nginx two sites configuration conflict

1

I have nginx configured for one of my domains. It works as a frontend to Wildfly application server. One day I decided to configure beta tests environment on the same machine. So I added another subdomain to configuration. After restart nginx stopped to serve the first application. My configuration files are:

main subdomain:

server {
    listen 80;
    server_name sub.example.com;
    return 301 https://$host$request_uri;
}

server {

    listen 443;
    server_name sub.example.com;

    ssl_certificate           /etc/nginx/ssl/bundle.crt;
    ssl_certificate_key       /etc/nginx/ssl/sub.example.com.key;

    ssl on;
    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    access_log            /var/log/nginx/sub.example.com.access.log;

    location / {

      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;

      proxy_pass          http://localhost:8080;
      proxy_read_timeout  90;
    }
}

test subdomain: 

server {
    listen 443;
    server_name sub-test.example.com;
    return 301 http://$host$request_uri;
}

server {

    listen 80;
    server_name sub-test.example.com;


    access_log            /var/log/nginx/sub-test.example.com.access.log;

    location / {

      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;

      proxy_pass          http://localhost:8080;
      proxy_read_timeout  90;

    }
}

I need to add that every of above configurations work as expected when alone. But together they don't like each other. Requesting for the first of them returns NOT FOUND HTTP status.

Of course, problem may be located on my Wildfly server. It's configured to handle virtual hosts and I'm not really sure it's OK. But when both applications are run and only one of them is proxied by nginx, it works fine.

Thanks for help.

Patryk Dobrowolski

Posted 2015-06-01T15:57:11.697

Reputation: 113

1You can't have more than one name based https server – Romeo Ninov – 2015-06-01T16:01:20.173

Oh, and that's it? Nice. Stupid me. :) – Patryk Dobrowolski – 2015-06-01T16:02:17.033

And did you add resolv for hosts sub-test.example.com and sub.example.com? – Romeo Ninov – 2015-06-01T16:03:24.863

1Ok, removing https server from second subdomain worked for me. Thanks a lot! – Patryk Dobrowolski – 2015-06-01T16:04:13.260

Please answer my question to gain some points :) – Patryk Dobrowolski – 2015-06-01T16:04:30.413

Answers

1

Patryk, unfortunately you can't set more than one name based HTTPS server. The explanations is long, but you can check here for some indeep information and examples (apache based, have no idea about nginx)

Romeo Ninov

Posted 2015-06-01T15:57:11.697

Reputation: 2 062

1Thanks a lot. I heard about it, but forgot. And I'm just programmer not every-day server manager :) – Patryk Dobrowolski – 2015-06-01T16:10:08.593

0

You can use more than one https site.

The technology is called SNI, or server name indication.Reference

By moving the ssl part out of the server configs you also reduce the overhaed for configuring the certificates. I use the following structure on my reverse proxies:

sites.d/ | -ssl.conf | -vhost1.conf | -vhost2.conf

ssl.conf then contains:

ssl_certificate /etc/ssl/certs/ssl.crt; ssl_certificate_key /etc/ssl/certs/server.key;

Another option would be the use of separate certificates with different common names.

os_1

Posted 2015-06-01T15:57:11.697

Reputation: 76

Actually I don't need to have two secure sites on one server. In my configuration I did it just to redirect to unsecure application. Maybe in the future. But thanks for that. – Patryk Dobrowolski – 2015-06-01T19:51:06.733

Asked: 2015-06-01T15:57:11.697

Viewed: 869 times

Active: 2015-06-01T17:58:28.230