Our current "non-www to www" code at nginx.conf
is below. While it seemed to work, now we noticed it's causing errors.
Please don't mark as duplicated. Similar cases are old and seems not to work anymore. Thank you.
When our nginx was created, user typed "example.com" and would be correctly served with "https://www.example.com", so our initial nginx.conf
worked. But then Chrome (~2021) adopted default "https" and we didn't noticed that users were receiving a SSL error by being served with "https://example.com" while SSL is generated to "www" domain.
Recently we discovered this and updated nginx.conf
as below. We didnt't find a suitable way to change from "https://example.com" to "https://www.example.com" without issuing SSL cert to "example.com".
Recently it was noted on WordPress some slowness to acces some pages, including wp-admin
pages. The memory_limit
was increased but didn't changed this behavior. Then we noticed issues
at "Tools > Site Health": The REST API encountered an error
and Your site could not complete a loopback request
. We then digged into this and found that while WordPress has "URL = IP" (before published) no issues are shown; when it's changed to "URL = www.example.com" those issues arise.
Seems to me that the root cause is at nginx.conf
and we would like some suggestions.
# Moves to HTTPS and serve certbot certificates
server {
listen 80;
server_name example.com www.example.com app.example.com;
location ~ /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
# Includes www
server {
listen 443 ssl;
server_name example.com;
error_log /var/log/nginx/example.com.error.log;
access_log /var/log/nginx/example.com.access.log;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_dhparam /etc/letsencrypt/dhparams.pem;
return 301 https://www.example.com$request_uri;
}
# WordPress site
server {
listen 443 ssl;
server_name www.example.com;
error_log /var/log/nginx/www.example.com.error.log;
access_log /var/log/nginx/www.example.com.access.log;
ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;
ssl_dhparam /etc/letsencrypt/dhparams.pem;
location ^~ / {
proxy_pass http://10.0.0.131:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 443 ssl;
server_name app.example.com;
error_log /var/log/nginx/app.example.com.error.log;
access_log /var/log/nginx/app.example.com.access.log;
ssl_certificate /etc/letsencrypt/live/app.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/app.example.com/privkey.pem;
ssl_dhparam /etc/letsencrypt/dhparams.pem;
location ^~ / {
proxy_pass http://10.0.0.160:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
error_page 400 401 402 403 404 500 502 503 504 =200 /error/unavailable.html;
location = /error/unavailable.html {
internal;
alias /etc/nginx/html/error/;
try_files /unavailable.html =404;
access_log /var/log/nginx/error.log;
}
}
UPDATE 1:
Error #1:
When testing the REST API, an error was encountered:
REST API Endpoint: https://www.example.com/index.php?rest_route=%2Fwp%2Fv2%2Ftypes%2Fpost&context=edit
REST API Response: (http_request_failed) cURL error 28: Connection timed out after 10000 milliseconds
Error #2:
The loopback request to your site failed, this means features relying on them are not currently working as expected. Error: cURL error 28: connection timed out after 10001 milliseconds (http_request_failed)
UPDATE 2:
Layout: there is a proxmox server (10.0.0.3) behind a firewall appliance (10.0.0.1). At proxmox there are 2 containers: nginx (10.0.0.125) and wordpress (10.0.0.131). The "app server" (10.0.0.160) runs at another machine.
Firewall: disabled at proxmox ("pve-firewall stop" at cluster level); disabled ufw at containers; disabled "wordfence" at wordpress.
Regarding "connection refused", the firewall appliance log doesn't show any block. I guess that since this was an attempt to connect between two devices under the same interface, in this case the firewall appliance doesn't interfere. At "wordfence" within container, I saw no records with "wp-json" (which is part of the http request).
nginx container (10.0.0.125) "/etc/hostname": nginx
nginx container (10.0.0.125) "/etc/hosts":
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
# --- BEGIN PVE ---
10.0.0.125 nginx.local nginx
# --- END PVE ---
wordpress container (10.0.0.131) "/etc/hostname": example
wordpress container (10.0.0.131) "/etc/hosts":
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
# --- BEGIN PVE ---
10.0.0.131 example.com example
# --- END PVE ---
Ping: both nginx and wordpress container can ping proxmox (10.0.0.3), firewall interface (10.0.0.1), google.com, and each other.