Having trouble with HTTP redirect to HTTPS under specific circumstances (NGINX)
I've set up a Nginx server on Ubuntu 16.04
I've done what I normally do (which works), except this time I have two sites, and not just one.
One site is www.domain.com, and the other is staging.domain.com
I have a redirect rule in the www.domain.com conf file, to direct non-www to www, and also to direct HTTP requests to HTTPS (on that domain).
The trouble is that if I type domain.com into a browser (with no http or https in front) I end up on a browser error page telling me the certificate is for an invalid domain. For some reason it redirects to https://domain.com, and tries to load the SSL certificate from staging.domain.com
If I put https://domain.com into a browser, it redirects to https://www.domain.com as expected.
If I put http://www.domain.com into browser, it redirects to https as expected.
Here is the conf files from each site:
For www.domain.com
fastcgi_cache_path /home/waiheke26/sites/www.domain.co.nz/public/cache levels=1:2 keys_zone=www.domain.co.nz:100m inactive=60m;
server {
listen 80;
listen [::]:80;
server_name domain.co.nz www.domain.co.nz;
return 301 https://www.domain.co.nz$request_uri;
}
server {
listen 443;
listen [::]:443;
server_name domain.co.nz;
# Note: I added following ssl_certificate lines in case that was the issue. This made no difference.
ssl_certificate /etc/letsencrypt/live/www.domain.co.nz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.domain.co.nz/privkey.pem;
return 301 https://www.domain.co.nz$request_uri;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name www.domain.co.nz;
root /home/waiheke26/sites/www.domain.co.nz/public;
ssl_certificate /etc/letsencrypt/live/www.domain.co.nz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.domain.co.nz/privkey.pem;
index index.php;
access_log /home/waiheke26/sites/www.domain.co.nz/logs/access.log;
error_log /home/waiheke26/sites/www.domain.co.nz/logs/error.log;
include global/server/defaults.conf;
include global/server/fastcgi-cache.conf;
include global/server/ssl.conf;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
include global/fastcgi-params.conf;
fastcgi_pass $upstream;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache www.domain.co.nz;
fastcgi_cache_valid 60m;
}
rewrite ^/robots.txt$ /index.php last;
location ~ /purge(/.*) {
fastcgi_cache_purge www.domain.co.nz "$scheme$request_method$host$1";
}
}
For staging.domain.com
fastcgi_cache_path /home/waiheke26/sites/staging.domain.co.nz/public/cache levels=1:2 keys_zone=staging.domain.co.nz:100m inactive=60m;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name staging.domain.co.nz;
root /home/waiheke26/sites/staging.domain.co.nz/public;
ssl_certificate /etc/letsencrypt/live/staging.domain.co.nz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/staging.domain.co.nz/privkey.pem;
index index.php;
access_log /home/waiheke26/sites/staging.domain.co.nz/logs/access.log;
error_log /home/waiheke26/sites/staging.domain.co.nz/logs/error.log;
include global/server/defaults.conf;
include global/server/fastcgi-cache.conf;
include global/server/ssl.conf;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
include global/fastcgi-params.conf;
fastcgi_pass $upstream;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache staging.domain.co.nz;
fastcgi_cache_valid 60m;
}
rewrite ^/robots.txt$ /index.php last;
location ~ /purge(/.*) {
fastcgi_cache_purge staging.domain.co.nz "$scheme$request_method$host$1";
}
}
For default
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 444;
}
If any other config data would be useful, please let me know.