nginx multiple http/https proxy domains The Next CEO of Stack OverflowProxy HTTPS requests to a HTTP backend with NGINXNginx proxy pass works for https but not httpnginx load balancer rewrite to listen portnginx proxy redirecting request to different proxyNginx subversion commit failureNginx/Apache: set HSTS only if X-Forwarded-Proto is httpsIssue serving multiple SSL certs via nginxConfigure NGINX : How to handle 500 Error on upstream itself, While Nginx handle other 5xx errorsAnsible to loop over grouped itemsNginx reverse proxy to many local servers + webserver duty
How to count occurrences of text in a file?
How to make a variable always equal to the result of some calculations?
Can we say or write : "No, it'sn't"?
How to start emacs in "nothing" mode (`fundamental-mode`)
Help understanding this unsettling image of Titan, Epimetheus, and Saturn's rings?
Should I tutor a student who I know has cheated on their homework?
What was the first Unix version to run on a microcomputer?
Non-deterministic sum of floats
Example of a Mathematician/Physicist whose Other Publications during their PhD eclipsed their PhD Thesis
Why don't programming languages automatically manage the synchronous/asynchronous problem?
Interfacing a button to MCU (and PC) with 50m long cable
Is it my responsibility to learn a new technology in my own time my employer wants to implement?
Why has the US not been more assertive in confronting Russia in recent years?
How fast would a person need to move to trick the eye?
Would a completely good Muggle be able to use a wand?
Would this house-rule that treats advantage as a +1 to the roll instead (and disadvantage as -1) and allows them to stack be balanced?
If/When UK leaves the EU, can a future goverment conduct a referendum to join the EU?
Novel about a guy who is possessed by the divine essence and the world ends?
Does it take more energy to get to Venus or to Mars?
What's the best way to handle refactoring a big file?
Can you replace a racial trait cantrip when leveling up?
Why is the US ranked as #45 in Press Freedom ratings, despite its extremely permissive free speech laws?
Indicator light circuit
calculus parametric curve length
nginx multiple http/https proxy domains
The Next CEO of Stack OverflowProxy HTTPS requests to a HTTP backend with NGINXNginx proxy pass works for https but not httpnginx load balancer rewrite to listen portnginx proxy redirecting request to different proxyNginx subversion commit failureNginx/Apache: set HSTS only if X-Forwarded-Proto is httpsIssue serving multiple SSL certs via nginxConfigure NGINX : How to handle 500 Error on upstream itself, While Nginx handle other 5xx errorsAnsible to loop over grouped itemsNginx reverse proxy to many local servers + webserver duty
I have a server that is going to host many sites, but right now there are just two. site1 (http://site1.com) is http and site2 (https://site2.com) is https. Both of these sites are node.js based and running off different ports, and I use nginx's proxy_pass to route the domain to the port.
The problem i'm having right now is that you can navigate to https://site1.com but it loads the website for site2 as https://site1.com. Obviously this is not good, as google has indexed the https pages under the wrong domain.
I'm not good with nginx yet, but my current config must be saying to route all https traffic to this port. In the future i'll have multiple https and http sites and obviously all the traffic needs to route properly.
Can anyone take a look at my config and school me as to what i'm doing wrong here?
My nginx.conf file is the default
here is my http://site1.com config
server
listen 80;
listen [::]:80;
server_name site1.com www.site1.com;
location /
proxy_pass http://127.0.0.1:3103;
include /etc/nginx/proxy_params;
and here is my https://site2.com config
server
listen 80;
listen [::]:80;
server_name site2.com www.site2.com;
return 301 https://$host$request_uri;
server
listen 443 ssl;
server_name site2.com;
ssl_certificate /etc/nginx/ssl/site2_com.crt;
ssl_certificate_key /etc/nginx/ssl/site2_com.key;
location /
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass "http://127.0.0.1:3101";
# rewrite redirects to http as to https
proxy_redirect http:// https://;
Any advice and questions are welcome! Let me know if you need anymore context. Thanks!
nginx centos node.js proxypass
asked yesterday
Shan RobertsonShan Robertson
1104
add a comment |
I have a server that is going to host many sites, but right now there are just two. site1 (http://site1.com) is http and site2 (https://site2.com) is https. Both of these sites are node.js based and running off different ports, and I use nginx's proxy_pass to route the domain to the port.
The problem i'm having right now is that you can navigate to https://site1.com but it loads the website for site2 as https://site1.com. Obviously this is not good, as google has indexed the https pages under the wrong domain.
I'm not good with nginx yet, but my current config must be saying to route all https traffic to this port. In the future i'll have multiple https and http sites and obviously all the traffic needs to route properly.
Can anyone take a look at my config and school me as to what i'm doing wrong here?
My nginx.conf file is the default
here is my http://site1.com config
server
listen 80;
listen [::]:80;
server_name site1.com www.site1.com;
location /
proxy_pass http://127.0.0.1:3103;
include /etc/nginx/proxy_params;
and here is my https://site2.com config
server
listen 80;
listen [::]:80;
server_name site2.com www.site2.com;
return 301 https://$host$request_uri;
server
listen 443 ssl;
server_name site2.com;
ssl_certificate /etc/nginx/ssl/site2_com.crt;
ssl_certificate_key /etc/nginx/ssl/site2_com.key;
location /
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass "http://127.0.0.1:3101";
# rewrite redirects to http as to https
proxy_redirect http:// https://;
Any advice and questions are welcome! Let me know if you need anymore context. Thanks!
nginx centos node.js proxypass
asked yesterday
Shan RobertsonShan Robertson
1104
add a comment |
I have a server that is going to host many sites, but right now there are just two. site1 (http://site1.com) is http and site2 (https://site2.com) is https. Both of these sites are node.js based and running off different ports, and I use nginx's proxy_pass to route the domain to the port.
The problem i'm having right now is that you can navigate to https://site1.com but it loads the website for site2 as https://site1.com. Obviously this is not good, as google has indexed the https pages under the wrong domain.
I'm not good with nginx yet, but my current config must be saying to route all https traffic to this port. In the future i'll have multiple https and http sites and obviously all the traffic needs to route properly.
Can anyone take a look at my config and school me as to what i'm doing wrong here?
My nginx.conf file is the default
here is my http://site1.com config
server
listen 80;
listen [::]:80;
server_name site1.com www.site1.com;
location /
proxy_pass http://127.0.0.1:3103;
include /etc/nginx/proxy_params;
and here is my https://site2.com config
server
listen 80;
listen [::]:80;
server_name site2.com www.site2.com;
return 301 https://$host$request_uri;
server
listen 443 ssl;
server_name site2.com;
ssl_certificate /etc/nginx/ssl/site2_com.crt;
ssl_certificate_key /etc/nginx/ssl/site2_com.key;
location /
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass "http://127.0.0.1:3101";
# rewrite redirects to http as to https
proxy_redirect http:// https://;
Any advice and questions are welcome! Let me know if you need anymore context. Thanks!
nginx centos node.js proxypass
asked yesterday
Shan RobertsonShan Robertson
1104
I have a server that is going to host many sites, but right now there are just two. site1 (http://site1.com) is http and site2 (https://site2.com) is https. Both of these sites are node.js based and running off different ports, and I use nginx's proxy_pass to route the domain to the port.
The problem i'm having right now is that you can navigate to https://site1.com but it loads the website for site2 as https://site1.com. Obviously this is not good, as google has indexed the https pages under the wrong domain.
I'm not good with nginx yet, but my current config must be saying to route all https traffic to this port. In the future i'll have multiple https and http sites and obviously all the traffic needs to route properly.
Can anyone take a look at my config and school me as to what i'm doing wrong here?
My nginx.conf file is the default
here is my http://site1.com config
server
listen 80;
listen [::]:80;
server_name site1.com www.site1.com;
location /
proxy_pass http://127.0.0.1:3103;
include /etc/nginx/proxy_params;
and here is my https://site2.com config
server
listen 80;
listen [::]:80;
server_name site2.com www.site2.com;
return 301 https://$host$request_uri;
server
listen 443 ssl;
server_name site2.com;
ssl_certificate /etc/nginx/ssl/site2_com.crt;
ssl_certificate_key /etc/nginx/ssl/site2_com.key;
location /
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass "http://127.0.0.1:3101";
# rewrite redirects to http as to https
proxy_redirect http:// https://;
Any advice and questions are welcome! Let me know if you need anymore context. Thanks!
nginx centos node.js proxypass
nginx centos node.js proxypass
asked yesterday
Shan RobertsonShan Robertson
1104
asked yesterday
Shan RobertsonShan Robertson
1104
asked yesterday
Shan RobertsonShan Robertson
1104
asked yesterday
Shan RobertsonShan Robertson
1104
asked yesterday
Shan RobertsonShan Robertson
1104
1104
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Nginx always has a default server it uses to process requests where the server_name does not match. If you do not specify one explicitly using the default_server attribute, it will choose the first one with a matching listen directive.
In your case, the server block for site2 is used to process any https connection, albeit with an invalid certificate warning.
You can define a "catch all" server block, so that the server_name must match for each of your legitimate server blocks.
For example:
server
listen 80 default_server;
listen 443 ssl default_server;
return 444;
It will work fine for http connections. However, https connections are always problematic, as you cannot be expected to have valid certificates for every bogus domain name that points to your server. This will at least prevent the wrong server block from handling a request.
See this document for details.
answered yesterday
Richard SmithRichard Smith
6,5282717
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f960504%2fnginx-multiple-http-https-proxy-domains%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Nginx always has a default server it uses to process requests where the server_name does not match. If you do not specify one explicitly using the default_server attribute, it will choose the first one with a matching listen directive.
In your case, the server block for site2 is used to process any https connection, albeit with an invalid certificate warning.
You can define a "catch all" server block, so that the server_name must match for each of your legitimate server blocks.
For example:
server
listen 80 default_server;
listen 443 ssl default_server;
return 444;
It will work fine for http connections. However, https connections are always problematic, as you cannot be expected to have valid certificates for every bogus domain name that points to your server. This will at least prevent the wrong server block from handling a request.
See this document for details.
answered yesterday
Richard SmithRichard Smith
6,5282717
add a comment |
Nginx always has a default server it uses to process requests where the server_name does not match. If you do not specify one explicitly using the default_server attribute, it will choose the first one with a matching listen directive.
In your case, the server block for site2 is used to process any https connection, albeit with an invalid certificate warning.
You can define a "catch all" server block, so that the server_name must match for each of your legitimate server blocks.
For example:
server
listen 80 default_server;
listen 443 ssl default_server;
return 444;
It will work fine for http connections. However, https connections are always problematic, as you cannot be expected to have valid certificates for every bogus domain name that points to your server. This will at least prevent the wrong server block from handling a request.
See this document for details.
answered yesterday
Richard SmithRichard Smith
6,5282717
add a comment |
Nginx always has a default server it uses to process requests where the server_name does not match. If you do not specify one explicitly using the default_server attribute, it will choose the first one with a matching listen directive.
In your case, the server block for site2 is used to process any https connection, albeit with an invalid certificate warning.
You can define a "catch all" server block, so that the server_name must match for each of your legitimate server blocks.
For example:
server
listen 80 default_server;
listen 443 ssl default_server;
return 444;
It will work fine for http connections. However, https connections are always problematic, as you cannot be expected to have valid certificates for every bogus domain name that points to your server. This will at least prevent the wrong server block from handling a request.
See this document for details.
answered yesterday
Richard SmithRichard Smith
6,5282717
Nginx always has a default server it uses to process requests where the server_name does not match. If you do not specify one explicitly using the default_server attribute, it will choose the first one with a matching listen directive.
In your case, the server block for site2 is used to process any https connection, albeit with an invalid certificate warning.
You can define a "catch all" server block, so that the server_name must match for each of your legitimate server blocks.
For example:
server
listen 80 default_server;
listen 443 ssl default_server;
return 444;
It will work fine for http connections. However, https connections are always problematic, as you cannot be expected to have valid certificates for every bogus domain name that points to your server. This will at least prevent the wrong server block from handling a request.
See this document for details.
answered yesterday
Richard SmithRichard Smith
6,5282717
answered yesterday
Richard SmithRichard Smith
6,5282717
answered yesterday
Richard SmithRichard Smith
6,5282717
answered yesterday
Richard SmithRichard Smith
6,5282717
6,5282717
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f960504%2fnginx-multiple-http-https-proxy-domains%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
