0

I installed Let's Encrypt on my VPS. Before this, page normally work but after - domain showing "Welcome to nginx" page.
I edited only default by adding declarations for SSL

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    # listen 443;

    root /var/www/html/public;
    index index.php index.html index.htm;

    server_name example.com;

    location / {
        try_files $uri $uri/ =404;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    }

    location ~ /\.ht {
        deny all;
    }

    location ~ /.well-known {
        allow all;
    }


    return 301 https://$server_name$request_uri;
}

server {
    # SSL configuration

    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    include snippets/ssl-vrs-factory.net.conf;
    include snippets/ssl-params.conf;
}

What is bad? Nginx was restarted.

Damian
  • 113
  • 2
  • 6
  • When you install Nginx the welcome page will display until you configure it to display something else. It's unclear what your problem is. Nginx will display whatever is in "/var/www/html/public". Please edit your question to more clearly state your problem. – Tim Feb 17 '17 at 19:02
  • This vhost looks garbled: except for the `return 301`-part I would have expected nothing in the http server but everything (php, locations, etc) within the https server section. What is in those included files? – Phillip -Zyan K Lee- Stockmann Feb 17 '17 at 19:15
  • You haven't got any `root`, or `location` or `try_files` or anything! There is nothing nginx can do but to serve the default page. – Michael Hampton Feb 17 '17 at 23:44

2 Answers2

1

If you use two different server block you'd have to configure both.

You could use only one server block, like this if you want your config (root dir, etc) to be the same for both http & https:

server {
    listen 80;
    listen 443 default_server ssl; // example, set it up as you like.

    # config }

I invite you to check the official doc

Jack Willis
  • 36
  • 3
1

Even better and what you were probably trying to do in the first place based on the return 301 line: now that you have a working certificate, you could configure your existing server block for TLS and create a new server block that redirects HTTP to HTTPS:

server {
    listen 80;
    server_name example.com;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    include snippets/ssl-vrs-factory.net.conf;
    include snippets/ssl-params.conf;

    server_name example.com;

    # Added this to prevent man in the middle attacks
    add_header Strict-Transport-Security "max-age=31536000"; 

    root /var/www/html/public;
    index index.php index.html index.htm;

    location / {
        try_files $uri $uri/ =404;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    }

    location ~ /\.ht {
        deny all;
    }

    location ~ /.well-known {
        allow all;
    }
}

For why I'd suggest using the return 301 redirect and adding the Strict-Transport-Security header, read more about the good reasons to enforce TLS: otherwise the browsers won't know you have TLS configured, mixed content may cause problems etc.

Community
  • 1
Esa Jokinen
  • 43,252
  • 2
  • 75
  • 122