Nginx and setup sub domain websites.

[Joveice]

Hi, So I'm trying to setup more websites on my server. Right now I got the folder structure like this

../www/html

../www/beta

And when going to www.mydomain.com it goes to ../www/html. when going to beta.mydomain.com I want it to go to ../www/beta. How do I do this?

I dident find any good how to on this so thats why I'm asking here.

 

Many of the reasons why I probably dident find a good how to was becaouse I don't really know the simple like, do I need to specify diffrent port or do they work with same ports (I know normaly programs need a port alone)

 

So if you could help I would be really happy, an explanation is more welcome than a simple here is the code

 

www.mydomain.com - ../www/html

beta.mydomain.com - ../www/beta

[SaladFingers]

In your DNS settings for mydomain.com, you should create a CNAME record to function as an alias. For example:

NAME                   TYPE   VALUE
-----------------------------------------------
mydomain.com           A      127.0.0.0
www                    CNAME  mydomain.com
beta.mydomain.com      CNAME  mydomain.com/beta

 

With the above entries, you are assigning your root domain name to a certain IP, pointing "www" to go to root, and aliasing "beta" to go to a specific path.

 

If you don't like "mydomain.com/beta" showing up, you might need to fiddle with .htaccess settings.

 

I hope I'm not too rusty on the subject and that the above information is correct. But you can try it out and see yourself

[Joveice]

9 minutes ago, SaladFingers said:

In your DNS settings for mydomain.com, you should create a CNAME record to function as an alias. For example:

NAME                   TYPE   VALUE
-----------------------------------------------
mydomain.com           A      127.0.0.0
www                    CNAME  mydomain.com
beta.mydomain.com      CNAME  mydomain.com/beta

 

With the above entries, you are assigning your root domain name to a certain IP, pointing "www" to go to root, and aliasing "beta" to go to a specific path.

 

If you don't like "mydomain.com/beta" showing up, you might need to fiddle with .htaccess settings.

 

I hope I'm not too rusty on the subject and that the above information is correct. But you can try it out and see yourself

Well yes this works, but it wasent what I ment, I want beta.mydomain.com to be in it's own root dir. so it's pure nginx configuration needed, I just don't know how to do it.

[SaladFingers]

1 minute ago, Joveice said:

Well yes this works, but it wasent what I ment, I want beta.mydomain.com to be in it's own root dir. so it's pure nginx configuration needed, I just don't know how to do it.

Oh I see what you're talking about, I'm sorry for the confusion.

 

I'm not very experienced with nginx, but I bet this is by design. The "html" folder I think should be the root for everything related to the web front, while other folders are for scripts etc. So maybe you could create a sub folder for your root domain, like "html/main". It's the same case in apache, where you have the "htdocs" folder and everything goes in there. Or you could simple leave your main "index" kind of files under the root of the "html" folder and only create sub folders for the rest.

[Joveice]

4 minutes ago, SaladFingers said:

Oh I see what you're talking about, I'm sorry for the confusion.

 

I'm not very experienced with nginx, but I bet this is by design. The "html" folder I think should be the root for everything related to the web front, while other folders are for scripts etc. So maybe you could create a sub folder for your root domain, like "html/main". It's the same case in apache, where you have the "htdocs" folder and everything goes in there. Or you could simple leave your main "index" kind of files under the root of the "html" folder and only create sub folders for the rest.

You can choose what ever folder to be  as default its named html. but I'm gonna change them for the start so etc www for main page, beta for test page, and etc admin for admin only

[SaladFingers]

4 minutes ago, Joveice said:

You can choose what ever folder to be  as default its named html. but I'm gonna change them for the start so etc www for main page, beta for test page, and etc admin for admin only

I see.. Well then I'm sorry I can't be of any help You probably need to mess with the server config file itself, like the part that it's coded to listen for requests on port 80/443 and redirect them internally. But at this point any of my advice would be vague at best.

[Eniqmatic]

You need to create a "vhost" for each domain you want. You do this by adding files in the "/etc/nginx/sites-available" folder. You also then need to create a symlink to it in the "/etc/nginx/sites-enabled" folder. There is an example and default one already in the sites-available folder so copy that, and make the required adjustments.

[Joveice]

26 minutes ago, Eniqmatic said:

You need to create a "vhost" for each domain you want. You do this by adding files in the "/etc/nginx/sites-available" folder. You also then need to create a symlink to it in the "/etc/nginx/sites-enabled" folder. There is an example and default one already in the sites-available folder so copy that, and make the required adjustments.

Yea I tryed this but beta.mydomain.com still opens www/html, tho I have port 80 in both if thats the issue, and www/html also got a ssl entry on port 443

[Eniqmatic]

 

1 minute ago, Joveice said:

Yea I tryed this but beta.mydomain.com still opens www/html, tho I have port 80 in both if thats the issue, and www/html also got a ssl entry on port 443

Did you edit the file appropriately and make the required adjustments to point to the correct path you want?

[Joveice]

1 hour ago, Eniqmatic said:

 

Did you edit the file appropriately and make the required adjustments to point to the correct path you want?

Yes, I tryed to change the path of the main file to the same just to check, and that worked fine, but for the beta one it dident work.

[Eniqmatic]

Did you change the server name? The site won't respond if it doesn't receive a request on the right domain name, but the server has a default server that it will point connections to if doesn't receive a hit on the correct domain. You need to add a "server_name" directive which will have your domain name in it.

 

If in doubt, post you config file for that site.

[Joveice]

2 hours ago, Eniqmatic said:

Did you change the server name? The site won't respond if it doesn't receive a request on the right domain name, but the server has a default server that it will point connections to if doesn't receive a hit on the correct domain. You need to add a "server_name" directive which will have your domain name in it.

 

If in doubt, post you config file for that site.

Both got a server_name, one got beta.mydomain.com and the other got www.mydomain.com

[Cruorzy]

I've had a great amount of problems with redirecting on nginx, make sure to restart nginx when you make a change. It would be helpful if you posted the sites-available .conf files

[Joveice]

34 minutes ago, Cruorzy said:

I've had a great amount of problems with redirecting on nginx, make sure to restart nginx when you make a change. It would be helpful if you posted the sites-available .conf files

server {
    listen 80;
    server_name  www.mydomain.com;
   location /.well-known/acme-challenge {
     default_type "text/plain";
     root /var/www/certbot;
   }
  #Forces all other requests to HTTPS
  location / {
     return      301 https://$host$request_uri;
  }

}

server {
    listen 80;

    root /usr/share/nginx/beta;
    index index.html index.htm;

    server_name beta.mydomain.com;

    location / {
        try_files $uri.html $uri $uri/ =404;
    }
}


server {
  listen 443 ssl http2;
  server_name www.mydomain.com;
  #ssl config
  #ssl config end
  root /usr/share/nginx/html;
  index index.html index.php;



  location / {
    try_files $uri $uri/ $uri.html @rewrite;
  }

  location @rewrite {
    rewrite ^ $uri.php last;
    try_files $uri =404;
  }

  location ~ \.php$ {
    fastcgi_split_path_info ^(.+?\.php)(/.+)$;
    fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
    include fastcgi.conf;
    try_files $uri =404;
  }

  rewrite ^(/.*)\.html(\?.*)?$ $1$2 permanent;
  #rewrite ^/(.*)/$ /$1 permanent;

  error_page 404 /error/404.php;
  location =/error/404.html {
    internal;
  }
  error_page 500 502 503 504 /error/40x.php;
  location =/error/40x.html {
    internal;
  }

}

This is the config that I tryed to make with some of the how to that I found, this works for the www.mydomain.com but not for beta.mydomain.com

 

I changed my domain to mydomain.com in the config.

[Joveice]

For some reason I managed to fix it now, Not sure what I did tho.

[Cruorzy]

Glad you fixed it just got home so couldnt take a look at it.

 

The thing i had was exactly the same after doing the configs a few time over again i fixed it.

Start minimal with a simple 2 server then add your rewrite rules etc etc.

 

I did see you using Letsencrypt, make sure to have a good rating by testing it here https://www.ssllabs.com/ssltest/

[Joveice]

7 minutes ago, Cruorzy said:

Glad you fixed it just got home so couldnt take a look at it.

 

The thing i had was exactly the same after doing the configs a few time over again i fixed it.

Start minimal with a simple 2 server then add your rewrite rules etc etc.

 

I did see you using Letsencrypt, make sure to have a good rating by testing it here https://www.ssllabs.com/ssltest/

This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B.

Rest was close to 100%, tho this was just to test out ssl (some stuff required ssl for them to work). But when I start using my site for what I'm building it for I'm gonna buy a SSL certificate.

[Cruorzy]

Letsencrypt is more then enough, would recommend using a 302 redirect instead of a 301. You might have some issues with having a normal HTTP session when you fuck up ur certificate lols. You got to clear you browser cache and pray it will remove the permanent 301 redirect.

 

Add these rules instead of the ones you have, and you will have a A+ overall rating

 

		ssl_certificate /etc/letsencrypt/certs/fullchain1.pem;
        ssl_certificate_key /etc/letsencrypt/certs/privkey1.pem;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_dhparam /etc/letsencrypt/dhparam.pem;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_stapling on;
        ssl_stapling_verify on;
        add_header Strict-Transport-Security max-age=15768000;

 

If you building your website in PHP (server side) i would recommend focus on that alot before putting something major online.

[Joveice]

2 minutes ago, Cruorzy said:

Letsencrypt is more then enough, would recommend using a 302 redirect instead of a 301. You might have some issues with having a normal HTTP session when you fuck up ur certificate lols. You got to clear you browser cache and pray it will remove the permanent 301 redirect.

 

Add these rules instead of the ones you have, and you will have a A+ overall rating

 

		ssl_certificate /etc/letsencrypt/certs/fullchain1.pem;
        ssl_certificate_key /etc/letsencrypt/certs/privkey1.pem;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_dhparam /etc/letsencrypt/dhparam.pem;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_stapling on;
        ssl_stapling_verify on;
        add_header Strict-Transport-Security max-age=15768000;

 

If you building your website in PHP (server side) i would recommend focus on that alot before putting something major online.

Focus on what alot?  Since yes I do it in php. And thanks!

[Cruorzy]

By standard PHP isnt a safe language like probably many others. I'm just pointing this out since i dont know what you know and what you dont.

 

You have to carefully threat anything that the user can interact with. 

This is a post i created in an other Topic, would suggest you read it a bit and make sure you understand the things i listed in the bulleted list.

And how you protect yourself from these, HTTPS is a great start but it aint going to help if you did not think about these points.

 

 

Watch the videos i find them entertaining and informative, maybe you do too

[Joveice]

3 minutes ago, Cruorzy said:

By standard PHP isnt a safe language like probably many others. I'm just pointing this out since i dont know what you know and what you dont.

 

You have to carefully threat anything that the user can interact with. 

This is a post i created in an other Topic, would suggest you read it a bit and make sure you understand the things i listed in the bulleted list.

And how you protect yourself from these, HTTPS is a great start but it aint going to help if you did not think about these points.

 

 

Watch the videos i find them entertaining and informative, maybe you do too

O right, well yea I have used some time to look on this, and by now I'm using prepared statmens for every database connection that is done, and I confirm every input the user can do / make sure it's only text and not html when displayed.

[Cruorzy]

Then you basicly got most of the points done there, take a look into Cross Site Request Forgery and making a Anti CSRF token for each form you having.

Password hasing should be done properly. And dont forget its not always in the code, checking the config files of both your webserver and PHP is important.

[Joveice]

3 minutes ago, Cruorzy said:

Then you basicly got most of the points done there, take a look into Cross Site Request Forgery and making a Anti CSRF token for each form you having.

Password hasing should be done properly. And dont forget its not always in the code, checking the config files of both your webserver and PHP is important.

I will take a note of this, Thanks for some extra information!

[Cruorzy]

No problemo, once your sick of the probably crappy procedural and find a way into OOP i would consider something like Laravel a PHP framework

But safe that for just a bit later.

[Joveice]

2 minutes ago, Cruorzy said:

No problemo, once your sick of the probably crappy procedural and find a way into OOP i would consider something like Laravel a PHP framework

But safe that for just a bit later.

Well yea I'm in the basic stage of php and are just trying to create something that works where I use alot of stuff. My problem is that there isent any school before a few years that offer any kind of programming