Nginx SSL phpmyadmin main hostname HTTPS SSL: conflicting server name ignored

Sorry for hijack thread ..
but @eva2000 how about if i want to change hostname to use full SSL with Alphassl ??
now only PMA is using self signed SSL but i want to use my Alphassl instead Self Signed..
So all related url in hostname will be using SSL..
Which config i must change in virtual.conf ??
cause if i only add port 443 and SSL related conf in virtual.conf it shows same warning like above,
Conflict domain 0.0.0.0:443, ignore. and can't reach hostname url with SSL..

---

 

Hi @eva2000 ..
I just tried it, but that's not enough to just remove that 302 redirects..
1. i had tried to only remove that 302 redirects but still server name 443 conflict came up. Main Hostname and PMA url can be access fine, but php info page etc, show download box.
2. i tried to edit phpmyadmin_ssl.conf server name using localhost. Main hostname url and all related url like PHP Info, Opcache Info, etc can be access using paid SSL. But PMA ssl url got too many redirects error.
3. i tried to edit virtual.conf server name using localhost. PMA ssl url can be access fine without error. But when accessing all related url like PHP Info, Opcache Info, i can't open it instead it show download box.

here is my virtual.conf for now :

Code (Text):

server {
        listen   80 default_server backlog=2048 reuseport;
        server_name domain.com;
        return 302 https://$server_name$request_uri;
}

server {
        listen 443 ssl http2;
        server_name name domain.com;
        root   html;

All related SSL Conf and nginx Conf here..

and here is my phpmyadmin_ssl.conf :

Code (Text):

server {
        listen 443 ssl http2;
        server_name localhost;
#if i use domain.com it got conflict warning and can't open php info page.
#but can access main hostname url dan PMA url.
        root   html;

All related SSL Conf and PMA Conf here..

I knew i missed something but where??
maybe you can give me some lights
thanks..

 

Nah, if i do just like you said, Main Hostname SSL and PMA url SSL is fine,
but can't open/accessing PHP Info url or Opcache url instead it show download dialog.

 

Yes, it's include by default, only phpstatus,errorpage and vtsmainserver is not enabled.

 

Virtual .conf :

Code (Text):

server {
        listen   80 default_server backlog=2048 reuseport;
        server_name domain.com;
        return 302 https://$server_name$request_uri;
        root   html;

        access_log              /var/log/nginx/localhost.access.log     main_ext buffer=256k flush=5m;
        error_log               /var/log/nginx/localhost.error.log      error;

# limit_conn limit_per_ip 16;
# ssi  on;

        location /nginx_status {
        stub_status on;
        access_log   off;
        allow 127.0.0.1;
        #allow youripaddress;
        deny all;
        }
            location / {

# block common exploits, sql injections etc
#include /usr/local/nginx/conf/block.conf;

#        Enables directory listings when index file not found
#       autoindex  on;

#       Shows file listing times as local time
#       autoindex_localtime on;

#       Enable for vBulletin usage WITHOUT vbSEO installed
#       try_files       $uri $uri/ /index.php;
           
            }

        # example nginx-http-concat
        # /csstest/??one.css,two.css
        #location /csstest {
        #concat on;
        #concat_max_files 20;
        #}

include /usr/local/nginx/conf/phpmyadmin.conf;
include /usr/local/nginx/conf/staticfiles.conf;
include /usr/local/nginx/conf/cinfo.conf;
include /usr/local/nginx/conf/include_opcache.conf;
include /usr/local/nginx/conf/redisadmin.conf;
include /usr/local/nginx/conf/php.conf;
#include /usr/local/nginx/conf/phpstatus.conf;
include /usr/local/nginx/conf/drop.conf;
#include /usr/local/nginx/conf/errorpage.conf;
#include /usr/local/nginx/conf/vts_mainserver.conf;

       }

phpmyadmin_ssl.conf :

Code (Text):

server {
        listen 443 ssl http2;
        server_name domain.com;
        root   html;

keepalive_timeout  3000;

 client_body_buffer_size 256k;
 client_body_timeout 3000s;
 client_header_buffer_size 256k;
 client_header_timeout  60s;
 client_max_body_size 512m;
 connection_pool_size  512;
 directio  512m;
 ignore_invalid_headers on;
 large_client_header_buffers 8 256k;

        ssl_certificate      /usr/local/nginx/conf/ssl/host/domain.com.alphassl.crt;
        ssl_certificate_key  /usr/local/nginx/conf/ssl/host/domain.com.alphassl.key;
        ssl_dhparam /usr/local/nginx/conf/ssl/host/dhparam.pem;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_session_cache      shared:SSL:10m;
        ssl_session_timeout  60m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
        ssl_prefer_server_ciphers   on;
        add_header Alternate-Protocol  443:npn-spdy/3;
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header X-Xss-Protection "1; mode=block" always;
        ssl_buffer_size 1400;
        ssl_session_tickets on;

        ssl_stapling on;
        ssl_stapling_verify on;
        resolver 8.8.8.8 8.8.4.4 valid=300s;
        resolver_timeout 10s;
        ssl_trusted_certificate /usr/local/nginx/conf/ssl/host/domain.com.alphassl.trusted.crt;

  # limit_conn limit_per_ip 16;
  # ssi  on;

        access_log              /var/log/nginx/localhost_ssl.access.log     main buffer=32k;
        error_log               /var/log/nginx/localhost_ssl.error.log      error;

  include /usr/local/nginx/conf/phpmyadmin_https.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  #include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/drop.conf;
  include /usr/local/nginx/conf/errorpage.conf;
}

 

Yes, i can confirm it works now
Thanks @eva2000
now i'll find the way to make it more secure with Auth like before..

 

Hi again @eva2000
i think i got win win solution for PMA to still use it default related .conf with Auth etc.
here is my config,
Virtual.conf :

Code (Text):

server {
        listen   80 default_server backlog=2048 reuseport;
        server_name domain.com;
        return 302 https://$server_name$request_uri;
        root   html;
}
server {
        listen 443 ssl http2;
        server_name domain.com;
        root   html;

        SSL related and rest of conf here..

#include /usr/local/nginx/conf/phpmyadmin.conf;
include /usr/local/nginx/conf/staticfiles.conf;
include /usr/local/nginx/conf/cinfo.conf;
include /usr/local/nginx/conf/include_opcache.conf;
include /usr/local/nginx/conf/redisadmin.conf;
include /usr/local/nginx/conf/php.conf;
#include /usr/local/nginx/conf/phpstatus.conf;
include /usr/local/nginx/conf/drop.conf;
#include /usr/local/nginx/conf/errorpage.conf;
#include /usr/local/nginx/conf/vts_mainserver.conf;
       }

As you can see i enable hash # in front of include /usr/local/nginx/conf/phpmyadmin.conf

here it is my phpmyadmin_ssl.conf :

Code (Text):

server {
        listen 443 ssl http2;
        #server_name domain.com;
        server_name localhost; #using localhost to not get server name conflict error
        root   html;

PMA SSL related and rest of PMA conf here..

  include /usr/local/nginx/conf/phpmyadmin_https.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  #include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/drop.conf;
  include /usr/local/nginx/conf/errorpage.conf;
}

but i add additional rules from phpmyadmin.conf which is disable from virtual.conf into phpmyadmin_https.conf in phpmyadmin_ssl.conf.

in phpmyadmin.conf i copy :

Code (Text):

rewrite ^/(.*) https://domain.com/$1 permanent;

paste it into phpmyadmin_https.conf, so it become :

Code (Text):

location ^~ /mysqladmin_url/ {
   #try_files $uri $uri/ /mysqladmin_url/index.php?$args;
   rewrite ^/(.*) https://domain/$1 permanent;
   include /usr/local/nginx/conf/php_mysqladmin_url.conf;

   auth_basic      "Private Access";
   auth_basic_user_file  /usr/local/nginx/conf/htpassphpmyadmin;
   allow 127.0.0.1;
   allow my IP;
   deny all;
}

with All above Config, i can access main Hostname url, PHP info, Opcache, Memcache etc url and PMA url with Paid SSL without any error and without sacrifice PMA nginx Auth and all default PMA conf.

Maybe @eva2000 can check above .conf and confim it's fine for use.

 

hi @eva2000 today i just realize that if i used above config, PMA SSL Url wo'nt honor default http auth for PMA itself..Confirm it works at first time like i posted above but now no longer works..
can you give some lights about it ??
also, i see you had update nginx configs in CM update 23 -> 2 to support Nginx default hostname use SSL, am i right ??
Thanks..

 

Hi @eva2000 just tried curl it..
but header give me http 200, so http auth is not active, right??

 

So, what i can do to make it active?? anything wrong with my above config ??
.conf in here https://community.centminmod.com/th...licting-server-name-ignored.11645/#post-49635

 

Hi @eva2000
what does this mean in example/custom_config.inc :
NGINX_VHOSTSSL='y' # enable centmin.sh menu 2 prompt to create self signed SSL vhost 2nd vhost conf

Does Vhosts will be use SSL like i want above ??