Ich habe nginx unter Debian 12 als Reverse-Proxy – mit SSL-Terminierung – für mehrere Sites laufen. Kürzlich ist mir aufgefallen, dass ich aufgrund dieses seltsamen Verhaltens keine weiteren Hosts mehr hinzufügen kann. Habe die Standardsite aktiviert, aber wenn ich den Browser auf sub-xx.domain.com richte, werde ich systematisch auf a.domain.com umgeleitet. Jede Site von a bis w funktioniert jedoch wie erwartet. Wenn die Anfrage HTTP ist, warnt der Browser vor der Site-Unsicherheit und wird auf d.domain.com umgeleitet. Wenn Sie explizit HTTPS anfordern, werden Sie wie erwähnt auf a.domain.com umgeleitet. Protokolle von xx.domain.com enthalten keine Spur und nur wenn die Anfrage HTTPS ist, haben die von a.domain.com dies
192.168.9.1 - - [19/Jan/2024:16:55:04 -0300] "GET /img/logo.gif HTTP/2.0" 200 3418 "https://xx.domain.com/css/login>
xx.conf
pstream xx {
server 192.168.8.86;
keepalive 32;
}
server {
listen 80;
server_name xx.domain.com;
include /etc/nginx/snippets/location-letsencrypt.conf;
# return 301 https://$server_name$request_uri;
#}
#server {
# listen 443 ssl http2;
# server_name test.xx.domain.com;
# include /etc/nginx/snippets/location-letsencrypt.conf;
# include /etc/nginx/snippets/ssl-params.conf;
# ssl_certificate /etc/letsencrypt/live/xx.domain.com/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/xx.domain.com/privkey.pem;
location / {
include /etc/nginx/snippets/proxy.conf;
proxy_pass http://test_xx/;
}
access_log /var/log/nginx/xx.domain.com/access.log;
error_log /var/log/nginx/xx.domain.com/error.log;
}
yy.conf
upstream yy {
server 192.168.8.81;
keepalive 32;
}
server {
listen 80;
server_name yy.domain.com;
include /etc/nginx/snippets/location-letsencrypt.conf;
# return 301 https://$server_name$request_uri;
#}
#server {
# listen 443 ssl http2;
# server_name yy.domain.com;
# include /etc/nginx/snippets/location-letsencrypt.conf;
# include /etc/nginx/snippets/ssl-params.conf;
# ssl_certificate /etc/letsencrypt/live/yy.domain.com/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/yy.domain.com/privkey.pem;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
proxy_pass_request_headers on;
proxy_pass http://yy/;
}
access_log /var/log/nginx/yy.domain.com/access.log;
error_log /var/log/nginx/yy.domain.com/error.log;
}
nginx.conf
user www-data;
worker_processes auto;
worker_rlimit_nofile 100000;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 10240;
multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# To avoid error 413
client_max_body_size 192M;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log debug;
log_format main '$remote_addr - $remote_user [$time_local]
"$request" ' '$status $body_bytes_sent
"$http_referer" ' '"$http_user_agent"
"$http_x_forwarded_for"';
#access_log /var/log/nginx/access-special.log combined;
##
# Gzip Settings
##
gzip on;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
Standort-letsencrypt.conf
location ^~ /.well-known/acme-challenge/ {
allow all;
default_type "text/plain";
root /var/www/le_root;
}
location = /.well-known/acme-challenge/ {
return 404;
}