Hi,
my intended configuration of nginx is to have four virtual hosts on one ubuntu system. Any host should be available only via SSL, so I have port 80 redirected to port 443. Any host should only be addressed if it is specifically addressed, the default server should be an error page.
Unfortunately, my configuration of nginx is not directing the requests to the right server: If I enter any address that ends up on this domain, then it gets re-directed to seafile. E.g., if I enter "https://roundcube.***", then it gets directed to "https://seafile****". I think that the line "server_name seafile.*****" should prevent any other address to get re-directed to this virtual host. Can anyone help?
server {
2 listen 80;
3 server_name seafile.*****;
4 return 301 https://seafile.*****$request_uri;
5 }
6
7 server {
8 listen 443 ssl;
9 server_name seafile.*****;
10
11 proxy_set_header X-Forwarded-For $remote_addr;
12
13 add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
14 add_header Public-Key-Pins 'pin-sha256="AKTUELLER-KEY-HASH"; pin-sha256="BACKUP-KEY-HASH"; max-age=31536000; includeSubDomains';
15
16 server_tokens off;
17
18 ssl_certificate /etc/ssl/*****.crt;
19 ssl_certificate_key /etc/ssl/*****.key;
20
21 ssl_dhparam /etc/ssl/*****.pem;
22
23 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
24 ssl_prefer_server_ciphers on;
25 ssl_ciphers ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL;
26
27 ssl_session_timeout 10m;
28 ssl_session_cache off;
29
30 error_log /var/log/nginx/error.log debug;
31 access_log /var/log/nginx/access.log;
32
This is my default:
1 server {
2 listen 80 default_server;
3 server_name _;
4
5 location / {
6 return 301 https://$host$request_uri;
7 }
8
9 rewrite_log on;
10 error_log /var/log/nginx/error_empty.log debug;
11 access_log /var/log/nginx/access_empty.log;
12 return 444;
13 }
This is my config of nginx:
nginx version: nginx/1.9.12
built by gcc 5.3.0 20151204 (Ubuntu/Linaro 5.3.0-3ubuntu1~14.04)
built with OpenSSL 1.0.1f 6 Jan 2014
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-threads --with-stream --with-stream_ssl_module --with-http_slice_module --with-http_v2_module
my intended configuration of nginx is to have four virtual hosts on one ubuntu system. Any host should be available only via SSL, so I have port 80 redirected to port 443. Any host should only be addressed if it is specifically addressed, the default server should be an error page.
Unfortunately, my configuration of nginx is not directing the requests to the right server: If I enter any address that ends up on this domain, then it gets re-directed to seafile. E.g., if I enter "https://roundcube.***", then it gets directed to "https://seafile****". I think that the line "server_name seafile.*****" should prevent any other address to get re-directed to this virtual host. Can anyone help?
server {
2 listen 80;
3 server_name seafile.*****;
4 return 301 https://seafile.*****$request_uri;
5 }
6
7 server {
8 listen 443 ssl;
9 server_name seafile.*****;
10
11 proxy_set_header X-Forwarded-For $remote_addr;
12
13 add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
14 add_header Public-Key-Pins 'pin-sha256="AKTUELLER-KEY-HASH"; pin-sha256="BACKUP-KEY-HASH"; max-age=31536000; includeSubDomains';
15
16 server_tokens off;
17
18 ssl_certificate /etc/ssl/*****.crt;
19 ssl_certificate_key /etc/ssl/*****.key;
20
21 ssl_dhparam /etc/ssl/*****.pem;
22
23 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
24 ssl_prefer_server_ciphers on;
25 ssl_ciphers ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL;
26
27 ssl_session_timeout 10m;
28 ssl_session_cache off;
29
30 error_log /var/log/nginx/error.log debug;
31 access_log /var/log/nginx/access.log;
32
This is my default:
1 server {
2 listen 80 default_server;
3 server_name _;
4
5 location / {
6 return 301 https://$host$request_uri;
7 }
8
9 rewrite_log on;
10 error_log /var/log/nginx/error_empty.log debug;
11 access_log /var/log/nginx/access_empty.log;
12 return 444;
13 }
This is my config of nginx:
nginx version: nginx/1.9.12
built by gcc 5.3.0 20151204 (Ubuntu/Linaro 5.3.0-3ubuntu1~14.04)
built with OpenSSL 1.0.1f 6 Jan 2014
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-threads --with-stream --with-stream_ssl_module --with-http_slice_module --with-http_v2_module