Hi @Osiris,
I took off that part, but still persist.
It now enters a redirect loop from http://www.eter7.com/ to http://www.eter7.com/ indefinitely.
6 Likes
Does that mean you removed the server block with the regex for server_name?
Because there are much simpler ways to do that. And, it wasn't doing all you wanted anyway.
We are still seeing infinite redirects for http.
Are you restarting nginx after each change? Have you tried just re-booting your server? In unusual cases you can get two nginx systems running that can't be controlled with normal systemctl commands. When wierd stuff like this happens it is worth trying that.
We can look into details to assess that if it is not practical to reboot. Let us know.
5 Likes
Hi @MikeMcQ,
Yes, i have removed this part of /etc/nginx/nginx.conf:
server {
server_name "~^(?!www\.).*" ;
return 301 $scheme://www.$host$request_uri;
}
This code i have putted there as one more testing in google search.
The actual block server for port 80 eter7.com still the same with option #5:
server {
listen 80;
listen [::]:80;
server_name eter7.com;
return 301 $scheme://www.eter7.com$request_uri;
}
On every update of server block for this domain, i use 'nginx -t' to check if its ok, and then 'service nginx restart'. The instance was rebooted for testing also.
This problem comes about more than a year to now, i haven´t found solution yet, yesterday, i deployed a new instance with the ubuntu 22.04, nginx, mariadb, and php8.1 hoping it was going to fix. Last instance was ubuntu 18.04, nginx, mariadb, php7.2.
How is this?:
Blockquote
In unusual cases you can get two nginx systems running that can't be controlled with normal systemctl commands. When wierd stuff like this happens it is worth trying that.
It´s a very wierd stuff really... Any suggestions i thank you!
And i ask sorry for everybody with this problem...
It follows a new nginx -T below:
sudo nginx -T
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
multi_accept on;
use epoll;
}
http {
set_real_ip_from 199.27.128.0/21;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 199.27.128.0/21;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
real_ip_header CF-Connecting-IP;
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
# keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# limit_req_zone $binary_remote_addr zone=one:50m rate=90r/s;
# limit_conn_zone $binary_remote_addr zone=addr:50m;
fastcgi_cache_path /usr/share/nginx/fastcgi_cache levels=1:2 keys_zone=phpcache:100m max_size=10g inactive=7d use_temp_path=off;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
fastcgi_cache_use_stale error timeout updating invalid_header http_500 http_503;
#fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
client_body_buffer_size 128k;
client_header_buffer_size 1k;
client_max_body_size 10m;
large_client_header_buffers 4 4k;
output_buffers 1 32k;
postpone_output 1460;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
client_body_timeout 3m;
client_header_timeout 3m;
keepalive_timeout 65s;
keepalive_requests 100000;
send_timeout 3m;
open_file_cache max=10000 inactive=240s;
open_file_cache_valid 360s;
open_file_cache_min_uses 5;
open_file_cache_errors off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied expired no-cache no-store private auth;
gzip_comp_level 4;
gzip_min_length 1000;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types
application/atom+xml
application/x-javascript
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/svg+xml
image/x-icon
text/css
text/plain
text/x-component
text/xml
text/javascript;
##
# Virtual Host Configs
##
map $http_accept $webp_suffix {
default "";
"~*webp" ".webp";
}
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
# configuration file /etc/nginx/modules-enabled/50-mod-http-cache-purge.conf:
load_module modules/ngx_http_cache_purge_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-http-geoip2.conf:
load_module modules/ngx_http_geoip2_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-http-image-filter.conf:
load_module modules/ngx_http_image_filter_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf:
load_module modules/ngx_http_xslt_filter_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-mail.conf:
load_module modules/ngx_mail_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-stream.conf:
load_module modules/ngx_stream_module.so;
# configuration file /etc/nginx/modules-enabled/70-mod-stream-geoip2.conf:
load_module modules/ngx_stream_geoip2_module.so;
# configuration file /etc/nginx/mime.types:
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
image/svg+xml svg svgz;
image/webp webp;
application/font-woff woff;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.wap.wmlc wmlc;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
# configuration file /etc/nginx/sites-enabled/eter7.com:
map $http_accept $webp_suffix {
default "";
"~*webp" ".webp";
}
server {
listen 80;
listen [::]:80;
server_name eter7.com;
return 301 $scheme://www.eter7.com$request_uri;
}
server {
listen 443 ssl http2; # managed by Certbot
listen [::]:443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/eter7.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/eter7.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
server_name www.eter7.com eter7.com;
root /var/www/eter7.com/;
index index.php index.html index.htm;
# fastcgi_hide_header "Set-Cookie";
fastcgi_hide_header "Expires";
fastcgi_hide_header "Pragma";
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
set $skip_cache 0;
# POST requests and urls with a query string should always go to PHP
if ($request_method = POST) {
set $skip_cache 1;
}
if ($query_string != "") {
set $skip_cache 1;
}
# Don't cache uris containing the following segments
if ($request_uri ~* "/wp-admin/|/taioba/|/xmlrpc.php|wp-.*.php|^/feed/*|/tag/.*/feed/*|index.php|/.*sitemap.*\.(xml|xsl)") {
set $skip_cache 1;
}
# Don't use the cache for logged in users or recent commenters
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
set $skip_cache 1;
}
# location ~* ^/wp-content/.+\.(png|gif|jpe?g)$ {
# add_header Vary Accept;
# add_header X-Content-Type-Options "nosniff" always;
# try_files $uri$webp_suffix $uri =404;
# }
location / {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;
# required to be able to read Authorization header in frontend
# add_header 'Access-Control-Expose-Headers' 'Authorization' always;
# add_header "Access-Control-Allow-Origin" *;
try_files $uri $uri/ /index.php$is_args$args;
include /etc/nginx/blockips.conf;
#DESABILITADO PORQUE ESTAVA TRAVANDO A APRESENTAĂĂO DAS IMAGENS WEBP
#prevent image hotlinking
# location ~ .(jpe?g|png|gif|ico|webp)$ {
# valid_referers none blocked eter7.com *.eter7.com eter7.b-cdn.net *.google.com *.google.com.br *.googleusercontent.com *.bing.com;
# valid_referers *.yahoo.com *.facebook.com *.twitter.com *.pinterest.com *.tumblr.com;
# valid_referers *.linkedin.com *.youtube.com *.reddit.com *.wordpress.com;
# valid_referers *.soundcloud.com *.instagram.com *.fbcdn.net fbcdn.net *.twimg.com twimg.com facebook.com twitter.com;
# if ($invalid_referer) {
# return 403;
# }
# }
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
access_log off;
log_not_found off;
}
location ~ \.php$ {
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
include snippets/fastcgi-php.conf;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache phpcache;
fastcgi_cache_valid 200 301 302 60m;
fastcgi_cache_use_stale error timeout updating invalid_header http_500 http_503;
fastcgi_cache_min_uses 1;
fastcgi_cache_lock on;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
fastcgi_read_timeout 600;
fastcgi_send_timeout 600;
fastcgi_connect_timeout 600;
add_header X-FastCGI-Cache $upstream_cache_status;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Frame-Options SAMEORIGIN always;
add_header 'Referrer-Policy' 'no-referrer-when-downgrade';
# Esse add_header content-security estava quebrando o site na troca de servidor
add_header Content-Security-Policy "Upgrade-Insecure-Requests";
# add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.eter7.com https://pagead2.googlesyndication.com https://adservice.google.com.br https://connect.facebook.net https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.facebook.com https://partner.googleadservices.com https://adservice.google.com.br https://adservice.google.com https://googleads.g.doubleclick.net https://www.googletagservices.com https://www.google.com https://static.addtoany.com https://www.gstatic.com https://tpc.googlesyndication.com https://google.com https://pagead2.googlesyndication.com;";
# Restrict access to WordPress LOGIN page
location ~ \wp-login.php$ {
allow 189.31.213.209;
deny all;
# LIMITA A FREQUĂNCIA DE ACESSO CONTRA ATAQUES - VERIFICAR /ETC/NGINX/NGINX.CONF
# limit_req zone=one burst=1 nodelay;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
}
# Restrict access to WordPress ADMIN dashboard
location ~ \wp-admin {
allow 189.31.213.209;
deny all;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
}
# Restrict access to WordPress wp-config.php page
location ~* wp-config.php {
deny all;
}
# Restrict access to WordPress XMLRPC.PHP
location ~ \xmlrpc.php$ {
allow 189.31.213.209;
deny all;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
}
# Restrict access to PHPMYADMIN
location ~* phpmyadmin {
allow 189.31.213.209;
deny all;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
}
# Deny access to uploads that arenât images, videos, music, etc.
location ~* ^/wp-content/uploads/.*.(html|htm|shtml|php|js|swf)$ {
deny all;
}
#----- include snippets/fastcgi-php.conf;
#----- fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
}
location ~ /purge(/.*) {
fastcgi_cache_purge phpcache "$scheme$request_method$host$1";
}
location ~* ^/wp-content/.+\.(png|gif|jpe?g)$ {
add_header Vary Accept;
try_files $uri$webp_suffix $uri =404;
expires 365d;
# add_header X-Content-Type-Options "nosniff" always;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;
}
# A long browser cache lifetime can speed up repeat visits to your page
location ~*.(ogg|ogv|svg|svgz|eot|otf|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|woff|woff2|webp)$ {
# location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
# location ~* \.(jpg|jpeg|gif|png|webp|svg|woff|woff2|ttf|css|js|ico|xml)$ {
access_log off;
log_not_found off;
expires 365d;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;
}
location ~* \.(pdf)$ {
expires 365d;
log_not_found off;
access_log off;
}
# disable access to hidden files
location ~ /\.ht {
access_log off;
log_not_found off;
deny all;
}
include /var/www/eter7.com/nginx.conf;
# redirect server error pages to the static page
error_page 403 /eter7.com/error403.html;
location = /eter7.com/error403.html {
root /var/www;
}
}
# configuration file /etc/letsencrypt/options-ssl-nginx.conf:
# This file contains important security parameters. If you modify this file
# manually, Certbot will be unable to automatically provide future security
# updates. Instead, Certbot will print and log an error message with a path to
# the up-to-date file that you will need to refer to when manually updating
# this file. Contents are based on https://ssl-config.mozilla.org
ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
# configuration file /etc/nginx/blockips.conf:
deny 188.213.49.210;
deny 188.240.208.26;
deny 5.189.140.25;
deny 188.213.49.210;
deny 216.244.66.243;
deny 188.138.41.102;
deny 111.202.100.85;
deny 111.229.246.143;
deny 111.229.81.5;
deny 132.232.109.224;
deny 54.236.231.29;
deny 111.202.100.85;
deny 111.231.198.37;
deny 216.244.66.243;
deny 13.82.139.145;
deny 190.19.93.98;
deny 203.133.168.53;
deny 190.219.129.128;
deny 212.76.127.225;
deny 212.76.127.10;
deny 54.160.232.176;
deny 85.204.246.240;
deny 47.75.177.195;
deny 179.193.50.55;
deny 5.9.104.30;
deny 170.150.3.35;
deny 138.117.62.96;
deny 192.99.15.15;
deny 192.99.34.42;
deny 148.70.239.50;
deny 129.28.39.234;
deny 50.236.19.102;
deny 89.35.39.180;
deny 178.137.82.147;
deny 216.218.191.228;
deny 216.218.141.229;
deny 64.62.210.34;
deny 42.51.34.155;
deny 46.119.174.102;
deny 163.172.110.152;
deny 47.75.186.204;
deny 194.72.238.12;
deny 37.228.250.174;
deny 182.55.245.77;
deny 212.76.127.224;
deny 141.226.232.250;
deny 217.129.242.1;
deny 187.48.165.134;
deny 148.70.7.7;
deny 47.75.76.54;
deny 168.196.201.101;
deny 51.89.175.187;
deny 132.232.2.249;
deny 13.65.100.244;
deny 129.213.64.179;
deny 198.27.80.123;
deny 129.28.61.66;
deny 168.196.155.181;
deny 178.137.135.156;
deny 5.22.128.25;
deny 216.218.191.226;
deny 64.62.210.40;
deny 189.188.3.34;
deny 118.24.19.111;
deny 216.218.191.195;
deny 64.62.158.115;
deny 216.218.141.227;
deny 103.93.57.12;
deny 52.201.174.43;
deny 203.205.141.48;
deny 201.150.121.60;
deny 177.104.197.63;
deny 85.241.126.24;
deny 52.162.211.179;
deny 51.255.76.62;
deny 47.244.113.177;
deny 186.206.26.53;
deny 129.213.67.237;
deny 157.55.87.32;
deny 51.255.76.62;
deny 157.55.87.32;
deny 177.76.229.202;
deny 47.56.227.92;
deny 201.230.37.175;
deny 167.249.72.60;
deny 20.188.204.1;
deny 111.231.194.239;
deny 222.87.198.78;
deny 221.235.184.101;
deny 148.70.93.108;
deny 142.44.251.104;
deny 188.165.239.119;
deny 212.102.33.44;
deny 195.154.207.19;
deny 198.100.145.155;
deny 195.154.174.135;
deny 158.101.14.253;
deny 195.154.104.6;
deny 198.245.61.69;
deny 103.8.12.100;
deny 192.95.30.59;
deny 198.245.61.116;
deny 118.123.6.216;
deny 31.28.162.55;
deny 62.149.29.187;
deny 62.210.188.222;
deny 175.27.165.17;
deny 113.111.80.210;
deny 42.193.36.136;
deny 139.155.172.190;
deny 59.42.123.104;
deny 192.42.116.17;
deny 193.31.24.154;
deny 185.31.175.213;
deny 199.195.252.18;
deny 193.57.40.55;
deny 185.31.175.215;
deny 185.220.102.247;
deny 193.57.40.55;
deny 185.38.175.130;
deny 199.195.252.18;
deny 193.189.100.197;
deny 45.155.204.6;
deny 121.5.70.57;
deny 113.111.80.210;
deny 59.42.123.104;
deny 45.155.204.6;
deny 47.196.106.163;
deny 185.220.102.247;
deny 23.129.64.147;
deny 185.225.68.102;
deny 193.218.118.156;
deny 198.98.62.74;
deny 185.233.100.23;
deny 51.15.235.211;
deny 119.91.77.10;
deny 119.91.80.214;
deny 121.5.70.57;
deny 119.91.87.45;
deny 185.220.102.4;
deny 185.233.100.23;
deny 91.219.237.21;
deny 51.15.235.211;
deny 103.164.113.26;
deny 18.197.106.70;
# configuration file /etc/nginx/fastcgi_params:
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
# configuration file /etc/nginx/snippets/fastcgi-php.conf:
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
# Check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;
# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
fastcgi_index index.php;
include fastcgi.conf;
# configuration file /etc/nginx/fastcgi.conf:
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
# configuration file /var/www/eter7.com/nginx.conf:
location = /nginx.conf {
deny all;
}
Thanks again!
Tony
2 Likes
Do you have any other software between nginx and the internet? Is there any other software that you configure to use those certificates? Maybe a CDN?
Also, do you know where the x-redirect-by: WordPress header comes from? Or, the x-fastcgi-cache? Because I don't see where those are inserted by your nginx conf.
curl -I https://eter7.com
HTTP/2 301
server: nginx/1.18.0 (Ubuntu)
location: https://www.eter7.com/
link: <https://cdn.eter7.com>; rel=preconnect, (...and lots more...)
x-redirect-by: WordPress
x-fastcgi-cache: EXPIRED
(other headers omitted)
If you use the certbot --nginx command when nginx is not already running it can cause this problem. It will start nginx without using systemctl (service usually maps on to systemctl). Then any later nginx start/restart with systemctl will have another nginx.
Of course, in any situation where someone or some software starts nginx with its native command can cause this too.
But, I don't think that is the most likely problem here. I think there is some other software involved in processing your http(s) requests.
5 Likes
Hello @tonyfranco,
You might find nginx documentation and https://forum.nginx.org/ helpful as well.
2 Likes
Hi @MikeMcQ,
I only installed LEMP. About CDN, i made contact with them, and they said that is nothing at their side that would cause a 301 redirect.
About the x-redirect-by: Wordpress, that´s must be the problem... something at wordpress...
I have installed a plugin to check all the redirections of wordpress, it pointed just two posts, but no redirection at domain level. I have also disabled all plugins, and changed theme.
About the certbot:
Blockquote
If you use thecertbot --nginxcommand when nginx is not already running it can cause this problem. It will start nginx without using systemctl (service usually maps on to systemctl). Then any later nginx start/restart with systemctl will have another nginx.
This command was the last typed at install.
I will try this week a new instance with a new wordpress instalation, new database and new certificates. Maybe it´s wordpress actual instalation that has the problem, i don´t know.
After the result i post here!
Thanks and Regards,
Tony
4 Likes
Dear Friends,
Just reporting, i have deployed a new instance with new wordpress instalation (new database), no customization... and still happening....
By this test i can think that there is no problem at wordpress... what do you think?
At this instance, just ubuntu 22.04, mariadb, php8.1 and certbot.
What is still happening? I don't see anything obviously wrong
All of these requests work as expected:
http://eter7.com (redirects to https://www.eter7.com)
http://www.eter7.com (redirects to https://www.eter7.com)
https://eter7.com (redirects to https://www.eter7.com)
https://www.eter7.com (returns 200 OK success)
The cert used for HTTPS was issued on Feb12 2023 which is the latest one issued.
7 Likes
I presume it was detailed somewhere in the previous 29 posts.
TLDR;
Help us, help you.
What is happening?
[feel free to post screenshots (if needed)]
4 Likes
Hey @MikeMcQ,
Thank you very much!! it looks like it´s ok!
Yesterday i deleted and created CNAME´s again and today i have tested, and it´s working!
If that wasn't the reason, someone helped me somehow and i don't know....
At website wheregoes:
1- Trace Results | WhereGoes (success)
2- Trace Results | WhereGoes (success)
3- Trace Results | WhereGoes (success)
I want to thank you all by the support and attention!!
Finally this challenge ends for me... 
With Best Regards,
Tony
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.