-1

Suppose my main server is to serve https://www.example.com and the redirect server is to redirect http://www.example.com to https://www.example.com. How should I name these two servers? Is there a sort of best practice for this?

Is server name mostly a personal preference such that I can name anything?

Sven
  • 98,649
  • 14
  • 180
  • 226
user10024395
  • 1
  • 1

2 Answers2

1

They should be both named www.example.com. This name often is actually quite important because if you host more than one virtual host on the same IP address, nginx will use the name to match the vhost that should handle the request to the one in the Host header of the http request. In your case with two vhosts but different protocols (http/https), the protocol (or rather the Listen port) will be used to differentiate further between the two vhosts.

Sven
  • 98,649
  • 14
  • 180
  • 226
  • I get conflicting server error in `systemctl status nginx` if I name them the same. However, I can still access my site. Is it fine to ignore the error? – user10024395 Feb 27 '18 at 15:28
  • 1
    Then maybe you should post the exact config excerpts and error messages. Edit your question accordingly. – Sven Feb 27 '18 at 15:29
0

The server names are an important part of your nginx configuration. If you server multiple domains/sub-domains from a server with a single public IP, the server_name directive tells nginx what server should respond to a request. If there is no matching server name, nginx will next look for a default server that, if present, act as some sort of 'catch all' server.

Here's a configuration example for http -> https redirect where you can also see how to name servers correctly without getting errors.

/etc/nginx/sites-available/www.example.com.vhost

# This server will redirect all http -> https
server {
        # Listen for both IPv4 and IPv6 requests.
        listen 80;
        listen [::]:80;
        server_name www.example.com example.com;

        # This section assuming you're using Let's Encrypt / certbot
        location ^~ /.well-known/acme-challenge/ {
            default_type "text/plain";
            root         /path/to/your/document/root
        }
        location = /.well-known/acme-challenge/ {
            return 404;
        }

        # Here's where your 301 permanent redirect to the https:/www version happens.
        return 301 https://www.example.com$request_uri;

}

# This server will redirect all https requests without www to the version with www
server {
        # Listen for both IPv4 and IPv6 requests and activate http2.
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name example.com;

        ssl on;
        # Paths to certificates assuming you're using Let's Encrypt / certbot
        ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;
        # There's much more directives you should fine tune for https, but that's another task.

        # Here's where your 301 permanent redirect to the https://www version happens.
        return 301 https://www.example.com$request_uri;
}

# This server will actually server your https content.
server {
        # Listen for both IPv4 and IPv6 requests and activate http2.
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name www.example.com;

        ssl on;
        # Paths to certificates assuming you're using let's encrypt / certbot
        ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;
        # There's much more directives you should fine tune for https, but that's another task.

        ####
        #
        # Your server directives go here.
        #
        ####
}
Bob
  • 452
  • 2
  • 5