Bonjour a tous,
Me revoila avec un petit souccis de conf NGINX. je vais essayer d'etre claire:
aujourd'hui j'ai 4 site sur mon sereur:
postfixadmin.whita.net
mail.whita.net
torrentddl.whita.net
mail.hypnoilm.fr
tous ces site doivent fonctionner en HTTPS. Ils le font tous sauf 1 torrentddl.whita.net.
lorsque que j'essaye de m'y connecter, je suis bloqué car mon navigateur récupère le certification de mail.whita.net. Du coup problème de sécurité et site innaccessible...
Je vous met mes conf si cela peut vous aider:
more /etc/nginx/conf.d/postfixadmin.conf
server {
server_name postfixadmin.whita.net;
root /usr/share/postfixadmin/public/;
index index.php index.html;
access_log /var/log/nginx/postfixadmin_access.log;
error_log /var/log/nginx/postfixadmin_error.log;
location / {
try_files $uri $uri/ /index.php;
}
location ~ ^/(.+\.php)$ {
try_files $uri =404;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/postfixadmin.whita.net/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/postfixadmin.whita.net/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/postfixadmin.whita.net/chain.pem; # managed by Certbot
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
}
server {
if ($host = postfixadmin.whita.net) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name postfixadmin.whita.net;
root /usr/share/postfixadmin/public/;
index index.php index.html;
access_log /var/log/nginx/postfixadmin_access.log;
error_log /var/log/nginx/postfixadmin_error.log;
location / {
try_files $uri $uri/ /index.php;
}
location ~ ^/(.+\.php)$ {
try_files $uri =404;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
}
more /etc/nginx/conf.d/mail.whita.net.conf
server {
server_name mail.whita.net;
root /var/www/roundcube/;
index index.php index.html index.htm;
error_log /var/log/nginx/roundcube.error;
access_log /var/log/nginx/roundcube.access;
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /.well-known/acme-challenge {
allow all;
}
location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
deny all;
}
location ~ ^/(bin|SQL)/ {
deny all;
}
# A long browser cache lifetime can speed up repeat visits to your page
location ~* \.(jpg|jpeg|gif|png|webp|svg|woff|woff2|ttf|css|js|ico|xml)$ {
access_log off;
log_not_found off;
expires 360d;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mail.whita.net/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mail.whita.net/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/mail.whita.net/chain.pem; # managed by Certbot
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
}
server {
if ($host = mail.whita.net) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name mail.whita.net;
root /var/www/roundcube/;
index index.php index.html index.htm;
error_log /var/log/nginx/roundcube.error;
access_log /var/log/nginx/roundcube.access;
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /.well-known/acme-challenge {
allow all;
}
location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
deny all;
}
location ~ ^/(bin|SQL)/ {
deny all;
}
# A long browser cache lifetime can speed up repeat visits to your page
location ~* \.(jpg|jpeg|gif|png|webp|svg|woff|woff2|ttf|css|js|ico|xml)$ {
access_log off;
log_not_found off;
expires 360d;
}
}
more /etc/nginx/conf.d/torrentddl.whita.net.conf
upstream transmission {
server 127.0.0.1:9091;
}
server {
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
allow all;
#root /var/www/letsencrypt;
root /var/www/html;
}
server_name torrentddl.whita.net;
access_log /var/log/nginx/transmission-access.log;
error_log /var/log/nginx/transmission-error.log;
location /transmission/ {
proxy_read_timeout 300;
proxy_pass_header X-Transmission-Session-Id;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# if you changed the port number for transmission daemon, then adjust the
# folllowing line
proxy_pass http://127.0.0.1:9091/transmission/web/;
}
# Also Transmission specific
location /rpc {
proxy_pass http://127.0.0.1:9091/transmission/rpc;
}
#TRANSMISSION TORRENT WEB CLIENT SETUP END
location /upload {
proxy_pass http://127.0.0.1:9091/transmission/upload;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/torrentddl.whita.net/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/torrentddl.whita.net/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = torrentddl.whita.net) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name torrentddl.whita.net;
return 404; # managed by Certbot
}
more /etc/nginx/conf.d/mail.hypnolim.fr
server {
listen 80;
server_name mail.hypnolim.fr;
root /var/www/roundcube/;
index index.php index.html index.htm;
error_log /var/log/nginx/mail.hypnolim.fr.error;
access_log /var/log/nginx/mail.hypnolim.fr.access;
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /.well-known/acme-challenge {
allow all;
}
location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
deny all;
}
location ~ ^/(bin|SQL)/ {
deny all;
}
# A long browser cache lifetime can speed up repeat visits to your page
location ~* \.(jpg|jpeg|gif|png|webp|svg|woff|woff2|ttf|css|js|ico|xml)$ {
access_log off;
log_not_found off;
expires 360d;
}
}
more /etc/nginx/sites-enabled/whita.net.conf
server {
listen 80;
listen [::]:80;
root /var/www/whita.net;
index index.html index.htm;
server_name whita.net;
location / {
try_files $uri $uri/ =404;
}
}
nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Je vous ait mis tous les fichiers de configurations de mes virtual-host. j'arrive pas a comprendre ce qui le gène. Si vous avez des idées je suis prenneur...
Merci par avance,
BBO