I want to keep the ServerName and Port dynamicly on my rewrite: Lets say the Firewall redirect port 8081 to 80. So, if i access the webserver for example with "192.168.1.123/frontend" or "my.domain.tld:8081/frontend" i should be redirect to "192.168.1.123/frontend/" or "my.domain.tld:8081/frontend/"
If i use the normal redirect rewrite ^(.*[^/])$ $1/ permanent;
and i access with the port 8081 the port got removed.
(I already tried port_in_redirect off;
)
I use almost the default configuration:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name _;
rewrite ^(.*[^/])$ $1/ permanent;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
}
Thank you in anticipation!
SOLUTION: Thanks to the NGINX Mailing list! I fixed this problem with a rewrite rule:
if (-d $request_filename) {
rewrite [^/]$ $scheme://$http_host$uri/ permanent;
}
I finally found a solution to the problem you've well described. I made it work with URL rewriting, but it seemed a bit overkill.
So, for anyone having the same problem, it appears the cleanest solution would be to replace this :
proxy_set_header Host $host;
with this :
proxy_set_header Host $http_host;
With this setup, Nginx will keep the port in your redirections, no matter you firewall configuration.
Hope this helps. Cheers !
a good chunk of mine... about 1/3rd of the file... /etc/nginx/sites-enabled/Site.conf
might see some helpful stuff in here... everything works... my nginx is tuned up. my ssl gets 100% across the board too, and the ports i do expose have really long complicated ass passwords i had to write down to remember, or there's just dev and testing junk that can't do any harm. but still.. obscured so you can put your own darn values in.
####################################################
upstream dev {
server 127.0.0.1://port// weight=1 fail_timeout=300s;
keepalive 16;
}
####################################################
upstream l33t {
server 127.0.0.1://port// weight=1 fail_timeout=300s;
keepalive 16;
}
####################################################
upstream authserver {
server 127.0.0.1://PORT// weight=1 fail_timeout=300s;
keepalive 16;
}
#######################
# whereyougoing :80 #
#######################
#nowhere.. you're going.... nowhere...
######################
# - FORCE HTTPS - #
######################
server {
listen 80;
server_name YOURSITE.COM;
add_header Strict-Transport-Security max-age=2592000;
rewrite ^/.*$ https://YOURSITE.COM permanent;
}
server {
listen 80;
server_name www.YOURSITE.COM;
add_header Strict-Transport-Security max-age=2592000;
rewrite ^/.*$ https://www.YOURSITE.COM permanent;
}
server {
listen 80;
server_name auth.YOURSITE.COM;
add_header Strict-Transport-Security max-age=2592000;
rewrite ^/.*$ https://auth.YOURSITE.COM permanent;
}
server {
listen 80;
server_name its.YOURSITE.COM;
add_header Strict-Transport-Security max-age=2592000;
rewrite ^/.*$ https://its.YOURSITE.COM permanent;
}
######################################################
############# SSL SERVER starts here ###############
######################################################
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name YOURSITE.COM www.YOURSITE.COM auth.YOURSITE.COM its.YOURSITE.COM;
root /var/www/wordpress;
index index.php index.htm index.html;
access_log /var/log/nginx/rocketstack_ssl_access.log;
error_log /var/log/nginx/rocketstack_ssl_error.log;
#######################################
# Lock it down #
#######################################
# SSL certificate locations
ssl_certificate /etc/letsencrypt/live/YOURSITE.COM/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/YOURSITE.COM/privkey.pem;
# Exclusions
include snippets/exclusions.conf;
# Security
include snippets/security.conf;
include snippets/ssl.conf;
# Fastcgi cache rules
include snippets/fastcgi-cache.conf;
include snippets/limits.conf;
include snippets/nginx-cloudflare.conf;
############################################
# port-authority #
############################################
if (-d $request_filename) {
rewrite [^/]$ $scheme://$http_host$uri/ permanent;
}
############################################
# Locations #
############################################
location / {
try_files $uri $uri/ /index.php?$args;
}
location /FOO {
alias /var/www/devl;
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
autoindex on;
}
location /BAR {
proxy_set_header Origin http://$host;
proxy_set_header Host $http_host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
}
################# Fastphp accelleration #############
location ~ \.php$ {
try_files $uri =404;
include snippets/fastcgi-params.conf;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
# Skip cache based on rules in snippets/fastcgi-cache.conf.
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
# Define memory zone for caching.
fastcgi_cache rocketstack;
# Define caching time.
fastcgi_cache_valid 60m;
#increase timeouts
fastcgi_read_timeout 3000;
fastcgi_connect_timeout 3000;
fastcgi_send_timeout 3000;
proxy_read_timeout 3000;
proxy_connect_timeout 3000;
proxy_send_timeout 3000;
send_timeout 3000;
# Flexible SSL to be used So the server can talk non-ssl internally
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-NginX-Proxy true;
}
}
##############################################
########### Server ends here ###########
########### ###########
########### Call upstream starts ###########
########### ###########
##############################################
#######################
# auth-serve #
#######################
server {
listen 9001 ssl;
############# Lock it down ################
# SSL certificate locations
ssl_certificate /etc/letsencrypt/live/YOURSITE.COM/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/YOURSITE.COM/privkey.pem;
# Exclusions
include snippets/exclusions.conf;
# Security
include snippets/security.conf;
include snippets/ssl.conf;
# Fastcgi cache rules
include snippets/fastcgi-cache.conf;
include snippets/limits.conf;
include snippets/nginx-cloudflare.conf;
########### Send to Location upstream ##############
location /authserver {
proxy_redirect /* /$1;
proxy_pass http://authserver/;
proxy_set_header Origin $host;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With