I'm running a home server (Ubuntu 20.04) running nginx, and I'm having a bit of a sticky problem. Here's how it goes:
SETUP: I have a website (call it example.com) hosted on a VPS, somewhere. I'm trying to configure some webapps that are hosted locally, but accessible via the subdomains of example.com. I have one already working, as follows: an A-record on example.com redirects foo.example.com to the WAN IP of my router, which then forwards ports through NAT to my home server (local IP 192.168.1.69) running nginx. The config file foo.example.com.conf gets accessed in /etc/nginx/sites-enabled (via symlink from a conf file in /etc/nginx/sites-available), and, bada bing bada boom, the thing works! It's a jitsi-meet instance so I can conduct my own videoconferencing.
GOAL: I'm now trying to set up bar.example.com to work in the same way with FluxBB, a php-based messageboard service. (I haven't set up the A-record for bar.example.com yet, for obvious reasons.) I got PHP and MySQL installed on the box, made a little database for it -- the basic requirements for install. I then downloaded 1.5.11, unzipped it, moved the contents to /usr/www/bar.example.com. Then I moved to /etc/nginx/sites-available, made the extremely barebones config file bar.example.com.conf,, I set up a symlink to sites-enabled, reloaded nginx, confirmed that 192.168.1.69 shows the nginx splash screen. The next step for me is to navigate to the version of the website (locally running via nginx) and open install.php from the root directory of the site, to do more config...
PROBLEM: ...but the problem is, I don't know how to get there. I can access install.php from command line on my server machine, but it just prints the php of the webpage I'd like to be visiting — no use to me! So I'd like to access it from my client computer (on the LAN) but bar.example.com/install.php automatically resolves via the DNS of example.com, and the subdomain requested doesn't exist yet, so it returns 404. And while http:// 192.168.1.69/install.php returns nothing, https:// 192.168.1.69/install.php interprets "install.php" as a room name for jitsi-meet.
Any ideas on how to proceed? Do I truly have to install a command line web browser on my server, or worse, a GUI? I'm going to include the three .conf files (for each webapp, as well as for nginx itself)
/etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
/etc/nginx/sites-available/bar.example.com.conf
server {
listen 80;
listen [::]:80;
root /var/www/bar.example.com;
index index.php index.html index.htm;
server_name bar.example.com www.bar.example.com;
location / {
try_files $uri $uri/ @rewriteapp;
}
location /install/ {
try_files $uri $uri/ @rewrite_installapp;
}
location ~ \.php(/|$) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
include fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
try_files $uri $uri/ /install/app.php$is_args$args;
}
location @rewrite_installapp {
rewrite ^(.*)$ /install/app.php/$1 last;
}
}
/etc/nginx/sites-available/foo.example.com.conf
server_names_hash_bucket_size 64;
server {
listen 80;
listen [::]:80;
server_name foo.example.com;
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root /usr/share/jitsi-meet;
}
location = /.well-known/acme-challenge/ {
return 404;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 4444 ssl http2;
listen [::]:4444 ssl http2;
server_name foo.example.com;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED";
add_header Strict-Transport-Security "max-age=31536000";
ssl_certificate /etc/letsencrypt/live/foo.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/foo.example.com/privkey.pem;
root /usr/share/jitsi-meet;
# ssi on with javascript for multidomain variables in config.js
ssi on;
ssi_types application/x-javascript application/javascript;
index index.html index.htm;
error_page 404 /static/404.html;
gzip on;
gzip_types text/plain text/css application/javascript application/json;
gzip_vary on;
location = /config.js {
alias /etc/jitsi/meet/foo.example.com-config.js;
}
location = /external_api.js {
alias /usr/share/jitsi-meet/libs/external_api.min.js;
}
#ensure all static content can always be found first
location ~ ^/(libs|css|static|images|fonts|lang|sounds|connection_optimization|.well-known)/(.*)$
{
add_header 'Access-Control-Allow-Origin' '*';
alias /usr/share/jitsi-meet/$1/$2;
}
# BOSH
location = /http-bind {
proxy_pass http://localhost:5280/http-bind;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
}
# xmpp websockets
location = /xmpp-websocket {
proxy_pass http://127.0.0.1:5280/xmpp-websocket?prefix=$prefix&$args;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
tcp_nodelay on;
}
location ~ ^/([^/?&:'"]+)$ {
try_files $uri @root_path;
}
location @root_path {
rewrite ^/(.*)$ / break;
}
location ~ ^/([^/?&:'"]+)/config.js$
{
set $subdomain "$1.";
set $subdir "$1/";
alias /etc/jitsi/meet/foo.example.com-config.js;
}
#Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
location ~ ^/([^/?&:'"]+)/(.*)$ {
set $subdomain "$1.";
set $subdir "$1/";
rewrite ^/([^/?&:'"]+)/(.*)$ /$2;
}
# BOSH for subdomains
location ~ ^/([^/?&:'"]+)/http-bind {
set $subdomain "$1.";
set $subdir "$1/";
set $prefix "$1";
rewrite ^/(.*)$ /http-bind;
}
# websockets for subdomains
location ~ ^/([^/?&:'"]+)/xmpp-websocket {
set $subdomain "$1.";
set $subdir "$1/";
set $prefix "$1";
rewrite ^/(.*)$ /xmpp-websocket;
}
}