nginx multiple http/https proxy domains The Next CEO of Stack OverflowProxy HTTPS requests to a HTTP backend with NGINXNginx proxy pass works for https but not httpnginx load balancer rewrite to listen portnginx proxy redirecting request to different proxyNginx subversion commit failureNginx/Apache: set HSTS only if X-Forwarded-Proto is httpsIssue serving multiple SSL certs via nginxConfigure NGINX : How to handle 500 Error on upstream itself, While Nginx handle other 5xx errorsAnsible to loop over grouped itemsNginx reverse proxy to many local servers + webserver duty

How to count occurrences of text in a file?

How to make a variable always equal to the result of some calculations?

Can we say or write : "No, it'sn't"?

How to start emacs in "nothing" mode (`fundamental-mode`)

Help understanding this unsettling image of Titan, Epimetheus, and Saturn's rings?

Should I tutor a student who I know has cheated on their homework?

What was the first Unix version to run on a microcomputer?

Non-deterministic sum of floats

Example of a Mathematician/Physicist whose Other Publications during their PhD eclipsed their PhD Thesis

Why don't programming languages automatically manage the synchronous/asynchronous problem?

Interfacing a button to MCU (and PC) with 50m long cable

Is it my responsibility to learn a new technology in my own time my employer wants to implement?

Why has the US not been more assertive in confronting Russia in recent years?

How fast would a person need to move to trick the eye?

Would a completely good Muggle be able to use a wand?

Would this house-rule that treats advantage as a +1 to the roll instead (and disadvantage as -1) and allows them to stack be balanced?

If/When UK leaves the EU, can a future goverment conduct a referendum to join the EU?

Novel about a guy who is possessed by the divine essence and the world ends?

Does it take more energy to get to Venus or to Mars?

What's the best way to handle refactoring a big file?

Can you replace a racial trait cantrip when leveling up?

Why is the US ranked as #45 in Press Freedom ratings, despite its extremely permissive free speech laws?

Indicator light circuit

calculus parametric curve length



nginx multiple http/https proxy domains



The Next CEO of Stack OverflowProxy HTTPS requests to a HTTP backend with NGINXNginx proxy pass works for https but not httpnginx load balancer rewrite to listen portnginx proxy redirecting request to different proxyNginx subversion commit failureNginx/Apache: set HSTS only if X-Forwarded-Proto is httpsIssue serving multiple SSL certs via nginxConfigure NGINX : How to handle 500 Error on upstream itself, While Nginx handle other 5xx errorsAnsible to loop over grouped itemsNginx reverse proxy to many local servers + webserver duty










1















I have a server that is going to host many sites, but right now there are just two. site1 (http://site1.com) is http and site2 (https://site2.com) is https. Both of these sites are node.js based and running off different ports, and I use nginx's proxy_pass to route the domain to the port.



The problem i'm having right now is that you can navigate to https://site1.com but it loads the website for site2 as https://site1.com. Obviously this is not good, as google has indexed the https pages under the wrong domain.



I'm not good with nginx yet, but my current config must be saying to route all https traffic to this port. In the future i'll have multiple https and http sites and obviously all the traffic needs to route properly.



Can anyone take a look at my config and school me as to what i'm doing wrong here?



My nginx.conf file is the default



here is my http://site1.com config



server

listen 80;
listen [::]:80;
server_name site1.com www.site1.com;

location /

proxy_pass http://127.0.0.1:3103;
include /etc/nginx/proxy_params;




and here is my https://site2.com config



server 
listen 80;
listen [::]:80;
server_name site2.com www.site2.com;
return 301 https://$host$request_uri;


server
listen 443 ssl;
server_name site2.com;

ssl_certificate /etc/nginx/ssl/site2_com.crt;
ssl_certificate_key /etc/nginx/ssl/site2_com.key;

location /
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

proxy_pass "http://127.0.0.1:3101";

# rewrite redirects to http as to https
proxy_redirect http:// https://;




Any advice and questions are welcome! Let me know if you need anymore context. Thanks!










share|improve this question


























    1















    I have a server that is going to host many sites, but right now there are just two. site1 (http://site1.com) is http and site2 (https://site2.com) is https. Both of these sites are node.js based and running off different ports, and I use nginx's proxy_pass to route the domain to the port.



    The problem i'm having right now is that you can navigate to https://site1.com but it loads the website for site2 as https://site1.com. Obviously this is not good, as google has indexed the https pages under the wrong domain.



    I'm not good with nginx yet, but my current config must be saying to route all https traffic to this port. In the future i'll have multiple https and http sites and obviously all the traffic needs to route properly.



    Can anyone take a look at my config and school me as to what i'm doing wrong here?



    My nginx.conf file is the default



    here is my http://site1.com config



    server

    listen 80;
    listen [::]:80;
    server_name site1.com www.site1.com;

    location /

    proxy_pass http://127.0.0.1:3103;
    include /etc/nginx/proxy_params;




    and here is my https://site2.com config



    server 
    listen 80;
    listen [::]:80;
    server_name site2.com www.site2.com;
    return 301 https://$host$request_uri;


    server
    listen 443 ssl;
    server_name site2.com;

    ssl_certificate /etc/nginx/ssl/site2_com.crt;
    ssl_certificate_key /etc/nginx/ssl/site2_com.key;

    location /
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_pass "http://127.0.0.1:3101";

    # rewrite redirects to http as to https
    proxy_redirect http:// https://;




    Any advice and questions are welcome! Let me know if you need anymore context. Thanks!










    share|improve this question
























      1












      1








      1








      I have a server that is going to host many sites, but right now there are just two. site1 (http://site1.com) is http and site2 (https://site2.com) is https. Both of these sites are node.js based and running off different ports, and I use nginx's proxy_pass to route the domain to the port.



      The problem i'm having right now is that you can navigate to https://site1.com but it loads the website for site2 as https://site1.com. Obviously this is not good, as google has indexed the https pages under the wrong domain.



      I'm not good with nginx yet, but my current config must be saying to route all https traffic to this port. In the future i'll have multiple https and http sites and obviously all the traffic needs to route properly.



      Can anyone take a look at my config and school me as to what i'm doing wrong here?



      My nginx.conf file is the default



      here is my http://site1.com config



      server

      listen 80;
      listen [::]:80;
      server_name site1.com www.site1.com;

      location /

      proxy_pass http://127.0.0.1:3103;
      include /etc/nginx/proxy_params;




      and here is my https://site2.com config



      server 
      listen 80;
      listen [::]:80;
      server_name site2.com www.site2.com;
      return 301 https://$host$request_uri;


      server
      listen 443 ssl;
      server_name site2.com;

      ssl_certificate /etc/nginx/ssl/site2_com.crt;
      ssl_certificate_key /etc/nginx/ssl/site2_com.key;

      location /
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;

      proxy_pass "http://127.0.0.1:3101";

      # rewrite redirects to http as to https
      proxy_redirect http:// https://;




      Any advice and questions are welcome! Let me know if you need anymore context. Thanks!










      share|improve this question














      I have a server that is going to host many sites, but right now there are just two. site1 (http://site1.com) is http and site2 (https://site2.com) is https. Both of these sites are node.js based and running off different ports, and I use nginx's proxy_pass to route the domain to the port.



      The problem i'm having right now is that you can navigate to https://site1.com but it loads the website for site2 as https://site1.com. Obviously this is not good, as google has indexed the https pages under the wrong domain.



      I'm not good with nginx yet, but my current config must be saying to route all https traffic to this port. In the future i'll have multiple https and http sites and obviously all the traffic needs to route properly.



      Can anyone take a look at my config and school me as to what i'm doing wrong here?



      My nginx.conf file is the default



      here is my http://site1.com config



      server

      listen 80;
      listen [::]:80;
      server_name site1.com www.site1.com;

      location /

      proxy_pass http://127.0.0.1:3103;
      include /etc/nginx/proxy_params;




      and here is my https://site2.com config



      server 
      listen 80;
      listen [::]:80;
      server_name site2.com www.site2.com;
      return 301 https://$host$request_uri;


      server
      listen 443 ssl;
      server_name site2.com;

      ssl_certificate /etc/nginx/ssl/site2_com.crt;
      ssl_certificate_key /etc/nginx/ssl/site2_com.key;

      location /
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;

      proxy_pass "http://127.0.0.1:3101";

      # rewrite redirects to http as to https
      proxy_redirect http:// https://;




      Any advice and questions are welcome! Let me know if you need anymore context. Thanks!







      nginx centos node.js proxypass






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked yesterday









      Shan RobertsonShan Robertson

      1104




      1104




















          1 Answer
          1






          active

          oldest

          votes


















          0














          Nginx always has a default server it uses to process requests where the server_name does not match. If you do not specify one explicitly using the default_server attribute, it will choose the first one with a matching listen directive.



          In your case, the server block for site2 is used to process any https connection, albeit with an invalid certificate warning.



          You can define a "catch all" server block, so that the server_name must match for each of your legitimate server blocks.



          For example:



          server 
          listen 80 default_server;
          listen 443 ssl default_server;
          return 444;



          It will work fine for http connections. However, https connections are always problematic, as you cannot be expected to have valid certificates for every bogus domain name that points to your server. This will at least prevent the wrong server block from handling a request.



          See this document for details.






          share|improve this answer























            Your Answer








            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "2"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f960504%2fnginx-multiple-http-https-proxy-domains%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            Nginx always has a default server it uses to process requests where the server_name does not match. If you do not specify one explicitly using the default_server attribute, it will choose the first one with a matching listen directive.



            In your case, the server block for site2 is used to process any https connection, albeit with an invalid certificate warning.



            You can define a "catch all" server block, so that the server_name must match for each of your legitimate server blocks.



            For example:



            server 
            listen 80 default_server;
            listen 443 ssl default_server;
            return 444;



            It will work fine for http connections. However, https connections are always problematic, as you cannot be expected to have valid certificates for every bogus domain name that points to your server. This will at least prevent the wrong server block from handling a request.



            See this document for details.






            share|improve this answer



























              0














              Nginx always has a default server it uses to process requests where the server_name does not match. If you do not specify one explicitly using the default_server attribute, it will choose the first one with a matching listen directive.



              In your case, the server block for site2 is used to process any https connection, albeit with an invalid certificate warning.



              You can define a "catch all" server block, so that the server_name must match for each of your legitimate server blocks.



              For example:



              server 
              listen 80 default_server;
              listen 443 ssl default_server;
              return 444;



              It will work fine for http connections. However, https connections are always problematic, as you cannot be expected to have valid certificates for every bogus domain name that points to your server. This will at least prevent the wrong server block from handling a request.



              See this document for details.






              share|improve this answer

























                0












                0








                0







                Nginx always has a default server it uses to process requests where the server_name does not match. If you do not specify one explicitly using the default_server attribute, it will choose the first one with a matching listen directive.



                In your case, the server block for site2 is used to process any https connection, albeit with an invalid certificate warning.



                You can define a "catch all" server block, so that the server_name must match for each of your legitimate server blocks.



                For example:



                server 
                listen 80 default_server;
                listen 443 ssl default_server;
                return 444;



                It will work fine for http connections. However, https connections are always problematic, as you cannot be expected to have valid certificates for every bogus domain name that points to your server. This will at least prevent the wrong server block from handling a request.



                See this document for details.






                share|improve this answer













                Nginx always has a default server it uses to process requests where the server_name does not match. If you do not specify one explicitly using the default_server attribute, it will choose the first one with a matching listen directive.



                In your case, the server block for site2 is used to process any https connection, albeit with an invalid certificate warning.



                You can define a "catch all" server block, so that the server_name must match for each of your legitimate server blocks.



                For example:



                server 
                listen 80 default_server;
                listen 443 ssl default_server;
                return 444;



                It will work fine for http connections. However, https connections are always problematic, as you cannot be expected to have valid certificates for every bogus domain name that points to your server. This will at least prevent the wrong server block from handling a request.



                See this document for details.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered yesterday









                Richard SmithRichard Smith

                6,5282717




                6,5282717



























                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Server Fault!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f960504%2fnginx-multiple-http-https-proxy-domains%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    RemoteApp sporadic failureWindows 2008 RemoteAPP client disconnects within a matter of minutesWhat is the minimum version of RDP supported by Server 2012 RDS?How to configure a Remoteapp server to increase stabilityMicrosoft RemoteApp Active SessionRDWeb TS connection broken for some users post RemoteApp certificate changeRemote Desktop Licensing, RemoteAPPRDS 2012 R2 some users are not able to logon after changed date and time on Connection BrokersWhat happens during Remote Desktop logon, and is there any logging?After installing RDS on WinServer 2016 I still can only connect with two users?RD Connection via RDGW to Session host is not connecting

                    Cegueira Índice Epidemioloxía | Deficiencia visual | Tipos de cegueira | Principais causas de cegueira | Tratamento | Técnicas de adaptación e axudas | Vida dos cegos | Primeiros auxilios | Crenzas respecto das persoas cegas | Crenzas das persoas cegas | O neno deficiente visual | Aspectos psicolóxicos da cegueira | Notas | Véxase tamén | Menú de navegación54.054.154.436928256blindnessDicionario da Real Academia GalegaPortal das Palabras"International Standards: Visual Standards — Aspects and Ranges of Vision Loss with Emphasis on Population Surveys.""Visual impairment and blindness""Presentan un plan para previr a cegueira"o orixinalACCDV Associació Catalana de Cecs i Disminuïts Visuals - PMFTrachoma"Effect of gene therapy on visual function in Leber's congenital amaurosis"1844137110.1056/NEJMoa0802268Cans guía - os mellores amigos dos cegosArquivadoEscola de cans guía para cegos en Mortágua, PortugalArquivado"Tecnología para ciegos y deficientes visuales. Recopilación de recursos gratuitos en la Red""Colorino""‘COL.diesis’, escuchar los sonidos del color""COL.diesis: Transforming Colour into Melody and Implementing the Result in a Colour Sensor Device"o orixinal"Sistema de desarrollo de sinestesia color-sonido para invidentes utilizando un protocolo de audio""Enseñanza táctil - geometría y color. Juegos didácticos para niños ciegos y videntes""Sistema Constanz"L'ocupació laboral dels cecs a l'Estat espanyol està pràcticament equiparada a la de les persones amb visió, entrevista amb Pedro ZuritaONCE (Organización Nacional de Cegos de España)Prevención da cegueiraDescrición de deficiencias visuais (Disc@pnet)Braillín, un boneco atractivo para calquera neno, con ou sen discapacidade, que permite familiarizarse co sistema de escritura e lectura brailleAxudas Técnicas36838ID00897494007150-90057129528256DOID:1432HP:0000618D001766C10.597.751.941.162C97109C0155020

                    Club Baloncesto Breogán Índice Historia | Pavillón | Nome | O Breogán na cultura popular | Xogadores | Adestradores | Presidentes | Palmarés | Historial | Líderes | Notas | Véxase tamén | Menú de navegacióncbbreogan.galCadroGuía oficial da ACB 2009-10, páxina 201Guía oficial ACB 1992, páxina 183. Editorial DB.É de 6.500 espectadores sentados axeitándose á última normativa"Estudiantes Junior, entre as mellores canteiras"o orixinalHemeroteca El Mundo Deportivo, 16 setembro de 1970, páxina 12Historia do BreogánAlfredo Pérez, o último canoneiroHistoria C.B. BreogánHemeroteca de El Mundo DeportivoJimmy Wright, norteamericano do Breogán deixará Lugo por ameazas de morteResultados de Breogán en 1986-87Resultados de Breogán en 1990-91Ficha de Velimir Perasović en acb.comResultados de Breogán en 1994-95Breogán arrasa al Barça. "El Mundo Deportivo", 27 de setembro de 1999, páxina 58CB Breogán - FC BarcelonaA FEB invita a participar nunha nova Liga EuropeaCharlie Bell na prensa estatalMáximos anotadores 2005Tempada 2005-06 : Tódolos Xogadores da Xornada""Non quero pensar nunha man negra, mais pregúntome que está a pasar""o orixinalRaúl López, orgulloso dos xogadores, presume da boa saúde económica do BreogánJulio González confirma que cesa como presidente del BreogánHomenaxe a Lisardo GómezA tempada do rexurdimento celesteEntrevista a Lisardo GómezEl COB dinamita el Pazo para forzar el quinto (69-73)Cafés Candelas, patrocinador del CB Breogán"Suso Lázare, novo presidente do Breogán"o orixinalCafés Candelas Breogán firma el mayor triunfo de la historiaEl Breogán realizará 17 homenajes por su cincuenta aniversario"O Breogán honra ao seu fundador e primeiro presidente"o orixinalMiguel Giao recibiu a homenaxe do PazoHomenaxe aos primeiros gladiadores celestesO home que nos amosa como ver o Breo co corazónTita Franco será homenaxeada polos #50anosdeBreoJulio Vila recibirá unha homenaxe in memoriam polos #50anosdeBreo"O Breogán homenaxeará aos seus aboados máis veteráns"Pechada ovación a «Capi» Sanmartín e Ricardo «Corazón de González»Homenaxe por décadas de informaciónPaco García volve ao Pazo con motivo do 50 aniversario"Resultados y clasificaciones""O Cafés Candelas Breogán, campión da Copa Princesa""O Cafés Candelas Breogán, equipo ACB"C.B. Breogán"Proxecto social"o orixinal"Centros asociados"o orixinalFicha en imdb.comMario Camus trata la recuperación del amor en 'La vieja música', su última película"Páxina web oficial""Club Baloncesto Breogán""C. B. Breogán S.A.D."eehttp://www.fegaba.com