Home > other >  nginx redirecting all subdomains (when it shouldn't)
nginx redirecting all subdomains (when it shouldn't)

Time:04-03

I have an nginx server running. I want it to redirect http://www.example.com to https://www.example.com, but not touch any other subdomains like http://foo.example.com.

For some reason, no matter what I add in the subdomain, it still gets rerouted. My webpage shows on www.example.com (as it should), but also on foo.example.com and example.com (as it shouldn't)

This is my example.com config file:

server {
  listen 80;
  server_name www.example.com;

  # For debug
  add_header X-debug-message "listen:80, server_name:www.example.com, redirect:https://$host$request_uri" always;

  # Riderect
  return 301 https://$host$request_uri;
}

server {
  listen 443 ssl;
  server_name www.example.com;

  # For debug
  add_header X-debug-message "listen:443, server_name:www.example.com, redirected:https://$host$request_uri" always;

  # SSL
  ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
  include /etc/letsencrypt/options-ssl-nginx.conf;
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
  root /var/www/example.com;

  # Redirect
  location / {
    proxy_pass http://192.168.1.224:80;
  }
}

Going to www.example.com shows me my webpage as expected. But going to foo.example.com also gives me my webpage - which it shouldn't. example.com also gives me the webpage.

Opening www.example.com in my browser, I see the following http header (as expected):

X-debug-message: DEBUG: listen:443, server_name:www.example.com, redirected:https://www.example.com/

Opening foo.example.com in my browser, I see the following http header (not as expected):

X-debug-message: DEBUG: listen:443, server_name:www.example.com, redirected:https://foo.example.com/

How can I make my nginx only redirect www.example.com ?

CodePudding user response:

  1. Ensure that the dns record for foo.yourdomain.com is actually created with dns provider

  2. Create a second server block for the subdomain 'foo.example.com' otherwise all request to port 80 will be redirected to available server block, which in your case www.example.com - the server block should look like this:

         server {
            server_name foo.example.com;
            location / {
                 root path/to/foo/index.html;
                 index index.html index.htm;
                 proxy_http_version 1.1;
                 proxy_set_header Upgrade $http_upgrade;
                 proxy_set_header Connection 'upgrade';
                 proxy_set_header Host $host;
                 proxy_cache_bypass $http_upgrade;
                 try_files $uri $uri/ /index.html;
            }
    
          listen 443 ssl; # managed by Certbot
          ssl_certificate 
          /etc/letsencrypt/live/example.com/fullchain.pem; # n 
            managed by Certbot
          ssl_certificate_key 
          /etc/letsencrypt/live/nextoma.com/privkey.pem; # managed by 
          Certbot
          include /etc/letsencrypt/options-ssl-nginx.conf; # managed by 
          Certbot
          ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by 
          Certbot
        }
    
  3. Add ssl certificate to the foo.example.com with the command:

    certbot --nginx -d foo.example.com
    
  4. Restart nginx and recheck foo.example.com again

CodePudding user response:

Thank you for all the comments!

For other readers, and future reference, this is now my enlightened understanding.

nginx treats the first entry in it's enabled-sites conf as a default route. Thus, the first entry

server {
    listen      80;
    server_name example.net www.example.net;
    ...
}

is in fact treated as

server {
    listen      80 default_server;
    server_name example.net www.example.net;
    ...
}

So, my mistake, was to add *.example.com -> MyIP to my DNS, and assuming nginx would just 404 all routes I didn't explicitly define. When in fact, it looks for a route that matches foo.example.com, and if it doesn't, routes it to the default route.

So, I now changed my DNS to explicitly handle all subdomains I want routed, and I list all of them explicitly in nginx.

Now - how I achieve my original plan - to just route *.example.com to my IP, and have nginx 404 all requests except the ones I excplicitly define - I still don't understand.

Explicitly routing all subdomains in the DNS is a bit less flexible, as I need to update the DNS and wait for the change to propagate if I want to test a new service internally. But, I guess that is fine for now.

  • Related