2

I have a WordPress site and trying to set up subdomains using Nginx and Let's Encrypt SSL to have prod and test environments.

For example:

  • prod site --> abc.com www.abc.com
  • dev site --> dev.abc.com

I have set up Nginx using this guide https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-server-blocks-on-centos-7.

My Server blocks look as following: /site-available/abc.com.conf

 server {
        root /var/www/wordpress;
        index index.php index.html index.htm;
        server_name abc.com www.abc.com;
        client_max_body_size 100M;

        location / {
                #try_files $uri $uri/ =404;
                try_files $uri $uri/ /index.php$is_args$args;
        }

        location ~ \.php$ {
                fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
                fastcgi_index index.php;
                fastcgi_connect_timeout 300s;
                fastcgi_read_timeout 300s;
                fastcgi_send_timeout 300s;
        }

        location ~ /\.ht {
                deny all;
        }

    listen 443 ssl http2;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
    ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";

    # Improve HTTPS performance with session resumption
    ssl_session_cache shared:SSL:30m;
    ssl_session_timeout 15m;
    ssl_session_tickets on;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/letsencrypt/live/abc.com/fullchain.pem;
    resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] valid=300s; # Cloudflare
    resolver_timeout 5s;

    ssl_certificate /etc/letsencrypt/live/abc.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/abc.com/privkey.pem; # managed by Certbot

}
server {
    if ($host = www.abc.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = abc.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

        listen 80;
        server_name abc.com www.abc.com;
    return 404; # managed by Certbot
}

/site-available/dev.abc.com.conf

server {
        root /var/www/dev.abc.com;
        index index.php index.html index.htm index.nginx-debian.html;
        server_name dev.abc.com;

        location / {
                #try_files $uri $uri/ =404;
                try_files $uri $uri/ /index.php$is_args$args;
        }

        location ~ \.php$ {
                fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
                fastcgi_index index.php;
                fastcgi_connect_timeout 300s;
                fastcgi_read_timeout 300s;
                fastcgi_send_timeout 300s;
        }

        location ~ /\.ht {
                deny all;
        }

    listen 443 ssl http2;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
    ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";
 
    # Improve HTTPS performance with session resumption
    ssl_session_cache shared:SSL:30m;
    ssl_session_timeout 15m;
    ssl_session_tickets on;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/letsencrypt/live/dev.abc.com/fullchain.pem;
    resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] valid=300s; # Cloudflare
    resolver_timeout 5s;

    ssl_certificate /etc/letsencrypt/live/dev.abc.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/dev.abc.com/privkey.pem; # managed by Certbot

}

I have successfully enabled A records on Cloudflare and Digital ocean for dev domain name. Problem is, whenever I try to access dev.abc.com it is getting redirect to abc.com no matter what. Then I tried to remove the abc.com.conf server block and tested, then it was working fine with dev.abc.com.conf; however, when I try to put both blocks together then this time it was only working on dev.abc.com.

I am not sure what I am missing in this Nginx configuration. I also have both SSL certificate to match the exact domains. I have exact Nginx configuration on Ubuntu server and its working fine for my another site.

R. Patel
  • 49
  • 6

0 Answers0