Ngnix setup for dedicated subdomains - nginx

I want Ngnix to handle only a few subdomains and if it is not matching it should return an 404.
The following subdomains should work: domain.com, www.domain.com, api.domain.com and ftp.domain.com.
I use the following config:
server {
listen 80;
listen [::]:80;
server_name *.domain.com;
return 301 https://$host$request_uri;
}
server {
listen 443;
listen [::]:443 ipv6only=on;
server_name domain.com www.domain.com api.domain.com ftp.domain.com;
.....
}
server {
listen 443 default_server;
server_name _;
return 444;
}
The problem is that the website keeps working on every subdomain like test.domain.com. Of casurse the DNS is setup with an wildcard and I don't want to change that.
With adding the default_server I'm getting ssl errors?
Any suggestions?

Related

Nginx HTTPS (443) config ignored and HTTP (80) used instead

I was trying to redirect non secure (domain.com and www.domain.com) to secure version and I was getting a "too many redirects" error.
So, I decided to simplify the config to test and try to find out the error.
server {
listen 80;
listen [::]:80 ipv6only=on;
server_name example.com www.example.com;
return 302 https://www.google.com;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2 ipv6only=on;
ssl_certificate /etc/ssl/cert.pem;
ssl_certificate_key /etc/ssl/cert.key;
server_name example.com www.example.com;
return 302 https://www.amazon.com;
}
If I am not wrong, when I visit http://example.com/ or http://www.example.com/, I should be redirected to https://www.google.com
And I if I visit https://example.com/ or https://www.example.com/, I should be redirected to https://www.amazon.com
But, any case, I am always redirected to https://www.google.com. What is wrong?
Your browser might be caching the redirects.
Try using Incognito windows for both the test cases. Your config file seems to be fine.
For your domain.com, you can have following configuration:
server {
server_name _;
listen 443;
root /var/www/html;
location / {
try_files $uri $uri/ /index.html;
}
}
server {
listen 80;
server_name _;
return 301 https://$host$request_uri;
}

Nginx How to prevent processing requests with undefined server names

Nginx is 1.14.1 version
have several virtual hosts and default in the /etc/nging/sites-enabled:
I've tried to configure using this doc: http://nginx.org/en/docs/http/request_processing.html
default
server {
listen 80;
server_name "";
return 444;
}
server {
listen 443 ssl http2 default_server;
server_name _;
ssl_certificate ....
ssl_certificate_key .....
add_header Strict-Transport-Security 'max-age=31536000';
return 444;
}
domain1
server{
listen 80;
server_name domain1;
return 301 https://$server_name;
}
server {
server_name domain1;
listen 443 ssl;
..................
}
but when tried to get access using server IP nginx redirect to domain1. please help what's wrong here. I'd like to deny access by IP to sites and leave only requests with domain name

nginx config catches domains not specified in server_name

I have two configs enabled in my nginx sites-enabled folder.
The first one (my-domain.fr.conf) looks like this:
server {
listen 443 ssl http2;
server_name my-domain.fr;
index index.html;
location / {
root /www/my-domain.fr;
}
include ssl_certif.conf;
}
# HTTP redirect
server {
listen 80 default_server;
server_name my-domain.fr;
location / {
return 301 https://my-domain.fr$request_uri;
}
}
The second one (sub.my-domain.fr.conf) looks like this:
server {
location / {
proxy_pass http://127.0.0.1:8080;
}
include ssl_certif.conf;
server_name sub.my-domain.fr;
listen [::]:443 ssl;
}
server {
if ($host = sub.my-domain.fr) {
return 301 https://$host$request_uri;
}
server_name sub.my-domain.fr;
listen [::]:80;
return 404;
}
I would expect the last one to only catch requests to sub.my-domain.fr subdomains, but instead it catches anything (I have wildcards subdomains set up on my DNS), and even masks my-domain.fr.
How can I make sure it only catches sub.my-domain.fr requests?
I found the reason.
sub.my-domain.fr supports ipv6 (listen [::]:443 ssl;). my-domain.fr doesn't.
I suppose my connection is using ipv6 when it can, and in this case, sub.my-domain.fr is the only match.
Adding ipv6 support (listen 443 ssl => listen [::]:443 ssl;, and listen 80; => listen [::]:80;) in all server entries fix it.

Nginx configure root domain redirect to subdomain

my current setup of webpage is:
forum.xyz.pl
I need xyz.pl redirect to forum.xyz.pl
current nginx.conf:
nodebb.conf
I am using aws route53, not sure what value should I put there for root domain also.
thanks
pl to forum.xyz.pl you can simply do:
server {
server_name xyz.pl;
rewrite ^ forum.xyz.pl$request_uri? permanent;
}
This should solve your problem, let me know if you have any other problems. I don't really understand the problem with Route 53 since it is just handling the DNS entries.
I'd do it like this
server {
listen 80;
server_name xyz.pl;
return 301 https://forum.xyz.pl/;
}
server {
listen 80;
server_name forum.xyz.pl;
#Force Https
return 301 https://$host$request_uri;
}
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
#listen [::]:80;
#listen 80;
server_name forum.xyz.pl;
##rest of config goes here
}

Nginx - how to redirect (301) www to non-www correctly for bot http /https?

With the following Nginx config file, I currently can redirect permanently all HTTP www request to HTTPS non-www .
http://www.example.com => https://example;com
All HTTPS non-www request ar well handed ..
https://example.com
But, www HTTPS request are NOT redirected to non-www HTTPS
https://www.examples.com --> https://www.examples.com
I'ld like to have :
https://www.examples.com --> https://examples.com
what's missing in my config ?
thanks for feedback
default.conf
server {
server_name example.com;
return 301 https://example.com$request_uri;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name www.example.com;
return 301 $scheme://example.com$request_uri;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name example.com;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
root /var/www/html;
index index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
}
Nothing in your configuration handles redirecting https://www.example.com to https://example.com (but you knew that).
Assuming that your certificate is valid for www.example.com, you could create a separate server block for port 443 and mark it as a default_server (such as you already have for port 80).
In fact you could combine everything that isn't https://www.example.com into a single server block:
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
...
}
See this document for details.

Resources