Question

SSL issues with nginx, redirecting to port 443

I have two domains pointing to one server (via PM2 and nginx) foo.com and bar.com. This box also hosts a mailcow setup.

when visiting just foo.com or bar.com everything is fine and the sites are displayed. When visiting www.foo.com everything is displayed how it should, but when visiting www.bar.com it redirects to https://www.bar.com where I’m presented with:

The server https://www.bar.com:443 requies a username and password. The server says: SabreDAV. The same occurs when visiting both domains with through https.

Here are my server blocks.

foo.com

server {
    listen 80;
    listen 443 ssl;

    server_name www.foo.com;

    ssl_certificate /etc/nginx/ssl/foo/foo.com.chained.crt;
    ssl_certificate_key /etc/nginx/ssl/foo/foo.com.key;

    location / {
        proxy_pass http://REDACTED:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

server {
    listen 80;

    server_name foo.com;

    location / {
        proxy_pass http://REDACTED:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

bar.com:

server {
    listen 80;

    server_name www.bar.com;

    location / {
        proxy_pass http://REDACTED:3001;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

server {
    listen 80;

    server_name bar.com default_server;

    location / {
        proxy_pass http://REDACTED:3001;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

I also have an SSL cert to assign to bar.com

mailcow:

# mailcow site configuration
# ! Do not remove this header !
server {
        listen 80;
        server_name mail.bar.com;
        root /var/www/mail;
        return 301 https://$host$request_uri;
}
server {
        listen 80;
        server_name autoconfig.bar.com;
        root /var/www/mail/;
        try_files $uri /autoconfig.xml;
}
server {
        listen 443;
        ssl on;
        ssl_certificate         /etc/ssl/mail/mail.crt;
        ssl_certificate_key     /etc/ssl/mail/mail.key;
        ssl_prefer_server_ciphers on;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA$
        ssl_dhparam /etc/ssl/mail/dhparams.pem;
        add_header Strict-Transport-Security max-age=15768000;
        ssl_session_cache shared:SSL:5m;
        ssl_session_timeout 30m;
  # I have a feeling the issue may be here...
       server_name dav.REDACTED.com;
        root /var/www/dav;
        index server.php;
        charset utf-8;
        rewrite ^/.well-known/caldav /server.php redirect;
        rewrite ^/.well-known/carddav /server.php redirect;
        location / {
                try_files $uri $uri/ /server.php?$args;
        }
        location ~ /(\.ht|Core|Specific) {
                deny all;
                return 404;
        }
        location ~ ^(.+\.php)(.*)$ {
                try_files $fastcgi_script_name =404;
                fastcgi_split_path_info  ^(.+\.php)(.*)$;
                fastcgi_pass   unix:/var/run/php5-fpm.sock;
                fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
                fastcgi_param  PATH_INFO        $fastcgi_path_info;
                include        /etc/nginx/fastcgi_params;
        }
}
server {
        listen 443;
        server_name mail.bar.com;
        ssl on;
        ssl_certificate         /etc/ssl/mail/mail.crt;
        ssl_certificate_key     /etc/ssl/mail/mail.key;
        ssl_prefer_server_ciphers on;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA$
        ssl_dhparam /etc/ssl/mail/dhparams.pem;
        add_header Strict-Transport-Security max-age=15768000;
        ssl_session_cache shared:SSL:5m;
        ssl_session_timeout 30m;
        client_max_body_size 25m;
        root /var/www/mail;
        index index.html index.htm index.php;
        rewrite /.well-known/autoconfig/mail/config-v1.1.xml /autoconfig.xml last;
        error_page 502 /redir.html;
        location /redir.html {
                return 301 /admin.php;
        }
        location ~ ^/(rc/logs|pfadmin/ADDITIONS)/ {
                deny all;
        }
        location ~ /(\.ht) {
                deny all;
                return 404;
        }
        location = /favicon.ico {
                log_not_found off;
                access_log off;
        }
        location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
        }
        location / {
                try_files $uri $uri/ index.php;
        }
    location ~ \.php$ {
        include fastcgi_params;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm-mail.sock;
        fastcgi_index index.php;
        fastcgi_param HTTPS on;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_read_timeout 630;
                fastcgi_keep_conn on;
    }
}

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

This page should be able to help you - you need to setup a TLD for your DAV https://github.com/andryyy/mailcow/wiki/DNS-records