Right now I have nginx working with 3 services: 1. My webpage on my.example.com/~ignacio, my Rstudio server on my.example.com/rstudio, and my Shiny sever on my.example.com/shiny.
This is my config file right now:
# Redirect all traffic from port 80 to SSL port
server {
listen 80;
return 301 https://$host$request_uri;
}
# Set reverse proxy to port 443
server {
listen 443 ssl;
server_name my.example.com;
ssl_certificate /etc/letsencrypt/live/my.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my.example.com/privkey.pem;
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY13$
ssl_prefer_server_ciphers on;
index index.php index.html index.htm;
# PHP in home directory
location ~ ^/~(.+?)(/.*\.php)(.*)$ {
alias /home/$1/public_html;
try_files $2 =404;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_intercept_errors on;
include fastcgi_params;
fastcgi_param SCRIPT_NAME /~$1$fastcgi_script_name;
}
# Home directories
location ~ ^/~(.+?)(/.*)?$ {
alias /home/$1/public_html$2;
}
location /shiny/ {
rewrite ^/shiny/(.*)$ /$1 break;
proxy_pass http://127.0.0.1:3838;
proxy_redirect http://127.0.0.1:3838/ https://$host/shiny/;
auth_basic "Username and Password are required";
auth_basic_user_file /etc/nginx/.htpasswd;
}
location /rstudio/ {
proxy_pass http://127.0.0.1:8787/;
}
}
Now I'm trying to install owncloud following this tutorial. I have to change my nginx config file to add owncloud on my.example.com/owncloud, but i'm not sure exactly how (and I would really rather not break what I have working now)
What should I have in my config file to have everything working?
This is what I have right now after trying to add owncloud:
upstream php-handler {
server unix:/run/php/php7.0-fpm.sock;
}
# Redirect all traffic from port 80 to SSL port
server {
listen 80;
return 301 https://$host$request_uri;
}
# Set reverse proxy to port 443
server {
listen 443 ssl;
server_name my.example.com;
ssl_certificate /etc/letsencrypt/live/my.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my.example.com/privkey.pem;
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Path to the root of your installation
root /var/www/owncloud/;
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
index index.php index.html index.htm;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
rewrite ^/.well-known/caldav /remote.php/dav/ permanent;
# PHP in home directory
location ~ ^/~(.+?)(/.*\.php)(.*)$ {
alias /home/$1/public_html;
try_files $2 =404;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_intercept_errors on;
include fastcgi_params;
fastcgi_param SCRIPT_NAME /~$1$fastcgi_script_name;
}
# Home directories
location ~ ^/~(.+?)(/.*)?$ {
alias /home/$1/public_html$2;
}
location /shiny/ {
rewrite ^/shiny/(.*)$ /$1 break;
proxy_pass http://127.0.0.1:3838;
proxy_redirect http://127.0.0.1:3838/ https://$host/;
auth_basic "Username and Password are required";
auth_basic_user_file /etc/nginx/.htpasswd;
}
location /rstudio/ {
proxy_pass http://127.0.0.1:8787/;
}
location /owncloud/ {
alias /var/www/owncloud/;
try_files $2 =404;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_intercept_errors on;
include fastcgi_params;
fastcgi_param SCRIPT_NAME /~$1$fastcgi_script_name;
}
}
Shiny, Rstudio, and /~ignacio are working. If i got to my.example.com the browser downloads a file, and /owncloud can’t be reached.
I also have a version that has Shiny, Rstudio and owncloud working, but /~ignacio does not work :(
upstream php-handler {
server unix:/run/php/php7.0-fpm.sock;
}
# Redirect all traffic from port 80 to SSL port
server {
listen 80;
return 301 https://$host$request_uri;
}
# Set reverse proxy to port 443
server {
listen 443 ssl;
server_name my.example.com;
ssl_certificate /etc/letsencrypt/live/my.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my.example.com/privkey.pem;
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Path to the root of your installation
root /var/www/;
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# ownCloud blacklist
location ~ ^/owncloud/(?:\.htaccess|data|config|db_structure\.xml|README) {
deny all;
error_page 403 = /owncloud/core/templates/403.php;
}
location / {
index index.php index.html;
}
location /owncloud/ {
error_page 403 = /owncloud/core/templates/403.php;
error_page 404 = /owncloud/core/templates/404.php;
rewrite ^/owncloud/caldav(.*)$ /remote.php/caldav$1 redirect;
rewrite ^/owncloud/carddav(.*)$ /remote.php/carddav$1 redirect;
rewrite ^/owncloud/webdav(.*)$ /remote.php/webdav$1 redirect;
rewrite ^(/owncloud/core/doc[^\/]+/)$ $1/index.html;
# The following rules are only needed with webfinger
rewrite ^/owncloud/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/owncloud/.well-known/host-meta.json /public.php?service=host-meta-json last;
rewrite ^/owncloud/.well-known/carddav /remote.php/carddav/ redirect;
rewrite ^/owncloud/.well-known/caldav /remote.php/caldav/ redirect;
try_files $uri $uri/ index.php;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_pass php-handler;
}
# Optional: set long EXPIRES header on static assets
location ~* ^/owncloud(/.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf))$ {
expires 30d;
access_log off; # Optional: Don't log access to assets
}
# Disable gzip to avoid the removal of the ETag header
gzip off;
index index.php index.html index.htm;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
rewrite ^/.well-known/caldav /remote.php/dav/ permanent;
# PHP in home directory
location ~ ^/~(.+?)(/.*\.php)(.*)$ {
alias /home/$1/public_html;
try_files $2 =404;
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_intercept_errors on;
include fastcgi_params;
fastcgi_param SCRIPT_NAME /~$1$fastcgi_script_name;
}
# Home directories
location ~ ^/~(.+?)(/.*)?$ {
alias /home/$1/public_html$2;
}
location /shiny/ {
rewrite ^/shiny/(.*)$ /$1 break;
proxy_pass http://127.0.0.1:3838;
proxy_redirect http://127.0.0.1:3838/ https://$host/;
auth_basic "Username and Password are required";
auth_basic_user_file /etc/nginx/.htpasswd;
}
location /rstudio/ {
proxy_pass http://127.0.0.1:8787/;
}
}
