nginx wildcard subdomain ssl rewrite

Question

Have a wildcard dns subdomain record. Using domain-only validation SSL certificate. Need to set nginx rewrite rules in that way:

http://site.com   => https://site.com

http://*.site.com => http://*.site.com

I guess it is something like this

server {
    listen  80;
    server_name site.com *.site.com;
    if ($host ~* "^([^.]+(\.[^.]+)*)\.site.com$"){
        set $subd $1;
        rewrite ^(.*)$ http://$subd.site.com$1 permanent;
        break;
    }
    if ($host ~* "^site.com$"){
        rewrite ^(.*)$ https://site.com$1 permanent;
        break;
    }
    #rewrite    ^ https://$server_name$request_uri? permanent;
    charset utf-8;
}

server {

    listen   443;

    server_name  site.com;
    ssl On;
    ssl_certificate     /root/site.com.crt;
    ssl_certificate_key /root/site.com.key;

    location ~ \.php$ {
        fastcgi_pass   127.0.0.1:8888;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  /var/www/site$fastcgi_script_name;
        fastcgi_param  QUERY_STRING     $args;
        include fastcgi_params;
    }

    location / {
        root   /var/www/site;
        index  index.php index.html;
        if ($host !~ ^(site.com)$ ) {
            return 444;
        }
        try_files $uri $uri/ /index.php?$args;
    }
}

It loops infinitely. What is the correct way to get this working ?

CyberDem0n · Accepted Answer · 2012-08-13T11:52:11.757

3

You should rewrite your server block into two parts. First part only for domain "site.com" and following redirection to https Second part, for all other domains, "*.site.com"

server {
    listen  80;
    server_name site.com;
    rewrite ^(.*)$ https://site.com$1 permanent;
}

server {
    listen  80;
    server_name *.site.com;
    #etc... rewrites not necessary
}

So, your nginx.conf would be:

server {
    listen  80;
    server_name site.com;
    rewrite ^(.*)$ https://site.com$1 permanent;
}
server {
    listen  80;
    server_name *.site.com;
    charset utf-8;
    # etc ...
}

server {

    listen   443;

    server_name  site.com;
    ssl On;
    ssl_certificate     /root/site.com.crt;
    ssl_certificate_key /root/site.com.key;

    location ~ \.php$ {
        fastcgi_pass   127.0.0.1:8888;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  /var/www/site$fastcgi_script_name;
        fastcgi_param  QUERY_STRING     $args;
        include fastcgi_params;
    }

    location / {
        root   /var/www/site;
        index  index.php index.html;
        if ($host !~ ^(site.com)$ ) {
            return 444;
        }
        try_files $uri $uri/ /index.php?$args;
    }
}

edited Aug 13 '12 at 11:52

answered Aug 13 '12 at 11:12

CyberDem0n

14,545
1
34
24

nginx: [warn] conflicting server name "site.com" on 0.0.0.0:80 ignored – dima.h Aug 13 '12 at 11:23
I suppose you forget to remove site.com from server_name of your second server block... – CyberDem0n Aug 13 '12 at 11:27
nginx: [warn] conflicting server name "*.site.com" on 0.0.0.0:80 so they are in conflict for the same port – dima.h Aug 13 '12 at 11:39
You totally wrong, you should carefully read documentation in common and examples of name based server configuration in particle http://nginx.org/en/docs/http/server_names.html – CyberDem0n Aug 13 '12 at 11:55
figured out. mixed with http://stackoverflow.com/questions/1694144/can-two-applications-listen-to-the-same-port – dima.h Aug 13 '12 at 12:01
Two server {} blocks in nginx and two abstract servers, that listen the same host:port had nothing in common at all. Nginx just listen port 80 only once. And after that it decide to use one or another server {} block, basing on http Host: request header. So – CyberDem0n Aug 13 '12 at 12:16

nginx wildcard subdomain ssl rewrite

1 Answers1