Nginx server blocks not redirecting

Question

I am working on a project at https://modernamedia.no/ and I am trying to do a multiple of things

redirect all calls to www.modernamedia.no to https://modernamedia.no/
proxypass localhost:5000 to api.modernamedia.no
redirect all http calls to https.

the last one is working. however, the first two are not working. You can test it yourself by going to https://www.modernamedia.no/

I am also struggling reaching my localhost through an API call, but that may be a code related problem.

https://stackoverflow.com/questions/71374284/angular-api-request-to-net-5-api-neterr-connection-refuse

conf.d

server {
    if ($host = www.modernamedia.no) {
        return 301 https://modernamedia.no$request_uri;
    } # managed by Certbot

    if ($host = modernamedia.no) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    # Redirect to the correct place, if needed
    set $https_redirect 0;
    if ($server_port = 80) { set $https_redirect 1; }
    if ($host ~ '^www\.') { set $https_redirect 1; }
    if ($https_redirect = 1) {
        return 301 https://modernamedia.no$request_uri;
    }

    listen 80;
    server_name modernamedia.no;
    return 404; # managed by Certbot
}


server {
    listen [::]:443 ssl http2 ipv6only=on;
    listen 443 ssl http2; # managed by Certbot
    server_name modernamedia.no;
    location / {
        proxy_pass http://localhost:4000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
    ssl_certificate /etc/letsencrypt/live/modernamedia.no/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/modernamedia.no/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    # ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}


server {
    listen   80;
    server_name  www.modernamedia.no;

    return 301 https://modernamedia.no$request_uri;
}

server {
    listen        81;
    server_name   api.modernamedia.no;
    root /var/www/ModernaMedia/DotNet;
    location / {
        proxy_pass         http://localhost:5000;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }
}

sites-available/default

server {
    listen        81;
    server_name   api.modernamedia.no;
    root /var/www/ModernaMedia/DotNet;
    location / {
        proxy_pass         http://localhost:5000;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }
}

modernamedia.service

[Unit]
Description=ModernaMedia Net5 service
[Service]
WorkingDirectory=/var/www/ModernaMedia/DotNet
ExecStart=/usr/bin/dotnet /var/www/ModernaMedia/DotNet/ModernaMediaDotNet.dll
Restart=always
# Restart service after 10 seconds if the dotnet service crashes:
RestartSec=10
KillSignal=SIGINT
SyslogIdentifier=ModernaMedia-dotnet
User=www-data
Environment=ASPNETCORE_ENVIRONMENT=Production
Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false
[Install]
WantedBy=multi-user.target

And i can reach my .NET server through curl

score 1 · Accepted Answer · answered Mar 06 '22 at 22:55

You should make sure Certbot does not touch your nginx configuration files. It uses a problematic and fragile approach to configure things.

Use the following approach instead:

# Redirect HTTP requests to HTTPS
server {
    listen 80;
    server_name modernamedia.no www.modernamedia.no;

    # Allow serving of Letsencrypt HTTP auth challenges

    location /.well-known {
        try_files $uri $uri/ =404;
    }

    # Do redirect to https
    location / {
        return 301 https://modernamedia.no$request_uri;
    }
}

# Redirect https://www.modernamedia.no to https://modernamedia.no
server {
    listen 443 ssl http2;
    server_name www.modernamedia.no;

    ssl_certificate /path/to/ssl_cert;
    ssl_certificate_key /path/to/ssl_key;

    return 301 https://modernamedia.no$request_uri;
}

# https://modernamedia.no
server {
    listen 443 ssl http2;
    server_name modernamedia.no;

    ssl_certificate /path/to/ssl_cert;
    ssl_certificate_key /path/to/ssl_key;

    # Actual web site configuration here
}

Thank you! I dont know what the issue was, but your config definitely worked! — Stanley, Mar 07 '22 at 08:18
The api.modernamedia.no still does not work for redirecting the .net backend — Stanley, Mar 07 '22 at 08:32
Please open a new question on the dot.net application, with clear explanation what "does not work" exactly means. — Tero Kilkanen, Mar 07 '22 at 21:19

Nginx server blocks not redirecting

conf.d

sites-available/default

modernamedia.service

1 Answers1