mcmurphy
By:
mcmurphy

Configure two root level domains from the same Nginx server in Ubuntu 16.4?

March 27, 2017 610 views
Nginx WordPress Ubuntu 16.04

Hello,
I am running one droplet with nginx configured for running a wordpress installation. I bought another TLD and would like to host that domain from the same server too. I followed the DO tutorial on how to configure the second site which tells making a new directory in the www directory and I did so along with the other settings.

Now how do I configure the A record or the CNAME for the second TLD in the DO domain settings please?

Here are the basic info:

  1. Two domains.
  2. First one configured as the default nginx site with the A record and CNAME and everything. Also has the LetsEncrypt SSL set to the first one.
  3. I don't necessarily need an SSL for the second one or it doesn't have to be a Wordpress site.
  4. A static site will do. Just need the second TLD map the second site.

Any article or suggestion on that please?
Much appreciated.

2 comments
2 Answers
jtittle1 March 27, 2017
Accepted Answer

@mcmurphy

When it comes to A and CNAME entries, you'll point both domains' A entries to the same IPv4 IP. The CNAME would simply point www to the domain so that you can use either or to access it.

i.e.

A          @          DROPLET_IP
CNAME      www        domain.com.

Where DROPLET_IP is the IPv4 IP of your Droplet and domain.com is your domain name.

When it comes to the server blocks, as long as the domain is pointing to the IP where you've setup the server block for the same domain, that should be all that's needed.

For example, if we have domain01.com and domain02.com and you've setup the same A/CNAME entries (as shown above), then you'd have at least two server blocks, one for each domain.

domain01.conf

server {
    listen 80;
    listen [::]:80;
    server_name domain01.com www.domain01.com;

    root /home/domain01.com/htdocs/public;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }
}

domain02.conf

server {
    listen 80;
    listen [::]:80;
    server_name domain02.com www.domain02.com;

    root /home/domain02.com/htdocs/public;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }
}

Of course, the above won't handle PHP files, though we can fix that easily by adding another location block under the first. That'd look like this:

    location ~ [^/]\.php(/|$) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;

        include fastcgi_params;
    }

I'm using TCP instead of Sockets for fastcgi_pass, though you can replace that as needed. So we could have the server blocks setup like:

domain01.conf

server {
    listen 80;
    listen [::]:80;
    server_name domain01.com www.domain01.com;

    root /home/domain01.com/htdocs/public;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ [^/]\.php(/|$) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;

        include fastcgi_params;
    }
}

domain02.conf

server {
    listen 80;
    listen [::]:80;
    server_name domain02.com www.domain02.com;

    root /home/domain02.com/htdocs/public;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ [^/]\.php(/|$) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        fastcgi_pass 127.0.0.1:9001;
        fastcgi_index index.php;

        include fastcgi_params;
    }
}

For SSL, things are a little different. We'd use something like this instead (for each domain):

server {
    listen 80;
    listen [::]:80;
    server_name domain01.com www.domain01.com;

    return 301 https://$host$request_uri;
}

server
{
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name domain01.com www.domain01.com;

    add_header X-Frame-Options SAMEORIGIN;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";

    resolver 8.8.8.8 8.8.4.4 valid=300s
    resolver_timeout 5s;

    ssl on;
    ssl_certificate /path/to/ssl/cert.pem;
    ssl_certificate_key /path/to/ssl/privatekey.pem;

    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
    ssl_dhparam /etc/nginx/ssl/dhparam.pem;
    ssl_ecdh_curve secp384r1;
    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_session_cache shared:SSL:50m;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_session_tickets off;
    ssl_session_timeout 5m;

    root /home/domain01.com/htdocs/public;

    location /
    {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ [^/]\.php(/|$) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        fastcgi_pass 127.0.0.1:9001;
        fastcgi_index index.php;

        include fastcgi_params;
    }
}

The above allows us to redirect requests on port 80 to 443 so that everything is covered by SSL. This is a bit more detailed than what the guides cover, but I use similar in production, so I figured that's what I'd give as an example.

The above assumes HTTP2 is enabled on your NGINX version. If it's not, you may need to remove http2 from listen.

  • Thank you so much. The first few lines fixed all my problems. Both of them are working now. I didn't try the SSL part yet though.
    Just one more thing. If I want to study on fastcgi_pass, http2, nginx.conf, socket etc, what should be a good starting place? Any suggestion? I actually don't have much study on this.

    • @mcmurphy

      As cliche as it may sound, read over the NGINX documentation -- that's really the best way to learn other than trial and error.

      http://nginx.org/en/docs/

      Under Modules reference is where you'll find information and configuration options for the modules NGINX is or can be compiled with. Not all repository installations of NGINX use all of the available modules, so if something doesn't work, chances are, the module isn't compiled in with your version.

      When you start getting in to wanting to add modules, however, repository packages are no longer a viable option as it's harder to customize them. You'd need to start building from source.

@mcmurphy Can you post your Nginx configuration? It'll be easier for us to help.

  • Hi, here is my nginx.conf file configurations if that's what you wanted. Only the uncommented lines. If you find any other configs wrong, please suggest on those too if it's ok.

    user www-data;
    worker_processes auto;
    pid /run/nginx.pid;

    events {
    worker_connections 768;
    }

    http {
    sendfile on;
    tcpnopush on;
    tcp
    nodelay on;
    keepalivetimeout 65;
    types
    hashmaxsize 2048;
    servertokens off;
    server
    nameshashbucketsize 64;
    access
    log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    gzip on;
    gzip_disable "msie6";
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;
    
    ##
    # Virtual Host Configs
    ##
    
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
    

    }

Have another answer? Share your knowledge.