Get the most out of your Centmin Mod LEMP stack
Become a Member

Multiple domains problem, nginx shows only the first installed

Discussion in 'Install & Upgrades or Pre-Install Questions' started by Keroteta, Aug 2, 2019.

  1. Keroteta

    Keroteta New Member

    12
    0
    1
    Aug 2, 2019
    Ratings:
    +0
    Local Time:
    5:17 AM
    nginx/1.17.2 (280719-043529-centos7-kvm)
    10.3.17-MariaDB
    Please fill in any relevant information that applies to you:
    • CentOS Version: CentOS 7 64bit
    • Centmin Mod Version Installed: Latest 123.09beta01
    • Nginx Version Installed: 1.17.2
    • PHP Version Installed: 7.3.7
    • MariaDB MySQL Version Installed: 10.3.17
    • When was last time updated Centmin Mod code base ? : Just yesterday (01/08/2019)
    • Persistent Config:
      Code:
      SET_DEFAULT_MYSQLCHARSET='utf8mb4'
      AUTOHARDTUNE_NGINXBACKLOG='y'
      ZSTD_LOGROTATE_NGINX='y'
      ZSTD_LOGROTATE_PHPFPM='y'
      NGINX_ZERODT='y'
      NGINX_LIBBROTLI='y'
      NGXDYNAMIC_BROTLI='y'
      PHP_PGO='y'
      PHP_BROTLI='y'
      PHP_LZFOUR='y'
      PHP_LZF='y'
      PHP_ZSTD='y'
      MARCH_TARGETNATIVE='n'
      LETSENCRYPT_DETECT='y'
      DUALCERTS='y'
      
    Hi there,

    A few days ago I made a fresh install of Centmin Mod and moved one of my Wordpress sites to this new brand Centmin Mod server with success. I used option 22 of centmin menu and everything works like a charm with this domain. I'm so happy with it and Centmin Mod lightning speed. Let´s name it domain1.com from now on. domain1.com is installed with a working letsencrypt SSL certificate and option 4 (HTTPS Only) selected during installation. domain1.com also redirects from non www version to www version, so I had to change the vhost config file to do so. The first lines at /usr/local/nginx/conf/conf.d/domain1.com.ssl.conf file are:
    Code:
    #x# HTTPS-DEFAULT
     server {
    
       server_name domain1.com www.domain1.com;
       return 301 https://www.domain1.com$request_uri;
       include /usr/local/nginx/conf/staticfiles.conf;
     }
    
    server {
      listen 443 ssl http2 reuseport;
      listen [2a01:7e01::f03c:91ff:feda:cab6]:443 ssl http2 ipv6only=off;
      server_name www.domain1.com;
    
    Note that the ipv6 line was added a few hours after installing the vhost, site and adding DNS entries.
    As stated before domain1.com works awesome. But.. the problem appears when I try to move the second of my wordpress sites. Let's name it domain2.com, also a Wordpress site that I try to install with centmin option 22.

    I follow the same steps that I did with domain1.com, I use option 22, letsencrypt certificate with option 4, etc and when it finish creating vhost it appears that everything works just fine. I try accessing this urls..

    http://domain2.com
    http://www.domain2.com
    https://domain2.com
    https://www.domain2.com

    and all redirects to https://domain2.com and I can see a fresh default installation of Wordpress. Until now everything ok, but then I go to its vhost config file because I want to modify it so it redirects to the https + www version always. So I edit the file exactly the same as I did with domain1.com. Just see

    The first lines at /usr/local/nginx/conf/conf.d/domain2.com.ssl.conf file are:
    Code:
    #x# HTTPS-DEFAULT
     server {
    
       server_name domain2.com www.domain2.com;
       return 302 https://www.domain2.com$request_uri;
       include /usr/local/nginx/conf/staticfiles.conf;
     }
    
    server {
      listen 443 ssl http2;
      server_name www.domain2.com;
    
    I made a nprestart and BOOM, the nightmare begins. When I try to access any of these four urls :

    http://domain2.com
    http://www.domain2.com
    https://domain2.com
    https://www.domain2.com

    I always get the first Wordpress I installed. It's like I'm redirected to https://domain2.com without www but also the site that appears on screen is domain1.com. And also of course I get a non valid SSL certificate Warning. It's been like that for hours and I just don´t know what else to do, absolutely no idea. I just made those little changes on its vhost config file, just 2 lines, the one adding the www in the first server block:

    At first was:
    Code:
    return 302 https://domain2.com$request_uri;
    and it was working, then changed to
    Code:
    return 302 https://www.domain2.com$request_uri;
    and the one in the second block:
    At first was
    Code:
    server_name domain2.com www.domain2.com;
    and then
    Code:
    server_name www.domain2.com;
    Now even reverting those changes and doing a nprestart IT DOESN´T WORK!!

    Also note that I removed all content via FTP of its public folder and uploaded my backup files from its original server (made with duplicator plugin) So now in the public folder there are 2 files, installer.php and the .zip with the backup. I don´t know if this has something to do because I also noted that when I try https://domain2.com or any of its variants on these site

    http://www.redirect-checker.org/index.php

    I got this result..

    http://domain2.com
    302 Moved Temporarily
    https://domain2.com/
    403 Forbidden


    A 403 Forbidden.. weird. And also that way is how I installed domain1 and worked.

    I know that Centmin Mod server can host multiple domains, so I don´t know what is wrong with mine. I really love Centmin Mod but I need to sort this out to move all my sites. I really would appreciate any help with this.
     
  2. eva2000

    eva2000 Administrator Staff Member

    42,268
    9,550
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,708
    Local Time:
    2:17 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    clue might lie in letsencrypt ssl certificate issuance/validaity and domain validation

    First try running your intended SSL certificate domain through the letsdebug.net online testing tool to check for potential errors with HTTP-01 validation.

    Centmin Mod Self-Signed SSL Fallback



    If you're seeing a Centmin Mod's self-signed ssl certificate instead of letsencrypt ssl certificate, then that's acmetool.sh and centminmod's fallback if letsencrypt verification fails to obtain letsencrypt ssl cert, it falls back to centmin mod self-signed ssl certificate on https port 443 side so to preserve the https nginx vhost

    Troubleshooting



    There are various steps you can do to troubleshoot failed letsencrypt issuances, renews, reissues etc.
    • acmetool.sh logs all command line or shell menu runs to log files at /root/centminlogs. To troubleshoot, copy the contents of the log run and post contents of log to pastebin.com or gist.github.com and share link in this thread. To find the log list the logs in ascending date order
      Code (Text):
      ls -lahrt /root/centminlogs
      .
    • For direct acmetool.sh runs, there should be a 2nd & 3rd & 4th log in format /root/centminlogs/centminmod_${DT}_nginx_addvhost_nv.log and /root/centminlogs/acmetool.sh-debug-log-$DT.log and /root/centminlogs/acmesh-issue_*.log or /root/centminlogs/acmesh-reissue_*.log which would need to be included via separate pastebin.com or gist.github.com post.
    • Enable acmetool.sh debug mode. In persistent config file at /etc/centminmod/custom_config.inc (create it if doesn't exist) add and enable acmetool.sh debug mode which gives much more verbose letsencrypt issuance process information when you re-run acmetool.sh or centmin.sh menu options 2, 22 or /usr/bin/nv command lines.
      Code (Text):
      ACMEDEBUG='y'
    check output for the following commands
    Code (Text):
    echo y | /usr/local/src/centminmod/addons/acmetool.sh checkdates
    

    Code (Text):
    "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh"
    

    Code (Text):
    echo | openssl s_client -connect yourdomain.com:443
    

    Without the answers to above questions and logs, there is nothing to help troubleshoot.

    SSLLabs Test



    Also run your HTTPS domain site through SSLLabs tester at SSL Server Test (Powered by Qualys SSL Labs) if it says untrusted SSL cert and prompts to continue the test, continue the test.
     
  3. eva2000

    eva2000 Administrator Staff Member

    42,268
    9,550
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,708
    Local Time:
    2:17 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Posted at centminmod.com/nginx_domain_dns_setup.html#httpsredirect is the correct way to set it up - pay attention to different way if you want redirect target being www version instead of non-www and vice versa and that the target version www or non-www is the only version listed in server_name for the 2nd/main server {} context.

    key to testing is using 302 temp redirect first in a private incognito browser session otherwise the problems you can experience may end up being due to browser caching or 301 permanent redirects unless you clear browser cache and reboot local computer(s) and even then some web browsers don't let go of 301 permanent redirect browser cache that willingly :)

    You can test in SSH via curl to check headers for location field (where the redirect goes) using the following commands:
    Code (Text):
    curl -I http://domain.com
    

    Code (Text):
    curl -I http://www.domain.com
    

    Code (Text):
    curl -I https://domain.com
    

    Code (Text):
    curl -I https://www.domain.com
    
     
  4. Keroteta

    Keroteta New Member

    12
    0
    1
    Aug 2, 2019
    Ratings:
    +0
    Local Time:
    5:17 AM
    nginx/1.17.2 (280719-043529-centos7-kvm)
    10.3.17-MariaDB
    I finally got it working.. But I don´t know what was causing the issue.

    What I finally did was rebooting the server and I got into another problem before sorting out the initial one. After rebooting when I tried to access any of the domains Chrome was always giving me an ERR_CONNECTION_REFUSED, like in this post

    https://community.centminmod.com/threads/website-refused-to-connect-after-server-reboot.13666/

    I executed nprestart and then I was able to access via Chrome and no ERR_CONNECTION_REFUSED, though now I'm afraid that those services could not auto restart on future reboots. I have to say that the only user I use via SSH is the root.

    After solving this I uploaded via FTP a simple index.html with a "Hello World" H1 to the public directory of domain2, the one that I wasn´t able to access because of the redirection to domain1 and IT WORKED!! That index was presented to me in the browser, so I tried to access to the installer.php generated by the plugin Duplicator and it also worked.

    Now I have my second Wordpress site working and accessible via domain2.com Yayyy!! Maybe it was some kind of caching preventing me from access before, because I deleted all files of Wordpress generated with option 22. Next time after removing them I won´t try to access the domain at its root, but directly access the installer.php so domain1.com isnt cached.

    Tomorrow I will try to move a third domain/site to my Centmin Mod server and hopefully I don´t get into that much trouble myself :D Learning a lot reading the forums and enjoying loving Centmin Mod more every minute.

    Thanks a lot for taking the time to reply my post and also for making possible this awesome work of art that is Centmin Mod.
     
  5. eva2000

    eva2000 Administrator Staff Member

    42,268
    9,550
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,708
    Local Time:
    2:17 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    strange, the diagnostic curl commands at https://community.centminmod.com/th...ws-only-the-first-installed.18039/#post-76442 would of helped verify if the problem is local to you/your browser as it they work give HTTP 200 status or 301/302 to right listed location field redirect target, then it would confirm issue is on your end and not server