Loading files from subdirectories or external sources with nginx https

Arathos · June 5, 2020, 9:16am

Hi folks. My problem is, that I can’t figure out how to serve files from a subdirectory (or external sources) with my nginx server. I think the problem is that I redirect every request to https (I choose this option on certificate creation and I can’t choose the other option because I hit max certificate request limit). What changes do I have to do to my server configuration to load those scripts?

My domain is:

freedom-of-mind.de

I ran this command:

sudo certbot --nginx (I also tried other commands with cert-only etc.)

It produced this output:

completed successfully

My web server is (include version):

nginx 1.14.0

The operating system my web server runs on is (include version):

ubuntu bionic beaver

I can login to a root shell on my machine (yes or no, or I don’t know):

yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

git bash mingw64

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

certbot 0.31.1

Here is the config file for my server (/etc/nginx/sites-enabled/freedom-of-mind.conf):
server {

    server_name freedom-of-mind.de www.freedom-of-mind.de;
    root /var/www/html;

    index index.html index.htm;
    location / {
        try_files $uri$args $uri$args/ /index.html;
    }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/freedom-of-mind.de/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/freedom-of-mind.de/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

server {
    #if ($host = freedom-of-mind.de) {
    #    return 301 https://$host$request_uri;
    #} # managed by Certbot


    #if ($host = www.freedom-of-mind.de) {
    #    return 301 https://$host$request_uri;
    #} # managed by Certbot


    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

    server_name freedom-of-mind.de www.freedom-of-mind.de;
    return 404; # managed by Certbot
}

I commented some stuff out in the second server block, hoping for the redirection to stop but it didn’t work. I’m very new to this topic and even though learning about this is fun, it is also quite complicated at times. So please be lenient. Greetings!

JuergenAuer · June 5, 2020, 9:50am

Hi @Arathos

I don't understand your question.

Share a link with the sample of the problem.

Arathos · June 5, 2020, 10:21am

Hi Juergen,

you can just open my website (freedom-of-mind.de) and open the console. My problem is, that the Content Security Policy is blocking the loading of external files aswell as files from subdirectories (script, style and js files).

Actually, some files are being successfully loaded via HTTP/1.1, while some others are not (those being requested for by https, that is some styles from the google, as well as some files in another, deeper, subdirectory).

JuergenAuer · June 5, 2020, 11:15am

It's your CSP, so change it.

system · July 5, 2020, 11:15am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.