Category Archives: Nginx

Problems with /etc/cron.d/certbot on Debian

If you are using certbot (Let’s Encrypt) with Nginx on Debian Buster you may have encountered problems in auto-renewal of your certificates. This may be because the /etc/cron.d/certbot didn’t actually execute, ore information can be read here: https://community.letsencrypt.org/t/cerbot-cron-job/23895/5 It looks like that if the directory /run/systemd/system/ exists it won’t execute the renew command, because you […]

Count and sort IP addresses in Nginx access logs

You can count and sort IP addresses in Nginx access logs: cat access.log | awk ‘{print $1}’ | sort | uniq -c | sort -nrcat access.log | awk ‘{print $1}’ | sort | uniq -c | sort -nr Below there is an example output: 612 216.X.X.X 251 54.X.X.X 238 18.X.X.X 147 178.X.X.X 138 106.X.X.X 78 […]

Nginx Redirect From a Website to Another Website

This Nginx config can redirect your website to another website: server { listen 80; server_name website.com www.website.com; access_log /var/www/website.com/logs/access.log main; error_log /var/www/website.com/logs/error.log warn; root /var/www/website.com/htpdocs; index index.html index.htm index.php;   return 301 http://www.newsite.com$request_uri; }server { listen 80; server_name website.com www.website.com; access_log /var/www/website.com/logs/access.log main; error_log /var/www/website.com/logs/error.log warn; root /var/www/website.com/htpdocs; index index.html index.htm index.php; return 301 http://www.newsite.com$request_uri; […]

Allow User to Run Sudo Command without Password

You can edit /etc/sudoers file and add a line like this: carlo ALL=(ALL) NOPASSWD: /usr/bin/programcarlo ALL=(ALL) NOPASSWD: /usr/bin/program So when user carlo runs “sudo /usr/bin/program” he’ll not need to enter the password. Useful to allow an user to run specific programs with sudo without password.

Fix Nginx 400 Bad Request: The SSL certificate error

I have a website where I am using Nginx + SSL by Lets Encrypt and some users reported continuous “400 Bad Request” errors. I digged the event and looks like this trick fixed the issue: Add this to your Nginx vhost config file inside server {} section: error_page 497 https://$host$request_uri;error_page 497 https://$host$request_uri; Reference: https://stackoverflow.com/a/55029648 https://stackoverflow.com/a/14241127

Redirect 404 Errors to Homepage with Nginx

You can redirect 404 errors to homepage with Nginx. To do so, just add this inside server {}: # Redirect 404 errors to homepage error_page 404 = @myownredirect; # My custom 302 redirect to homepage location @myownredirect { return 302 /; }# Redirect 404 errors to homepage error_page 404 = @myownredirect; # My custom 302 […]

Nginx HTTP to HTTPS and non-www to www behind Google Load Balancer

First create two forwarding rules on Google Load Balancer (frontend): – One for HTTPS (port 443) traffic – One for HTTP (port 80) traffic Then make sure both rules use the same static IP address. Now on the Compute Engine backend, edit the Nginx config file: server { listen 80; server_name localhost; access_log /var/www/nginx/logs/access.log main; […]

Restarting nginx: [emerg]: directive “rewrite” is not terminated by “;”

If you get this erro message when restarting Nginx: Restarting nginx: [emerg]: directive "rewrite" is not terminated by ";"Restarting nginx: [emerg]: directive "rewrite" is not terminated by ";" Make sure to read the docs for http://wiki.nginx.org/HttpRewriteModule#rewrite Note: for curly braces( { and } ), as they are used both in regexes and for block control, […]

Content-Security-Policy-Report-Only

This is a quick post about Content-Security-Policy-Report-Only: Content-Security-Policy-Report-Only: default-src https: data: blob: ‘unsafe-inline’ ‘unsafe-eval’; report-uri /_cspContent-Security-Policy-Report-Only: default-src https: data: blob: ‘unsafe-inline’ ‘unsafe-eval’; report-uri /_csp Taken from HTTP headers of https://vimeo.com To implement it with Nginx use add_header like this: add_header Content-Security-Policy-Report-Only "default-src https: data: blob: ‘unsafe-inline’ ‘unsafe-eval’; report-uri /_csp";add_header Content-Security-Policy-Report-Only "default-src https: data: blob: ‘unsafe-inline’ […]

Rotate Nginx vHosts Log Files Every 1 Year

Set logrotate to keep 1 year (365 days) of log files: sed -i ‘s/rotate 52/rotate 365/’ /etc/logrotate.d/nginxsed -i ‘s/rotate 52/rotate 365/’ /etc/logrotate.d/nginx