxyPassReverse /api/ws wss://amazon-ec2-instance.com:8080/

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        <Directory />
          Options FollowSymLinks
          AllowOverride All
        </Directory>

        SSLCertificateFile /etc/letsencrypt/live/mywebsite/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/mywebsite/privkey.pem
</VirtualHost>
</IfModule>

/etc/nginx/sites-available/website-ssl.conf

server {
    include                     /etc/letsencrypt/options-ssl-nginx.conf;
    listen                      443 ssl;
    server_name                 mywebsite.com;
    ssl_certificate             /etc/letsencrypt/live/mywebsite.com/fullchain.pem;
    ssl_certificate_key         /etc/letsencrypt/live/mywebsite.com/privkey.pem;

    root                        /var/www/html ;

    location / {
        proxy_pass                      http://mywebsite.com:8080/ ;
        proxy_set_header Host           $host;
        proxy_set_header X-Real-IP      $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_cookie_domain http://mywebsite.com:8080/ $host;
        proxy_cookie_path / /;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    location /api/ws {
        proxy_pass http://mywebsite.com:8080/ ;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;
}

/etc/apache2/sites-available/website-ssl2.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        ServerName mywebsite.com
        ServerAlias mywebsite.com mywebsite.blah.com
        SSLEngine on
        SSLProxyEngine on
        SSLCertificateFile /etc/letsencrypt/live/mywebsite.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/mywebsite.com/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf

    RewriteEngine On

    RewriteCond %{HTTP:Upgrade} =websocket               [NC]
    RewriteRule /(.*)           ws://localhost:8080/$1  [P,L]

        ProxyPreserveHost On
        ProxyRequests Off
        ProxyPass / http://localhost:8080/
        ProxyPassReverse / http://localhost:8080/
        ProxyPassReverseCookieDomain / http://localhost:8080/
        ProxyPassReverseCookiePath / http://localhost:8080/

        ProxyPass /api/ws wss://localhost:8080/
        ProxyPassReverse /api/ws wss://localhost:8080/

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        <Directory />
          Options FollowSymLinks
          AllowOverride All
        </Directory>

</VirtualHost>
</IfModule>

/etc/nginx/sites-available/website-ssl2.conf

server {
    include                     /etc/letsencrypt/options-ssl-nginx.conf;
    listen                      443 ssl;
    server_name                 mywebsite.com;

    ssl_certificate             /etc/letsencrypt/live/mywebsite.com/fullchain.pem;
    ssl_certificate_key         /etc/letsencrypt/live/mywebsite.com/privkey.pem;

    location / {
        proxy_pass                      http://localhost:8080/;
        proxy_set_header Host           $host;
        proxy_set_header X-Real-IP      $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_cookie_domain http://localhost:8080/ $host;
        proxy_cookie_path / /;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }


    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    # Other directives specific to your configuration
    # ...
}
79
1 + 4
ssl
John Hanley avatar
cn flag
John Hanley
You mention `I can't seem to get secure https access`. How are you accessing the site and what is the error? Use tools like `curl` with verbose enabled. That will often tell what is wrong.
1
Reply
John Hanley avatar
cn flag
John Hanley
Why are you using `ipv6only=on`? That means that IPv4 is disabled.
1
Reply
jabroni avatar
kp flag
jabroni
@JohnHanley >>> I am also able to directly load the website by entering the elastic IP address directly into my search bar as I stated in the description. And ipv6only is commented out as per the `#`
0
Reply
jabroni avatar
kp flag
jabroni
I've removed the ipv6 commented line to avoid confusion.
0
Reply
Score:0
Aleem Ahmad avatar Server
om flag
Aleem Ahmad

Change the first line user nginx; of the file '/etc/nginx/nginx.conf' to user www-data;

Then Restart the nginx server

systemctl restart nginx
+ 1
jabroni avatar
kp flag
jabroni
thank you! This was it.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.