NGINX - All requests going through single server name domain CNAMES incude hyphen - nginx

I have the following CNAMES xyz.abc.com, xyz-1.abc.com and xyz-2.abc.com. server body looks like this
server
{
listen 80 default_server deferred;
listen [::]:80;
server_name xyz.abc.com;
location / {
proxy_pass http://example.com;
}
}
All requests are going through and being redirected even though the server name is not in there.

Related

why nginx server listen on explicit ip-port cover server listen on only port

For example, I have a server with 2 network interface, one for public ip and one for private ip. And write 2 nginx configuration file:
cat /etc/nginx/sites-enabled/siteA.sample.edu.cn
server {
listen 80;
server_name siteA.sample.edu.cn;
...
location / {
root /var/lib/www/siteA.sample.edu.cn;
index index.html index.htm index.php;
}
}
cat /etc/nginx/sites-enabled/siteB.sample.edu.cn
server {
listen 80;
server_name siteB.sample.edu.cn;
...
location / {
root /var/lib/www/siteB.sample.edu.cn;
index index.html index.htm index.php;
}
}
As long as they both listen on 80 without ip restriction, they can work together well. Setting local dns for siteA and siteB with the same ip 172.16.0.1, I can visit different site with those url.
But when setting explict listen ip to one site:
cat /etc/nginx/sites-enabled/siteA.sample.edu.cn
server {
listen 172.16.0.1:80;
server_name siteA.sample.edu.cn;
...
}
}
cat /etc/nginx/sites-enabled/siteB.sample.edu.cn
server {
listen 80;
server_name siteB.sample.edu.cn;
...
}
}
Then I cannot visit siteB.sample.edu.cn anymore. Using url http://siteB.sample.edu.cn will finally reach the siteA.sample.edu.cn.
So how to stop such strange redirection? It seems that server with explicit listen ip has higher priority?
This behaviour is documented here.
You could try using two listen directives in site B's server block.
For example:
server {
listen 172.16.0.1:80;
listen 80;
...
}
Or:
server {
listen 172.16.0.1:80;
listen <otherIP>:80;
...
}

Ngrok not tunneling properly Nginx

I have my flask application deployed on Nginx over my VM.
Everything is deployed Ok and I can request my apis on http://my.ip.number (I have a public IP)
But when I run Ngrok (I need https and I don't have a domain name to generate a SSL certificate), the URL https//number.ngrok.io shows me the Nginx home page (Welcome to Nginx) instead my webapp.
Why is this happening?
P.D: When I run "curl localhost" I get the Nginx Welcome Page but when I exec "curl -4 localhost" I get my webapp home page
etc/nginx/site-available/myproject
server {
listen 80;
server_name 0.0.0.0;
location / {
include proxy_params;
proxy_pass http://unix:/home/datascience/chatbot-cima/chatbot.sock;
}
}
server {
listen 80;
server_name 127.0.0.1;
location / {
proxy_pass http://unix:/home/datascience/chatbot-cima/chatbot.sock;
}
}
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://unix:/home/datascience/chatbot-cima/chatbot.sock;
}
}
server {
listen 80;
server_name public.ip;
location / {
proxy_pass http://unix:/home/datascience/chatbot-cima/chatbot.sock;
}
}
Any request coming in from ngrok, has the Host header set to the ngrok URL. The behaviour of nginx would be to try and match one of the server blocks in your configuration above, and default to the first one if no server_name matches the Host header.
However, I'm guessing there's another configuration file at /etc/nginx/conf.d/default.conf or /etc/nginx/sites-enabled/0-default which has a listen directive with default_server set. That will be catching these requests and serving the "Welcome to nginx!" page.
I suggest you look for that file, and remove it which should solve the issue.
However you could also simplify the above configuration and simply have:
server {
listen 80;
server_name localhost;
location / {
include proxy_params;
proxy_pass http://unix:/home/datascience/chatbot-cima/chatbot.sock;
}
}
Provided there's not another server block hiding somewhere else in the configuration with a directive like listen 80 default_server; then this should catch all requests.
For more info see: How nginx processes a request

NGINX redirect to HTTPS, while still maintaining HTTP route for Let's Encrypt Challenges

I can successfully route traffic from port 80 to HTTPS, and I can also get the Let's Encrypt SSL certificate successfully. But my problem starts when I want to do both.
Whenever my certs are expiring I have to adjust the config to pass the Let's Encrypt challenges. And that's no good.
Here is the config that is passing the challenges successfully
server {
listen 80;
listen [::]:80;
server_name example.com *.example.com;
#for certbot challenges (renewal process)
location ~ /.well-known/acme-challenge {
allow all;
root /data/letsencrypt;
}
root /data/letsencrypt;
index index.html;
}
And here is a config that routes the traffic to HTTPS
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name example.com *.example.com;
location / {
return 301 https://$host$request_uri;
}
return 444;
}
Whenever I start trying to combine them, the routing to HTTPS seems to take over and the challenges break.
It could be also useful to note that I'm using Nginx as a reverse proxy in a Docker environment, so from HTTP, I'm routing to HTTPS, and from there I'm reverse proxying for other services.
server{
listen 80;
listen [::]:80;
server_name example.com *.example.com;
#for certbot challenges (renewal process)
location ~ ^/.well-known/acme-challenge {
allow all;
root /data/letsencrypt;
}
location / {
return 301 https://$host$request_uri ;
}
}
Should do the trick.
If port 80 and begins with /.well-known/acme-challenge it goes to the challenge.
anything else: 301 to https.
And the priority on checking is first the regex (location ~ ^blablabla) and then the general ( location / { )
If it doesn't work, what's the interaction you are having?

How to exclude specific subdomains server_name in nginx configuration

I'm using wildcard in server_name. I want to redirect all subdomains of example.com (configured as *.example.com) to foo.com except xyz.example.com
I have configuration as follows
server {
listen 80;
server_name *.example.com;
location / {
proxy_pass http://$1.foo.com;
}
}
I don't want to change any request coming to xyz.example.com
You need at least two server blocks, and nginx will select the more specific server block to handle the request. See this document for details.
You will need a server block for xyz.example.com such as:
server {
listen 80;
server_name xyz.example.com;
location / {
proxy_pass http://$1.foo.com;
}
}
Then either a default_server or a wild card server, such as:
server {
listen 80;
server_name *.example.com;
return http://foo.com/;
}
Or:
server {
listen 80 default_server;
return http://foo.com/;
}
The '*' wildcard character gets ignored by nginx:
nginx: [warn] conflicting server name "*.example.com" on 0.0.0.0.:80, ignored

What's wrong with this nginx.conf?

I'm using nginx as a load balancer to 4 internal server instances. The below nginx.conf will work correctly only for www.mydomain.com . But not for mydomain.com or http://mydomain.com.
upstream mydomain{
server 127.0.0.1:8000;
server 127.0.0.1:8001;
server 127.0.0.1:8002;
server 127.0.0.1:8003;
}
server {
listen 80;
server_name www.mydomain.com;
location / {
proxy_pass http://mydomain;
}
}
It's normal that it doesn't work for mydomain.com because of server_name www.mydomain.com.
I'm not an nginx expert, but try omitting server_name.
I think you can try this:
server {
listen 80;
server_name www.mydomain.com mydoamin.com;
location / {
proxy_pass http://mydomain;
}
}
At least I've found this solution in docs
all webservers will only work for the domain you configure. In this case, the only domain you added is www.mydomain.com, so it is only going to "work" for the address www.mydomain.com.
If you want all subdomain to work, you need a wildcard character in front of mydomain.com as the following:
server {
listen 80;
server_name .mydomain.com;
location / {
proxy_pass http://mydomain;
}
}
Notice the . before mydomain.com.

Resources