Vesta Control Panel - Forum

Community Forum
https://forum.vestacp.com/

HOWTO: Force https AND http2 AND Rewrite to non-www!!

https://forum.vestacp.com/viewtopic.php?f=11&t=13150

Page 1 of 1

HOWTO: Force https AND http2 AND Rewrite to non-www!!

Posted: Tue Nov 22, 2016 12:14 am
by PagesAtHome
  • SECURE! -> https / SSL enforcing
    FAST! -> http2 (http/2)
    MODERN! -> 'www' domains are old school


(THIS INSTRUCTION WAS TESTED AND WORKING ON DEBIAN 8, IT SHOULD WORK ON OTHER LINUX VARIANTS BUT THE FILE PATHS MAY DIFFER)

It all comes down to putting 2 template files in your /usr/local/vesta/data/templates/web/nginx/ folder:

File1 (the non-https to https rewrite file), name it http2-no-www.tpl :

Code: Select all

server {
    listen      %ip%:%proxy_port%;
    server_name %domain_idn% %alias_idn%;
    return       301 https://%domain_idn%$request_uri;
}

File2 (the https config file), name it http2-no-www.stpl :

Code: Select all

server {
    listen      %ip%:%proxy_ssl_port%  http2 ssl;
    server_name %alias_idn%;
    ssl_certificate      %ssl_pem%;
    ssl_certificate_key  %ssl_key%;
    return       301 https://%domain_idn%$request_uri;
}
server {
    listen      %ip%:%proxy_ssl_port%  http2 ssl;
    server_name %domain_idn%;
    ssl_certificate      %ssl_pem%;
    ssl_certificate_key  %ssl_key%;
    error_log  /var/log/%web_system%/domains/%domain%.error.log error;

    location / {
        proxy_pass      https://%ip%:%web_ssl_port%;
        location ~* ^.+\.(%proxy_extentions%)$ {
            root           %sdocroot%;
            access_log     /var/log/%web_system%/domains/%domain%.log combined;
            access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;
            expires        max;
            try_files      $uri @fallback;
        }
    }

    location /error/ {
        alias   %home%/%user%/web/%domain%/document_errors/;
    }

    location @fallback {
        proxy_pass      https://%ip%:%web_ssl_port%;
    }

    location ~ /\.ht    {return 404;}
    location ~ /\.svn/  {return 404;}
    location ~ /\.git/  {return 404;}
    location ~ /\.hg/   {return 404;}
    location ~ /\.bzr/  {return 404;}

    include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*;
}

Go to your VestaCP panel and apply to your domains of choice, presto!

You don't even have to purchase a SSL certificate anymore if you dont want to, with the newest version of VestaCP you just have to tick the box that says 'Use LetsEncrypt' and you're off!
Image


go check your sites with https://tools.keycdn.com/http2-test
Image







(optionally you can apply the additional security beef-up suggested at https://weakdh.org/sysadmin.html with the exception that you should apply the suggested rules to the abovementioned stpl file, inside the server block), check this out:


Image


ALL RIGHT!!
(leave a comment if it also worked for you)



NB if you're a fan of speed, also check out my PHP7+opcache tutorial: viewtopic.php?t=13053

Re: HOWTO: Force https AND http2 AND Rewrite to non-www!!

Posted: Thu Dec 22, 2016 5:33 am
by doughnet
this did not work for me;

any other methods? it seems having anything like:
server {
listen IPNUMBERHERE:443 ssl http2;

using the ssl and http2 it doesn't allow nginx to restart. any suggestions?

using latest version with nginx as a proxy for apache.

Re: HOWTO: Force https AND http2 AND Rewrite to non-www!!

Posted: Fri Dec 23, 2016 10:01 am
by PagesAtHome
Hey @doughnet,

Too bad it didnt work out right away. First off, lets check out your software versions:

SSH* into your server and type:

Code: Select all

nginx -v
(mine says currently nginx version: nginx/1.10.2 )

also, retry restarting your nginx server from the command line (assuming you're using Debian):

Code: Select all

service nginx restart
if it works, it doesnt put out any message, if it doesnt work, paste its output in a reply.



Error possibility 1:
its good to keep in mind that the template files you copied like instructed are processed by Vesta, when you apply a template in the control panel, into the 'real' config files which are located at /home/admin/conf/web/. First, Nginx will use the 'nginx.conf' for http connections and 'snginx.conf' for https connections, the other files in the folder can be ignored for this matter. I noticed a few times where Vesta screwed up this process after i adjusted some template files. If you think this might be the case with your install, remove all the server{} blocks from these two files that relate to the domain you're working on, save the files and then re-apply the templates using the Vesta control panel.



* i recommend MobaXterm if you're using Windows, i'm loving it, it doubles as FTP file client, any sort of client for that matter, it also allows for direct file editing, which allows you to skip using command line editors like VIM or nano (of which i prefer the latter in case you wonder) -> http://mobaxterm.mobatek.net

Re: HOWTO: Force https AND http2 AND Rewrite to non-www!!

Posted: Sat Jan 28, 2017 4:59 pm
by Felix
Nice guide @PagesAtHome, thanks!

In my case, I just needed to enable http2 so I didn't create a new template (.stpl file) and just edited the hosting.stpl file, adding the http2 ssl directives.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/