Loading files from subdirectories or external sources with nginx https

Hi folks. My problem is, that I can’t figure out how to serve files from a subdirectory (or external sources) with my nginx server. I think the problem is that I redirect every request to https (I choose this option on certificate creation and I can’t choose the other option because I hit max certificate request limit). What changes do I have to do to my server configuration to load those scripts?

My domain is:

freedom-of-mind.de

I ran this command:

sudo certbot --nginx (I also tried other commands with cert-only etc.)

It produced this output:

completed successfully

My web server is (include version):

nginx 1.14.0

The operating system my web server runs on is (include version):

ubuntu bionic beaver

I can login to a root shell on my machine (yes or no, or I don’t know):

yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

git bash mingw64

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

certbot 0.31.1

Here is the config file for my server (/etc/nginx/sites-enabled/freedom-of-mind.conf):
server {

    server_name freedom-of-mind.de www.freedom-of-mind.de;
    root /var/www/html;

    index index.html index.htm;
    location / {
        try_files $uri$args $uri$args/ /index.html;
    }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/freedom-of-mind.de/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/freedom-of-mind.de/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

server {
    #if ($host = freedom-of-mind.de) {
    #    return 301 https://$host$request_uri;
    #} # managed by Certbot


    #if ($host = www.freedom-of-mind.de) {
    #    return 301 https://$host$request_uri;
    #} # managed by Certbot


    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

    server_name freedom-of-mind.de www.freedom-of-mind.de;
    return 404; # managed by Certbot
}

I commented some stuff out in the second server block, hoping for the redirection to stop but it didn’t work. I’m very new to this topic and even though learning about this is fun, it is also quite complicated at times. So please be lenient. Greetings! :slight_smile:

1 Like

Hi @Arathos

I don’t understand your question.

Share a link with the sample of the problem.

Hi Juergen,

you can just open my website (freedom-of-mind.de) and open the console. My problem is, that the Content Security Policy is blocking the loading of external files aswell as files from subdirectories (script, style and js files).

Actually, some files are being successfully loaded via HTTP/1.1, while some others are not (those being requested for by https, that is some styles from the google, as well as some files in another, deeper, subdirectory).

1 Like

It’s your CSP, so change it.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.