SSL Settings Redirecting to Main Site


#1

All my sites with SSL certificates on them they are redirecting to the first site I installed.
Even the server IP address is redirecting to the first wp site I installed.

domain.conf

  
server {  
  listen 443;  
     ssl on;  
    ssl_certificate /var/www/cert/domain_combined.crt;  
    ssl_certificate_key /var/www/cert/domain_com1.key;  
    ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;  
    ssl_ciphers HIGH:!aNULL:!MD5;  

	server_name domain.com www.domain.com;  

	access_log   /var/log/nginx/domain.com.access.log rt_cache;  
	error_log    /var/log/nginx/domain.com.error.log;  

	root /var/www/domain.com/htdocs;  
	index index.php index.htm index.html;  

	include common/w3tc.conf;  
	include common/wpcommon.conf;  
	include common/locations.conf;  

}

#2

@wyamout,

can you provide us access to your server,so that we can debug the issue.


#3

this was a private reply with post_id 70031


#4

Hi wyamout,
did this on server,
ee site edit default
then changed

  
        #listen   80; ## listen for ipv4; this line is default and implied  

to

  
       listen   80 default_server; ## listen for ipv4; this line is default and implied  

This setting will show default nginx page when accessed by ip address.


#5

Thank you Harshad.

Any ideas why websites with SSL are very slow?

Does it have anything to do with configuration?


#6

Hi wyamout,
We already have optimized nginx ssl config

  
       ssl_session_cache shared:SSL:20m;  
	ssl_session_timeout 10m;  
	ssl_prefer_server_ciphers on;  
	ssl_ciphers HIGH:!aNULL:!MD5:!kEDH;  

Test your site for 404 and other performance tweaks.


#7

hello, i have the same problem but not can solve this issue

my server have 4 ip dedicated server 1 ip address for 10 site on http °are ok° 1 ip address for 1 site on https with ssl )the site are ok and ssl too 2 ip fol al 2 site on 443 the problem is whe put https://ip1 or ip 2 or ip3 or ip 4 load the same site with ssl how to assing this site use only one ip to use 443 port

i try this but nginx not accept ipaddress:443 only 443

The oldest and most robust method to resolve the issue is to assign a separate IP address for every HTTPS server:

server { listen 192.168.1.1:443 ssl; server_name www.example.com; ssl_certificate www.example.com.crt; … }

server { listen 192.168.1.2:443 ssl; server_name www.example.org; ssl_certificate www.example.org.crt; … }

my actual config is this

server { listen 80;

server_name 54.94.130.6 mysite.com.br www.mysitecom.br;
return 301 https://www.mysite.com.br$request_uri;

}

server { listen 443 ssl; server_name www.mysite.com.br; ssl on; ssl_certificate /var/www/mysite.com.br/cert/www_mysite_com_br.crt; ssl_certificate_key /var/www/mysite.com.br/cert/www_mysite_com_br.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

#… other stuff

if you can help me with this task , I will be very grateful


#8

hi wyamout!

you can post your configuration example, i have the same problem but not can´t fix

any help is appreciated


#9

Would try and change the listen line to

listen 443 ssl spdy;


#10

Some ideas first of all check your 22222 config file, it might got the default_server in the servername line, i normaly remove that part just to be sure.

Your config is very messy to be honest, ill try and post what i got in my config.

server {  
  listen 443;  
     ssl on;  
    ssl_certificate /var/www/cert/domain_combined.crt;  
    ssl_certificate_key /var/www/cert/domain_com1.key;  
    ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;  
    ssl_ciphers HIGH:!aNULL:!MD5;  

server_name domain.com www.domain.com;  

access_log   /var/log/nginx/domain.com.access.log rt_cache;  
error_log    /var/log/nginx/domain.com.error.log;  

root /var/www/domain.com/htdocs;  
index index.php index.htm index.html;  

include common/w3tc.conf;  
include common/wpcommon.conf;  
include common/locations.conf;

}

This is what i got that works

server {

    listen 443 ssl spdy;

    server_name   mydomain.com;

    ssl_certificate /var/www/mydomain.com/cert/bundle.crt;
    ssl_certificate_key /var/www/mydomain.com/cert/ssl.key;

    access_log /var/log/nginx/mydomain.com.access.log rt_cache;
    error_log /var/log/nginx/mydomain.com.error.log;


    root /var/www/mydomain.com/htdocs/;

    index index.php index.html index.htm;

    include common/wpfc.conf;
    include common/wpcommon.conf;
    include common/locations.conf;
}

Some points to your config remove the ssl_* lines there is no reason they are in ee config files for, remove www.domain.com, this is not any thing you use any more do a cname in your dns that points www.domain.com to domain.com way better practise to use now adays.

Remove the line ssl on; since that part should be defined in the listen line like the above post i did.


#11

hi benzons, thanks for explanations, i check my 22222 config and change from

server {

listen 22222 default_server ssl spdy;

to

server {

listen 22222 ssl spdy;

now my site config is equal like you example and the prblem still

I will clarify the doubts that happens , the site with ssl works normally, but if I have to enable another ssl , it loads the first site with ssl . the same thing happens if put through the ips

i check too default site and this is

Default server configuration

server { listen 80 default_server; listen [::]:80 default_server;

  # SSL configuration
   #
   #        listen 443 ssl default_server;
   #        listen [::]:443 ssl default_server;
  #
   # Self signed certs generated by the ssl-cert package
   # Don't use them in a production server!
   # include snippets/snakeoil.conf;
  #
   # ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE
   # ssl_ciphers HIGH:!aNULL:!MD5;
  # ssl_prefer_server_ciphers on;

#12

What version of EasyEngine are you using?

Use: ee -v to find out

And could you post the output o nginx -V it will be something like

nginx version: nginx/1.6.2
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_spdy_module --with-http_sub_module --with-http_xslt_module --add-module=/build/buildd/nginx-1.6.2/debian/modules/headers-more-nginx-module --add-module=/build/buildd/nginx-1.6.2/debian/modules/nginx-auth-pam --add-module=/build/buildd/nginx-1.6.2/debian/modules/nginx-cache-purge --add-module=/build/buildd/nginx-1.6.2/debian/modules/nginx-echo --add-module=/build/buildd/nginx-1.6.2/debian/modules/ngx-fancyindex --add-module=/build/buildd/nginx-1.6.2/debian/modules/nginx-lua --add-module=/build/buildd/nginx-1.6.2/debian/modules/nginx-upload-progress --add-module=/build/buildd/nginx-1.6.2/debian/modules/nginx-upstream-fair --add-module=/build/buildd/nginx-1.6.2/debian/modules/ngx_http_substitutions_filter_module --add-module=/build/buildd/nginx-1.6.2/debian/modules/ngx_pagespeed

#13

ubuntu@ip-172-31-16-251:~$ sudo ee -v to find out

EasyEngine v3.0.4 Copyright © 2015 rtCamp Solutions Pvt. Ltd.

ubuntu@ip-172-31-16-251:~$

is microinstance on ec2 amazon


#14

i found this on nginx site but when try show failed config http://nginx.org/en/docs/http/configuring_https_servers.html

The oldest and most robust method to resolve the issue is to assign a separate IP address for every HTTPS server:

server {

listen 192.168.1.1:443 ssl;

server_name www.example.com;

ssl_certificate www.example.com.crt; …

}

server { listen 192.168.1.2:443 ssl;

server_name www.example.org;

ssl_certificate www.example.org.crt;

… }


#15

here my nginx

ubuntu@ip-172-31-16-251:~$ sudo nginx -V nginx version: nginx/1.6.2 TLS SNI support enabled configure arguments: --with-cc-opt=’-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2’ --with-ld-opt=’-Wl,-Bsymbolic-functions -Wl,-z,relro’ --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_spdy_module --with-http_sub_module --with-http_xslt_module --add-module=/build/buildd/nginx-1.6.2/debian/modules/headers-more-nginx-module --add-module=/build/buildd/nginx-1.6.2/debian/modules/nginx-auth-pam --add-module=/build/buildd/nginx-1.6.2/debian/modules/nginx-cache-purge --add-module=/build/buildd/nginx-1.6.2/debian/modules/nginx-echo --add-module=/build/buildd/nginx-1.6.2/debian/modules/ngx-fancyindex --add-module=/build/buildd/nginx-1.6.2/debian/modules/nginx-lua --add-module=/build/buildd/nginx-1.6.2/debian/modules/nginx-upload-progress --add-module=/build/buildd/nginx-1.6.2/debian/modules/nginx-upstream-fair --add-module=/build/buildd/nginx-1.6.2/debian/modules/ngx_http_substitutions_filter_module --add-module=/build/buildd/nginx-1.6.2/debian/modules/ngx_pagespeed ubuntu@ip-172-31-16-251:~$


#16

Hi @wyamout

It’s been a long time, and we haven’t heard from you. It looks like your issue is resolved.

I am closing this support topic for now. Feel free to create a new support topic if you have any queries further. :slight_smile:


#17