Introducing DigitalOcean Functions: A powerful, serverless compute solution

Related

Does DigitalOcean preserve snapshots of deleted droplets?
Question
Is there a DigitalOcean Free Trial Available?
Question

Question

Nginx & Multiple SSL Domains

Hi,

I’m using three domain names, one droplet and an nginx server to serve the three domains.

So far, I’ve managed to redirect from www.example.com to example.com for all domains and also force the websites to load on an SSL connection managed by certbot.

The problem that I’m facing is that, when I use the IP address of the droplet I get the non-HTTPS version of one of the websites (The first one in alphabetical order).

Is this normal behaviour? If not, how can I stop it from happening?

Any ideas?

I have three configuration files in sites-available with symbolic links pointing to sites-enabled.

Below is a configuration file for one of the websites.

The other two are practically the same.

server {
        listen 80;

        root /var/www/html/example.com;
        index index.html index.htm;

        server_name example.com;

        location / {
                try_files $uri $uri/ =404;
        }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
     ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/ssl/certs/dhparam.pem;

    if ($scheme != "https") {
        return 301 https://$host$request_uri;
    } # managed by Certbot

}

server {
        listen 80;
        server_name example.com;
        return 301 $scheme://example.com$request_uri;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot


    # Redirect non-https traffic to https
    # if ($scheme != "https") {
    #     return 301 https://$host$request_uri;
    # } # managed by Certbot

}

Thank you for your time and any help is appreciated!

Subscribe
Share
Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Andrew SBFebruary 16, 2018

Yes, that is normal behavior. When Nginx receives a request that doesn’t match any defined server_name it will rout it to the default server. If a default is not specified, Nginx will use the first server block defined.

To specify a default, add default_server to the end of a listen directive. For example:

listen       80  default_server;
server_name example.com;

So in your case, accessing the Droplet via IP address means that the server_name will never match and you’ll be routed to the first one in alphabetical order. To disable all access via IP address, you can create a new server block that returns an error when accessed:

server {
    listen       80  default_server;
    server_name  _;
    return       444;
}

For more information on how Nginx handles all of this, take a look at their docs on the server_name directive.

Join the DigitalOcean CommunityProduct

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner

Related

Does DigitalOcean preserve snapshots of deleted droplets?
Question
Is there a DigitalOcean Free Trial Available?
Question
Join the DigitalOcean CommunityProduct

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner