Wiki/Nginx
Up to: Wiki
Process
Switching Domains
from neuromatch.io to neuromatch social:
- swap domains in config
- comment out the http redirect server block and the cert part of the https block
- temporarily switch the `listen[::]:443` and `listen 443` for `listen[::]:80` and `listen 80`
- run certbot `sudo certbot --nginx -d wiki.neuromatch.social` which should switch the `80`'s back to `443` and create a new http block
- copy paste the redirect block and old cert info to redirect http and https from old domain to new domain
that's probably a pretty janky way to do it, but basically the only thing that's different from just ctrl+f'ing the domain name is the need to issue a new cert, and to issue the cert you need to have just a server block listening on `80` and certbot can take it from there. then redirecting is just "hey did you try to go here actually go over there." There are other auth mechanisms certbot can do but that's the easiest way do use the default one that i know of
Config
server {
server_name wiki.neuromatch.social;
root /var/www/html/mediawiki;
index index.php;
error_log /var/log/nginx/mediawiki.error;
access_log /var/log/nginx/mediawiki.access;
location / {
try_files $uri $uri/ /index.php;
}
location @rewrite {
rewrite ^/(.*)$ /index.php;
}
location ^~ /maintenance/ {
return 403;
}
location ~ /\.ht {
deny all;
}
location ~ \.php$ {
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
include snippets/fastcgi-php.conf;
}
location /rest.php {
try_files $uri $uri/ /rest.php?$args;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/wiki.neuromatch.social/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/wiki.neuromatch.social/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
# ---------------------------------
# redirect http -> https
# ---------------------------------
server {
if ($host = wiki.neuromatch.social) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name wiki.neuromatch.social;
listen 80;
listen [::]:80;
return 404; # managed by Certbot
}
# ---------------------------------
# ---------------------------------
# ---------------------------------
# redirects from olde wiki domain
# ---------------------------------
# ---------------------------------
# ---------------------------------
server {
if ($host = wiki.neuromatch.io) {
return 301 https://wiki.neuromatch.social$request_uri;
}
server_name wiki.neuromatch.io;
listen 80;
return 404;
}
server {
if ($host = wiki.neuromatch.io) {
return https://wiki.neuromatch.social$request_uri;
}
server_name wiki.neuromatch.io;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/wiki.neuromatch.io/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/wiki.neuromatch.io/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}