I am self-hosting a bunch of services that are hosted in various VMs/containers and am using a Caddy v1 server as a reverse proxy to access them through various subdomains.
I recently started a couple of Wordpress sites that are hosted on a separate VM with a Nginx server and separate sites-enabled configs for each, but a shared Mariadb instance and unique WP table prefixes.
I started by hosting one of these sites on a subdomain on my main domain, let's call it apple.orange.com, and it was working fine with automatic LE certs from Caddy. I got a dedicated domain for it, let's say apple.com, and tried to change the Caddy config to:
- Proxy apple.com to my Nginx VM.
- Redirect apple.orange.com to apple.com.
and I changed the sites-enabled config for that site on my nginx server to change the server_name to apple.com.
This is where I started running into issues that I did not expect. I started getting too many redirects when I tried to go to apple.com, and found out that apple.com was redirecting to apple.orange.com, which was very weird, and apple.orange.com was redirecting to apple.com as expected, creating a loop.
I changed my Caddyfile to proxy apple.orange.com to my nginx vm and added a site config to serve the same files on orange.apple.com and apple.com, to get the site back up.
Since then, I have been unable to get apple.com to stop redirecting to orange.apple.com.
I tried:
- Restarting both servers.
- Removing any mention of apple.orange.com in my Caddyfile, but that just made apple.com redirect to a site that didn't exist anymore.
- Setting up a completely new instance of Caddy and added just apple.com to proxy to my nginx vm, but I had to copy the certs from my old instance to the new one because I hit LE's rate limit for a week, and that did not make a difference and apple.com was still redirecting to apple.orange.com.
- Completely removing apple.orange.com from the nginx sites config, but that just made it stop serving the site.
- Looking into any cache directories that might be holding onto a bad config on either of the webservers, but found nothing.
So here I am, after 3 infuriating days, completely confused by what's happening. Would appreciate any insight on how to go around debugging this.
Here are a bunch of relevant files/configs:
Caddyfile
# a bunch of other subdomains exist in the same file, but I also tried with just this.
apple.com, www.apple.com {
proxy / 10.0.1.108 {
transparent
}
}
apple.orange.com
proxy / 10.0.1.108 {
transparent
}
}
/etc/nginx/sites-enabled/apple.com
server {
listen 80;
listen [::]:80;
root /var/www/html/apple.com;
index index.php index.html index.htm;
server_name apple.com www.apple.com *.apple.com apple.orange.com;
client_max_body_size 100M;
autoindex off;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
/etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# Compression level (1-9)
gzip_comp_level 5;
# Don't compress anything under 256 bytes
gzip_min_length 256;
# Compress output of these MIME-types
gzip_types
application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/x-font-opentype
application/x-font-truetype
application/x-javascript
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/eot
font/opentype
font/otf
image/svg+xml
image/x-icon
image/vnd.microsoft.icon
text/css
text/plain
text/javascript
text/x-component;
# Disable gzip for bad browsers
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
Obviously apple.com is not mine, and neither is orange.com. Let me know if the actual domains are relevant though (in case it's a DNS issue, which I doubt because the requests are making it to my IP).
Thanks in advance for any help!
