7

Why does this nginx server redirect to a wrong domain? My nginx webserver has two domains to serve, server1.eu and server2.eu, why do they interfere with each other? When I set up a new 'clean' server install, this behaviour does NOT appear, so what is wrong in this servers' setup.

The nginx webserver listening to IPv6 takes precedence over IPv4 and interferes with SNI. Testing with removing servers reveals the behaviour of nginx.

Remove all servers except server 1, with IPv4 and IPv6 enabled, reload nginx, then activate server 2, with only an IPv4 listener and reload nginx again. Browsing to server 2 will let you end up at server 1. It appears that nginx automatically listens to the first added IPv6. So interchanging the sequence of activation will switch the routing.

find /etc/nginx/{conf.d,sites-enabled} gives

/etc/nginx/sites-enabled/server1.eu 
/etc/nginx/sites-enabled/server2.eu

The zone file records:

AAAA    server1.eu    directs to IPv6 address
A   server1.eu    directs to IPv4 address
AAAA    server2.eu  directs to IPv6 address
A server2.eu directs to IPv4 address

the nginx server configuration:

server {
    listen 80;
    listen [::]:80;
server_name server1.eu;
    return 301 https://www.server1.eu;
}
server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        ssl_certificate /etc/letsencrypt/live/server1.eu/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/server1.eu/privkey.pem;
        include snippets/ssl-params.conf;

        server_name www.server1.eu;
        root /var/www/server1.eu/webroot;
        index index.php index.html index.htm ;

        location / {
            try_files $uri $uri/ /index.php?$args;
        }

        location ~ \.php$ {
            include fastcgi.conf;
            fastcgi_pass unix:/run/php/php7.2-fpm.sock;
        }
}

and

server {
    listen 80;
    listen [::]:80;
    server_name www.server2.eu;
    return 301 https://$server_name$request_uri;
}

server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
    ssl_certificate /etc/letsencrypt/live/server2.eu/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/server2.eu/privkey.pem;
    include snippets/ssl-params.conf;
    server_name www.server2.eu;
    root /var/www/server2.eu/webroot;
    index index.php index.html index.htm ;

        location / {
            try_files $uri $uri/ /index.php?$args;
        }

        location ~ \.php$ {
            include fastcgi.conf;
            fastcgi_pass unix:/run/php/php7.2-fpm.sock;
        }
}
C.A. Vuyk
  • 1,055
  • 17
  • 36
  • Your grep contains `listen 443 ssl http2 default_server;` and `listen [::]:443 ssl http2 default_server;` but your posted configs don't, so not sure what you haven't posted. Anyway, get rid of the default server parameter for SSL connections, wherever it may be – miknik Oct 02 '18 at 01:04
  • Thank you for your sharp observation, you're right, edited the config and removed default_server now. However this doesn't solve the problem yet. – C.A. Vuyk Oct 02 '18 at 06:43
  • Your server 1 's 80 port listens everything, even server3.eu – Akshay Oct 10 '18 at 12:31
  • As @Akshay pointed out, your server 1's 80 port listens for all incoming request. You should add `server_name www.server1.eu;` there and it should work fine. – Anil Kumar Oct 10 '18 at 13:36
  • Thanks for the comment, I edited this and tested it on the live server. This does not solve the strange redirect behaviour. – C.A. Vuyk Oct 11 '18 at 07:18

2 Answers2

1

I have modified your Nginx configuration.

This should work:

Server 1:

server {
        listen 443 default_server ssl http2;
        listen [::]:443 default_server ssl http2;

        root /var/www/server1.eu/webroot;
        index index.php index.html index.htm;

        server_name www.server1.eu;

        ssl_certificate /etc/letsencrypt/live/server1.eu/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/server1.eu/privkey.pem;

        location / {
                try_files $uri $uri.html $uri/ @extensionless-php;
                autoindex on;
        }

        location @extensionless-php {
            rewrite ^(.*)$ $1.php last;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;

        #       # With php-fpm (or other unix sockets):
                fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
        }
}

server {
    listen 80;
    server_name www.server1.eu;
    return 301 https://$host$request_uri;
}

Server 2:

server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;

        root /var/www/server2.eu/webroot;
        index index.php index.html index.htm;

        server_name www.server2.eu;

        ssl_certificate /etc/letsencrypt/live/server2.eu/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/server2.eu/privkey.pem;

        location / {
                try_files $uri $uri.html $uri/ @extensionless-php;
                autoindex on;
        }

        location @extensionless-php {
            rewrite ^(.*)$ $1.php last;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;

        #       # With php-fpm (or other unix sockets):
                fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
        }
}

server {
    listen 80;
    server_name www.server2.eu;
    return 301 https://$host$request_uri;
}

Note:

The change default_server causes that server1 is your default server.

Lukas Kuntze
  • 74
  • 5
  • whoa, this question is from long ago! I don't use this server anymore, I'll accept for the effort you made. Thanks – C.A. Vuyk Jun 24 '19 at 06:08
0

Exact same problem was happening to me. I couldn't follow what 'change' suggested by the chosen solution happen to solve your problem, but in my case, I happen to solve it by just adding 'www' in front of the domain2/server2.eu (in the conf file for domain2, in your case server2.eu).

Bathinda Helper
  • 89
  • 5