Subdomain with SSL certificates can't be reached - nginx

I have an asp net core application running in a Linux server on a Google Cloud engine. The home page is displayed perfectly, but when I click a button to navigate to a subdomain I get "This site can’t be reached" with "ERR_NAME_NOT_RESOLVED". I don't see any errors in the application log so I suppose the call can't even reach the application.
When the application is running on a local Windows machine all the subdomains are able to reach and completely working.
I've tried running the application in an local Linux machine and the results are the same. Everything is working fine.
On the server subdomain are only able to reach when there is no SSL certificate requested for.
For example when I create a subdomain: subdomain.example.com am I able to reach it. With this working I requested a certificate for the current subdomain. This is working aswell and the subdomain is currently secured. But when I create a new subdomain and repeat the previous steps the earlier subdomain isn't working anymore but the new subdomain is.
Beside all this subdomains are working perfectly when no certificate is requested but then are the subdomains "unsecured".
The certificates are requested using GoDaddy.
This is the Nginx configuration:
server {
server_name example.com *.example.com;
location / {
proxy_pass https://localhost:5001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /activityhub {
proxy_pass https://localhost:5001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /votehub {
proxy_pass https://localhost:5001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen 443 ssl;
ssl_certificate /root/letsencrypt/dehydrated/certs/example.com/fullchain.pem;
ssl_certificate_key /root/letsencrypt/dehydrated/certs/example.com/privkey.pem;
}
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
}
}
The idea is a site where users can create different subdomains for their organisations. So when a user presses a button they can create a subdomain: organisation.example.com to display their own organisation. The application creates at this moment a subdomain on https://organisation.localhost:5001. Now this should automatically be display secured on the website with dns like "https://organisation.example.com. The domains requested for the SSL certificate are example.com and *.example.com
I expect to get all the subdomains working with SSL certificate without subdomains being unsecure or unreachable. All those subdomains should be working with wildcards.

Related

How to setup a Nginx reverse proxy for an ASP.NET app URL

I have an ASP.NET based app (on IIS8); which loads perfectly when visiting it directly at: http://localhost:89/files
When I visit my ngnix reverse proxy URL: http://localhost/files, instead of loading the webpage, the file Login.aspx is downloaded by the web browser. I don't have any issues with reverse proxying the root domain (for regular HTML webpages).
I would like to resolve this issue without modifying my ASP.NET app if at all possible. Below, is the configuration I'm using in nginx.conf:
server {
listen 80;
server_name localhost;
location / {
root "C:\inetpub\wwwroot";
index index.html index.htm;
}
location /files {
proxy_pass http://localhost:89/files/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Maybe, there's something I need to change on my Web.config file for the ASP.NET app?

Reverse Proxy HTTPS Requests as HTTP to Upstream Server

We are using NGINX on our cPanel server to reverse proxy ZKTeco ZKBioSecurity servers. Due to compatibility with some of their devices not supporting HTTPS, all our servers use HTTP, but, of course, all sessions to our NGINX server is secured with HTTPS and a Sectigo certificate provided by cPanel’s AutoSSL.
Here’s the problem: it seems that the ZKBioSecurity servers are detecting that the client is using HTTPS to connect to them through NGINX, and because of this, give the following prompt each time you want to log in, advising you to download and install the ISSOnline driver and certificate. The certificate, however, is issued to the ZKBioSecurity server for 127.0.0.1, so of course this is rather pointless as we are connecting to the NGINX server using a FQDN. This does not happen if we use HTTP:
So my question: is there something in the request (the HTTP header perhaps?) that NGINX forwards to the upstream server that contains the protocol (HTTPS) the client used to connect to the server? Because this somehow seems to be the case.
Here’s our NGINX config for ZKBioSecurity servers:
location /.well-known {
root /home/novacloud/public_html/subdomain/.well-known;
allow all;
try_files $uri = 404;
}
location / {
if ($scheme = http) {
return 301 https://$host$request_uri;
}
proxy_pass http://192.168.0.1:8080;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
The server_name directive is, of course, managed by cPanel. The above is an example of the include files we use in the main cPanel NGINX configuration file. I thought it was the proxy_set_header X-Forwarded-Proto $scheme, but even if I remove this, I still get the Driver Detection Exception prompt.
Here’s a Pastebin of a cURL of the ZKBioSecurity server from our cPanel/NGINX server

Hosting website and nginx on heroku and blog at wordpress.com under same domain

My goal is to have under the same domain a Rails web application running on Heroku (website) - responding to requests on root (www.example.com) and a blog hosted on wordpress.com - responding to request on /blog path (www.example.com/blog).
Currently heroku manages the certificate on my domain.com (web dyno) and I also have a wordpress issued certificate for my blog.domain.com.
Should I have a SSL certificate managed by Heroku, only on proxy dyno?
How should I setup nginx.conf to work correctly with SSL?
Is it possible to achieve it with wordpress.com? (the non-tech support said it was not)
Since I am hosting on Heroku, I cannot have an IP address to my dyno, so I have to redirect to my domain (already mapped to heroku dns). For the blog part, I wordpress.com does not give me an IP address, also, so I have to use a subdomain (blog.) that I have already mapped and it works fine.
# nginx.conf
events {}
http {
server {
listen $PORT;
# listen 443 ssl; # localhost debugging
# ssl_certificate localhost.crt; # localhost debugging
# ssl_certificate_key localhost.key; # localhost debugging
location / {
proxy_redirect off;
proxy_ssl_server_name on; # To avoid 502 bad gateway
proxy_set_header Host $host; # If I put this, I stop being redirected to domain.com (URL rewrite) but I face 502 bad gateway issue
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://example.com:443;
}
location /blog/ {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://blog.example.com:443;
}
}
}
What I was expecting is to navigate through www.domain.com on both website/blog without any kind of redirection or URL rewrite. What I get is either a redirection (302) with url change OR 502 bad gateway (when I try to use the configuration above) - if I setup 'Host' header.

Nginx subdomain config for Gunicorn server

I have two servers running on a DigitalOcean droplet. One is a Django/Wagtail application served with Gunicorn (used as a headless CMS), and the other is a SSR Nuxt.js app (front-end). Using the following nginx configuration I’ve made the Nuxt app available at example.com (works great), and now I’m trying to make my Django/Wagtail application available at the subdomain cms.example.com. (I’ve modified my local hosts file so the domain example.com actually functions)
/etc/nginx/sites-available/default
server {
listen 80;
listen [::]:80;
server_name example.com;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
server {
listen 80;
listen [::]:80;
server_name cms.example.com;
location / {
include proxy_params;
proxy_pass http://unix:/home/thomas/daweb/cms/cms.sock;
}
}
/etc/nginx/proxy_params
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
Result from curl --unix-socket /home/thomas/daweb/cms/cms.sock cms.example.com is html of the default Wagtail landing page, no errors.
However navigating to cms.example.com just gives me a connection error. If I swap the two, I can see the Wagtail interface at example.com, so I know they’re both working. However, I can’t seem to figure out how to configure a subdomain and I struggle to understand the nginx documentation. Also similar questions about configuring subdomains are usually about making static files available, not listening to active ports.
One extra layer of trouble is that the Wagtail CMS is accessible at /admin of its server root, so I’d like to make that page appear at cms.example.com rather than having to navigate to cms.example.com/admin. Any help would be greatly appreciated!
Check what is contained in /etc/nginx/proxy_params. I would expect something like this:
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
Also, to be sure Gunicorn is working correctly, try:
curl --unix-socket /home/thomas/daweb/cms/cms.sock cms.example.com

Node.js app working with Server IP but not With Domain Name

Node.js app is running fine on port 80 (using PM2 and Nginx) and can browse through server IP well. But through domain it isn't working [This site can’t be reached]. On pinging the domain can see the server IP on the response.
Here is the Nginx config I used:
location / {
proxy_pass "http://127.0.0.1:8000";
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
You need to use a server_name declaration in your Nginx configuration.
server_name example.org www.example.org;
http://nginx.org/en/docs/http/server_names.html

Resources