I need to use two different ssl certs with nginx pointing to the same app.
https://domain1.com points to 1.1.1.1
https://domain2.com points to 1.1.1.1
.
.
.
.
https://domainN.com points to 1.1.1.1
Tried the following:
server {
listen 80;
server_name domain1.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name domain1.com;
root /app/dist;
index index.html;
ssl_certificate /etc/nginx/ssl/d1/certificate.crt;
ssl_certificate_key /etc/nginx/ssl/d1/private.key;
location / {
try_files $uri $uri/ /index.html;
}
}
server {
listen 80;
server_name domain2.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name domain2.com;
root /app/dist;
index index.html;
ssl_certificate /etc/nginx/ssl/d2/certificate.crt;
ssl_certificate_key /etc/nginx/ssl/d2/private.key;
location / {
try_files $uri $uri/ /index.html;
}
}
This doesn't work, it just loads the first cert resulting in invalid cert when accessed using the second domain.
The domain certs can't be combined.
I can't spin two different instances for nginx as the case needs to help me out with n-Domains pointing to same IP preferably using one nginx server.
Is there a way out?
Thanks to Richard Smith for pointing out just the right stuff!
So, to setup nginx to use different cert-key pair for domains pointing to the same nginx we have to rely on TLS-SNI (Server Name Indication), where the domain name is sent un-encrypted text as a part of the handshake. This helps nginx to decide which cert-key pair to use for the incoming secure request.
More can be read about SNI here.
Moving on to the configuration.
server {
listen 80;
server_name domain1.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name domain1.com;
root /app/dist;
index index.html;
ssl_certificate /etc/nginx/ssl/d1/certificate.crt;
ssl_certificate_key /etc/nginx/ssl/d1/private.key;
location / {
try_files $uri $uri/ /index.html;
}
}
server {
listen 80;
server_name domain2.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name domain2.com;
root /app/dist;
index index.html;
ssl_certificate /etc/nginx/ssl/d2/certificate.crt;
ssl_certificate_key /etc/nginx/ssl/d2/private.key;
location / {
try_files $uri $uri/ /index.html;
}
}
The above config forwards HTTP (80) for both domain1 and domain2 to respective HTTPS (443) server blocks, where respective cert-key pairs are loaded.
The HTTPS (443) request is handled directly.
nginx decides which block to hit by picking the server name using SNI.
Related
I have two static (angular) sites on the same server where nginx is running and I would like to load balance between them. For example:
/home/user/app-1
/home/user/app-2
All examples of load balancing seem to be pointing to other servers or services running on ports vs. multiple locations. My current nginx config for a single site:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name domain.com *.domain.com;
location / {
root /home/user/app-1;
index index.html;
try_files $uri $uri/ /index.html?$args;
}
}
How can this be achieved?
upstream backend {
least_conn;
server 127.0.0.1:5001 weight=1;
server 127.0.0.1:5002 weight=1;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name domain.com *.domain.com;
location / {
proxy_pass http://backend;
}
}
server {
listen 5001 ssl http2;
listen [::]:5001 ssl http2;
server_name 127.0.0.1;
location / {
root /home/user/app-1;
index index.html;
try_files $uri $uri/ /index.html?$args;
}
}
server {
listen 5002 ssl http2;
listen [::]:5002 ssl http2;
server_name 127.0.0.1;
location / {
root /home/user/app-2;
index index.html;
try_files $uri $uri/ /index.html?$args;
}
}
I have the following server block in Nginx config:
server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
server_name _;
if ($scheme = http) {
return 302 https://$host$request_uri;
}
location / {
root /frontend/master;
index index.html;
try_files $uri $uri/ /index.html?$query_string;
}
}
So I already have redirect from http to https. But how to do redirect from www.example.com to example.com for this rule?
UPD: the most important thing here is that domains in our service are dynamic, our users register them by themselves and then chaining them via DNS settings. So I need to make a redirect to non-www without putting some domains in the server_name variable.
Try this
server_name ~^(www\.)?(?<hostname>.+)\.(?<zone>.+)$;
return 301 https://$hostname.$zone$request_uri;
You can change regexp with your hostname for example
I have nginx running on my home server at keepsecret.ddns.net. When I request e.g. keepsecret.ddns.net/foo/ it returns to me keepsecret.ddns.net/foo/index.html. So far, so good.
Now I am trying to treat my home server as an upstream server. In front of that upstream server is a remote proxy server at www.mydomain.com. When I request e.g. www.mydomain.com/foo/index.html, it is returned to me no problem. However, when I request www.mydomain.com/foo/, nginx first issues a 301 redirect so that I then get sent to keepsecret.ddns.net/foo/, revealing my home IP Address :(
I have no idea why nginx behaves this way. My only guess is that it has something to do with the fact that the domain in the request host header does not match the domain in the request url.
Questions in summary:
Why does nginx do this?
How can I prevent nginx performing this redirect so that I always remain on www.mydomain.com?
Here is the salient part of my config for reference:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
try_files $uri $uri/ =404;
}
}
server {
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name keepsecret.ddns.net www.mydomain.com;
location / {
try_files $uri $uri/ =404;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/keepsecret.ddns.net/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/keepsecret.ddns.net/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = keepsecret.ddns.net) {
return 301 https://$host$request_uri;
}
if ($host = www.mydomain.com) {
return 301 https://$host$request_uri;
}
listen 80 ;
listen [::]:80 ;
server_name keepsecret.ddns.net www.mydomain.com;
return 404; # managed by Certbot
}
NGINX will be doing an internal redirect to the index.html file in all cases, but it seems to get externalised when the server_name does not match the primary server_name. I suspect that changing the server_name order so that your public (proxied) name is first may get rid of that behaviour.
The alternative would be to focus on the reverse proxy, and take a look at proxy_redirect to make the reverse-proxy rewrite location headers for you.
See: http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_redirect
My problem statement :
my domain : example.com
sub-domain : main.example.com
when we will access:
1. http://main.example.com/xyz or https://main.example.com/xyz :
It must be redirect to https://main.example.com/xyz
http://main.example.com or https://main.example.com :
It must be redirect to https://www.example.com
I am using nginx. What will be configuration file for Nginx server?
My current setting is :
server{
listen 443;
ssl on;
ssl_certificate /var/www/html/demo.crt;
ssl_certificate_key /var/www/html/demo.key;
server_name main.example.com$request_uri;
location / {
root /var/www/html;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
}
server {
listen 80;
server_name main.example.com$request_uri;
return 301 https://main.example.com$request_uri;
}
server {
listen 80;
server_name main.example.com;
return 301 https://www.example.com;
}
server {
listen 443;
server_name main.example.com;
return 301 https://www.example.com;
}
Try
server{
listen 80;
listen 443 ssl;
server_name main.example.com;
ssl_certificate /var/www/html/demo.crt;
ssl_certificate_key /var/www/html/demo.key;
location / {
proxy_pass https://www.example.com;
}
location ~ ^(/.+) {
return 301 https://main.example.com$1;
}
}
http://nginx.org/en/docs/http/configuring_https_servers.html#single_http_https_server
I have a wordpress website with https protocol by configuring the nginx 301 redirect:
server {
listen 80;
server_name xxx.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name xxx.com;
ssl_certificate conf.d/xxx.crt;
ssl_certificate_key conf.d/xxx.key;
}
And my article has some image links with static server like:
http://yyy.com/1.png
But when i access this article: it will be https://yyy.com/1.png, How do I configure the nginx that can still use http for the image static server?
You would do that using below config
server {
listen 80;
server_name xxx.com;
location ~* \.(png|ico|jpeg)$ {
root <your root folder>;
try_files $uri =404;
}
location / {
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 ssl;
server_name xxx.com;
ssl_certificate conf.d/xxx.crt;
ssl_certificate_key conf.d/xxx.key;
}