Tengo un problema al agregar nuevos subdominios a través de nginx; específicamente, todos los subdominios fallan o se bloquean cuando se agrega a nuestro sistema un subdominio que comienza con la letra 'a'. Este es un servidor alojado en AWS EC2.
Trabajamos con MUCHO soporte técnico con un técnico de AWS para descartar otros problemas. Inicialmente estábamos usando LetsEncrypt para SSL y descubrimos que letsencrypt tiene un límite de subdominios. Entonces, compramos un certificado SSL a través de otro proveedor para solucionar ese problema. afuera. Desde entonces, hemos podido agregar alrededor de otros 6 subdominios a nuestro servidor. Hemos confirmado con el técnico que, por lo demás, nuestra configuración parece estar bien. No poder agregar un subdominio que comience con la letra 'a' los ha dejado perplejos tanto a ellos como a nosotros.
Todos los subdominios tienen los mismos ajustes de configuración en '/var/etc/nginx/sites-available' (aparte del nombre del subdominio):
upstream abc_app {
server unix:///var/run/puma/abc_app.sock;
}
server {
listen 80;
server_name abc.domain.com.au www.abc.domain.com.au;
return 301 https://abc.domain.com.au ;
}
server {
listen 443 ssl;
server_name www.abc.domain.com.au;
return 301 https://abc.domain.com.au ;
}
server {
listen 443 ssl;
server_name abc.domain.com.au;
ssl on;
ssl_certificate /etc/letsencrypt/live/setls.com.au/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/setls.com.au/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_connect_timeout 6000;
proxy_send_timeout 6000;
proxy_read_timeout 6000;
proxy_pass http://abc_app;
}
location ~ "^/assets/" {
root /var/app/abc.domain.com.au/current/public;
gzip_static on;
expires max;
add_header Cache-Control public;
}
}
server {
listen 80;
server_name abc.domain.com www.abc.domain.com;
return 301 https://abc.domain.com ;
}
server {
listen 443 ssl;
server_name www.abc.domain.com;
return 301 https://abc.domain.com ;
}
server {
listen 443 ssl;
server_name abc.domain.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_connect_timeout 6000;
proxy_send_timeout 6000;
proxy_read_timeout 6000;
proxy_pass http://arc_app;
}
location ~ "^/assets/" {
root /var/app/abc.domain.com.au/current/public;
gzip_static on;
expires max;
add_header Cache-Control public;
}
}
Además la configuración de nginx es:
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 1024;
#worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
client_max_body_size 8m;
# changed from 128 to 256 on 2018-12-22 by MM
server_names_hash_bucket_size 256;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# this is now taken care of in /etc/letsencrypt/options-ssl-nginx.conf
#ssl_protocols TLSv1.1 TLSv1.2;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-available/*;
}