Tenho o nginx rodando no Debian 12 como proxy reverso -com terminação SSL- para vários sites. Recentemente notei que não consigo mais adicionar mais hosts devido a esse comportamento estranho. Habilitei o site padrão, mas, sistematicamente, quando apontei o navegador para sub-xx.domain.com fui redirecionado para a.domain.com. No entanto, todos os sites de a a w estão funcionando conforme o esperado. Se a solicitação for HTTP, o navegador avisa sobre a insegurança do site e é redirecionado para d.domain.com. Quando você solicita explicitamente, o HTTPS é redirecionado para a.domain.com conforme mencionado. Os logs de xx.domain.com não têm rastro e, apenas se a solicitação for HTTPS, os de a.domain.com têm isso
192.168.9.1 - - [19/Jan/2024:16:55:04 -0300] "GET /img/logo.gif HTTP/2.0" 200 3418 "https://xx.domain.com/css/login>
xx.conf
pstream xx {
server 192.168.8.86;
keepalive 32;
}
server {
listen 80;
server_name xx.domain.com;
include /etc/nginx/snippets/location-letsencrypt.conf;
# return 301 https://$server_name$request_uri;
#}
#server {
# listen 443 ssl http2;
# server_name test.xx.domain.com;
# include /etc/nginx/snippets/location-letsencrypt.conf;
# include /etc/nginx/snippets/ssl-params.conf;
# ssl_certificate /etc/letsencrypt/live/xx.domain.com/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/xx.domain.com/privkey.pem;
location / {
include /etc/nginx/snippets/proxy.conf;
proxy_pass http://test_xx/;
}
access_log /var/log/nginx/xx.domain.com/access.log;
error_log /var/log/nginx/xx.domain.com/error.log;
}
aa.conf
upstream yy {
server 192.168.8.81;
keepalive 32;
}
server {
listen 80;
server_name yy.domain.com;
include /etc/nginx/snippets/location-letsencrypt.conf;
# return 301 https://$server_name$request_uri;
#}
#server {
# listen 443 ssl http2;
# server_name yy.domain.com;
# include /etc/nginx/snippets/location-letsencrypt.conf;
# include /etc/nginx/snippets/ssl-params.conf;
# ssl_certificate /etc/letsencrypt/live/yy.domain.com/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/yy.domain.com/privkey.pem;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
proxy_pass_request_headers on;
proxy_pass http://yy/;
}
access_log /var/log/nginx/yy.domain.com/access.log;
error_log /var/log/nginx/yy.domain.com/error.log;
}
nginx.conf
user www-data;
worker_processes auto;
worker_rlimit_nofile 100000;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 10240;
multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# To avoid error 413
client_max_body_size 192M;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log debug;
log_format main '$remote_addr - $remote_user [$time_local]
"$request" ' '$status $body_bytes_sent
"$http_referer" ' '"$http_user_agent"
"$http_x_forwarded_for"';
#access_log /var/log/nginx/access-special.log combined;
##
# Gzip Settings
##
gzip on;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
localização-letsencrypt.conf
location ^~ /.well-known/acme-challenge/ {
allow all;
default_type "text/plain";
root /var/www/le_root;
}
location = /.well-known/acme-challenge/ {
return 404;
}