I have a shiny server app using aws ec2 & route53, nginx & certbot for ssl. right now my domain name is used by the app.
I would like to have a static homepage to welcome users and offer the access to login to the app.
The purpose is to have an homepage intro and so it can be indexed by google.
Can i use one domain for that (for both app and webpage)?
how should i define and manage my domain to do so?
hope i made my Q clear enough.
thanks in advance
I forgot to mention that my static website is on aws s3 bucket (and not on the ec2 +nginx server).
I’m not sure about the syntax to define the nginx.conf. the following is how the nginx.conf is working now fine:
server {
listen 80;
listen [::]:80;
# redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;
}
server {
# listen 443 means the Nginx server listens on the 443 port.
listen 443 ssl http2;
listen [::]:443 ssl http2;
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /etc/letsencrypt/live/app.mydomain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/app.mydomain/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam.pem
ssl_dhparam /etc/nginx/snippets/dhparam.pem;
# intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES12>
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /etc/letsencrypt/live/app.mydomain/chain.pem;
# Replace it with your (sub)domain name.
server_name app.mydomain;
# The reverse proxy, keep this unchanged:
location / {
proxy_pass http://localhost:3838;
proxy_redirect http://localhost:3838/ $scheme://$host/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_read_timeout 20d;
proxy_buffering off;
}
}
and if i understood @AlexStoneham, i need to add something like that:
server{
server_name mydomain;
location / {
proxy_pass $scheme://$host.s3-website-eu-central-1.amazonaws.com$request_uri
}
}
but that adding doesnt work. should i add to it the 443 listener block and add ssl certificate all over again?
app.mydomain is for the shiny app and working fine now.
mydomain should direct to s3 static webpage.
thanks
2
Answers
The nginx.conf was ok and didn't need to add anything because the static webpage is on s3 bucket and not on nginx/ec2.
The issue was that in one of my many tries i made a certbot certificate of the "mydomain" that was the same name of the s3 bucket. That clashed and made the problem when trying to link my s3 bucket with that domain name through route53 (the s3 endpoint is http and not https).
The solution was to delete that specific ssl certificate from my ec2 server(with nginx on it):
Use nginx server blocks with your nginx conf
and subdomains with your route53 conf
Leverage a subdomain like app.yourdomain.com to go to the shiny app configured with nginx to serve the shiny app in one server block. Set up another subdomain like http://www.yourdomain.com to go to the static pages configured with nginx to server the static pages in another server block.
See:
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-routing-traffic-for-subdomains.html
for the route53 details
and:
https://www.nginx.com/resources/wiki/start/topics/examples/server_blocks/
for the nginx details