0

I know there are many questions around this topic, but I could not find the answer for my situation.

So, basically, I have a domain - let's say myserver.com - and I want a subdomain to use for Jenkins, like: jenkins.myserver.com. Also, I'd like to allow this with HTTPS only. The server is an EC2 instance in AWS. I installed nginx on the EC2 server to set this up.

I have set up a URL forwarding at my domain registrar as: http://jenkins.myserver.com redirects to 123.123.123.123. This thing seems to work, a request sent to the domain ends up at nginx on the EC2 server.

I have only one (self-signed) SSL certificate, located on the EC2 server.

My nginx config:

server {
    listen 80 default_server;
    server_name jenkins.myserver.com;
    return 301 https://$host$request_uri;
}

server {

    listen 443;
    server_name jenkins.myserver.com;

    ssl_certificate           /etc/nginx/cert.crt;
    ssl_certificate_key       /etc/nginx/cert.key;

    ssl on;
    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    access_log            /var/log/nginx/jenkins.access.log;

    location / {

      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For    $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;

      # Fix the “It appears that your reverse proxy set up is broken" error.
      proxy_pass          http://localhost:8080;
      proxy_read_timeout  90;

      proxy_redirect      http://localhost:8080 https://jenkins.myserver.com;
    }
  }

If I curl to the IP address I get nicely redirected to https although not to the domain but the IP. Here I noticed some inconsistency with the browser as I tried different versions of nginx config. So currently, in the browser 123.123.123.123 redirects to https://jenkins.myserver.com (and I get 'Unable to connect'), but not in curl.

curl -I -L 123.123.123.123 -k
HTTP/1.1 301 Moved Permanently
Server: nginx/1.10.1
Date: Tue, 14 Feb 2017 20:22:58 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: https://123.123.123.123/

HTTP/1.1 403 Forbidden
Server: nginx/1.10.1
(...)

And for the domain I get:

curl -I -L jenkins.server.com
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 14 Feb 2017 20:28:37 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/7.0.15

What am I doing wrong? Do I need another certificate at the domain registrar? What do I need to do?

Your help is very much appreciated!

vargen_
  • 101
  • 4
  • Stop using your provider's 'URL forwarding.' and set up a proper A record pointing at your IP. –  Feb 14 '17 at 20:43
  • 1
    Possible duplicate of [Bad request when accesing through HTTPS to www subdomain using nginx](http://serverfault.com/questions/831698/bad-request-when-accesing-through-https-to-www-subdomain-using-nginx) – Tim Feb 14 '17 at 21:29
  • Working configuration examples here: https://www.photographerstechsupport.com/tutorials/hosting-wordpress-on-aws-tutorial-pt1-introduction-configuration-downloads/#wpmu-nginx-configuration-files – Tim Feb 14 '17 at 21:30
  • @yoonix Thank you, that was the issue! I have no idea what the URL forwarding feature is for, if it's not working. I've set the DNS A record and now it works as expected. – vargen_ Feb 15 '17 at 09:30

2 Answers2

0

So, as yoonix pointed out, the issue was with the domain registrar (name.com btw). The URL forwarding is just not working. I deleted that and added a DNS A record pointing to my IP (all http) and now it works just as it should! Thanks!

vargen_
  • 101
  • 4
0

You need to setup a virtual host for subdomain and should keep separate your default and xyz.example.com configuration. Use attached link for setup virtual host. After setting up vhost you will have 2 files default and subdomain conf. So you can handle all non https request in default and redirect to https.

Default

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    if ($http_x_forwarded_proto != 'https') {
            rewrite ^(.*) https://$host$1 redirect;
    }
}

Subdomain

server {
    server_name abc.xyz.co;
    listen 443;
    ssl on;
    ssl_certificate  /etc/ssl/certs/local.pem;
    ssl_certificate_key /etc/ssl/certs/local.key;

    # Add index.php to the list if you are using PHP
    index index.html index.htm;

    location / {
      #Do Whatever you want....
    }
}

If you want to auto redirect IP to dns then you need to modify default and subdomain too. https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-virtual-hosts-server-blocks-on-ubuntu-12-04-lts--3

Ashish Gupta
  • 175
  • 1
  • 6
  • Thank you for your comment! I managed to solve the issue based on yoonix's comment. I added an answer telling this (need to wait 7 hours to be able to accept). – vargen_ Feb 16 '17 at 12:43