Question

Two domains on one droplet with one SSL certificate

Hi there!

I am trying to get two domains running on one droplet (nginx) with the same SSL certificate, and as a newbie to this, I have been tearing out my hair for a day trying to get it to work.

My configuration for the first domain is this the following. Its a node app, and it’s working fine:

#domain1

server {
        listen 80 default_server;

        root /home/Bas/domain1;
        index index.html index.htm;

        server_name www.domain1.com domain1.com;
        return 301 https://$server_name$request_uri;
}

server {
        server_name www.domain1.com domain1.com;
        listen 443 ssl http2;

        ssl_certificate /etc/letsencrypt/live/www.domain1.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/www.domain1.com/privkey.pem;
        include /etc/nginx/snippets/ssl-params.conf;

    location / {
        proxy_pass http://localhost:3001;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-NginX-Proxy true;
        proxy_ssl_session_reuse off;
        proxy_set_header Host $http_host;
        proxy_cache_bypass $http_upgrade;
        proxy_redirect off;
     }
     location ~ /.well-known {
             allow all;
    }
  }

The second domain is for a static website, and it was working before I tried to install the https. I think I got something wrong in the configuration file which you can see below:

#domain2

server {
    listen 80;
    server_name domain2.com www.domain2.com
    return 301 https://$server_name$request_uri;
}

server {
  listen 443 ssl http2;
  server_name domain2.com www.domain2.com;

  root /home/Bas/domain2;
  index index.html index.htm;

  ssl_certificate /etc/letsencrypt/live/domain2.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/domain2.com/privkey.pem;

  include /etc/nginx/snippets/ssl-params.conf;

  location / {
         try_files $uri $uri/ =404;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-NginX-Proxy true;
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_pass http://localhost:80/;
         proxy_ssl_session_reuse off;
         proxy_set_header Host $http_host
         proxy_cache_bypass $http_upgrade;
         proxy_redirect off; 
 }
 
 location ~ /.well-known {
             allow all;
     }
}

I’ve been trying a lot of different solutions and I have been running into multiple different errors, depending on my configuration: 502 bad gateway, “Welcome to Nginx, further configuration is required”, “too many redirects”, and at the moment I get the first Node app on both domains. Really stuck here, so any help would be much appreciated!


Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer

Hi @basmariot

You domain2 configuration is redirecting non-https traffic to https, but then it’s proxying back from https to non-https.

Just remove all the proxy_... from domain2 configuration and reload Nginx - that’s it.

It seems the problem has been solved now with the above configuration. I had to remove the first domain from the sites-enabled first though. After that the second domain worked. When I re-added the first domain to the sites-enabled, they both worked properly.

These are the only 2 configuration files, I have removed the default file from the sites-enabled. Domain 1 as following:

#domain1

server {
        listen 80 default_server;
        server_name www.domain1.com domain1.com;
        return 301 https://$server_name$request_uri;
}

server {
        server_name www.domain1.com domain1.com;
        listen 443 ssl http2;

        ssl_certificate /etc/letsencrypt/live/www.domain1.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/www.domain1.com/privkey.pem;
        include /etc/nginx/snippets/ssl-params.conf;

    location / {
        proxy_pass http://localhost:3001;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-NginX-Proxy true;
        proxy_ssl_session_reuse off;
        proxy_set_header Host $http_host;
        proxy_cache_bypass $http_upgrade;
        proxy_redirect off;
     }
     location ~ /.well-known {
             allow all;
    }
}

And domain2:

#domain2
server {
    listen 80;
    server_name domain2.com www.domain2.com;
    return 301 https://$server_name$request_uri;
}

server {
  listen 443 ssl http2;
  server_name domain2.com www.domain2.com;

  root /home/Bas/domain2;
  index index.html index.htm;

  ssl_certificate /etc/letsencrypt/live/domain2.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/domain2.com/privkey.pem;

  include /etc/nginx/snippets/ssl-params.conf;

  location / {
         try_files $uri $uri/ =404;
         }
}

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel