V
V
voproser2021-03-18 13:48:38
Nginx
voproser, 2021-03-18 13:48:38

Why is NGINX config not working correctly?

Hello! I'm trying to host multiple sites on the same nginx server.
I do everything according to this article
https://webdock.io/en/docs/how-guides/shared-hosti...
As a result, it should turn out that the domain https://obshebeer.spystories.host/ leads to the /var/ directory www/html/ , and
www.beeradmin.spystories.host should lead to /var/www/html/admin/

This is how the file structure looks like - https://imgur.com/a/H8ir5QB

Here is the config that should lead to the admin folder

server {
        listen 80;
        listen [::]:80;
        root /var/www/html/admin/;
        index index.html index.htm;
        server_name beeradmin.spystories.host;

   location / {
       try_files $uri $uri/ =404;
   }

}


And here is the usual default config.

##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
  listen 80 default_server;
  listen [::]:80 default_server;

  # SSL configuration
  #
  # listen 443 ssl default_server;
  # listen [::]:443 ssl default_server;
  #
  # Note: You should disable gzip for SSL traffic.
  # See: https://bugs.debian.org/773332
  #
  # Read up on ssl_ciphers to ensure a secure configuration.
  # See: https://bugs.debian.org/765782
  #
  # Self signed certs generated by the ssl-cert package
  # Don't use them in a production server!
  #
  # include snippets/snakeoil.conf;

  root /var/www/html;

  # Add index.php to the list if you are using PHP
  index index.html index.htm index.php;

  server_name 80.249.147.162;

  location / {
    # First attempt to serve request as file, then
    # as directory, then fall back to displaying a 404.
    try_files $uri $uri/ =404;
  }

  # pass PHP scripts to FastCGI server
  #
  location ~ \.php$ {
    include snippets/fastcgi-php.conf;
  #
  #	# With php-fpm (or other unix sockets):
    fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
  #	# With php-cgi (or other tcp sockets):
  #	fastcgi_pass 127.0.0.1:9000;
  }

  # deny access to .htaccess files, if Apache's document root
  # concurs with nginx's one
  #
  location ~ /\.ht {
    deny all;
  }
}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#	listen 80;
#	listen [::]:80;
#
#	server_name example.com;
#
#	root /var/www/example.com;
#	index index.html;
#
#	location / {
#		try_files $uri $uri/ =404;
#	}
#}

server {

  # SSL configuration
  #
  # listen 443 ssl default_server;
  # listen [::]:443 ssl default_server;
  #
  # Note: You should disable gzip for SSL traffic.
  # See: https://bugs.debian.org/773332
  #
  # Read up on ssl_ciphers to ensure a secure configuration.
  # See: https://bugs.debian.org/765782
  #
  # Self signed certs generated by the ssl-cert package
  # Don't use them in a production server!
  #
  # include snippets/snakeoil.conf;

  root /var/www/html;

  # Add index.php to the list if you are using PHP
  index index.html index.htm index.php;
    server_name obshebeer.spystories.host; # managed by Certbot


  location / {
    # First attempt to serve request as file, then
    # as directory, then fall back to displaying a 404.
    try_files $uri $uri/ =404;
  }

  # pass PHP scripts to FastCGI server
  #
  location ~ \.php$ {
    include snippets/fastcgi-php.conf;
  #
  #	# With php-fpm (or other unix sockets):
    fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
  #	# With php-cgi (or other tcp sockets):
  #	fastcgi_pass 127.0.0.1:9000;
  }

  # deny access to .htaccess files, if Apache's document root
  # concurs with nginx's one
  #
  location ~ /\.ht {
    deny all;
  }


    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/obshebeer.spystories.host/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/obshebeer.spystories.host/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = obshebeer.spystories.host) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


  listen 80 ;
  listen [::]:80 ;
    server_name obshebeer.spystories.host;
    return 404; # managed by Certbot


}


Now, as a result, it turns out that both domains lead to /var/www/html/
Why is that, please tell me

Answer the question

In order to leave comments, you need to log in

1 answer(s)
V
Viktor Taran, 2021-03-18
@samnebudu

Everything works correctly.
As far as I understand, you decided that if there is a domain if ($host = obshebeer.spystories.host) {..
then it does not need to issue keys and immediately redirect.
But here you are wrong in all places.
I'm already tired of explaining what's going on so in short.
When the web server is running, it will find out which config to substitute from httprefery, that is, from your browser.
The problem is that this data needs to be received via the channel.
But with https, first you need to give the keys and then get the data via this channel in order to know which keys to substitute;)
1. if you have https appeared on 1 site, then on all the other sites of this server it appeared too! You can't physically get rid of it! (only by substituting the keys and drain in 40X code)
2. What will happen to those who do not have certificates, it's just that the web server will find the nearest config with certificates and will push it (the closest in sorting from A-Z.)
And since root will arrive with them and everything else, that site will be displayed
What needs to be done .
1. give the second https domain to register the keys explicitly.
and only after that do a redirect.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question