Multiple SSL-enabled websites, single IP, once again

Hi,

I have:

  • Nanode 1 GB

  • two domains:

    1. domain_1.com
    2. domain_2.com
  • two config files in /etc/nginx/config.d directory:

    1. domain_1.com.conf
    2. domain_2.com.conf
  • two certificates Letsencrypt for two domains,

  • two applications in separate directories,

  • one python virtualenv

Config version 1

DOMAIN_1.COM

server {
    location / {
        proxy_pass http://unix:/home/acc/dms/**DOMAIN_1.COM**/gunicorn.sock:/;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_read_timeout 300s;
        proxy_connect_timeout 75s;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/**DOMAIN_1.COM**/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/**DOMAIN_1.COM**/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {

    if ($host = **DOMAIN_1.COM**) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;

    server_name **DOMAIN_1.COM**;
    return 404; # managed by Certbot
}

DOMAIN_2.COM

server {

    location / {
        proxy_pass http://unix:/home/acc/dms/**DOMAIN_2.COM**/gunicorn.sock:/;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_read_timeout 300s;
        proxy_connect_timeout 75s;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/**DOMAIN_2.COM**/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/**DOMAIN_2.COM**/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {

    if ($host = **DOMAIN_2.COM**) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;

    server_name **DOMAIN_2.COM**;
    return 404; # managed by Certbot
}

In these configurations, after running the nginx -t test, I receive the following warning:

nginx: [warn] conflicting server name "" on 0.0.0.0:443, ignored

However, in the browser, the situation is as follows:

  1. The address bar shows https://DOMAIN_1.COM, but the content of the DOMAIN_2.COM application is displayed in the browser window, which is incorrect.
  2. The address bar shows https://DOMAIN_2.COM, and the content of the DOMAIN_2.COM application is displayed in the browser window, which is correct.

Config version 2

In this configuration, the domain_1.com.conf file is the same, while the domain_2.com.conf file contains only:

server {

    server_name **DOMAIN_2.COM**;
    listen 80;

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_read_timeout 300s;
        proxy_connect_timeout 75s;
        proxy_pass http://unix:/home/acc/dms/**DOMAIN_2.COM**/gunicorn.sock:/;
}

nginx -t shows:

nginx: [warn] conflicting server name "" on 0.0.0.0:80, ignored

And now, let's see what the web browser shows. Please pay attention to the https/http protocol.

  1. The https://DOMAIN_1.COM website is available, and the http://DOMAIN_2.COM website is also available, everything is fine.
  2. If I use https with the DOMAIN_2.COM domain, in the browser DOMAIN_1.COM website is displayed, although the address bar still shows https://DOMAIN_2.COM. It looks like the DOMAIN_2.COM domain is connecting to the DOMAIN_1.COM application.

Despite spending a lot of time trying to solve this problem, I have not found a solution. Where is the mistake? What am I doing wrong? Thank you in advance for your help.

1 Reply

I've never directly hosted multiple websites on the same Linode, but I have managed multiple apps that were SSL secured and made use of NGINX Reverse Proxies. It looks like you're already on the right track config-wise which makes this type of issue all the more frustrating.

Since you have already done some A-B testing with your configurations, what happens when you really slim it down for both domains? Like if you were to create a single proxy config file:

server {
   listen 80;

   server_name  $DOMAIN1.COM;

   location / {
      proxy_pass http://localhost: /;
   }
}

server {
   listen 80;
   listen [::]:80;

   server_name  $DOMAIN2.COM;

   location / {
      proxy_pass http://localhost: /;
   }
}

Does that resolve any of the behavior or does it continue to prioritize towards one specific domain for HTTP/HTTPS resolution?

I know I've gotten myself into issues by misconfiguring my /etc/hosts file; although everything is resolving from your FQDN to your web server, it's always worth reviewing that. Just to confirm, even though you can only have one hostname assigned to your server, you should still be able to create two entries:

$SERVER_IP_ADDRESS FQDN.DOMAIN1.COM DOMAIN1.COM HOST/DOMAIN/SUBDOMAIN
$SERVER_IP_ADDRESS FQDN.DOMAIN2.COM DOMAIN2.COM HOST/DOMAIN/SUBDOMAIN

Worst case (if you haven't already), you may want to scrap your current config and delete your existing SSL certs, then rebuild your config one domain at a time. Once both have been remade, run Certbot for both domains and see if you continue to encounter this issue.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct