[GLLUG] nginx oops!

MJ mirojrsc at yahoo.co.uk
Sun Nov 29 13:46:41 UTC 2020 

 
as requested by Mr. Winters
here it is in public, my novice, mistakes ;(
/etc/nginx/sites-enabled# ls
 default diaspora

default serves it's index page via IP
 
# Default server configuration
#
server {
 listen 80 default_server;
 listen [::]:80 default_server;

 # SSL configuration
 #
 # listen 443 ssl default_server;
 # listen [::]:443 ssl default_server;
 #
 # Note: You should disable gzip for SSL traffic.
 # See: https://bugs.debian.org/773332
 #
 # Read up on ssl_ciphers to ensure a secure configuration.
 # See: https://bugs.debian.org/765782
 #
 # Self signed certs generated by the ssl-cert package
 # Don't use them in a production server!
 #
 # include snippets/snakeoil.conf;

 root /var/www/html;

 # Add index.php to the list if you are using PHP
 index index.html index.htm index.nginx-debian.html;

 server_name _;


 location / {
 # First attempt to serve request as file, then
 # as directory, then fall back to displaying a 404.
 try_files $uri $uri/ =404;
 }

 # pass PHP scripts to FastCGI server
 #
 #location ~ \.php$ {
 # include snippets/fastcgi-php.conf;
 #
 # # With php-fpm (or other unix sockets):
 # fastcgi_pass unix:/run/php/php7.3-fpm.sock;
 # # With php-cgi (or other tcp sockets):
 # fastcgi_pass 127.0.0.1:9000;
 #}

 # deny access to .htaccess files, if Apache's document root
 # concurs with nginx's one
 #
 #location ~ /\.ht {
 # deny all;
 #}
}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}

However, diaspora via http://pod.non-mundane.org is 502 Bad Gateway

upstream diaspora_server {
 server unix:/home/diaspora/diaspora/tmp/diaspora.sock;
}

server {
 listen 80;
 listen [::]:80;
 server_name pod.non-mundane.org;
 return 301 https://pod.non-mundane.org$request_uri;

 access_log /dev/null;
 error_log /dev/null;
}

server {
 listen 443 ssl http2;
 listen [::]:443 ssl http2;
 server_name pod.non-mundane.org;

 access_log /var/log/nginx/dspr-access.log;
 error_log /var/log/nginx/dspr-error.log;

 ssl_certificate /etc/letsencrypt/live/pod.non-mundane.org/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/pod.non-mundane.org/privkey.pem;

 ssl_protocols TLSv1.2;
 ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;
 ssl_ecdh_curve X25519:P-521:P-384:P-256;
 ssl_prefer_server_ciphers on;
 ssl_session_cache shared:SSL:10m;

 root /home/diaspora/diaspora/public;

 client_max_body_size 5M;
 client_body_buffer_size 256K;

 try_files $uri @diaspora;

 location /assets/ {
 expires max;
 add_header Cache-Control public;
 }
 location @diaspora {
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Forwarded-Proto https;
 proxy_set_header Host $http_host;
 proxy_redirect off;
 proxy_pass http://diaspora_server;
 }
}


--
MJ

Perhaps there were some small ommision in the HOWTO and Iam nu aware of things, as I can 
use hand tools and weld etc, but programming is a higher challenge.

This is first test run on an ITX system.     On Sunday, 29 November 2020, 13:19:45 GMT, John Winters via GLLUG <gllug at mailman.lug.org.uk> wrote:  
 
 On 29/11/2020 13:13, MJ wrote:
> Thank you John. I am humbled. I purposely did not include all info.
> domain:
> pod.non-mundane.org
> IP serving it:
> 209.93.50.226

Please keep the conversation on the list.

Interesting effect.  As you say, accessing the IP address gives the 
default Nginx page whilst going for the domain name gives a 502 error 
generated by Nginx.

john at knight:~$ host pod.non-mundane.org
pod.non-mundane.org has address 209.93.50.226
john at knight:~$

The two match, so there must be some host-name specific configuration in 
your Nginx setup.

Let's see the contents of any files which you have put (or put symbolic 
links to) in /etc/nginx/sites-enabled/.

John

-- 
Xronos Scheduler - https://xronos.uk/
All your school's schedule information in one place.
Timetable, activities, homework, public events - the lot
Live demo at https://schedulerdemo.xronos.uk/

-- 
GLLUG mailing list
GLLUG at mailman.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/gllug  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20201129/50cbd80a/attachment-0001.html>

More information about the GLLUG mailing list