Reputation: 865
Nginx serving the wrong root with SSL
I have two nginx vhosts which are identical apart from the domain and the SSL/root locations. They look like this:
/etc/nginx/sites-available/domain1.co.uk
server {
listen 80;
server_name domain1.co.uk;
rewrite ^/(.*) https://domain1.co.uk/$1 permanent;
}
server {
listen 80;
listen 443 ssl;
server_name www.domain1.co.uk;
ssl_certificate /etc/nginx/ssl/domain1.chained.crt;
ssl_certificate_key /etc/nginx/ssl/private/domain1.key;
return 301 $scheme://domain1.co.uk$request_uri;
}
server {
listen 443 ssl;
server_name domain1.co.uk;
root /var/www/domain1.co.uk/public_html;
ssl_certificate /etc/nginx/ssl/domain1.chained.crt;
ssl_certificate_key /etc/nginx/ssl/private/domain1.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
try_files $uri @prerender;
}
location /blog/ {
index index.php;
try_files $uri $uri/ /blog/index.php?$args;
}
# pass the PHP scripts to FastCGI server listening on the php-fpm socket
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ ^/api {
try_files $request_uri $request_uri/ /api/index.php?$query_string;
}
location @prerender {
proxy_set_header X-Prerender-Token 4398455894u5ugjgfgfj;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
set $prerender 0;
if ($http_user_agent ~* "googlebot|yahoo|bingbot|baiduspider|yandex|yeti|yodaobot|gigabot|ia_archiver|facebookexternalhit|twitterbot|developers\.google\.com") {
set $prerender 1;
}
if ($args ~ "_escaped_fragment_|prerender=1") {
set $prerender 1;
}
if ($http_user_agent ~ "Prerender") {
set $prerender 0;
}
if ($prerender = 1) {
rewrite .* /$scheme://$host$request_uri? break;
#proxy_pass http://localhost:3000;
proxy_pass http://service.prerender.io;
}
if ($prerender = 0) {
proxy_pass http://127.0.0.1:3000;
}
}
}
/etc/nginx/sites-available/domain2.co.uk
server {
listen 80;
server_name domain2.co.uk;
rewrite ^/(.*) https://domain2.co.uk/$1 permanent;
}
server {
listen 80;
listen 443 ssl;
server_name www.domain2.co.uk;
ssl_certificate /etc/nginx/ssl/domain2.chained.crt;
ssl_certificate_key /etc/nginx/ssl/private/domain2.key;
return 301 $scheme://domain2.co.uk$request_uri;
}
server {
listen 443 ssl;
server_name domain2.co.uk;
root /var/www/domain2.co.uk/public_html;
ssl_certificate /etc/nginx/ssl/domain2.chained.crt;
ssl_certificate_key /etc/nginx/ssl/private/domain2.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
try_files $uri @prerender;
}
location /blog/ {
index index.php;
try_files $uri $uri/ /blog/index.php?$args;
}
# pass the PHP scripts to FastCGI server listening on the php-fpm socket
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ ^/api {
try_files $request_uri $request_uri/ /api/index.php?$query_string;
}
location @prerender {
proxy_set_header X-Prerender-Token 4398455894u5ugjgfgfj;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
set $prerender 0;
if ($http_user_agent ~* "googlebot|yahoo|bingbot|baiduspider|yandex|yeti|yodaobot|gigabot|ia_archiver|facebookexternalhit|twitterbot|developers\.google\.com") {
set $prerender 1;
}
if ($args ~ "_escaped_fragment_|prerender=1") {
set $prerender 1;
}
if ($http_user_agent ~ "Prerender") {
set $prerender 0;
}
if ($prerender = 1) {
rewrite .* /$scheme://$host$request_uri? break;
#proxy_pass http://localhost:3000;
proxy_pass http://service.prerender.io;
}
if ($prerender = 0) {
proxy_pass http://127.0.0.1:3000;
}
}
}
When I visit domain1.co.uk it just works as expected, and redirects to the non-www https URL. If I visit domain2.co.uk though, it serves the correct SSL cert, but is showing the domain1 site on the domain2 URL.
I have a default server block as well:
server {
listen 80 default_server;
return 444;
}
server {
listen 443 default_server;
ssl on;
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
return 444;
}
How can I configure this so that domain2.co.uk is actually serving the files from /var/www/domain2.co.uk/public_html instead of domain1?
Upvotes: 1
Views: 458
Answers (1)
Reputation: 3125
Ah! Sorry! I thought, you didn't have domain2.co.uk. Hoping you have "/var/www/domain2.co.uk/public_html" as root for "domain2.co.uk" server. Did you make nginx to read the /etc/nginx/sites-available/domain2.co.uk file, if it is not included. Basically, you would need to check the "include" directive in /etc/nginx/nginx.conf and also, create a sym link file "/etc/nginx/sites-enabled/domain2.co.uk" and point it to "/etc/nginx/sites-available/domain1.co.uk" to enable it.
Upvotes: 1