You are not logged in.
Hi all,
I'm trying to get Nginx to work as a web server with a couple of virtual hosts. I have a Nextcloud instance working on a cloud.... subdomain via Nginx and this is working just fine - no errors. I also had a vhost for a simple non-SSL HTTP server on port 80, and this served pages just fine. However as soon as SSL is enabled, the server simply errors with a 404 whenever trying to access it. If relevant, I have the regular web server sitting behind a Cloudflare proxy but the cloud... one is not.
Most peculiarly, no errors output to any log files. Access logs just show "IP.IP.IP.IP - - [06/Dec/2024:14:09:14 +0000] "GET / HTTP/1.1" 404 153 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0"" without any errors. Errors log files show nothing.
Things I have tried:
* Ensuring permissions are correct on the PHP socket (all fine, doesn't seem relevant)
* Ensuring permissions are correct on my web dir (all fine)
* Enabling php basedir to allow access to my web dir (all fine)
* Using Cloudflare's provided SSL certs rather than Certbot/Let's Encrypt (didn't work)
* Downloading and installing certbot-dns-cloudflare and renewing the SSL certs but with reference to a Cloudflare API key (didn't work)
* Disabling the Cloudflare proxy totally (didn't work, also not really something I want as this would expose my home IP)
Any thoughts welcome! Relevant section of the nginx config file is below.
server {
server_name [my domain name];
root /storage/web/main;
listen 443 ssl default_server;
ssl_certificate /etc/nginx/cloudflare.cert;
ssl_certificate_key /etc/nginx/cloudflare.cert.pem;
location / {
index index.html index.htm index.php;
}
location ~ \.php$ {
# 404
try_files $fastcgi_script_name =404;
# default fastcgi_params
include fastcgi_params;
# fastcgi settings
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
# fastcgi params
fastcgi_param DOCUMENT_ROOT $realpath_root;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
#fastcgi_param PHP_ADMIN_VALUE "open_basedir=$base/:/usr/lib/php/:/tmp/";
}
}Last edited by DestroyedLife (2024-12-06 14:18:44)
Offline
Please excuse me, I've answered my own question here...
For the benefit of anyone Googling and stumped (because I *hate* people who say they solved an issue and don't say what the solution was.....) I enabled HTTP2 in the Nginx config and then set the SSL mode on the Cloudflare side to "Full (strict)".
On doing *that* it exposed a permissions error - while /storage/web/main had appropriate ACLs to allow the http user to access it, /storage and /storage/web did not. This was diagnosed by doing sudo -u http bash and then trying to cd to the directory. This was probably unrelated to the above issue but will probably also annoy you if you get this far...
Happily, it all now works!
Offline