I'm using nginx to provide service for 4 virtual hosts on the same physical server. The issue I'm having is that a browser request for https://www.domain1.org/ is being answered with a certificate for a different domain. Here's what the slices from my config files look like:
domain1.conf: (note that there's no listen directive for port 443)
server {
listen 80;
server_name domain1.org www.domain1.org domain1.com www.domain1.com domain1.net www.domain1.net domain1.us www.domain1.us domain1.info www.domain1.info;
root /home/domain1/public_html;
# more stuff
}
domain2.conf:
server {
listen 80;
server_name domain2 www.domain2;
root /home/domain2/public_html;
# more stuff
}
server { ## SSL config for domain2
listen 443 ssl;
ssl_certificate /etc/ssl/certs/domain2-chained.crt;
ssl_certificate_key /etc/ssl/private/domain2.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
server_name domain2 www.domain2;
root /home/domain2/public_html;
# more stuff
}
server {
listen 80;
server_name domain3 www.domain3;
root /var/www;
access_log /var/log/nginx/access-domain3.log;
error_log /var/log/nginx/error-domain3.log;
return 301 https://$host$request_uri;
}
server { ## SSL config for domain3
listen 443 ssl;
ssl_certificate /etc/ssl/certs/domain3-chained.crt;
ssl_certificate_key /etc/ssl/private/server.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
root /var/www;
index index.php index.html index.htm;
access_log /var/log/nginx/access-domain3-ssl.log;
error_log /var/log/nginx/error-domain3-ssl.log;
rewrite_log on;
server_name www.domain3 domain3;
# more stuff
}
A browser request for https://www.domain1.org/ returns the certificate for domain 2 and the content found in the root for domain2. Why is that and how can I get the server to redirect to http://www.domain1.org/ instead?
domain1.conf: (note that there's no listen directive for port 443)
server {
listen 80;
server_name domain1.org www.domain1.org domain1.com www.domain1.com domain1.net www.domain1.net domain1.us www.domain1.us domain1.info www.domain1.info;
root /home/domain1/public_html;
# more stuff
}
domain2.conf:
server {
listen 80;
server_name domain2 www.domain2;
root /home/domain2/public_html;
# more stuff
}
server { ## SSL config for domain2
listen 443 ssl;
ssl_certificate /etc/ssl/certs/domain2-chained.crt;
ssl_certificate_key /etc/ssl/private/domain2.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
server_name domain2 www.domain2;
root /home/domain2/public_html;
# more stuff
}
server {
listen 80;
server_name domain3 www.domain3;
root /var/www;
access_log /var/log/nginx/access-domain3.log;
error_log /var/log/nginx/error-domain3.log;
return 301 https://$host$request_uri;
}
server { ## SSL config for domain3
listen 443 ssl;
ssl_certificate /etc/ssl/certs/domain3-chained.crt;
ssl_certificate_key /etc/ssl/private/server.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
root /var/www;
index index.php index.html index.htm;
access_log /var/log/nginx/access-domain3-ssl.log;
error_log /var/log/nginx/error-domain3-ssl.log;
rewrite_log on;
server_name www.domain3 domain3;
# more stuff
}
A browser request for https://www.domain1.org/ returns the certificate for domain 2 and the content found in the root for domain2. Why is that and how can I get the server to redirect to http://www.domain1.org/ instead?