nginx with Certbot blocking local traffic to website from local IP?

Question

I have setup nginx with Certbot on my home server running Debian to host a small website. I have a static external IP address and custom domain that points to the latter.

Everything runs fine so far, however since I installed Certbot to enable https for the website, local network users can't access the website with the internal IP - 192.168.178.18 - any more.

nginx and Certbot are both configured for domain.com and www.domain.xyz, and the website can be accessed locally and remotely with that domain, which is great.

Now, I want to re-enable local users to access the website directly with the internal IP.

My nginx config for the website looks like this:

server {
    root /srv/www/my-website;
    index index.html index.htm;

    server_name domain.xyz www.domain.xyz;

    include /etc/nginx/sites-dietpi/*.conf;

    # Deny Automated User Agents
    if ($http_user_agent ~* LWP::Simple|BBBike|wget) {
            return 403;
    }

    location / {
        try_files $uri $uri/ =404;
        # Get rid of unwanted HTTP methods
        limit_except GET HEAD POST {deny all; }
    }

    location images/ {
        valid_referers none blocked www.domain.xyz domain.xyz;
        if ($invalid_referer) {
              return 403;
        }
    }

    location /css/ {

    }


    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/domain.xyz/fullchain.pem; # manag>
    ssl_certificate_key /etc/letsencrypt/live/domain.xyz/privkey.pem; # man>
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}


server {
    if ($host = www.domain.xyz) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = domain.xyz) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80 default_server;
    listen [::]:80 default_server;

    server_name domain.xyz www.domain.xyz;
    return 404; # managed by Certbot  <--- HERE
}

Notice the second last line here. It redirects users who want to access the site locally to a 404-page-not-found site.

Is there any way to allow local unencrypted (or encrypted) traffic straight to the website with the local IP?

Answer 1

Try adding another if statement underneath the first two if($host = ...) to redirect the local ip.

if ($host = 192.168.local.ip) {
    return 301 https://$host$request_uri;
}

So then your server block would look like

server {
    if ($host = www.domain.xyz) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = domain.xyz) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = 192.168.local.ip) {
        return 301 https://$host$request_uri;
    }

    listen 80 default_server;
    listen [::]:80 default_server;

    server_name domain.xyz www.domain.xyz;
    return 404; # managed by Certbot  <--- HERE
}