The page isn’t redirecting properly after upgrading to 1.17?

Help
#1

Firstly, My nginx 1.14 configuration was working. After upgrading to nginx mainline 1.17 my nginx stop working. My default.conf is shown below. Any idea what changed since? Where should I look and correct my nginx default configuration?

Secondly, anything other than mobile.mysite.com/admin1 , admin2 , admin3 , admin4 must redirect to default index.html file. But I couldn’t add that either. Any idea?

Important: The mobile.mysite.com/admin1 looks working but mobile.mysite.com/admin1/**** or mobile.mysite.com/admin1/*****/**** not redirecting… Any idea?

My Nginx version: 1.17.6

conf.d/default.conf

server {
    charset UTF-8;
    listen 80;
    listen [::]:80;
    server_name  mobile.mysite.com;

    access_log /var/log/nginx/host.access.log main;

    location = / {
        root /usr/share/nginx/html;
        index index.html index.htm;
    }

    # redirect error pages to the static page
    error_page 401 402 403 404 405 500 502 503 504 index.html;
    location = /index.html {
        root /usr/share/nginx/html;
        internal;
    }

    # Deny access to .htaccess files
    location ~ /\.ht {
        deny  all;
    }

    # Deny access to hidden files (beginning with a period)
    location ~ /\. {
         deny all;
    }


    if ($host = mobile.mysite.com/admin1) {
        return 301 https://$host$request_uri;
    } 


    if ($host = mobile.mysite.com/admin2) {
        return 301 https://$host$request_uri;
    } 


    if ($host = mobile.mysite.com/admin3) {
        return 301 https://$host$request_uri;
    } 


    if ($host = mobile.mysite.com/admin4) {
        return 301 https://$host$request_uri;
    } 

}


server {
    charset UTF-8;
    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl http2; # managed by Certbot
    server_name  mobile.mysite.com;

    ssl_certificate /etc/letsencrypt/live/mobile.mysite.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mobile.mysite.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    access_log  /var/log/nginx/host.access.log  main;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    # redirect admin1
    location /admin1 {
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass "http://192.168.1.101:3000/";
        proxy_next_upstream error timeout http_500 http_502 http_503 http_504 http_404;
        proxy_intercept_errors on;
    }


    # redirect admin2
    location /admin2 {
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass "http://192.168.1.102:3000/";
        proxy_next_upstream error timeout http_500 http_502 http_503 http_504 http_404;
        proxy_intercept_errors on;
    }


    # redirect admin3
    location /admin3 {
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass "http://192.168.1.103:3000/";
        proxy_next_upstream error timeout http_500 http_502 http_503 http_504 http_404;
        proxy_intercept_errors on;
    }


    # redirect admin4
    location /admin4 {
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass "http://192.168.1.104:3000/";
        proxy_next_upstream error timeout http_500 http_502 http_503 http_504 http_404;
        proxy_intercept_errors on;
    }


    # redirect error pages to the static page
    error_page 401 402 403 404 405 500 502 503 504 index.html;
    location = /index.html {
        root /usr/share/nginx/html;
        internal;
    }


    # deny access to .htaccess files
    location ~ /\.ht {
        deny  all;
    }

    # Deny access to hidden files (beginning with a period)
    location ~ /\. {
         deny all;
    }

    if ($request_method !~ ^(GET|HEAD|POST)$ )
    {
         return 404;
    }

}
1 Like
#2

Although this is clearly an NGINX question, I will attempt to at least point you towards a solution.
First, you can combine all the redirects in the port 80 config as follows:

[remove all the IFs - leave only one redirect for ALL cases]

As for the port 443 config, I think your syntax and ordering may need some massaging…
Try:

  • moving the “/” location to last
  • modify, or add, the
    location /admin1 {
    to
    location ^~* /admin1 {
    or
    location ^~* /admin1/ {
1 Like
#3

Thanks @rg305, I will try

1 Like
#4

I am getting error as:

nginx: [emerg] invalid location modifier “^~*” in /etc/nginx/conf.d/default.conf:84

1 Like
#5

I remove the location modifier and still the same.

When I type https://mobile.mysite.com/admin1/KH/login

it shows on address bar as
https:// mobile.mysite.com/admin1/KH/index.html

it seems is not finding the redirection and 1.14 redirection is different than 1.17

1 Like
#6

Please show this file:

1 Like
#7

@rg305 just finalized and its working. I am using conf.d/default.conf and I don’t use site-enabled or site-available folder. Here is what I add and worked. I follow your suggestion and made simpler 80 server as shown below. And then I added

proxy_http_version	1.1;
proxy_cache_bypass	$http_upgrade;
proxy_set_header Upgrade	$http_upgrade;
proxy_set_header Connection 	"upgrade";

for each app and its working even beter than before. If I type admin1, or admin1/***** proxy_pass is working. anything other than admin1, or admin1/***** redirect to index html file.

I modified /var/www/html/index.html as well as usr/share/nginx/html/index.html. But if I type http://www.mobile.mysite.com still goes and finds nginx standart index.html. I don’t know where is the nginx default index.html so I can modified that one as well.

Thank you for your suggestion.

add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";

server {
    charset UTF-8;
    listen      80;
    listen [::]:80;
    server_name  mobile.mysite.com;

    # HTTP REDIRECT
    location / {
	return 301 https://mobile.mysite.com$request_uri;
    }

}


server {
    charset UTF-8;
    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl http2; # managed by Certbot

    server_name  mobile.mysite.com;
    root /var/www/html/;

    # SSL
    ssl_certificate /etc/letsencrypt/live/mobile.mysite.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mobile.mysite.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    # LOGING	
    access_log  /var/log/nginx/host.access.log  main;
    error_log  /var/log/nginx/host.error.log  warn;

    # index.html fallback
    location / {
	try_files $uri $uri/ /index.html;
    }

    # reverse proxy admin1
    location /admin1 {
        proxy_http_version	1.1;
	proxy_cache_bypass	$http_upgrade;
	proxy_set_header Upgrade	$http_upgrade;
	proxy_set_header Connection 	"upgrade";
	proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass "http://192.168.1.101:3000/";
        proxy_next_upstream error timeout http_500 http_502 http_503 http_504 http_404;
        proxy_intercept_errors on;
    }

    # reverse proxy admin2
    location /admin2 {
        proxy_http_version	1.1;
	proxy_cache_bypass	$http_upgrade;
	proxy_set_header Upgrade	$http_upgrade;
	proxy_set_header Connection 	"upgrade";
	proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass "http://192.168.1.102:3000/";
        proxy_next_upstream error timeout http_500 http_502 http_503 http_504 http_404;
        proxy_intercept_errors on;
    }

    # reverse proxy admin3
    location /admin3 {
        proxy_http_version	1.1;
	proxy_cache_bypass	$http_upgrade;
	proxy_set_header Upgrade	$http_upgrade;
	proxy_set_header Connection 	"upgrade";
	proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass "http://192.168.1.103:3000/";
        proxy_next_upstream error timeout http_500 http_502 http_503 http_504 http_404;
        proxy_intercept_errors on;
    }

    # reverse proxy admin4
    location /admin4 {
        proxy_http_version	1.1;
	proxy_cache_bypass	$http_upgrade;
	proxy_set_header Upgrade	$http_upgrade;
	proxy_set_header Connection 	"upgrade";
	proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass "http://192.168.1.104:3000/";
        proxy_next_upstream error timeout http_500 http_502 http_503 http_504 http_404;
        proxy_intercept_errors on;
    }




    # redirect error pages to the static page
    error_page 401 402 403 404 405 index.html;
    location = /index.htm {
        root /usr/share/nginx/html;
        internal;
    }


    # redirect server error pages to the static page
    error_page 500 502 503 504 index.html;
    location = /50x.html {
        root /usr/share/nginx/html;
        internal;
    }


    # deny access to .htaccess files
    location ~ /\.ht {
        deny  all;
    }
	
    # Deny access to hidden files (beginning with a period)
    location ~ /\. {
         deny all;
    }

    if ($request_method !~ ^(GET|HEAD|POST)$ )
    {
         return 404;
    }

}
1 Like
#8

This would also forward random IP scanners to your real server - NOT recommended.
Using same host is better handing.
return 301 https://$host$request_uri;
[if they don’t know you, they don’t need to know you]

Anyway, I’m glad to see that you got it working :wink:

1 Like
#9

Thanks rg305, I will replace domain name with $host.

2 Likes
#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.