Multiple SSL-enabled websites, single IP, once again
Hi,
I have:
Nanode 1 GB
two domains:
two config files in /etc/nginx/config.d directory:
- domain_1.com.conf
- domain_2.com.conf
two certificates Letsencrypt for two domains,
two applications in separate directories,
one python virtualenv
Config version 1
DOMAIN_1.COM
server {
location / {
proxy_pass http://unix:/home/acc/dms/**DOMAIN_1.COM**/gunicorn.sock:/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 300s;
proxy_connect_timeout 75s;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/**DOMAIN_1.COM**/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/**DOMAIN_1.COM**/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = **DOMAIN_1.COM**) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name **DOMAIN_1.COM**;
return 404; # managed by Certbot
}
DOMAIN_2.COM
server {
location / {
proxy_pass http://unix:/home/acc/dms/**DOMAIN_2.COM**/gunicorn.sock:/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 300s;
proxy_connect_timeout 75s;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/**DOMAIN_2.COM**/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/**DOMAIN_2.COM**/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = **DOMAIN_2.COM**) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name **DOMAIN_2.COM**;
return 404; # managed by Certbot
}
In these configurations, after running the nginx -t
test, I receive the following warning:
nginx: [warn] conflicting server name "" on 0.0.0.0:443, ignored
However, in the browser, the situation is as follows:
- The address bar shows https://DOMAIN_1.COM, but the content of the DOMAIN_2.COM application is displayed in the browser window, which is incorrect.
- The address bar shows https://DOMAIN_2.COM, and the content of the DOMAIN_2.COM application is displayed in the browser window, which is correct.
Config version 2
In this configuration, the domain_1.com.conf file is the same, while the domain_2.com.conf file contains only:
server {
server_name **DOMAIN_2.COM**;
listen 80;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 300s;
proxy_connect_timeout 75s;
proxy_pass http://unix:/home/acc/dms/**DOMAIN_2.COM**/gunicorn.sock:/;
}
nginx -t
shows:
nginx: [warn] conflicting server name "" on 0.0.0.0:80, ignored
And now, let's see what the web browser shows. Please pay attention to the https/http protocol.
- The https://DOMAIN_1.COM website is available, and the http://DOMAIN_2.COM website is also available, everything is fine.
- If I use https with the DOMAIN_2.COM domain, in the browser DOMAIN_1.COM website is displayed, although the address bar still shows https://DOMAIN_2.COM. It looks like the DOMAIN_2.COM domain is connecting to the DOMAIN_1.COM application.
Despite spending a lot of time trying to solve this problem, I have not found a solution. Where is the mistake? What am I doing wrong? Thank you in advance for your help.
1 Reply
I've never directly hosted multiple websites on the same Linode, but I have managed multiple apps that were SSL secured and made use of NGINX Reverse Proxies. It looks like you're already on the right track config-wise which makes this type of issue all the more frustrating.
Since you have already done some A-B testing with your configurations, what happens when you really slim it down for both domains? Like if you were to create a single proxy config file:
server {
listen 80;
server_name $DOMAIN1.COM;
location / {
proxy_pass http://localhost: /;
}
}
server {
listen 80;
listen [::]:80;
server_name $DOMAIN2.COM;
location / {
proxy_pass http://localhost: /;
}
}
Does that resolve any of the behavior or does it continue to prioritize towards one specific domain for HTTP/HTTPS resolution?
I know I've gotten myself into issues by misconfiguring my /etc/hosts
file; although everything is resolving from your FQDN to your web server, it's always worth reviewing that. Just to confirm, even though you can only have one hostname assigned to your server, you should still be able to create two entries:
$SERVER_IP_ADDRESS FQDN.DOMAIN1.COM DOMAIN1.COM HOST/DOMAIN/SUBDOMAIN
$SERVER_IP_ADDRESS FQDN.DOMAIN2.COM DOMAIN2.COM HOST/DOMAIN/SUBDOMAIN
Worst case (if you haven't already), you may want to scrap your current config and delete your existing SSL certs, then rebuild your config one domain at a time. Once both have been remade, run Certbot for both domains and see if you continue to encounter this issue.