What does those line after installing cert with nginx plugin?

SpongeBOB · March 23, 2023, 3:10pm

Hi everyone,

I just installed a certificate thanks to @Osiris .

I'm a noob still with Nginx, what does the following entires ?

server {
    if ($host = sub.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


	listen 80;
	server_name sub.example.com;
    return 404; # managed by Certbot
}

MikeMcQ · March 23, 2023, 3:15pm

It redirects HTTP requests to HTTPS

This is pretty standard web server behavior. You would be well served educating yourself further on how nginx works

Bruce5051 · March 23, 2023, 3:15pm

Hi @SpongeBOB,

The line

# managed by Certbot

I will allow other to answer, I feel sure they will do better than me for that.

However for general nginx information:
You might find nginx documentation and https://forum.nginx.org/ helpful as well.

SpongeBOB · March 24, 2023, 5:55pm

hummm...

I see that this configuration made by Certbot is indeed redirecting 301 or making as not found !? 404

But the order and the arrangement seem odd.

Here a longer extract of my config file.


server {
  server_name sub.example.com
  location / {
  proxy_pass http://1.2.3.4/;
  }

  listen 443 ssl;
  ssl_certificate /etc/letsencrypt/live/xxxxxx;
  ssl_certificate_key /etc/letsencrypt/live/xxxxxx;
  include /etc/letsencrypt/options-ssl-nginx.conf;
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}


server {
    if ($host = sub.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


	listen 80;
	server_name sub.example.com;
    return 404; # managed by Certbot
}

So, is that normal that I have twice server {} ?

If each server{} section are to split 80 and 443 port.
Why in the second server{} (80) the if statement is before specifying the port 80 ?? seem so odd.

Thanks.

MikeMcQ · March 24, 2023, 6:08pm

Yes, one server block is for port 80 (HTTP) requests and the other for port 443 (HTTPS)

The placement of the listen is not important within a server block (nor the server_name)

The return will occur for requests to that domain name but otherwise returns a 404. If this server block is your nginx default then it's possible non-standard requests will reach this server block and so will get a 404 (spammers and such).

You would be well-served by learning more about how nginx works
https://nginx.org/en/docs/

rg305 · March 24, 2023, 6:44pm

They are all "ingredients" to the "web soup".
In the end, the order doesn't really matter - it still becomes "soup".

system · April 23, 2023, 6:44pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.