The page isn’t redirecting properly after upgrading to 1.17?

Firstly, My nginx 1.14 configuration was working. After upgrading to nginx mainline 1.17 my nginx stop working. My default.conf is shown below. Any idea what changed since? Where should I look and correct my nginx default configuration?

Secondly, anything other than mobile.mysite.com/admin1 , admin2 , admin3 , admin4 must redirect to default index.html file. But I couldn’t add that either. Any idea?

Important: The mobile.mysite.com/admin1 looks working but mobile.mysite.com/admin1/**** or mobile.mysite.com/admin1/*****/**** not redirecting… Any idea?

My Nginx version: 1.17.6

conf.d/default.conf

server {
    charset UTF-8;
    listen 80;
    listen [::]:80;
    server_name  mobile.mysite.com;

    access_log /var/log/nginx/host.access.log main;

    location = / {
        root /usr/share/nginx/html;
        index index.html index.htm;
    }

    # redirect error pages to the static page
    error_page 401 402 403 404 405 500 502 503 504 index.html;
    location = /index.html {
        root /usr/share/nginx/html;
        internal;
    }

    # Deny access to .htaccess files
    location ~ /\.ht {
        deny  all;
    }

    # Deny access to hidden files (beginning with a period)
    location ~ /\. {
         deny all;
    }


    if ($host = mobile.mysite.com/admin1) {
        return 301 https://$host$request_uri;
    } 


    if ($host = mobile.mysite.com/admin2) {
        return 301 https://$host$request_uri;
    } 


    if ($host = mobile.mysite.com/admin3) {
        return 301 https://$host$request_uri;
    } 


    if ($host = mobile.mysite.com/admin4) {
        return 301 https://$host$request_uri;
    } 

}


server {
    charset UTF-8;
    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl http2; # managed by Certbot
    server_name  mobile.mysite.com;

    ssl_certificate /etc/letsencrypt/live/mobile.mysite.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mobile.mysite.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    access_log  /var/log/nginx/host.access.log  main;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    # redirect admin1
    location /admin1 {
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass "http://192.168.1.101:3000/";
        proxy_next_upstream error timeout http_500 http_502 http_503 http_504 http_404;
        proxy_intercept_errors on;
    }


    # redirect admin2
    location /admin2 {
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass "http://192.168.1.102:3000/";
        proxy_next_upstream error timeout http_500 http_502 http_503 http_504 http_404;
        proxy_intercept_errors on;
    }


    # redirect admin3
    location /admin3 {
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass "http://192.168.1.103:3000/";
        proxy_next_upstream error timeout http_500 http_502 http_503 http_504 http_404;
        proxy_intercept_errors on;
    }


    # redirect admin4
    location /admin4 {
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass "http://192.168.1.104:3000/";
        proxy_next_upstream error timeout http_500 http_502 http_503 http_504 http_404;
        proxy_intercept_errors on;
    }


    # redirect error pages to the static page
    error_page 401 402 403 404 405 500 502 503 504 index.html;
    location = /index.html {
        root /usr/share/nginx/html;
        internal;
    }


    # deny access to .htaccess files
    location ~ /\.ht {
        deny  all;
    }

    # Deny access to hidden files (beginning with a period)
    location ~ /\. {
         deny all;
    }

    if ($request_method !~ ^(GET|HEAD|POST)$ )
    {
         return 404;
    }

}
1 Like

Although this is clearly an NGINX question, I will attempt to at least point you towards a solution.
First, you can combine all the redirects in the port 80 config as follows:

[remove all the IFs - leave only one redirect for ALL cases]

As for the port 443 config, I think your syntax and ordering may need some massaging…
Try:

  • moving the “/” location to last
  • modify, or add, the
    location /admin1 {
    to
    location ^~* /admin1 {
    or
    location ^~* /admin1/ {
1 Like

Thanks @rg305, I will try

1 Like

I am getting error as:

nginx: [emerg] invalid location modifier “^~*” in /etc/nginx/conf.d/default.conf:84

1 Like

I remove the location modifier and still the same.

When I type https://mobile.mysite.com/admin1/KH/login

it shows on address bar as
https:// mobile.mysite.com/admin1/KH/index.html

it seems is not finding the redirection and 1.14 redirection is different than 1.17

1 Like

Please show this file:

1 Like

@rg305 just finalized and its working. I am using conf.d/default.conf and I don’t use site-enabled or site-available folder. Here is what I add and worked. I follow your suggestion and made simpler 80 server as shown below. And then I added

proxy_http_version	1.1;
proxy_cache_bypass	$http_upgrade;
proxy_set_header Upgrade	$http_upgrade;
proxy_set_header Connection 	"upgrade";

for each app and its working even beter than before. If I type admin1, or admin1/***** proxy_pass is working. anything other than admin1, or admin1/***** redirect to index html file.

I modified /var/www/html/index.html as well as usr/share/nginx/html/index.html. But if I type http://www.mobile.mysite.com still goes and finds nginx standart index.html. I don’t know where is the nginx default index.html so I can modified that one as well.

Thank you for your suggestion.

add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";

server {
    charset UTF-8;
    listen      80;
    listen [::]:80;
    server_name  mobile.mysite.com;

    # HTTP REDIRECT
    location / {
	return 301 https://mobile.mysite.com$request_uri;
    }

}


server {
    charset UTF-8;
    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl http2; # managed by Certbot

    server_name  mobile.mysite.com;
    root /var/www/html/;

    # SSL
    ssl_certificate /etc/letsencrypt/live/mobile.mysite.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mobile.mysite.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    # LOGING	
    access_log  /var/log/nginx/host.access.log  main;
    error_log  /var/log/nginx/host.error.log  warn;

    # index.html fallback
    location / {
	try_files $uri $uri/ /index.html;
    }

    # reverse proxy admin1
    location /admin1 {
        proxy_http_version	1.1;
	proxy_cache_bypass	$http_upgrade;
	proxy_set_header Upgrade	$http_upgrade;
	proxy_set_header Connection 	"upgrade";
	proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass "http://192.168.1.101:3000/";
        proxy_next_upstream error timeout http_500 http_502 http_503 http_504 http_404;
        proxy_intercept_errors on;
    }

    # reverse proxy admin2
    location /admin2 {
        proxy_http_version	1.1;
	proxy_cache_bypass	$http_upgrade;
	proxy_set_header Upgrade	$http_upgrade;
	proxy_set_header Connection 	"upgrade";
	proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass "http://192.168.1.102:3000/";
        proxy_next_upstream error timeout http_500 http_502 http_503 http_504 http_404;
        proxy_intercept_errors on;
    }

    # reverse proxy admin3
    location /admin3 {
        proxy_http_version	1.1;
	proxy_cache_bypass	$http_upgrade;
	proxy_set_header Upgrade	$http_upgrade;
	proxy_set_header Connection 	"upgrade";
	proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass "http://192.168.1.103:3000/";
        proxy_next_upstream error timeout http_500 http_502 http_503 http_504 http_404;
        proxy_intercept_errors on;
    }

    # reverse proxy admin4
    location /admin4 {
        proxy_http_version	1.1;
	proxy_cache_bypass	$http_upgrade;
	proxy_set_header Upgrade	$http_upgrade;
	proxy_set_header Connection 	"upgrade";
	proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass "http://192.168.1.104:3000/";
        proxy_next_upstream error timeout http_500 http_502 http_503 http_504 http_404;
        proxy_intercept_errors on;
    }




    # redirect error pages to the static page
    error_page 401 402 403 404 405 index.html;
    location = /index.htm {
        root /usr/share/nginx/html;
        internal;
    }


    # redirect server error pages to the static page
    error_page 500 502 503 504 index.html;
    location = /50x.html {
        root /usr/share/nginx/html;
        internal;
    }


    # deny access to .htaccess files
    location ~ /\.ht {
        deny  all;
    }
	
    # Deny access to hidden files (beginning with a period)
    location ~ /\. {
         deny all;
    }

    if ($request_method !~ ^(GET|HEAD|POST)$ )
    {
         return 404;
    }

}
1 Like

This would also forward random IP scanners to your real server - NOT recommended.
Using same host is better handing.
return 301 https://$host$request_uri;
[if they don’t know you, they don’t need to know you]

Anyway, I’m glad to see that you got it working :wink:

1 Like

Thanks rg305, I will replace domain name with $host.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.