Question

Configure two root level domains from the same Nginx server in Ubuntu 16.4?

Hello, I am running one droplet with nginx configured for running a wordpress installation. I bought another TLD and would like to host that domain from the same server too. I followed the DO tutorial on how to configure the second site which tells making a new directory in the www directory and I did so along with the other settings.

Now how do I configure the A record or the CNAME for the second TLD in the DO domain settings please?

Here are the basic info:

  1. Two domains.
  2. First one configured as the default nginx site with the A record and CNAME and everything. Also has the LetsEncrypt SSL set to the first one.
  3. I don’t necessarily need an SSL for the second one or it doesn’t have to be a Wordpress site.
  4. A static site will do. Just need the second TLD map the second site.

Any article or suggestion on that please? Much appreciated.

Show comments

Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer

@mcmurphy

When it comes to A and CNAME entries, you’ll point both domains’ A entries to the same IPv4 IP. The CNAME would simply point www to the domain so that you can use either or to access it.

i.e.

A          @          DROPLET_IP
CNAME      www        domain.com.

Where DROPLET_IP is the IPv4 IP of your Droplet and domain.com is your domain name.

When it comes to the server blocks, as long as the domain is pointing to the IP where you’ve setup the server block for the same domain, that should be all that’s needed.

For example, if we have domain01.com and domain02.com and you’ve setup the same A/CNAME entries (as shown above), then you’d have at least two server blocks, one for each domain.

domain01.conf

server {
    listen 80;
    listen [::]:80;
    server_name domain01.com www.domain01.com;

    root /home/domain01.com/htdocs/public;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }
}

domain02.conf

server {
    listen 80;
    listen [::]:80;
    server_name domain02.com www.domain02.com;

    root /home/domain02.com/htdocs/public;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }
}

Of course, the above won’t handle PHP files, though we can fix that easily by adding another location block under the first. That’d look like this:

    location ~ [^/]\.php(/|$) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;

        include fastcgi_params;
    }

I’m using TCP instead of Sockets for fastcgi_pass, though you can replace that as needed. So we could have the server blocks setup like:

domain01.conf

server {
    listen 80;
    listen [::]:80;
    server_name domain01.com www.domain01.com;

    root /home/domain01.com/htdocs/public;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ [^/]\.php(/|$) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;

        include fastcgi_params;
    }
}

domain02.conf

server {
    listen 80;
    listen [::]:80;
    server_name domain02.com www.domain02.com;

    root /home/domain02.com/htdocs/public;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ [^/]\.php(/|$) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        fastcgi_pass 127.0.0.1:9001;
        fastcgi_index index.php;

        include fastcgi_params;
    }
}

For SSL, things are a little different. We’d use something like this instead (for each domain):

server {
    listen 80;
    listen [::]:80;
    server_name domain01.com www.domain01.com;

    return 301 https://$host$request_uri;
}

server
{
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name domain01.com www.domain01.com;

    add_header X-Frame-Options SAMEORIGIN;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";

    resolver 8.8.8.8 8.8.4.4 valid=300s
    resolver_timeout 5s;

    ssl on;
    ssl_certificate /path/to/ssl/cert.pem;
    ssl_certificate_key /path/to/ssl/privatekey.pem;

    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
    ssl_dhparam /etc/nginx/ssl/dhparam.pem;
    ssl_ecdh_curve secp384r1;
    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_session_cache shared:SSL:50m;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_session_tickets off;
    ssl_session_timeout 5m;

    root /home/domain01.com/htdocs/public;

    location /
    {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ [^/]\.php(/|$) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        fastcgi_pass 127.0.0.1:9001;
        fastcgi_index index.php;

        include fastcgi_params;
    }
}

The above allows us to redirect requests on port 80 to 443 so that everything is covered by SSL. This is a bit more detailed than what the guides cover, but I use similar in production, so I figured that’s what I’d give as an example.

The above assumes HTTP2 is enabled on your NGINX version. If it’s not, you may need to remove http2 from listen.

@mcmurphy Can you post your Nginx configuration? It’ll be easier for us to help.

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Featured on Community

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more