Question
Having trouble with HTTP redirect to HTTPS under specific circumstances (NGINX)
I’ve set up a Nginx server on Ubuntu 16.04
I’ve done what I normally do (which works), except this time I have two sites, and not just one.
One site is www.domain.com, and the other is staging.domain.com
I have a redirect rule in the www.domain.com conf file, to direct non-www to www, and also to direct HTTP requests to HTTPS (on that domain).
The trouble is that if I type domain.com into a browser (with no http or https in front) I end up on a browser error page telling me the certificate is for an invalid domain. For some reason it redirects to https://domain.com, and tries to load the SSL certificate from staging.domain.com
If I put https://domain.com into a browser, it redirects to https://www.domain.com as expected.
If I put http://www.domain.com into browser, it redirects to https as expected.
Here is the conf files from each site:
For www.domain.com
fastcgi_cache_path /home/waiheke26/sites/www.domain.co.nz/public/cache levels=1:2 keys_zone=www.domain.co.nz:100m inactive=60m;
server {
listen 80;
listen [::]:80;
server_name domain.co.nz www.domain.co.nz;
return 301 https://www.domain.co.nz$request_uri;
}
server {
listen 443;
listen [::]:443;
server_name domain.co.nz;
# Note: I added following ssl_certificate lines in case that was the issue. This made no difference.
ssl_certificate /etc/letsencrypt/live/www.domain.co.nz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.domain.co.nz/privkey.pem;
return 301 https://www.domain.co.nz$request_uri;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name www.domain.co.nz;
root /home/waiheke26/sites/www.domain.co.nz/public;
ssl_certificate /etc/letsencrypt/live/www.domain.co.nz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.domain.co.nz/privkey.pem;
index index.php;
access_log /home/waiheke26/sites/www.domain.co.nz/logs/access.log;
error_log /home/waiheke26/sites/www.domain.co.nz/logs/error.log;
include global/server/defaults.conf;
include global/server/fastcgi-cache.conf;
include global/server/ssl.conf;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
include global/fastcgi-params.conf;
fastcgi_pass $upstream;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache www.domain.co.nz;
fastcgi_cache_valid 60m;
}
rewrite ^/robots.txt$ /index.php last;
location ~ /purge(/.*) {
fastcgi_cache_purge www.domain.co.nz "$scheme$request_method$host$1";
}
}
For staging.domain.com
fastcgi_cache_path /home/waiheke26/sites/staging.domain.co.nz/public/cache levels=1:2 keys_zone=staging.domain.co.nz:100m inactive=60m;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name staging.domain.co.nz;
root /home/waiheke26/sites/staging.domain.co.nz/public;
ssl_certificate /etc/letsencrypt/live/staging.domain.co.nz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/staging.domain.co.nz/privkey.pem;
index index.php;
access_log /home/waiheke26/sites/staging.domain.co.nz/logs/access.log;
error_log /home/waiheke26/sites/staging.domain.co.nz/logs/error.log;
include global/server/defaults.conf;
include global/server/fastcgi-cache.conf;
include global/server/ssl.conf;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
include global/fastcgi-params.conf;
fastcgi_pass $upstream;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache staging.domain.co.nz;
fastcgi_cache_valid 60m;
}
rewrite ^/robots.txt$ /index.php last;
location ~ /purge(/.*) {
fastcgi_cache_purge staging.domain.co.nz "$scheme$request_method$host$1";
}
}
For default
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 444;
}
If any other config data would be useful, please let me know.
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.