MNZT
By:
MNZT

SSL issues with nginx, redirecting to port 443

August 10, 2015 4.3k views
Nginx Deployment Email Node.js MariaDB DNS Ubuntu

I have two domains pointing to one server (via PM2 and nginx) foo.com and bar.com. This box also hosts a mailcow setup.

when visiting just foo.com or bar.com everything is fine and the sites are displayed. When visiting www.foo.com everything is displayed how it should, but when visiting www.bar.com it redirects to https://www.bar.com where I'm presented with:

The server https://www.bar.com:443 requies a username and password. The server says: SabreDAV. The same occurs when visiting both domains with through https.

Here are my server blocks.

foo.com

server {
    listen 80;
    listen 443 ssl;

    server_name www.foo.com;

    ssl_certificate /etc/nginx/ssl/foo/foo.com.chained.crt;
    ssl_certificate_key /etc/nginx/ssl/foo/foo.com.key;

    location / {
        proxy_pass http://REDACTED:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

server {
    listen 80;

    server_name foo.com;

    location / {
        proxy_pass http://REDACTED:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

bar.com:

server {
    listen 80;

    server_name www.bar.com;

    location / {
        proxy_pass http://REDACTED:3001;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

server {
    listen 80;

    server_name bar.com default_server;

    location / {
        proxy_pass http://REDACTED:3001;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

I also have an SSL cert to assign to bar.com

mailcow:

# mailcow site configuration
# ! Do not remove this header !
server {
        listen 80;
        server_name mail.bar.com;
        root /var/www/mail;
        return 301 https://$host$request_uri;
}
server {
        listen 80;
        server_name autoconfig.bar.com;
        root /var/www/mail/;
        try_files $uri /autoconfig.xml;
}
server {
        listen 443;
        ssl on;
        ssl_certificate         /etc/ssl/mail/mail.crt;
        ssl_certificate_key     /etc/ssl/mail/mail.key;
        ssl_prefer_server_ciphers on;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA$
        ssl_dhparam /etc/ssl/mail/dhparams.pem;
        add_header Strict-Transport-Security max-age=15768000;
        ssl_session_cache shared:SSL:5m;
        ssl_session_timeout 30m;
  # I have a feeling the issue may be here...
       server_name dav.REDACTED.com;
        root /var/www/dav;
        index server.php;
        charset utf-8;
        rewrite ^/.well-known/caldav /server.php redirect;
        rewrite ^/.well-known/carddav /server.php redirect;
        location / {
                try_files $uri $uri/ /server.php?$args;
        }
        location ~ /(\.ht|Core|Specific) {
                deny all;
                return 404;
        }
        location ~ ^(.+\.php)(.*)$ {
                try_files $fastcgi_script_name =404;
                fastcgi_split_path_info  ^(.+\.php)(.*)$;
                fastcgi_pass   unix:/var/run/php5-fpm.sock;
                fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
                fastcgi_param  PATH_INFO        $fastcgi_path_info;
                include        /etc/nginx/fastcgi_params;
        }
}
server {
        listen 443;
        server_name mail.bar.com;
        ssl on;
        ssl_certificate         /etc/ssl/mail/mail.crt;
        ssl_certificate_key     /etc/ssl/mail/mail.key;
        ssl_prefer_server_ciphers on;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA$
        ssl_dhparam /etc/ssl/mail/dhparams.pem;
        add_header Strict-Transport-Security max-age=15768000;
        ssl_session_cache shared:SSL:5m;
        ssl_session_timeout 30m;
        client_max_body_size 25m;
        root /var/www/mail;
        index index.html index.htm index.php;
        rewrite /.well-known/autoconfig/mail/config-v1.1.xml /autoconfig.xml last;
        error_page 502 /redir.html;
        location /redir.html {
                return 301 /admin.php;
        }
        location ~ ^/(rc/logs|pfadmin/ADDITIONS)/ {
                deny all;
        }
        location ~ /(\.ht) {
                deny all;
                return 404;
        }
        location = /favicon.ico {
                log_not_found off;
                access_log off;
        }
        location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
        }
        location / {
                try_files $uri $uri/ index.php;
        }
    location ~ \.php$ {
        include fastcgi_params;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm-mail.sock;
        fastcgi_index index.php;
        fastcgi_param HTTPS on;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_read_timeout 630;
                fastcgi_keep_conn on;
    }
}
1 Answer

This page should be able to help you - you need to setup a TLD for your DAV
https://github.com/andryyy/mailcow/wiki/DNS-records

Have another answer? Share your knowledge.