So I've got this port 80 redirect working fine
server {
listen 80;
server_name "~^(?<subdomain>.+)\.site-box\.it$";
rewrite ^(.*)$ https://$subdomain.sitebox.co permanent;
}
But I want https to work too, because some old links are left around that have https://guy.site-box.it
But this doesn't work
server {
listen 443;
server_name "~^(?<subdomain>.+)\.site-box\.it$";
rewrite ^(.*)$ https://$subdomain.sitebox.co permanent;
}
It seems to cause nothing in the Nginx conf file to work. I just get cloudflare errors on the main site, and on the testing guy.site-box.it it just says page is not available.
Any idea how to get the SSL subdomain to work?
First of all you need 2 certificates: for subdomain.site-box.it and for subdomain.sitebox.co. If you have wildcard certificate - good, can use one server block. If you have separate certificate - need to create one server for each subdomain (because certificate paths are different).
Also, you need openssl with SNI support (well, almost all modern version has) and check browser/os support. SNI - it's for https name-based hosting.
Also, better use return 301 instead of rewrite. return 301 https://$subdomain.sitebox.co much better.
And finally you server block not configured well. You forgot ssl keyword and certificate paths.
server {
listen 443 ssl;
ssl_certificate ... ;
ssl_certificate_key ... ;
}
Related
I have a Ghost blog hosted on digitalocean, my domain can only be accessible with a secure connection (it's a .dev site).
My site is available when I access it with www, e.g. www.androidoss.dev, but not when accessed directly as androidoss.dev.
What could be the issue?
If you have deployed the Ghost on the DigitalOcean server then it's running behind the Nginx probably. So during the Ghost installation there a command is executed which is ghost setup nginx which setup Nginx for you and then run ghost setup ssl which set up Let's Encrypt SSL for the provided domain name and it doesn't create a redirection rule from non-www to www.
So you can do this by adding a redirection URI in your Nginx file.
You have to add these lines in the server block for http. It will look like this and the file-path is /etc/nginx/sites-available/ww.example.com
server {
listen 80;
...................
...................
}
you have to add the below lines at the place of dotted lines.
server_name example.com www.example.com;
return 301 https://www.example.com$request_uri;
I'm trying to redirect from an old domain to a new one.
The old domain used to have an SSL cert, but it doesn't any more.
So I need to 301 redirect these:
http://olddomain.co.uk
http://www.olddomain.co.uk
https://olddomain.co.uk
https://www.olddomain.co.uk
All to: https://www.newdomain.co.uk
This is my config:
server {
listen 80;
listen 443 ssl;
server_name olddomain.co.uk www.olddomain.co.uk;
return 301 https://www.newdomain.co.uk;
}
I'm using http://www.redirect-checker.org to test.
Both of the http URL's redirect fine, however the https URL's are not found at all, as if this server directive doesn't catch the https URL's.
Is that because I need an SSL cert even though I'm not serving anything..?
Is an SSL cert still needed, just to redirect..?
If not, why would this not work..?
EDIT
To be clear, I don't see cert errors, Chrome says "This site can't be reached", it does't say anything about a cert. redirect-checker.org says "no URLs found".
EDIT 2
I've found another .conf file, which is working (all 4 url's, inc 2 https, redirecting, without a cert installed). This is copy-pasted:
server {
listen 80;
listen 443 ssl;
server_name thepreventduty.com www.thepreventduty.com;
return 301 $scheme://www.thepreventduty.co.uk$request_uri;
}
These all redirect:
http://thepreventduty.com
http://www.thepreventduty.com
https://thepreventduty.com
https://www.thepreventduty.com
To https://www.thepreventduty.co.uk, and I don't have an ssl cert for thepreventduty.com.
You can see if works here: http://www.redirect-checker.org/
When I add another .conf for another domain (I'm using include websites/*.conf; in nginx.conf), exact same server directive, just the domain names changed - it doesn't work!
Why..?
HTTPS connection means HTTP connections in SSL-session.
For establishing SSL-session you need certificate and key.
From official site of nginx:
To configure an HTTPS server, the ssl parameter must be enabled on listening sockets in the server block, and the locations of the server certificate and private key files should be specified
So, you need specify locations of certificate and key.
In case of incorrect SSL you will get cert error before redirect.
I recommend you use acme.sh for getting valid certificate and key.
At first, you need temporary disable redirects and specify root directory of old domain.
Then follow instruction:
https://github.com/Neilpang/acme.sh
Once it is done, enable redirect back.
I have a nginx server that manages a few domains and subdomains. There are some subdomains that have an own SSL certificate and they work fine. The problem is that if I try to open blablabla.mydomain.com (this subdomain is not configured in nginx) then firefox shows me an error "Connection is not secure" and "The certificate is only valid for xyz.mydomain.com" (this domain is configured with SSL and works well)
The same happens when I open the root domain mydomain.com. Then the server also returns the certificate for xyz.mydomain.com which is rejected by firefox.
I only want nginx to return the SSL certificate for domains/subdomains I explicitly have configured HTTPS. For what I understand, my configuration should be doing exactly this.
I configured all my https-subdomains like this:
server {
listen 443 ssl;
server_name xyz.mydomain.com;
root /var/www/xyz.mydomain/;
ssl on;
ssl_certificate /etc/letsencrypt/live/xyz.mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xyz.mydomain.com/privkey.pem;
...
}
The root domain (which should have no SSL) is configured like this:
server {
listen 80;
server_name mydomain.com;
return http://some-redirection.com;
}
There is no SSL server block for this domain. Nor is for the other subdomains that do not exist. So why does nginx in these cases return the certificate for xyz.mydomain.com?
I don't use any wildcards in my server config. Is there some way to debug this? I mean, there must be a reason why nginx always returns the certificate for xyz.mydomain.com for every non-configured domain/subdomain. Why not another configured and working certificate?
I use an Ubuntu 14.04 server with nginx 1.4.6
If you need more info on my config, let me know
EDIT: I think I know why my config does not work. When using https the client encrypts also the domain name and this causes nginx to try all available server defintions. When it doesn't find one it returns the last one? And xyz.mydomain.com seems to be the last one (alphabetically)
So is there a way to avoid this? Would I have to create a ssl cert for every other subdomain?
I got ssl cert from let's encrypt for domain.me and www.domain.me using this tutorial on DigitalOcean.
Everything worked fine.
Then I've created sub.domain.me and www.sub.domain.me and tried to get ssl certs for them using the same steps.
sub.domain.me works fine. But when I try to get www.sub.domain.me in browser the error occures:
Your connection is not private. NET::ERR_CERT_COMMON_NAME_INVALID
What am I doing wrong?
I am not using a wildcard certificate, as LetsEncrypt does not support this
server block which causes the problem look like:
server {
listen:80;
listen 443 ssl;
server_name www.sub.domain.me;
return 301 $sheme://sub.domain.me$request_uri;
}
Try to add:
ssl_certificate /opt/nginx/ssl/server.pem;
ssl_certificate_key /opt/nginx/ssl/server.key;
to server block ( of course with Your path and file names ). If subdomains have other certificate, use path to them.
But it's hard to say what is wrong without all nginx config
I have several websites hosted on the same sever. To simplify I have just 2 (http-only.com and https.com) and using nginx to handle requests.
One has SSL enabled. And another doesn't. I noticed links like this in Google Search Console http-only.com/https_server_path and when accessing an http-only.com server with https protocol I get requests served by an https.com server instead.
https.com:
server {
listen 443 ssl;
server_name https.com;
ssl on;
}
only-http.com:
server {
listen 80;
server_name only-http.com;
}
I think I should define something like a default ssl server to handle ssl for http.com, but don't know how to do it properly. I guess nginx should redirect https request to an http url if corresponding server doesn't handle https. Or maybe there is a better solution?