Get the most out of your Centmin Mod LEMP stack
Become a Member

Nginx SSL Can't point sub-domain to server's IP

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by tfmus, Apr 27, 2020.

  1. tfmus

    tfmus New Member

    6
    0
    1
    Apr 27, 2020
    Ratings:
    +0
    Local Time:
    8:28 PM
    Hello,

    When I pointed the subdomain to the server's IP and accessed the subdomain, it was immediately redirected to the VPS's name. I named VPS like vps-centos-7.6-64bit, so the browser displayed an error immediately.

    It seems that I am having this problem after installing phpmyadmin addon. Because I tried on another server without phpmyadmin installed, everything is fine.
    • CentOS Version: CentOS 7.6 64bit
    • Centmin Mod Version Installed: 123.09beta01

     
  2. eva2000

    eva2000 Administrator Staff Member

    44,519
    10,165
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,736
    Local Time:
    11:28 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    When you install Centmin Mod it's setup a main hostname nginx vhost host for server which is where Nginx default install index page is shown. Accessing server via IP address will show that page and it's correct and should be left as is as the main hostname site is also used for statistics pages outlined here. When you create a new Nginx vhost site via centmin.sh menu option 2, 22 or nv commands, you have a separate Nginx vhost directory structure. The differences are outlined on official Config file page and at Getting Started Guide step 1 and bottom of that page here.
    If your site domain name when visited redirects to main hostname and default nginx index page, then that is usually due to the main hostname being same as the site domain name which is incorrect as they need to differ.

    What does your /usr/local/nginx/conf/conf.d/virtual.conf and /usr/local/nginx/conf/conf.d/yourdomain.com.conf contents look like ? Make sure virtual.conf main hostname's server_name isn't same as any added nginx vhost site's domain name as per Getting Started Guide step 1, the main hostname needs to be unique.

    You can check via recursive grep filter of your domain name in vhost directory at /usr/local/nginx/conf/conf.d
    Code (Text):
    grep -rnw 'yourdomain.com' /usr/local/nginx/conf/conf.d
    

    Also check DNS is correct use dig to check DNS for domain
    Code (Text):
    dig +short A @8.8.8.8 yourdomain.com
    dig +short A @8.8.8.8 www.yourdomain.com
    dig +short A @8.8.8.8 hostname.yourdomain.com
    

    check HTTP headers via curl for both HTTP (and HTTPS if you have HTTPS/SSL)
    Code (Text):
    curl -I http://yourdomain.com
    curl -I http://www.yourdomain.com
    curl -I https://yourdomain.com
    curl -I https://www.yourdomain.com
    curl -I http://hostname.yourdomain.com
    
     
  3. tfmus

    tfmus New Member

    6
    0
    1
    Apr 27, 2020
    Ratings:
    +0
    Local Time:
    8:28 PM
    Thank you for your feedback!

    I have a website running normally on the domain myweb.com with HTTPS. I want to point the subdomain beta.myweb.com to server, so this happens.

    I realized that, when running the command curl -I https://beta.myweb.com, the result is as follows:

    Code:
    HTTP/1.1 302 Moved Temporarily
    Date: Mon, 27 Apr 2020 13:43:12 GMT
    Content-Type: text/html
    Connection: keep-alive
    Set-Cookie: __cfduid=d597053bbc2117de242e94422477558dc1587994992; expires=Wed, 27-May-20 13:43:12 GMT; path=/; domain=.myweb.com; HttpOnly; SameSite=Lax; Secure
    Location: http://vps-centos-7.6-64bit/
    X-Powered-By: centminmod
    X-Frame-Options: SAMEORIGIN
    CF-Cache-Status: DYNAMIC
    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
    Server: cloudflare
    CF-RAY: 58a8f89ccb3a0227-SIN
    cf-request-id: 025d79b5fb000002273ba3d200000001
    vps-centos-7.6-64bit is exactly my server's hostname. Even if I haven't created a new Nginx vhost site via centmin.sh menu option 2, the redirect happened.

    And this is the result when I run the command line dig + short A @ 8.8.8.8 beta.myweb.com
    Code:
    104.31.75.156
    104.31.74.156
     
    Last edited: Apr 28, 2020
  4. eva2000

    eva2000 Administrator Staff Member

    44,519
    10,165
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,736
    Local Time:
    11:28 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Do you want beta.myweb.com to be the main hostname of Centmin Mod server or as a separate subdomain nginx site ? If separate subdomain nginx site, then you need to create that subdomain nginx vhost site via centmin.sh menu option 2 or nv command line as per instructions at Nginx Vhost & NSD DNS Setup - CentminMod.com LEMP Nginx web stack for CentOS

    If you want it to be main hostname of Centmin Mod server and not used as actual web site, then you haven't properly setup Centmin Mod's main hostname as per Getting Started Guide step 1, the main hostname needs to configured on nginx vhost site for main hostname at /usr/local/nginx/conf/conf.d/virtual.conf.

    The Centmin Mod main hostname is an independent nginx vhost site not used as a regular site but for Centmin Mod stats files (PHP Opcode and Memcached statistics pages) and access for phpmyadmin.sh based phpmyadmin installs
     
  5. tfmus

    tfmus New Member

    6
    0
    1
    Apr 27, 2020
    Ratings:
    +0
    Local Time:
    8:28 PM
    Thank you for your support!

    I want beta.myweb.com to be a separate subdomain nginx site.

    When I pointed beta.myweb.com to the server, and yet to create that subdomain nginx vhost site, I tried to access beta.myweb.com on a browser, and the redirect occurred.

    Then I created the subdomain nginx vhost site via centmin.sh menu option 2 but the redirect still happens.

    This is the content of file beta.myweb.com.conf in /usr/local/nginx/conf/conf.d/

    Code:
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    
    # redirect from non-www to www
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    #server {
    #            listen   80;
    #            server_name beta.myweb.com;
    #            return 301 $scheme://www.beta.myweb.com$request_uri;
    #       }
    
    server {
     
      server_name beta.myweb.com www.beta.myweb.com;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      #add_header X-Frame-Options SAMEORIGIN;
      add_header X-Xss-Protection "1; mode=block" always;
      add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
      #add_header Feature-Policy "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'";
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/beta.myweb.com/log/access.log combined buffer=256k flush=5m;
      error_log /home/nginx/domains/beta.myweb.com/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/beta.myweb.com/autoprotect-beta.myweb.com.conf;
      root /home/nginx/domains/beta.myweb.com/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Wordpress Permalinks example
      #try_files $uri $uri/ /index.php?q=$uri&$args;
    
      }
    
     
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
     
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    UPDATE:

    I tried pointing 2 more subdomains to the server, the result was as follows:

    Subdomain beta2.myweb.com: Redirect to hostname.
    Subdomain beta.myweb2.com: It's fine. I can see the Centmin Mod Nginx Test Page.

    I don't know what happened with the myweb.com's configuration.
     
    Last edited: Apr 28, 2020
  6. tfmus

    tfmus New Member

    6
    0
    1
    Apr 27, 2020
    Ratings:
    +0
    Local Time:
    8:28 PM
    I have found the problem is in main domain's ssl configuration, but don't know how to fix:

    I'm using Full mode on Cloudflare's SSL configuration (Encrypts end-to-end, using a self signed certificate on the server) for the domain myweb.com, then the redirect of subdomain happen.

    If I switch to Flexible mode (Encrypts traffic between the browser and Cloudflare), the subdomain pointing works well.

    Do you have any idea for this problem?
     
  7. eva2000

    eva2000 Administrator Staff Member

    44,519
    10,165
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,736
    Local Time:
    11:28 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    if only /usr/local/nginx/conf/conf.d/beta.myweb.com.conf exists, it means your nginx vhost is non-HTTPS based so only Cloudflare Flexible SSL will work as it talks to non-HTTPS port 80 for your non-HTTPS port 80 based Nginx site. To use Cloudflare Full SSL, you need for beta.myweb.com.conf to have a HTTPS nginx vhost which would be created at /usr/local/nginx/conf/conf.d/beta.myweb.com.ssl.conf when you run centmin.sh menu option 2 or nv and answer yes to enable self-signed SSL certificate.

    If beta.myweb.com nginx vhost site has no content, easiest way is to delete the nginx vhost and recreate it with self-signed SSL cert and Nginx HTTPS site so you can re-enable Cloudflare Full non-strict SSL. Otherwise, if you do not want to delete the existing Nginx vhost site, you can follow guide to migrate it to a live Letsencrypt SSL certificate based HTTPS site at Migrating Existing Nginx Vhost From HTTP to HTTP/2 based HTTPS With Letsencrypt SSL Certificates

    To properly remove an Nginx vhost the instructions are on official site at How to delete Nginx vhost account for existing domain/subdomain ? as well as on each Nginx vhost creation's ending output too lists the commands.

    You also get a log file for each Nginx vhost created which also lists the commands in 123.09beta01 and higher example for http2.domain.com remove log at /root/centminlogs/centminmod_140218-021218_nginx_addvhost_nv-remove-cmds-http2.domain.com.log
    Code (Text):
    ls -lahrt /root/centminlogs/ | grep remove
    -rw-r--r--   1 root root 1.3K Feb 14 02:12 centminmod_140218-021218_nginx_addvhost_nv-remove-cmds-http2.domain.com.log
    


    Then just recreate the Nginx vhost with self-signed SSL via centmin.sh menu option 2 or nv command as outlined at Nginx Vhost & NSD DNS Setup - CentminMod.com LEMP Nginx web stack for CentOS

    nv command options
    Code (Text):
    nv
    
    Usage: /usr/bin/nv [-d yourdomain.com] [-s y|n|yd|le|led|lelive|lelived]
      -d  yourdomain.com or subdomain.yourdomain.com
      -s  ssl self-signed create = y or n or https only vhost = yd
      -s  le - letsencrypt test cert or led test cert with https default
      -s  lelive - letsencrypt live cert or lelived live cert with https default
    
      example:
    
      /usr/bin/nv -d yourdomain.com -s y
      /usr/bin/nv -d yourdomain.com -s n
      /usr/bin/nv -d yourdomain.com -s yd
      /usr/bin/nv -d yourdomain.com -s le
      /usr/bin/nv -d yourdomain.com -s led
      /usr/bin/nv -d yourdomain.com -s lelive
      /usr/bin/nv -d yourdomain.com -s lelived
    


    After deleting the existing beta.myweb.com site, example of re-creating Nginx vhost with HTTPS and self-signed SSL via nv command line would be and use pwgen to generate a random 16 character pure-ftpd virtual FTP username
    Code (Text):
    /usr/bin/nv -d beta.myweb.com -s y -u $(pwgen -1cns 16)
    
     
  8. tfmus

    tfmus New Member

    6
    0
    1
    Apr 27, 2020
    Ratings:
    +0
    Local Time:
    8:28 PM
    I solved the problem by enable ssl for the subdomain beta.myweb.com in /usr/local/nginx/conf/conf.d/beta.myweb.com.conf as follows:
    Code:
    server {
                 listen 80;
                 server_name beta.myweb.com;
                 return 301 $ scheme: //beta.myweb.com$request_uri;
    }
    
    server {
                listen 443;
                ssl on;
                ssl_certificate /home/nginx/domains/myweb.com/public/certificate.pem;
                ssl_certificate_key /home/nginx/domains/myweb.com/public/cert_key.pem;
    }
    Thank you, eva2000, wish you health and happiness!
     
  9. eva2000

    eva2000 Administrator Staff Member

    44,519
    10,165
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,736
    Local Time:
    11:28 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    yes you can do it that way, though ideally you should have a domain.com.ssl.conf for HTTPS to keep in line with what centmin.sh menu routines expect to find and easiest way is to recreate your nginx vhost as outlined in my above post or follow manual instructions when you use nginx vhost generator at Generate Centmin Mod Nginx Vhost - CentminMod.com LEMP Nginx web stack for CentOS and check the generate self-signed SSL cert checkbox