nginx config catches domains not specified in server_name - nginx

I have two configs enabled in my nginx sites-enabled folder.
The first one (my-domain.fr.conf) looks like this:
server {
listen 443 ssl http2;
server_name my-domain.fr;
index index.html;
location / {
root /www/my-domain.fr;
}
include ssl_certif.conf;
}
# HTTP redirect
server {
listen 80 default_server;
server_name my-domain.fr;
location / {
return 301 https://my-domain.fr$request_uri;
}
}
The second one (sub.my-domain.fr.conf) looks like this:
server {
location / {
proxy_pass http://127.0.0.1:8080;
}
include ssl_certif.conf;
server_name sub.my-domain.fr;
listen [::]:443 ssl;
}
server {
if ($host = sub.my-domain.fr) {
return 301 https://$host$request_uri;
}
server_name sub.my-domain.fr;
listen [::]:80;
return 404;
}
I would expect the last one to only catch requests to sub.my-domain.fr subdomains, but instead it catches anything (I have wildcards subdomains set up on my DNS), and even masks my-domain.fr.
How can I make sure it only catches sub.my-domain.fr requests?

I found the reason.
sub.my-domain.fr supports ipv6 (listen [::]:443 ssl;). my-domain.fr doesn't.
I suppose my connection is using ipv6 when it can, and in this case, sub.my-domain.fr is the only match.
Adding ipv6 support (listen 443 ssl => listen [::]:443 ssl;, and listen 80; => listen [::]:80;) in all server entries fix it.

Related

Nginx How to prevent processing requests with undefined server names

Nginx is 1.14.1 version
have several virtual hosts and default in the /etc/nging/sites-enabled:
I've tried to configure using this doc: http://nginx.org/en/docs/http/request_processing.html
default
server {
listen 80;
server_name "";
return 444;
}
server {
listen 443 ssl http2 default_server;
server_name _;
ssl_certificate ....
ssl_certificate_key .....
add_header Strict-Transport-Security 'max-age=31536000';
return 444;
}
domain1
server{
listen 80;
server_name domain1;
return 301 https://$server_name;
}
server {
server_name domain1;
listen 443 ssl;
..................
}
but when tried to get access using server IP nginx redirect to domain1. please help what's wrong here. I'd like to deny access by IP to sites and leave only requests with domain name

Nginx configure root domain redirect to subdomain

my current setup of webpage is:
forum.xyz.pl
I need xyz.pl redirect to forum.xyz.pl
current nginx.conf:
nodebb.conf
I am using aws route53, not sure what value should I put there for root domain also.
thanks
pl to forum.xyz.pl you can simply do:
server {
server_name xyz.pl;
rewrite ^ forum.xyz.pl$request_uri? permanent;
}
This should solve your problem, let me know if you have any other problems. I don't really understand the problem with Route 53 since it is just handling the DNS entries.
I'd do it like this
server {
listen 80;
server_name xyz.pl;
return 301 https://forum.xyz.pl/;
}
server {
listen 80;
server_name forum.xyz.pl;
#Force Https
return 301 https://$host$request_uri;
}
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
#listen [::]:80;
#listen 80;
server_name forum.xyz.pl;
##rest of config goes here
}

Ngnix setup for dedicated subdomains

I want Ngnix to handle only a few subdomains and if it is not matching it should return an 404.
The following subdomains should work: domain.com, www.domain.com, api.domain.com and ftp.domain.com.
I use the following config:
server {
listen 80;
listen [::]:80;
server_name *.domain.com;
return 301 https://$host$request_uri;
}
server {
listen 443;
listen [::]:443 ipv6only=on;
server_name domain.com www.domain.com api.domain.com ftp.domain.com;
.....
}
server {
listen 443 default_server;
server_name _;
return 444;
}
The problem is that the website keeps working on every subdomain like test.domain.com. Of casurse the DNS is setup with an wildcard and I don't want to change that.
With adding the default_server I'm getting ssl errors?
Any suggestions?

Nginx url rewrite does not work

I want do redirect all requests from my.domain.de to my.domain.com, including rewriting http to https.
The redirection only works with http://my.domain.de which is redirected to https://my.domain.com which is the goal.
When I call https://my.domain.de, it is not redirected.
But when I try to access my.domain.com or http://my.domain.com, the redirect to https scheme fails. Strange, because I used the same rewrite rule for my.domain.de before switching to .com domain and it worked.
Here is my nginx.conf file:
# my.domain.de
server {
listen 80;
server_name my.domain.de;
return 301 https://my.domain.com$request_uri;
}
# my.domain.com
server {
listen 80;
listen 443;
ssl on;
ssl_certificate /path/to/cert;
ssl_certificate_key /path/to/key;
server_name my.domain.com;
# Url rewrite does not seem to work:
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
}
EDIT:
Formerly I wrote that the redirect from everything at the .de domain works. Unfortunately, it only works, if I enter http://my.domain.de or without http://
When I use https://my.domain.de, it get a warning because of invalid certificate. So there is also something wrong in the rewrite rule for my.domain.de.
EDIT2:
Now I re-installed a cert for my.domain.de, so the only problem I have right know is, that http://my.domain.com is not redirected to https.
Edited nginx.conf:
# my.domain.de
server {
listen 80;
listen 443 ssl;
ssl_certificate /path/to/cert.de;
ssl_certificate_key /path/to/key.de;
server_name my.domain.de;
return 301 https://my.domain.com$request_uri;
}
# my.domain.com
server {
listen 80;
listen 443 ssl;
ssl_certificate /path/to/cert.com;
ssl_certificate_key /path/to/key.com;
server_name my.domain.com;
# Url rewrite does not seem to work:
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
}
You have SSL enabled for both port 80 and port 443. The use of ssl on; is deprecated, use the ssl option of the listen directive instead.
Use an explicit default server as a "catch-all" to redirect everything that is not my.domain.com and any http address to https://my.domain.com.
server {
listen 80 default_server;
listen 443 default_server ssl;
ssl_certificate /path/to/domain.de/cert;
ssl_certificate_key /path/to/domain.de/key;
return 301 https://my.domain.com$request_uri;
}
server {
listen 443 ssl;
server_name my.domain.com;
ssl_certificate /path/to/domain.com/cert;
ssl_certificate_key /path/to/domain.com/key;
...
}
Note that one server block uses the old certificate and one server block uses the new certificate.
See this document for more.
As the rewrite does not work for me and I could not set up a default server block because of other servers on the machine, I finally solved the problem by adding two servers, one for port 80 and one for port 443 of my.domain.com. I did not now that this is possible. So this is my new nginx.conf:
# my.domain.de
server {
listen 80;
listen 443 ssl;
ssl_certificate /path/to/cert.de;
ssl_certificate_key /path/to/key.de;
server_name my.domain.de;
return 301 https://my.domain.com$request_uri;
}
# my.domain.com http
server {
listen 80;
server_name my.domain.com;
return 301 https://my.domain.com$request_uri;
}
# my.domain.com https
server {
listen 443 ssl;
ssl_certificate /path/to/cert.com;
ssl_certificate_key /path/to/key.com;
server_name my.domain.com;
}

nginx redirect HTTPS to HTTP

How can i redireect from https to http?
i have the code below but it does not seem to work.
server {
listen 443;
server_name example.com;
rewrite ^(.*) http://example.com$1 permanent;
}
The answer above will work, you need to generate a self signed cert (or have a real one) and configure nginx as such:
server {
listen *:443;
ssl on;
server_name domain.com;
rewrite ^(.*) http://domain.com$1 permanent;
ssl_certificate /data/certs/domain.crt;
ssl_certificate_key /data/certs/domain.key;
}
Keep in mind, if it is a self signed cert the browser will give you an ugly warning.
Building off jberger's comment a configuration that should work would be:
server {
listen *:80;
server_name example.com;
}
server {
listen *:443 ssl;
server_name example.com;
ssl_certificate /etc/ssl/certs/example.com.cert;
ssl_certificate_key /etc/ssl/private/example.com.key;
return 301 http://$server_name$request_uri;
}
if ($host = 'foo.com') {
rewrite ^/(.*)$ http://www.foo.com$1 permanent;
}
You need to create 2 separate server blocks:
Port 443 (HTTPS) - Define everything like PHP, 404, home, root etc in this block. Even if you want to redirect https://www.example.com to https://example.com or vice-versa, do it over here as #coulix has done.
Port 80 (HTTP) - In here you will just use:
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
# Redirect HTTP to HTTPS
return 301 https://example.com$request_uri;
}

Resources