Configuring Redirects

My YunoHost server

Hardware: Old laptop at home
YunoHost version: 4.1.7.4
I have access to my server : Through SSH and through webadmin

Hello,

I have installed Yunohost with two domains:

• mydomain.tld
• forms.mydomain.tld

I installed Framaforms at forms.mydomain.tld, and did a form which is accessible at forms.mydomain.tld/myform

Now I would like to redirect everything except forms.mydomain.tld/myform to anotherdomain.tld (it’s no problem if lose access to webadmin).

I found this Redirect Yunohost app by @scith and installed it in mydomain.tld choosing permanent redirect, but I do not know how to use it. I see the tile, but it takes me to an empty 127.0.0.1 page.
How and where I configure redirects?
Should it be installed in both domains?
Should I configure any special permission?

Thank you!!

Or maybe anyone knows how to do redirects in Yunohost the old way (I mean tinkering with NGINX)?

I see different configuration files, I don’t know which one I should edit.

When you install the Redirect app, a nginx .conf file is added under the /etc/nginx/conf.d/the.domain.being.redirected.from.tld.d/ directory (in your case this would be under /etc/nginx/conf.d/mydomain.tld.d/. The Redirect app just automates the addition of this file. You want to edit this file to configure the redirect. And yes, if you want to redirect both domains, you also need to add a .conf file under /etc/nginx/conf.d/forms.mydomain.tld.d/.

Hey @Jules-Bertholet Thanks a lot for your answer!

I’m afraid I made a mistake. I want NGINX to apply a redirect on every request made to any of my two domains (mydomain.tld and forms.mydomain.tld) by anyone (users or not) so that they go to anotherdomain.tld.
And I don’t want that redirect to be applied to requests to forms.mydomain.tld/myform

I don’t know about NGINX and I thought that app would help me to configure it, but I think the purpose of that app is a different one. So I think I should uninstall that app and try to configure NGINX manually.

Any advice on how to achieve my goal?
Which NGINX files should I edit?

Thanks again!!

The Redirect “app” just adds the NGINX config files you need to redirect stuff in the proper directories, and conversely it automatically removes the NGINX config files when you uninstall the “app”. It doesn’t offer an admin interface, or any interface at all—all configuration is set on the app install page where you can enter the domain you want to redirect to. So whether you use the Redirect app to install the NGINX config files for you, or you just create them yourself, is up to you.

If you choose to add the redirects manually, you want to add a file named redirect.conf (or whatever-else-you-want-to-name-it.conf) under /etc/nginx/conf.d/mydomain.tld.d/ with the contents

location / {
  return 301 https://anotherdomain.tld;
}

Add a copy of the same file under /etc/nginx/conf.d/forms.mydomain.tld.d/.

That was a really clear explanation, thank you @Jules-Bertholet, I think I get it now.

However, the redirection does not happen. I don’t know if I’m missing something.

I installed the app indicating the destination domain in the installation page. I can see the file /etc/nginx/conf.d/mydomain.tld.d/redirect.conf which contains:

location /redirect {
  return 301 https://anotherdomain.tld;
}

Then I restart the nginx service. But still the browser keeps showing me mydomain.tld, the redirection does not take place.

Any suggestion to troubleshoot it?

What you have done is install the Redirect app on the /redirect subpath of the domain, so it is only redirecting that subpath. You want to install it on the domain root.

(In the NGINX config, the stuff inside the braces is a location block; it applies to urls that match what comes after the word location. As your config is currently set up, only urls that start with mydomain.tld/redirect get redirected. To match all urls for the domain, you want to use location /. Note that more specific location blocks take precedence over more general ones, so Framaforms will still work).

Thank you!! Yes, I’m getting closer now : )

The redirection for mydomain.tld is already working perfectly. So that is done.

What I am missing now is how to redirect *.mydomain.tld (or at least forms.mydomain.tld) and keep forms.mydomain.tld/myform whithout redirection.

I tried to do a second install of the Redirect app but this time into my forms.mydomain.tld domain, but it didn’t let me do it.
I also tried creating /etc/nginx/conf.d/forms.mydomain.tld/redirect.conf with the following contents (same as for mydomain.tld):

location / {
  return 301 https://anotherdomain.tld;
}

But that made NGINX service failed. So I deleted that file.

What was the error message for Nginx? (you can get this with sudo journalctl -xe -u nginx)

After entering the mentioned redirect.conf file into /etc/nginx/conf.d/forms.mydomain.tld/ and restarting nginx, I get: Job for nginx.service failed because the control process exited with error code.
Then:

$ sudo journalctl -xe -u nginx
-- Support: https://www.debian.org/support
-- 
-- A stop job for unit nginx.service has finished.
-- 
-- The job identifier is 1435 and the job result is done.
Mar 20 21:38:24 mydomain.tld systemd[1]: Starting A high performance web server and a reverse proxy server...
-- Subject: A start job for unit nginx.service has begun execution
-- Defined-By: systemd
-- Support: https://www.debian.org/support
-- 
-- A start job for unit nginx.service has begun execution.
-- 
-- The job identifier is 1435.
Mar 20 21:38:24 mydomain.tld nginx[3552]: nginx: [emerg] duplicate location "/" in /etc/nginx/conf.d/forms.mydomain.tld.d/redirect.conf:1
Mar 20 21:38:24 mydomain.tld nginx[3552]: nginx: configuration file /etc/nginx/nginx.conf test failed
Mar 20 21:38:24 mydomain.tld systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
-- Subject: Unit process exited
-- Defined-By: systemd
-- Support: https://www.debian.org/support
-- 
-- An ExecStartPre= process belonging to unit nginx.service has exited.
-- 
-- The process' exit code is 'exited' and its exit status is 1.
Mar 20 21:38:24 mydomain.tld systemd[1]: nginx.service: Failed with result 'exit-code'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
-- 
-- The unit nginx.service has entered the 'failed' state with result 'exit-code'.
Mar 20 21:38:24 mydomain.tld systemd[1]: Failed to start A high performance web server and a reverse proxy server.
-- Subject: A start job for unit nginx.service has failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
-- 
-- A start job for unit nginx.service has finished with a failure.
-- 
-- The job identifier is 1435 and the job result is failed.

Maybe the problem arised because of this thing I tried?

Can you post the complete contents of every file under the /etc/nginx/conf.d/forms.mydomain.tld.d/ directory?

There you go:

peer@mymachine:~$ ls -hal /etc/nginx/conf.d/forms.mydomain.tld.d/
total 16K
drwxr-xr-x 2 root root 4.0K Mar 20 21:37 .
drwxr-xr-x 6 root root 4.0K Mar 20 18:51 ..
-rw-r--r-- 1 root root 2.3K Mar 17 00:46 framaforms.conf
-rw-r--r-- 1 root root   47 Mar 20 19:02 redirect.conf
peer@mymachine:~$ cat /etc/nginx/conf.d/forms.mydomain.tld.d/framaforms.conf
#sub_path_only rewrite ^/$ / permanent;
location / {

  # Path to source
  alias /var/www/framaforms/app/ ;
  index index.php;
  if (!-e $request_filename)
  {
    rewrite ^/(.+)$ /index.php?q=$1 last;
  }

  # Force usage of https
  if ($scheme = http) {
    rewrite ^ https://$server_name$request_uri? permanent;
  }

  index index.php;

  # Common parameter to increase upload size limit in conjunction with dedicated php-fpm file
  #client_max_body_size 50M;

  try_files $uri $uri/ index.php;
  
  location ~ /favicon.ico {
    log_not_found off;
    access_log off;
  }
  
  location ~ /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
  }
  
  # Very rarely should these ever be accessed outside of your lan
  location ~* \.(txt|log)$ {
    allow 192.168.0.0/16;
    deny all;
  }
  
  # Allow "Well-Known URIs" as per RFC 5785
  location ~* ^/.well-known/ {
    allow all;
  }
  
  # Block access to "hidden" files and directories whose names begin with a
  # period. This includes directories used by version control systems such
  # as Subversion or Git to store control files.
  location ~ (^|/)\. {
    return 403;
  }
  
  # Don't allow direct access to PHP files in the vendor directory.
  location ~ /vendor/.*\.php$ {
    deny all;
    return 404;
  }
  
  location ~ '[^/]\.php$|^/update.php' {
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
    fastcgi_pass unix:/var/run/php/php7.3-fpm-framaforms.sock;

    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param REMOTE_USER $remote_user;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param SCRIPT_FILENAME $request_filename;
  }
  
  # Fighting with Styles? This little gem is amazing.
  location ~ ^/sites/.*/files/styles/ {
    try_files $uri @rewrite;
  }
  
  # Handle private files through Drupal. Private file's path can come
  # with a language prefix.
  location ~ ^(/[a-z\-]+)?/system/files/ {
    rewrite ^((/[a-z\-]+)?/system/files/(.+))$ /index.php?q=$1 last;
  }

  location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
    try_files $uri @rewrite;
    expires max;
    log_not_found off;
  }

  # Include SSOWAT user panel.
  include conf.d/yunohost_panel.conf.inc;
}

location @rewrite {
  rewrite ^/(.*)$ /index.php?q=$1;
}
peer@mymachine:~$ cat /etc/nginx/conf.d/forms.mydomain.tld.d/redirect.conf 
location / {
  return 301 https://anotherdomain.tld;
}peer@mymachine:~$ 

Framaforms is installed on the domain root, not on /myform as you stated in your post. You need to change the URL of Framaforms using the Yunohost command or webadmin.

Weird. I don’t know why you say so, but I don’t think that’s case.

The post above is correct.

peer@mymachine:~$ sudo yunohost app list
apps: 
  0: 
    description: Create online webforms and surveys
    domain_path: forms.mydomain.tld/
    id: framaforms
    name: Framaforms
    version: 1.0.3~ynh1
  1: 
    description: Create a redirection or a proxy to another path.
    domain_path: mydomain.tld/
    id: redirect
    name: Redirect
    version: 1.0.0~ynh4
peer@mymachine:~$ 

Anyway, see below what yunohost CLI says about the status of NGINX. I don’t know if that could help to understand where the problem is:

peer@mymachine:~$ sudo yunohost service status nginx
configuration: broken
configuration-details: 
  - nginx: [emerg] duplicate location "/" in /etc/nginx/conf.d/forms.mydomain.tld.d/redirect.conf:1
  - nginx: configuration file /etc/nginx/nginx.conf test failed
description: Serves or provides access to all the websites hosted on your server
last_state_change: 2021-03-20 21:38:24
start_on_boot: enabled
status: failed

Ah I see, I misread your original post, it seems you actually want to block off access to most of Framaforms. This is more complicated. Can you try changing the file framaforms.conf to add the line location /myform { at the very top and } at the bottom? (Don’t replace any text)

I modified framaforms.conf as suggested.

But I cannot see the results because the nginx service keeps failing when trying to restart it.

Can you post the specific nginx error message?
Also what happens if, instead of the modification I proposed earlier, you change the line location / { in framaforms.conf to read location /myform {, and change the line alias /var/www/framaforms/app/ ; to root /var/www/framaforms/app/ ;?

Note that in any case what you are trying to do may not work well even if you fix the NGINX config. I have never used Framaforms so I am not certain, but if the webpage for your form at “forms.mydomain.tld/myform” needs to load resources (like js, css, images, etc) that are on “forms.mydomain.tld” but on another subpath, those resources won’t be able to load because your redirect will be intercepting the requests.

peer@mymachine:/etc/nginx/conf.d/forms.mydomain.tld.d$ sudo systemctl restart nginx.service 
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.
peer@mymachine:/etc/nginx/conf.d/forms.mydomain.tld.d$ 
peer@mymachine:/etc/nginx/conf.d/forms.mydomain.tld.d$ 
peer@mymachine:/etc/nginx/conf.d/forms.mydomain.tld.d$ systemctl status nginx.service 
● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Mon 2021-03-22 16:36:46 CET; 24s ago
     Docs: man:nginx(8)
  Process: 22892 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=1/FAILURE)
peer@mymachine:/etc/nginx/conf.d/forms.mydomain.tld.d$ 
peer@mymachine:/etc/nginx/conf.d/forms.mydomain.tld.d$ 
peer@mymachine:/etc/nginx/conf.d/forms.mydomain.tld.d$ 
peer@mymachine:/etc/nginx/conf.d/forms.mydomain.tld.d$ sudo journalctl -xe -u nginx
-- Support: https://www.debian.org/support
-- 
-- A start job for unit nginx.service has finished with a failure.
-- 
-- The job identifier is 13031 and the job result is failed.
Mar 22 16:36:46 mydomain.tld systemd[1]: Starting A high performance web server and a reverse proxy server...
-- Subject: A start job for unit nginx.service has begun execution
-- Defined-By: systemd
-- Support: https://www.debian.org/support
-- 
-- A start job for unit nginx.service has begun execution.
-- 
-- The job identifier is 13116.
Mar 22 16:36:46 mydomain.tld nginx[22892]: nginx: [emerg] location "/" is outside location "/myform" in /etc/nginx/conf.d/forms.mydomain.tld.d/framaforms.conf:3
Mar 22 16:36:46 mydomain.tld nginx[22892]: nginx: configuration file /etc/nginx/nginx.conf test failed
Mar 22 16:36:46 mydomain.tld systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
-- Subject: Unit process exited
-- Defined-By: systemd
-- Support: https://www.debian.org/support
-- 
-- An ExecStartPre= process belonging to unit nginx.service has exited.
-- 
-- The process' exit code is 'exited' and its exit status is 1.
Mar 22 16:36:46 mydomain.tld systemd[1]: nginx.service: Failed with result 'exit-code'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
-- 
-- The unit nginx.service has entered the 'failed' state with result 'exit-code'.
Mar 22 16:36:46 mydomain.tld systemd[1]: Failed to start A high performance web server and a reverse proxy server.
-- Subject: A start job for unit nginx.service has failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
-- 
-- A start job for unit nginx.service has finished with a failure.
-- 
-- The job identifier is 13116 and the job result is failed.
peer@mymachine:/etc/nginx/conf.d/forms.mydomain.tld.d$ 
peer@mymachine:/etc/nginx/conf.d/forms.mydomain.tld.d$