Join the community today
Register Now

Nginx Domain redirecting to another host after 302 redirect is applied

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by radbrad, May 4, 2020.

  1. radbrad

    radbrad New Member

    24
    1
    3
    Feb 15, 2020
    Ratings:
    +2
    Local Time:
    10:37 AM
    Hi,
    Greetings!!

    Today i added a new vhost and applied non www to www redirect in ssl.conf. It has been applied successfully but the domain is redirecting to another vhost and showing that hosts HTML page.

    Here is my domain: uberchecker.com

    Please advice. Whats gone wrong.
     
    Last edited: May 4, 2020
  2. eva2000

    eva2000 Administrator Staff Member

    44,742
    10,200
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,809
    Local Time:
    3:07 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    When you create a new nginx vhost domain via centmin.sh menu option 2 or menu option 22 or via /usr/bin/nv cli command line, you will create the Nginx vhost files and directories. You will get an outputted the path location where it will create the domain name's vhost conf file named newdomain.com.conf (and newdomain.com.ssl.conf if you selected yes to self signed SSL)
    • Nginx vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.conf
    • Nginx HTTP/2 SSL vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf
    • Nginx Self-Signed SSL Certificate Directory at /usr/local/nginx/conf/ssl/newdomain.com
    • Vhost public web root will be at /home/nginx/domains/newdomain.com/public
    • Vhost log directory will be at /home/nginx/domains/newdomain.com/log
    Please post the contents of /usr/local/nginx/conf/conf.d/newdomain.com.conf and if applicable /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf wrapped in CODE tags (outlined at How to use forum BBCODE code tags)

    what is output of these commands in ssh
    Code (Text):
    curl -I https://domain.com
    

    Code (Text):
    curl -I https://www.domain.com
    

    Code (Text):
    curl -I http://domain.com
    

    Code (Text):
    curl -I http://www.domain.com
    

    wrap output in CODE tags
     
  3. radbrad

    radbrad New Member

    24
    1
    3
    Feb 15, 2020
    Ratings:
    +2
    Local Time:
    10:37 AM
    Hi,

    Here are the outputs:

    Output of domain.com.conf-disabled

    Code:
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    
    # redirect from non-www to www
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    #server {
    #            listen   80;
    #            server_name uberchecker.com;
    #            return 301 $scheme://www.uberchecker.com$request_uri;
    #       }
    
    server {
    
      server_name uberchecker.com www.uberchecker.com;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      #add_header X-Frame-Options SAMEORIGIN;
      add_header X-Xss-Protection "1; mode=block" always;
      add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
      #add_header Feature-Policy "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'";
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/uberchecker.com/log/access.log combined buffer=256k flush=5m;
      error_log /home/nginx/domains/uberchecker.com/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/uberchecker.com/autoprotect-uberchecker.com.conf;
      root /home/nginx/domains/uberchecker.com/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      # prevent access to ./directories and files
      #location ~ (?:^|/)\. {
      # deny all;
      #}
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Wordpress Permalinks example
      #try_files $uri $uri/ /index.php?q=$uri&$args;
    
      }
    
      include /usr/local/nginx/conf/pre-staticfiles-local-uberchecker.com.conf;
      include /usr/local/nginx/conf/pre-staticfiles-global.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
    
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    
    
    Output of domain.com.ssl.conf
    Code:
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For HTTP/2 SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
     server {
           server_name uberchecker.com www.uberchecker.com;
           return 302 https://www.uberchecker.com$request_uri;
     }
    
    server {
      listen 443 ssl http2;
      server_name uberchecker.com;
      return 302 https://www.uberchecker.com$request_uri;
    
      ssl_dhparam /usr/local/nginx/conf/ssl/uberchecker.com/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/uberchecker.com/uberchecker.com.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/uberchecker.com/uberchecker.com.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      # cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
      #ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/uberchecker.com/origin.crt;
      #ssl_verify_client on;
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      http2_max_requests 5000;
      # mozilla recommended
      ssl_ciphers TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
    
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      add_header X-Xss-Protection "1; mode=block" always;
      add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
      #add_header Feature-Policy "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'";
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
    
      # enable ocsp stapling
      #resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=10m;
      #resolver_timeout 10s;
      #ssl_stapling on;
      #ssl_stapling_verify on;
      #ssl_trusted_certificate /usr/local/nginx/conf/ssl/uberchecker.com/uberchecker.com-trusted.crt;
    
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/uberchecker.com/log/access.log combined buffer=256k flush=5m;
      error_log /home/nginx/domains/uberchecker.com/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/uberchecker.com/autoprotect-uberchecker.com.conf;
      root /home/nginx/domains/uberchecker.com/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Wordpress Permalinks example
      #try_files $uri $uri/ /index.php?q=$uri&$args;
    
      }
    
      include /usr/local/nginx/conf/pre-staticfiles-local-uberchecker.com.conf;
      include /usr/local/nginx/conf/pre-staticfiles-global.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
    
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    
    server {
      listen 443 ssl http2;
      server_name uberchecker.com;
      return 302 https://www.uberchecker.com;
    
      ssl_dhparam /usr/local/nginx/conf/ssl/uberchecker.com/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/uberchecker.com/uberchecker.com.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/uberchecker.com/uberchecker.com.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    }
    
    
    

    Code:
    curl -I http://uberchecker.com
    
    HTTP/1.1 302 Moved Temporarily
    Date: Mon, 04 May 2020 04:14:17 GMT
    Content-Type: text/html
    Connection: keep-alive
    Set-Cookie: __cfduid=db06f59b4ea618ee4bf95aae5177085d61588565657; expires=Wed, 03-Jun-20 04:14:17 GMT; path=/; domain=.uberchecker.com; HttpOnly; SameSite=Lax
    Location: https://www.uberchecker.com/
    X-Powered-By: centminmod
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 58df64e0edede7bd-LAX
    cf-request-id: 027f7d608e0000e7bda28f8200000001
    

    Code:
    curl -I http://www.uberchecker.com
    
    HTTP/1.1 302 Moved Temporarily
    Date: Mon, 04 May 2020 04:17:15 GMT
    Content-Type: text/html
    Connection: keep-alive
    Set-Cookie: __cfduid=d25f5b82702ea0d28fa6b2f17cf9cecde1588565835; expires=Wed, 03-Jun-20 04:17:15 GMT; path=/; domain=.uberchecker.com; HttpOnly; SameSite=Lax
    Location: https://www.uberchecker.com/
    X-Powered-By: centminmod
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 58df69381df8eb31-LAX
    cf-request-id: 027f80170d0000eb31cf936200000001
    

    Code:
    curl -I https://uberchecker.com
    
    HTTP/1.1 302 Moved Temporarily
    Date: Mon, 04 May 2020 04:20:28 GMT
    Content-Type: text/html
    Connection: keep-alive
    Set-Cookie: __cfduid=d85c8d6d653ff4541587e23ac4611c9cd1588566028; expires=Wed, 03-Jun-20 04:20:28 GMT; path=/; domain=.uberchecker.com; HttpOnly; SameSite=Lax
    Location: https://www.uberchecker.com/
    X-Powered-By: centminmod
    X-Xss-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    CF-Cache-Status: DYNAMIC
    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
    Server: cloudflare
    CF-RAY: 58df6deb2a87eb00-LAX
    cf-request-id: 027f8306fd0000eb00b08ad200000001
    
    

    Code:
    curl -I https://www.uberchecker.com
    
    HTTP/1.1 200 OK
    Date: Mon, 04 May 2020 04:23:04 GMT
    Content-Type: text/html; charset=utf-8
    Connection: keep-alive
    Set-Cookie: __cfduid=d8db99bc61981b32e1db018ed897a4ee21588566184; expires=Wed, 03-Jun-20 04:23:04 GMT; path=/; domain=.uberchecker.com; HttpOnly; SameSite=Lax
    Vary: Accept-Encoding
    X-Powered-By: centminmod
    X-Xss-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    X-Page-Speed: 1.13.35.2-0
    Cache-Control: max-age=0, no-cache
    CF-Cache-Status: DYNAMIC
    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
    Server: cloudflare
    CF-RAY: 58df71beccac051f-LAX
    cf-request-id: 027f856b3a0000051f2c3c5200000001
    
    
     
  4. eva2000

    eva2000 Administrator Staff Member

    44,742
    10,200
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,809
    Local Time:
    3:07 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    2nd server{} context in domain.com.ssl.conf which is the main HTTPS site should be changed

    from
    Code (Text):
    server {
      listen 443 ssl http2;
      server_name uberchecker.com;
      return 302 https://www.uberchecker.com$request_uri;
    
      ssl_dhparam /usr/local/nginx/conf/ssl/uberchecker.com/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/uberchecker.com/uberchecker.com.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/uberchecker.com/uberchecker.com.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    

    to so remove 302 return and change server_name for www version of domain
    Code (Text):
    server {
      listen 443 ssl http2;
      server_name www.uberchecker.com;
    
      ssl_dhparam /usr/local/nginx/conf/ssl/uberchecker.com/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/uberchecker.com/uberchecker.com.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/uberchecker.com/uberchecker.com.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    

    as it doesn't need a 302 redirect
     
  5. radbrad

    radbrad New Member

    24
    1
    3
    Feb 15, 2020
    Ratings:
    +2
    Local Time:
    10:37 AM
    Thanks man, Resolved. Thank you so much.
     
  6. radbrad

    radbrad New Member

    24
    1
    3
    Feb 15, 2020
    Ratings:
    +2
    Local Time:
    10:37 AM
    It's not quite resolved. Today, I got this error "403 forbidden Nginx" error today.

    This is what i found in the error.log

    Code:
    conflicting server name "apluscase.com.tw" on 0.0.0.0:80, ignored
    The Nginx -t return this

    Code:
    nginx: [warn] conflicting server name "apluscase.com.tw" on 0.0.0.0:80, ignored
    nginx: [warn] conflicting server name "www.uberchecker.com" on 0.0.0.0:443, ignored
    
    I think the server blocks needs to be set correctly.
     
    Last edited: May 5, 2020
  7. eva2000

    eva2000 Administrator Staff Member

    44,742
    10,200
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,809
    Local Time:
    3:07 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    conflicting server names may not cause 403 permission denied errors but wordpress security and Centmin Mod tools/autoprotect.sh tool may so check out Wordpress - Wordpress 403 Permission Denied Errors if either of those 2 items are causing problems. Might want to start a new thread for 403 errors