Nginx nginx serving another site under ssl

nikolaikapustin · Oct 26, 2016

Hello,

my vps has two ipv4 addresses. Domain1.com refers to the first ipv4 address and it is working correctly under ssl certificate.
But when pointing to domain2.com or https://domain2.com (2nd ipv4) i get redirected to https://domain1.com. Any ideas?
I hope someone can help.
The beginning of the conf files is as follow:

domain1.com.conf and domain1.com.ssl.conf
Code (Text):
server {
 server_name domain1.com www.domain1.com;
return 301 https://www.domain1.com$request_uri;
Code (Text):
server {
  listen 443 ssl http2;
  server_name domain1.com www.domain1.com;
domain2.com.conf and domain2.com.ssl.conf
Code (Text):
server {
 server_name domain2.com www.domain2.com;
#return 301 https://www.domain2.com$request_uri;
Code (Text):
server {
  listen 443 ssl http2;
  server_name domain2.com www.domain2.com;

eva2000 · Oct 26, 2016

see Module ngx_http_core_module for listen directive for domain2.com needs to specify the ip i.e. where 111.222.333.444 is 2nd ip

domain2.com.conf and domain2.com.ssl.conf
Code (Text):
server {
 listen 111.222.333.444:80;
 server_name domain2.com www.domain2.com;
#return 301 https://www.domain2.com$request_uri;
Code (Text):
server {
  listen 111.222.333.444:443 ssl http2;
  server_name domain2.com www.domain2.com;

nikolaikapustin · Oct 26, 2016

applied your suggestion but unfortunately https://domain2.com still redirects to https://domain1.com.

eva2000 · Oct 26, 2016

When you create a new nginx vhost domain via centmin.sh menu option 2 or menu option 22 or via /usr/bin/nv cli command line, you will create the Nginx vhost files and directories. You will get an outputted the path location where it will create the domain name's vhost conf file named newdomain.com.conf (and newdomain.com.ssl.conf if you selected yes to self signed SSL)

Nginx vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.conf

Nginx HTTP/2 SSL vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf

Nginx Self-Signed SSL Certificate Directory at /usr/local/nginx/conf/ssl/newdomain.com

Vhost public web root will be at /home/nginx/domains/newdomain.com/public

Vhost log directory will be at /home/nginx/domains/newdomain.com/log

Please post the contents of /usr/local/nginx/conf/conf.d/newdomain.com.conf and if applicable /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf wrapped in CODE tags (outlined at How to use forum BBCODE code tags)

nikolaikapustin · Oct 26, 2016

domain1.com.ssl.conf

Code (Text):

# Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html
# For SPDY or HTTP/2 SSL Setup
# read http://centminmod.com/nginx_configure_https_ssl_spdy.html

# redirect from www to non-www  forced SSL
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
# server {
#   server_name domain1.com www.domain1.com;
#    return 302 https://domain1.com$request_uri;
# }

server {
  listen 111.222.333.444:443 ssl http2;
  server_name domain1.com www.domain1.com;

  ssl_dhparam /usr/local/nginx/conf/ssl/domain1.com/dhparam.pem;
  ssl_certificate      /usr/local/nginx/conf/ssl/domain1.com/ssl-unified.crt;
  ssl_certificate_key  /usr/local/nginx/conf/ssl/domain1.com/domain1.com.key;
  include /usr/local/nginx/conf/ssl-include.conf;

  http2_max_field_size 16k;
  http2_max_header_size 32k;
  # dual cert supported ssl ciphers
  ssl_ciphers     EECDH+CHACHA20-draft:EECDH+CHACHA20:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
  ssl_prefer_server_ciphers   on;
  #add_header Alternate-Protocol  443:npn-spdy/3;
  #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  #add_header X-Frame-Options SAMEORIGIN;
  #add_header X-Xss-Protection "1; mode=block" always;
  #add_header X-Content-Type-Options "nosniff" always;
  #spdy_headers_comp 5;
  ssl_buffer_size 1369;
  ssl_session_tickets on;

  # enable ocsp stapling
  #resolver 8.8.8.8 8.8.4.4 valid=10m;
  #resolver_timeout 10s;
  #ssl_stapling on;
  #ssl_stapling_verify on;
  #ssl_trusted_certificate /usr/local/nginx/conf/ssl/domain1.com/domain1.com-trusted.crt;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/domain1.com/log/access.log combined buffer=256k flush=60m;
  error_log /home/nginx/domains/domain1.com/log/error.log;
 include /usr/local/nginx/conf/autoprotect/domain1.com/autoprotect-domain1.com.conf;
  root /home/nginx/domains/domain1.com/public;
include /usr/local/nginx/conf/wpincludes/domain1.com/rediscache_domain1.com.conf;
  location / {

# block common exploits, sql injections etc
#include /usr/local/nginx/conf/block.conf;

  # Enables directory listings when index file not found
  #autoindex  on;

  # Shows file listing times as local time
  #autoindex_localtime on;

  # Enable for vBulletin usage WITHOUT vbSEO installed
  # More example Nginx vhost configurations at
  # http://centminmod.com/nginx_configure.html
  # try_files    $uri $uri/ /index.php;
  #Nginx level redis Wordpress
  # https://community.centminmod.com/posts/18828/
  try_files $uri $uri/ /index.php?$args;

  }

  # prevent access to ./directories and files
  location ~ (?:^|/)\. {
   deny all;
  }

location ~* /(xmlrpc\.php) {
allow 127.0.0.1;
deny all;
    #limit_req zone=xwprpc burst=45 nodelay;
    #limit_conn xwpconlimit 30;
    #include /usr/local/nginx/conf/php-wpsc.conf;
    # https://community.centminmod.com/posts/18828/
    include /usr/local/nginx/conf/php-rediscache.conf;
}

include /usr/local/nginx/conf/wpincludes/domain1.com/wpsecure_domain1.com.conf;
include /usr/local/nginx/conf/php-rediscache.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  #include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}

domain2.com.ssl.conf

Code (Text):

# Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html
# For SPDY or HTTP/2 SSL Setup
# read http://centminmod.com/nginx_configure_https_ssl_spdy.html

# redirect from www to non-www  forced SSL
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
# server {
#   server_name domain2.com www.domain2.com;
#    return 302 https://domain2.com$request_uri;
# }

server {
  listen 444.333.222.111:443 ssl http2;
  server_name domain2.com www.domain2.com;

  ssl_dhparam /usr/local/nginx/conf/ssl/domain2.com/dhparam.pem;
  ssl_certificate      /usr/local/nginx/conf/ssl/domain2.com/ssl-unified.crt;
  ssl_certificate_key  /usr/local/nginx/conf/ssl/domain2.com/domain2.com.key;
  include /usr/local/nginx/conf/ssl-include.conf;

  http2_max_field_size 16k;
  http2_max_header_size 32k;
  # dual cert supported ssl ciphers
  ssl_ciphers     EECDH+CHACHA20-draft:EECDH+CHACHA20:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
  ssl_prefer_server_ciphers   on;
  #add_header Alternate-Protocol  443:npn-spdy/3;
  #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  #add_header X-Frame-Options SAMEORIGIN;
  #add_header X-Xss-Protection "1; mode=block" always;
  #add_header X-Content-Type-Options "nosniff" always;
  #spdy_headers_comp 5;
  ssl_buffer_size 1369;
  ssl_session_tickets on;

  # enable ocsp stapling
  #resolver 8.8.8.8 8.8.4.4 valid=10m;
  #resolver_timeout 10s;
  #ssl_stapling on;
  #ssl_stapling_verify on;
  #ssl_trusted_certificate /usr/local/nginx/conf/ssl/domain2.com/domain2.com-trusted.crt;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/domain2.com/log/access.log combined buffer=256k flush=60m;
  error_log /home/nginx/domains/domain2.com/log/error.log;
 include /usr/local/nginx/conf/autoprotect/domain2.com/autoprotect-domain2.com.conf;
  root /home/nginx/domains/domain2.com/public;
include /usr/local/nginx/conf/wpincludes/domain2.com/rediscache_domain2.com.conf;
  location / {

# block common exploits, sql injections etc
#include /usr/local/nginx/conf/block.conf;

  # Enables directory listings when index file not found
  #autoindex  on;

  # Shows file listing times as local time
  #autoindex_localtime on;

  # Enable for vBulletin usage WITHOUT vbSEO installed
  # More example Nginx vhost configurations at
  # http://centminmod.com/nginx_configure.html
  # try_files    $uri $uri/ /index.php;
  #Nginx level redis Wordpress
  # https://community.centminmod.com/posts/18828/
  try_files $uri $uri/ /index.php?$args;

  }

  # prevent access to ./directories and files
  location ~ (?:^|/)\. {
   deny all;
  }


location ~* /(xmlrpc\.php) {
allow 127.0.0.1;
deny all;
    #limit_req zone=xwprpc burst=45 nodelay;
    #limit_conn xwpconlimit 30;
    #include /usr/local/nginx/conf/php-wpsc.conf;
    # https://community.centminmod.com/posts/18828/
    include /usr/local/nginx/conf/php-rediscache.conf;
}

include /usr/local/nginx/conf/wpincludes/domain2.com/wpsecure_domain2.com.conf;
include /usr/local/nginx/conf/php-rediscache.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  #include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}

eva2000 · Oct 26, 2016

did you do same for non-https domain1.com.conf and domain2.com.conf for specifying ips in listen directive ?

nikolaikapustin · Oct 26, 2016

Yes without https domain2.com is working correctly.

eva2000 · Oct 26, 2016

what's output for commands
Code (Text):
curl -Isv https://domain1.com
curl -Isv https://domain2.com
Might want to use CODE tags for code How to use forum BBCODE code tags

nikolaikapustin · Oct 26, 2016

Code (Text):

* About to connect() to domain1.com port 443 (#0)
*   Trying 111.222.333.444...
* Connected to domain1.com (111.222.333.444) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
*       subject: CN=domain1.com,OU=PositiveSSL,OU=Domain Control Validated
*       start date: Oct 05 00:00:00 2016 GMT
*       expire date: Oct 04 23:59:59 2017 GMT
*       common name: domain1.com
*       issuer: CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
> HEAD / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: domain1.com
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
HTTP/1.1 301 Moved Permanently
< Date: Tue, 25 Oct 2016 22:19:31 GMT
Date: Tue, 25 Oct 2016 22:19:31 GMT
< Content-Type: text/html; charset=UTF-8
Content-Type: text/html; charset=UTF-8
< Connection: keep-alive
Connection: keep-alive
< X-Pingback: https://www.domain1.com/xmlrpc.php
X-Pingback: https://www.domain1.com/xmlrpc.php
< Location: https://www.domain1.com/
Location: https://www.domain1.com/
< Server: nginx centminmod
Server: nginx centminmod
< X-Powered-By: centminmod
X-Powered-By: centminmod
< X-Cache: MISS
X-Cache: MISS
< X-Cache-2: BYPASS
X-Cache-2: BYPASS

<
* Connection #0 to host domain1.com left intact

Code (Text):

* About to connect() to domain2.com port 443 (#0)
*   Trying 444.333.222.111...
* Connected to domain2.com (444.333.222.111) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
*       subject: CN=domain2.com,OU=PositiveSSL,OU=Domain Control Validated
*       start date: Oct 10 00:00:00 2016 GMT
*       expire date: Oct 10 23:59:59 2017 GMT
*       common name: domain2.com
*       issuer: CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
> HEAD / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: domain2.com
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
HTTP/1.1 301 Moved Permanently
< Date: Tue, 25 Oct 2016 22:21:05 GMT
Date: Tue, 25 Oct 2016 22:21:05 GMT
< Content-Type: text/html; charset=UTF-8
Content-Type: text/html; charset=UTF-8
< Connection: keep-alive
Connection: keep-alive
< X-Pingback: https://www.domain2.com/xmlrpc.php
X-Pingback: https://www.domain2.com/xmlrpc.php
< Location: https://www.domain2.com/
Location: https://www.domain2.com/
< Server: nginx centminmod
Server: nginx centminmod
< X-Powered-By: centminmod
X-Powered-By: centminmod
< X-Cache: MISS
X-Cache: MISS
< X-Cache-2: BYPASS
X-Cache-2: BYPASS

<
* Connection #0 to host domain2.com left intact

eva2000 · Oct 26, 2016

do their respective lines for

Connected to domain1.com
Connected to domain2.com

connect to the right ips ?

try restart nginx, clear browser cache, restart browser or even restart your pc to see if it clears any caches.

nikolaikapustin · Oct 26, 2016

yes of course.

eva2000 · Oct 26, 2016

besides above clear browser cache and reboots

also test each domain in Website Speed Test | Full Page Performance Check to confirm if it's your own browser/dns cache at play

nikolaikapustin · Oct 26, 2016

not a browser cache problem, can it be redis cache that memorized the redirect?

eva2000 · Oct 26, 2016

try restarting redis server
Code (Text):
service redis restart
or flush cache
Code (Text):
redis-cli flushall

nikolaikapustin · Oct 26, 2016

ok, something moved after flushing redis cache (and also browser cache). Browser says both domain2.com and https://domain2.com do not redirect correctly.
ERR_TOO_MANY_REDIRECTS

eva2000 · Oct 26, 2016

what do the curl commands at Nginx - nginx serving another site under ssl | Centmin Mod Community report now ?

nikolaikapustin · Oct 26, 2016

both look ok..

Code (Text):

* About to connect() to domain1.com port 443 (#0)
*   Trying 111.222.333.444...
* Connected to domain1.com (111.222.333.444) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
*       subject: CN=domain1.com,OU=PositiveSSL,OU=Domain Control Validated
*       start date: Oct 05 00:00:00 2016 GMT
*       expire date: Oct 04 23:59:59 2017 GMT
*       common name: domain1.com
*       issuer: CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
> HEAD / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: domain1.com
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
HTTP/1.1 301 Moved Permanently
< Date: Tue, 25 Oct 2016 22:54:07 GMT
Date: Tue, 25 Oct 2016 22:54:07 GMT
< Content-Type: text/html; charset=UTF-8
Content-Type: text/html; charset=UTF-8
< Connection: keep-alive
Connection: keep-alive
< X-Pingback: https://www.domain1.com/xmlrpc.php
X-Pingback: https://www.domain1.com/xmlrpc.php
< Location: https://www.domain1.com/
Location: https://www.domain1.com/
< Server: nginx centminmod
Server: nginx centminmod
< X-Powered-By: centminmod
X-Powered-By: centminmod
< X-Cache: MISS
X-Cache: MISS
< X-Cache-2: BYPASS
X-Cache-2: BYPASS

<
* Connection #0 to host domain1.com left intact

Code (Text):

* About to connect() to domain2.com port 443 (#0)
*   Trying 444.333.222.111...
* Connected to domain2.com (444.333.222.111) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
*       subject: CN=domain2.com,OU=PositiveSSL,OU=Domain Control Validated
*       start date: Oct 10 00:00:00 2016 GMT
*       expire date: Oct 10 23:59:59 2017 GMT
*       common name: domain2.com
*       issuer: CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
> HEAD / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: domain2.com
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
HTTP/1.1 301 Moved Permanently
< Date: Tue, 25 Oct 2016 22:55:20 GMT
Date: Tue, 25 Oct 2016 22:55:20 GMT
< Content-Type: text/html; charset=UTF-8
Content-Type: text/html; charset=UTF-8
< Connection: keep-alive
Connection: keep-alive
< X-Pingback: https://www.domain2.com/xmlrpc.php
X-Pingback: https://www.domain2.com/xmlrpc.php
< Location: https://www.domain2.com/
Location: https://www.domain2.com/
< Server: nginx centminmod
Server: nginx centminmod
< X-Powered-By: centminmod
X-Powered-By: centminmod
< X-Cache: MISS
X-Cache: MISS
< X-Cache-2: BYPASS
X-Cache-2: BYPASS

<
* Connection #0 to host domain2.com left intact

nikolaikapustin · Oct 26, 2016

found, i had left http:// (without S) in wordpress settings.. forgive me..

eva2000 · Oct 26, 2016

nikolaikapustin said: ↑

found, i had left http:// (without S) in wordpress settings.. forgive me..
Click to expand...

LOL

Log in / Register

Forums

Want to subscribe to topics you're interested in?

Nginx nginx serving another site under ssl

nikolaikapustin Member

eva2000 Administrator Staff Member

nikolaikapustin Member

eva2000 Administrator Staff Member

nikolaikapustin Member

eva2000 Administrator Staff Member

nikolaikapustin Member

eva2000 Administrator Staff Member

nikolaikapustin Member

eva2000 Administrator Staff Member

nikolaikapustin Member

eva2000 Administrator Staff Member

nikolaikapustin Member

eva2000 Administrator Staff Member

nikolaikapustin Member

eva2000 Administrator Staff Member

nikolaikapustin Member

nikolaikapustin Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Want to subscribe to topics you're interested in?

Nginx nginx serving another site under ssl

nikolaikapustin Member

eva2000 Administrator Staff Member

nikolaikapustin Member

eva2000 Administrator Staff Member

nikolaikapustin Member

eva2000 Administrator Staff Member

nikolaikapustin Member

eva2000 Administrator Staff Member

nikolaikapustin Member

eva2000 Administrator Staff Member

nikolaikapustin Member

eva2000 Administrator Staff Member

nikolaikapustin Member

eva2000 Administrator Staff Member

nikolaikapustin Member

eva2000 Administrator Staff Member

nikolaikapustin Member

nikolaikapustin Member

eva2000 Administrator Staff Member

.