Setting up custom error pages for nginx with https and virtual hosts

Question

We have an nginx (OpenResty 1.4.2.7) instance acting as a load balancer. It has two server directives, one to serve one specific site (let's call it www.our-special-host.com) and one wildcard for everything else. We're trying to configure it so that different 502 error pages are shown depending on which of the two server directives' backend is down.

Our configuration works for HTTP but not for HTTPS. If we shut down the backends and hit www.our-special-host.com, we get the appropriate error both for HTTP and for HTTPS. However, if we hit any other hosted site, we get the correct error page for HTTP but for HTTPS we get the error page for www.our-special-host.com.

Here's the config we have (lightly edited):

server {
    server_name www.our-special-host.com
    listen 80;
    listen 443 ssl;

    error_page 502 /nginx_errors/loadbalancer_502_on_special_host.html;
    location /nginx_errors/ {
        alias  /path/to/nginx_errors/;
    }

    location / {
        proxy_pass x.x.x.x;
        ...
    }

    ssl_certificate certificate.crt;
    ssl_certificate_key pk.key;
}

server {
    listen 80;
    listen 443 ssl;

    error_page 502 /nginx_errors/loadbalancer_502_on_other_hosts.html;
    location /nginx_errors/ {
        alias  /path/to/nginx_errors/;
    }

    location / {
        proxy_pass y.y.y.y;
        ...
    }

    ssl_certificate certificate.crt;
    ssl_certificate_key pk.key;
}

(All of the hosts concerned are XXX.ourdomain.com, and the cert is for *.ourdomain.com.)

[UPDATE] After Michael Hampton's comment below, I added an explicit catch-all regex to the second server block, ie.

    server_name ~^.*$;

The behaviour is still wrong, but different:

"Special" site with http: we get the wrong error page, loadbalancer_502_on_other_hosts.html
"Special" site with https: we get the right error page, loadbalancer_502_on_special_host.html
"Non-special" site with http: we get the right error page, loadbalancer_502_on_other_hosts.html
"Non-special" site with https: we get the right error page, loadbalancer_502_on_other_hosts.html

You're missing a `server_name` directive in the second `server` block. — Michael Hampton, Sep 26 '13 at 17:13
That's deliberate - it's a catch-all server clause to handle any server that's not handled by the other server block. Is that the wrong way to do it? — Giles Thomas, Sep 26 '13 at 17:20
Heh, adding a catch-all regex to the second block makes it behave in a different but also incorrect manner... — Giles Thomas, Sep 26 '13 at 17:22
Did you try [debugging in Nginx](http://nginx.org/en/docs/debugging_log.html)? — Pothi Kalimuthu, Sep 27 '13 at 01:24

that guy from over there · Answer 1 · 2013-09-27T13:22:01.080

btw, catch_all servername goes by server_name _; , no regex needed

from your description of the error it seems like the wrong server {} - is used, but only in http, not https.

do you have a separate IP for each ssl-host or not? if not, is your nginx SNI-aware? you'd check with `nginx -V´ and it should give a line like this:

$ ~/nginx -V
nginx version: nginx/1.4.1
built by gcc 4.4.5 (Debian 4.4.5-8) 
TLS SNI support enabled
....

if your nginx is SNI-aware then your browser/OS might be the issue; windows XP isnt able to use SNI - aware. SNI is an openssl-feature, you need to have at least 0.9.8f at hand

if SNI is an issue for you: use a separate IP for each SSL-Host.

more debugging-hints:

use a separate access_log for each server, e.g. access_log /var/log/nginx/special_host.access.log; for your sepcial host
make a request and check, on which server you're really operating; ensure for http AND https you are on the right server
if this is correct debug within the server_part

Setting up custom error pages for nginx with https and virtual hosts

1 Answers1