Learn about Centmin Mod LEMP Stack today
Become a Member

Nginx 2 Websites under same VPS (2nd website redirects to 1st one)

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by Stephen3000, May 3, 2019.

  1. Stephen3000

    Stephen3000 New Member

    13
    0
    1
    May 3, 2019
    Ratings:
    +4
    Local Time:
    9:32 PM
    Hello all,

    So basically I've installed centminmod a few months ago after I've turned away from easyengine and serverpilot. I've installed 2 separate domains (both wordpress installations) on a Vultr VPS, all went well until today.

    I wanted for my 2nd domain to disable cloudflare and just use the site without it, did that, but then the SSL gave me errors on the site (something that the certificate wasn't trusted I think I can't remember well).

    Anyway, I backed up the site and figured that deleting everything from the server and reinstalling the 2nd domain again would be much easier. Installed it with the option 22, wp + wp supercache (I chose to not install SSL, I figured I would use the acmetool later).

    The problem is that now the 2nd domain that I just reinstalled, redirects to the 1st domain. For example when typing in: www.domain2.com it redirects to domain1.com

    I can't even remember how I did it in the first place when I set up everything 6 months ago using Cloudflare. The first site still uses Cloudflare DNS setup, the 2nd site (the one with the redirect problem) is using the Vultr DNS (setup via their own console panel).

    The server hostname is like this: main.domain2.com

    The virtual.conf of the server:

    Code (Text):
    server {
                listen 80 default_server backlog=2048 reuseport;
                server_name main.domain2.com;
                root   html;
    
            access_log              /var/log/nginx/localhost.access.log     combined buffer=256k flush=5m;
            error_log               /var/log/nginx/localhost.error.log      error;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
    # limit_conn limit_per_ip 16;
    # ssi  on;
    
            location /nginx_status {
            stub_status on;
            access_log   off;
            allow 127.0.0.1;
            #allow youripaddress;
            deny all;
            }
    
                location / {
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
    #Enables directory listings when index file not found
    #autoindex  on;
    
    #Shows file listing times as local time
    #autoindex_localtime on;
    
    # Wordpress Permalinks example
    #try_files \$uri \$uri/ /index.php?q=\$uri&\$args;
    
                }
    
    include /usr/local/nginx/conf/staticfiles.conf;
    include /usr/local/nginx/conf/include_opcache.conf;
    include /usr/local/nginx/conf/php.conf;
    #include /usr/local/nginx/conf/phpstatus.conf;
    include /usr/local/nginx/conf/drop.conf;
    


    The /usr/local/nginx/conf/conf.d/domain2.com.conf:

    Code (Text):
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    
    # redirect from non-www to www
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    #server {
    #           listen   80;
    #           server_name domain2.com;
    #           return 301 $scheme://www.domain2.com$request_uri;
    #      }
    
    server {
      server_name domain2.com www.domain2.com;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/domain2.com/log/access.log combined buffer=256k flush=60m;
      error_log /home/nginx/domains/domain2.com/log/error.log;
    
      root /home/nginx/domains/domain2.com/public;
    
      include /usr/local/nginx/conf/wpsupercache_domain2.com.conf;
    
      location / {
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # for wordpress super cache plugin
      try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args;
    
      # Wordpress Permalinks
      #try_files $uri $uri/ /index.php?q=$uri&$args;
    
      }
    
    location ~* /(wp-login\.php) {
        limit_req zone=xwplogin burst=1 nodelay;
    


    I mean it probably is a simple/easy fix, but I'm not that good with server admin stuff, and maybe I've overlooked some things, so any help is really appreciated.

    Thanks,
    Stephen

    Please fill in any relevant information that applies to you:
    • CentOS Version: CentOS 7 x64
    • Centmin Mod Version Installed: 123.08stable
    • Nginx Version Installed: 1.15.17
    • When was last time updated Centmin Mod code base ? : Today
    • Persistent Config:
      Code (Text):
      MARCH_TARGETNATIVE='n'
      LETSENCRYPT_DETECT='y'
      
     
  2. Stephen3000

    Stephen3000 New Member

    13
    0
    1
    May 3, 2019
    Ratings:
    +4
    Local Time:
    9:32 PM
    Okay, so basically I reinstalled everything again with the new beta centminmod, and acme, and everything works now perfectly. Thread can be deleted/closed. (no idea how to do it myself...guess I don't have that option anymore after some time has passed)

    Only minor issue: if I access the domain with the www. in front, I see the default nginx page instead of the wordpress site (if I use mydomain.com, I can see the wp installation just fine). What's the best way to get rid of the "www" in your opinion? I mean I can do it via htaccess I guess, but wondering if there's a better way with the conf files or something? I have a cname of www to point to domain.com but I guess it's not working.

    Thanks again for the wonderful centminmod development team for creating such an awesome tool.
     
    Last edited: May 3, 2019
  3. eva2000

    eva2000 Administrator Staff Member

    40,620
    9,015
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,881
    Local Time:
    4:32 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    fine to leave thread for future reference :)

    FYI, nginx doesn't support .htaccess

    for www, ensure both non-www and www version of your domain's DNS A records point to your centmin mod server IP. You probably missing the www.domain2.com's DNS A record and that your cloudflare DNS doesn't have a * wildcard entry and missing www A record (hence redirect to domain1.com probably) as that can end up redirecting to main hostname's IP or first vhost setup i.e. domain1.com https://community.centminmod.com/threads/mysterious-blog-discovered.17166/#post-72633

    then if you want non-www as main access domain, you need to do redirect by adding 2nd server{} context above existing one and modifying 2nd server{} context's server_name to only use non-www version. But this only applies to non-HTTPS setup so I wouldn't do this if you intend to do HTTPS via acmetool.sh later one. Probably easier if you used HTTPS out of the box for your domain2.com as selecting HTTPS Live default letsencrypt will auto setup letsencrypt ssl + https nginx vhost and then non-http to https redirect automatically so less work to do manually.
    Code (Text):
    server {
               listen   80;
               server_name www.domain2.com;
               return 302 http://domain2.com$request_uri;
          }
    
    server {
      server_name domain2.com;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    


    so you're telling nginx for non-https port 80 access to www domain do 302 temp redirect to non-www domain2.com
     
    style="display:inline-block;min-width:400px;max-width:970px;width:95%;height:90px" data-ad-client="ca-pub-6669518204467592" data-ad-slot="4024536743" data-ad-format="auto">
  4. Stephen3000

    Stephen3000 New Member

    13
    0
    1
    May 3, 2019
    Ratings:
    +4
    Local Time:
    9:32 PM
    Hi Eva2000,

    I never knew about nginx and htaaccess... guess I learn some new things every day, thanks for that.

    Anyway here's the funny thing, after I reinstalled everything like I said on the domain2.com, I used it with option 22, letsencrypt, and chose only the https option (without http or http+https), anyway did the acme thing everything worked fine except the www to non-www was not working.

    Since the domain was not on cloudflare anymore, I had to use vultr DNS tool to set up the DNS and I had set up A for the IP and CNAME of WWW to point to the non-www domain. This wasn't working for my www to non-www redirection for some reason.

    After a bunch of various tries and fixes that I've read from the internet, I woke up this morning and somehow for some reason it works now... and guess what... the configuration used for it to work correctly now (from www to non-www) is exactly the original/same one that the centminmod/acme created without any of my fixes... (I reverted everything back to original last night after seeing that nothing worked).

    Miraculously today when I tried the site to go to the www.domain2.com it redirected me to domain2.com as intended. Super weird as I have no idea what happened and how it worked... maybe the CNAME needed 24+ hours to propagate, and then the whole installation was working fine anyway from the beginning?

    Anyway im happy I can start building the site now, thanks a lot for your help again.
     
    • Informative Informative x 1
  5. eva2000

    eva2000 Administrator Staff Member

    40,620
    9,015
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,881
    Local Time:
    4:32 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Glad to hear. As for 3rd party DNS it can take up to 24-48hrs to propagate changes unless you use Cloudflare as it's changes are much quicker.
     
  6. Stephen3000

    Stephen3000 New Member

    13
    0
    1
    May 3, 2019
    Ratings:
    +4
    Local Time:
    9:32 PM
    Yeah, I've always knew that over the past 15+ years since I started with building websites etc, but it always felt much quicker than that for example 1-3 hours... this was the first time that I think it took over 24 hours to propagate, and I can't believe I haven't thought about that and just wait for it before starting to fiddle with changes and messing up the configs etc.

    The reason why I took the site down from cloudflare in the first place was for SEO purposes and test how it compares to sites that are hosted on the cloudflare free plan, I have a sneaky suspicion that the cloudflare free plan affects SEO in a negative way, so I want to try it out on this domain without cloudflare... so we'll see :)

    EDIT:
    Ok, I will bother you with one more thing now (sorry)

    Just done some curl -I tests... can you please let me know if these are OK results? I mean the site works normal right now from what I'm testing on the web, but 2 of the curl results are not resolving properly, should I care about these?

    curl -I https://domain2.com

    Code (Text):
     curl: (7) Failed connect to domain2.com:443; Connection refused 


    curl -I https://www.domain2.com

    Code (Text):
    HTTP/1.1 301 Moved Permanently
    Date: Fri, 03 May 2019 13:06:23 GMT
    Content-Type: text/html; charset=UTF-8
    Connection: keep-alive
    X-Redirect-By: WordPress
    Location: https://domain2.com/
    Server: nginx centminmod
    X-Powered-By: centminmod
    X-Xss-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    


    curl -I http://domain2.com
    Code (Text):
    curl: (7) Failed connect to domain2.com:80; Connection refused


    curl -I http://www.domain2.com

    Code (Text):
    HTTP/1.1 302 Moved Temporarily
    Date: Fri, 03 May 2019 13:06:55 GMT
    Content-Type: text/html
    Content-Length: 138
    Connection: keep-alive
    Location: https://domain2.com/
    Server: nginx centminmod
    X-Powered-By: centminmod


    This is my domain2.com.ssl.conf

    Code (Text):
    #x# HTTPS-DEFAULT
     server {
    
       server_name domain2.com  www.domain2.com;
       return 302 https://domain2.com$request_uri;
       include /usr/local/nginx/conf/staticfiles.conf;
     }
    
    server {
      listen 443 ssl http2 reuseport;
      server_name domain2.com www.domain2.com;
    
      include /usr/local/nginx/conf/ssl/domain2.com/domain2.com.crt.key.conf;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      # cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
      #ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/domain2.com/origin.crt;
      #ssl_verify_client on;
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # mozilla recommended
      ssl_ciphers 
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
    
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      add_header X-Xss-Protection "1; mode=block" always;
      add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
    
      # enable ocsp stapling
      resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=10m;
      resolver_timeout 10s;
      ssl_stapling on;
      ssl_stapling_verify on;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
     
    Last edited: May 3, 2019
  7. eva2000

    eva2000 Administrator Staff Member

    40,620
    9,015
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,881
    Local Time:
    4:32 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    if you have https enabled via /usr/local/nginx/conf/conf.d/domain2.com.ssl.conf, you need to disable non-https version at /usr/local/nginx/conf/conf.d/domain2.com.conf

    see centminmod.com/nginx_domain_dns_setup.html#httpsredirect is the correct way to set it up - pay attention to different way if you want redirect target being www version instead of non-www and vice versa and that the target version www or non-www is the only version listed in server_name for the 2nd/main server {} context.

    for non-www default https, you need for /usr/local/nginx/conf/conf.d/domain2.com.ssl.conf to have 3 server{} contexts - one for www + non-www port 80 redirect to https non-www domain, second for www domain https 443 port redirect to non-www domain and 3rd server{} context which is main non-www https one as outlined at centminmod.com/nginx_domain_dns_setup.html#httpsredirect

    key to testing is using 302 temp redirect first in a private incognito browser session otherwise the problems you can experience may end up being due to browser caching or 301 permanent redirects unless you clear browser cache and reboot local computer(s) and even then some web browsers don't let go of 301 permanent redirect browser cache that willingly :)

    You can test in SSH via curl to check headers for location field (where the redirect goes) using the following commands:
    Code (Text):
    curl -I http://domain.com
    

    Code (Text):
    curl -I http://www.domain.com
    

    Code (Text):
    curl -I https://domain.com
    

    Code (Text):
    curl -I https://www.domain.com
    
     
    • Useful Useful x 1
  8. Stephen3000

    Stephen3000 New Member

    13
    0
    1
    May 3, 2019
    Ratings:
    +4
    Local Time:
    9:32 PM
    Since I don't have a normal: domain.com.conf file (installed it only with SSL option). I've made the changes to my ssl.conf and here's what it looks like now:

    Code (Text):
    #x# HTTPS-DEFAULT
    server {
       server_name domain.com www.domain.com;
       return 301 https://domain.com$request_uri;
       include /usr/local/nginx/conf/staticfiles.conf;
     }
    
    server {
      listen 443 ssl http2;
      server_name www.domain.com;
      include /usr/local/nginx/conf/ssl/domain.com/domain.com.crt.key.conf;
      include /usr/local/nginx/conf/ssl_include.conf;
      return 301 https://domain.com$request_uri;
    }
    
    server {
      listen 443 ssl http2;
      server_name domain.com;
    
      include /usr/local/nginx/conf/ssl/domain.com/domain.com.crt.key.conf;
      include /usr/local/nginx/conf/ssl_include.conf;
    


    I think it works well now. I mean testing the domain name in incognito windows and even on my phones/tablets etc to make sure the cache isn't there, it's working correctly and it redirects from www to non-www SSL.

    The only weird thing is that when I curl in my server for the following 2 options:
    Code:
    http://domain.com
    and
    Code:
    https://domain.com
    I get:
    Code (Text):
    curl: (7) Failed connect to domain.com:80; Connection refused 
    and
    Code (Text):
    [CODEB]
    curl: (7) Failed connect to domain.com:443; Connection refused 


    The
    Code:
    http://www
    and
    Code:
    https://www
    curls are showing up ok.

    I checked with KeyCDN Curl tool, and over there the above curl commands are showing up the proper redirects, meaning the connection isn't refused.

    I checked the firewall for blocks on my IP or the server IP that im curling from and there's no block, so no idea about this one...

    I think I will leave it as it is, since the redirects are all working when I test them out manually on my devices even though those 2 curls are failing on me when I test it via my own server (the other 2 curls work).
     
    Last edited: May 4, 2019
  9. eva2000

    eva2000 Administrator Staff Member

    40,620
    9,015
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,881
    Local Time:
    4:32 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    if you selected https default letsencrypt, the centmin mod would create nginx vhost only for domain2.com.ssl.conf and setup appropriate non-http to https redirects for basic operation.

    but yes curl test all 4 variants as you want to test if non-https are properly redirecting to https versions too via 301/302 status code and verify by looking at Location: target redirects
     
  10. Stephen3000

    Stephen3000 New Member

    13
    0
    1
    May 3, 2019
    Ratings:
    +4
    Local Time:
    9:32 PM
    Oh damn I just edited my previous comment before you just posted haha, but yeah I'm having problem with the curls on my putty tests, but with the KeyCDN they all work fine, even the 2 problematic ones as explained above.
     
  11. eva2000

    eva2000 Administrator Staff Member

    40,620
    9,015
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,881
    Local Time:
    4:32 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    do you have /etc/hosts entries which override your domain's DNS locally ? i.e. point domains to IPs other than the IPs used in DNS records ? as you could be doing curl local tests directing domains to IPs that aren't valid ?

    but i see the problems to do with non-www port 80 (non-https) and port 443 (https) curl commands https://community.centminmod.com/th...ebsite-redirects-to-1st-one.17412/#post-73486. That is why i made suggestions in post at https://community.centminmod.com/th...ebsite-redirects-to-1st-one.17412/#post-73497 regarding properly redirects for non-https to https
     
    • Agree Agree x 1
  12. Stephen3000

    Stephen3000 New Member

    13
    0
    1
    May 3, 2019
    Ratings:
    +4
    Local Time:
    9:32 PM
    The etc/hosts file on my local PC is default (empty, just 127.0) And I didn't mess with the DNS for my domains I simply have: A and IP Address of the server, CNAME www and with the target of domain.com & that's it.

    I believe after your suggestions I've managed to make my ssl.conf work properly since it redirects fine in my tests:

    Code (Text):
    #x# HTTPS-DEFAULT
    server {
       server_name domain.com www.domain.com;
       return 301 https://domain.com$request_uri;
       include /usr/local/nginx/conf/staticfiles.conf;
     }
    
    server {
      listen 443 ssl http2;
      server_name www.domain.com;
      include /usr/local/nginx/conf/ssl/domain.com/domain.com.crt.key.conf;
      include /usr/local/nginx/conf/ssl_include.conf;
      return 301 https://domain.com$request_uri;
    }
    
    server {
      listen 443 ssl http2;
      server_name domain.com;
    
      include /usr/local/nginx/conf/ssl/domain.com/domain.com.crt.key.conf;
      include /usr/local/nginx/conf/ssl_include.conf;
    


    I followed the guide you linked above, and I don't think I need to add another server block with {listen 80; etc} right, I mean my first server{} should take care of that.

    But yeah weird that it's working with keyCDN and not with my SSH... to be honest though, I don't mind it at all, since the redirects are working now, and I'm pleased with that.
     
  13. eva2000

    eva2000 Administrator Staff Member

    40,620
    9,015
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,881
    Local Time:
    4:32 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    yup those 3 server{} context are correct when listen directive isn't listed, it defaults to listen port 80 anyway

    you can check all 4 variants of your domain via other online http header check tools too to see if they are working like HTTP Header Check with an online CURL tool
     
    • Useful Useful x 1
  14. Stephen3000

    Stephen3000 New Member

    13
    0
    1
    May 3, 2019
    Ratings:
    +4
    Local Time:
    9:32 PM
    Yeah I checked them with the KeyCND tool and all work fine, also tested them on another site just to make sure, here's the results (edited domain name ofc).

    [​IMG]

    So yeah, I think there's something weird with either my Putty client or something else... that I get 2 out of 4 curl tests with a connection refused error.

    But since everything works, like I said, I'm happy and I don't really care if those 2 curls fail in my SSH tests.

    Thank you a lot for all the help.
     
  15. eva2000

    eva2000 Administrator Staff Member

    40,620
    9,015
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,881
    Local Time:
    4:32 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    yeah if it works online, then should be fine - though strange your curl commands aren't working. If you have another vps/server, try ssh into that to run curl commands to verify if it's just a particular server.
     
    • Like Like x 1
  16. Stephen3000

    Stephen3000 New Member

    13
    0
    1
    May 3, 2019
    Ratings:
    +4
    Local Time:
    9:32 PM
    Great idea, I just deployed a VPS on Vultr just to check this, and guess what all the curls are working from that machine (used the Virtual Console from Vultr to make sure it's different from my PC/Putty setup).

    So it's probably something weird going on with my PC/Putty. But who cares :D

    Thanks :)
     
    • Informative Informative x 1
  17. eva2000

    eva2000 Administrator Staff Member

    40,620
    9,015
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,881
    Local Time:
    4:32 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    next try different SSH client to rule out server heh
     
  18. Stephen3000

    Stephen3000 New Member

    13
    0
    1
    May 3, 2019
    Ratings:
    +4
    Local Time:
    9:32 PM
    Just tried with WinSCP (the only other SSH client I have installed) and still same problem... http:// and https:// both fail. I don't even know anymore... I'm beyond confused :LOL::LOL:
     
  19. eva2000

    eva2000 Administrator Staff Member

    40,620
    9,015
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,881
    Local Time:
    4:32 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    try verbose curl runs
    Code (Text):
    curl -Iv https://domain2.com

    Code (Text):
    curl -Iv http://domain2.com
     
  20. Stephen3000

    Stephen3000 New Member

    13
    0
    1
    May 3, 2019
    Ratings:
    +4
    Local Time:
    9:32 PM
    Same... not working. :ROFLMAO:
     
    • Informative Informative x 1