Multiple SSL web sites with nginx

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Multiple SSL web sites with nginx

vergil
I am trying to host multiple web apps on the same machine and they are all
SSL enabled. I am trying to put an Nginx server in front of them to redirect
incoming requests to different ports. Here is the configuration I have for
this purpose:

```
    server {
        listen 443 ssl;
        server_name domain1.com;

        ssl_certificate        
/etc/nginx/sslcerts/domain1/certificate.crt;
        ssl_certificate_key     /etc/nginx/sslcerts/domain1/private.key;

        # ssl_session_cache  builtin:1000  shared:SSL:10m;
        ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers
HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
        # ssl_prefer_server_ciphers on;

        location / {
            proxy_set_header        Host $host;
            proxy_set_header        X-Real-IP $remote_addr;
            proxy_set_header        X-Forwarded-For
$proxy_add_x_forwarded_for;
            proxy_set_header        X-Forwarded-Proto $scheme;

            # Fix the “It appears that your reverse proxy set up is broken"
error.
            proxy_pass          <a href="https://localhost:4444;">https://localhost:4444;
            proxy_read_timeout  90;

            proxy_redirect      https://localhost:4444 https://domain1.com;
        }
    }

    server {
        listen 443 ssl;
        server_name api.domain2.com;

        ssl_certificate        
/etc/nginx/sslcerts/domain2/certificate.crt;
        ssl_certificate_key     /etc/nginx/sslcerts/domain2/private.key;

        # ssl_session_cache  builtin:1000  shared:SSL:10m;
        ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers
HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
        # ssl_prefer_server_ciphers on;

        location / {
            proxy_set_header        Host $host;
            proxy_set_header        X-Real-IP $remote_addr;
            proxy_set_header        X-Forwarded-For
$proxy_add_x_forwarded_for;
            proxy_set_header        X-Forwarded-Proto $scheme;

            # Fix the “It appears that your reverse proxy set up is broken"
error.
            proxy_pass          <a href="https://localhost:9999;">https://localhost:9999;
            proxy_read_timeout  90;

            proxy_redirect      https://localhost:9999
https://tomlapi.domain2.com;
        }
    }
```

However, with this configuration it seems when I try to hit
`https://api.domain2.com` then I am still redirected to
`https://domain1.com`. I am just wondering what is wrong with my config?
Previously I had used similar configs for non-SSL web apps for the same
purpose and it worked.

Thanks!

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,288666,288666#msg-288666

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: Multiple SSL web sites with nginx

Bee.Lists

> On Jul 12, 2020, at 9:43 AM, dorafmon <[hidden email]> wrote:
>
> I am trying to host multiple web apps on the same machine and they are all
> SSL enabled. I am trying to put an Nginx server in front of them to redirect
> incoming requests to different ports.

The domain carried forward is what nginx uses to decipher what vhost to return. Also, both of those domains are port 443, so it will go to the first/default domain.  



Cheers, Bee




_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: Multiple SSL web sites with nginx

Ian Hobson-3


On 12/07/2020 17:43, Bee.Lists wrote:
>
>> On Jul 12, 2020, at 9:43 AM, dorafmon <[hidden email]> wrote:
>>
>> I am trying to host multiple web apps on the same machine and they are all
>> SSL enabled. I am trying to put an Nginx server in front of them to redirect
>> incoming requests to different ports.
>
> The domain carried forward is what nginx uses to decipher what vhost to return. Also, both of those domains are port 443, so it will go to the first/default domain.
>
This is not correct, see
https://nginx.org/en/docs/http/ngx_http_core_module.html#server where it
says

Syntax: server { ... }
Default: —
Context: http
Sets configuration for a virtual server. There is no clear separation
between IP-based (based on the IP address) and name-based (based on the
“Host” request header field) virtual servers. Instead, the listen
directives describe all addresses and ports that should accept
connections for the server, and the server_name directive lists all
server names.

So the ports are defined in the listen directive, and the server names
in the server_name directive.

Your approach of multiple https servers works fine on my kit with the
approach you have taken.

Suggest there may be a typo in your configuration - try

sudo nginx -t

to prove both servers are loaded.


Regards

Ian

--
Ian Hobson
Tel (+351) 910 418 473

--
This email has been checked for viruses by AVG.
https://www.avg.com

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: Multiple SSL web sites with nginx

Bee.Lists

> On Jul 12, 2020, at 3:08 PM, Ian Hobson <[hidden email]> wrote:
>
> This is not correct, see https://nginx.org/en/docs/http/ngx_http_core_module.html#server where it says
>
> Syntax: server { ... }
> Default: —
> Context: http
> Sets configuration for a virtual server. There is no clear separation between IP-based (based on the IP address) and name-based (based on the “Host” request header field) virtual servers. Instead, the listen directives describe all addresses and ports that should accept connections for the server, and the server_name directive lists all server names.
>
> So the ports are defined in the listen directive, and the server names in the server_name directive.
>
> Your approach of multiple https servers works fine on my kit with the approach you have taken.
>
> Suggest there may be a typo in your configuration - try
>
> sudo nginx -t
>
> to prove both servers are loaded.


They are both on the same server.  Same IP.  With the same port number, there’s nothing deciphering between the two other than server_name.  Hence using server_name as the forward.  I don’t even know how one could use port number as the request.  

If you look at the example he posted, there was no default.  


Cheers, Bee




_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx