7c235d97c1879306e4e2d0b514fabbc4dbc9c864
By:
nhabbott

Nginx Cookieless Subdomain Not Working After Adding SSL

July 25, 2016 352 views
Let's Encrypt Nginx LEMP Ubuntu

I recently added Let's Encrypt SSL to my Nginx web server but it has broken my cookieless subdomain that serves static content. None of the static content is reached & the subdomain redirects to my main domain. The main domain is https://mexicanraindeer.me & the subdomain is https://static.mexicanraindeer.me. The SSL cert covers both of those domains, if that makes a difference. Below you can find the two server configs.

Main Domain Configuration

    server {
        listen 80;
        server_name mexicanraindeer.me;
        return 301 https://$server_name$request_uri;
    }

    server {
        listen 443 ssl;
        listen [::]:80 default_server ipv6only=on;

        ssl_certificate /etc/letsencrypt/live/mexicanraindeer.me-0002/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/mexicanraindeer.me-0002/privkey.pem;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_dhparam /etc/ssl/certs/dhparam.pem;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_stapling on;
        ssl_stapling_verify on;
        add_header Strict-Transport-Security max-age=15768000;

        root /usr/share/nginx/html;
        index index.php index.html index.htm;

        server_name mexicanraindeer.me;

        location / {
            try_files $uri $uri/index.php;
        }

        location ~ /.well-known {
            allow all;
        }

        location ~* \.(png|js|otf|eot|svg|ttf|woff|woff2)$ {
            expires 365d;
        }

        error_page 404 /404.html;
        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
            root /usr/share/nginx/html;
        }

        location ~ \.php$ {
            try_files $uri =404;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_index index.php;
            include fastcgi_params;
        }
    }

Subdomain Configuration


    server {
        listen 80;

        gzip on;
        gzip_min_length 1100;
        gzip_buffers 4 32k;
        gzip_types text/plain text/javascript text/css;
        gzip_vary on;

        location / {
            if ($request_filename ~ "\.(css|min.css|min.js|js|png|svg|ttf|eot|woff|otf|woff2|less|scss)$") {
                add_header Pragma "public";
                add_header Cache-Control "public, must-revalidate, proxy-revalidate";
                add_header Access-Control-Allow-Origin *;
                access_log off;
                expires max;

                break;
            }
        }

        return 302 https://static.mexicanraindeer.me$request_uri;
    }
1 Answer
nhabbott July 25, 2016
Accepted Answer

I solved the SSL problems. Please view this question for my other "challenge".

Have another answer? Share your knowledge.