My Nginx config is catching all subdomains without specifying a wildcard. I have created an special config for each subdomain, but seems that all subdomains pass trough the main domain configuration. I have discovered this by removing the subdomains configuration files from nginx.conf and watching how it still catches all the subdomains, so when I send a request to uk.domain.com, instead of Nginx catching the subdomain configuration, goes through the main domain configuration. This is causing trouble with applying mod_pagespeed individually to each of the sites and also managing the GA universal code.
The config for the main domain is this :
server {
listen 80;
listen 443 ssl;
access_log off;
root /var/www/domain.com/wordpress;
ssl_certificate /etc/ssl/private/cert_chain.crt;
ssl_certificate_key /etc/ssl/private/server.key;
index index.php index.html index.htm;
server_name domain.com;
if ($allow = no) {
return 403;
}
if ($bad_referer) {
return 444;
}
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires max;
}
client_body_buffer_size 124K;
client_header_buffer_size 1k;
client_max_body_size 100m;
large_client_header_buffers 4 16k;
error_page 404 /404.html;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types application/json application/x-javascript application/xml text/javascript text/plain text/css application/javascript text/xml application/xml+rss;
# Rewrites for Yoast SEO XML Sitemap
rewrite ^/sitemap_index.xml$ /index.php?sitemap=1 last;
rewrite ^/([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
include hhvm.conf;
include domain.com-ps.conf;
include multisite.conf;
rewrite /wp-admin$ $scheme://$server_name$uri/ permanent;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
if ($bad_client) { return 403; }
location / {
try_files $uri $uri/ /index.php?$args;
add_header Access-Control-Allow-Headers "X-Requested-With";
add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS";
add_header Access-Control-Allow-Origin "*";
}
Why is this configuration catching all subdomains if I am not specyfing a wildcard ?
Nginx.conf config :
user www-data;
worker_processes 2;
#error_log /var/log/nginx/logs/error.log;
#error_log /var/log/nginx/logs/error.log notice;
#error_log /var/log/nginx/logs/error.log info;
#access_log off;
#pid logs/nginx.pid;
events {
worker_connections 2048;
}
http {
access_log off;
include mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
client_body_buffer_size 124K;
client_header_buffer_size 1k;
client_max_body_size 100m;
large_client_header_buffers 4 32k;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers On;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
map $http_cf_ipcountry $allow {
default yes;
default yes;
IN no;
CN no;
PK no;
RU no;
BD no;
UA no;
}
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types application/json application/x-javascript application/xml text/javascript text/plain text/css application/javascript text/xml application/xml+rss;
include /etc/nginx/blacklist.conf;
include /etc/nginx/domain.com;
# include /etc/nginx/us.domain.com;
include /etc/nginx/uk.domain.com;
include /etc/nginx/ca.domain.com;
include /etc/nginx/au.domain.com;
include /etc/nginx/anotherdomain.com;
include /etc/nginx/refer-spam.conf;
}
subdomain configuration file :
server {
listen 80;
listen 443 ssl;
# server_name_in_redirect off;
access_log on;
error_log on;
root /var/www/elsitar.com/wordpress;
ssl_certificate /etc/ssl/private/cert_chain.crt;
ssl_certificate_key /etc/ssl/private/server.key;
index index.php index.html index.htm;
server_name uk.domain.com;
if ($allow = no) {
return 403;
}
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jp$
access_log off; log_not_found off; expires max;
}
client_body_buffer_size 124K;
client_header_buffer_size 1k;
client_max_body_size 100m;
large_client_header_buffers 4 16k;
error_page 404 /404.html;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types application/json application/x-javascript application/xml te$
# Rewrites for Yoast SEO XML Sitemap
rewrite ^/sitemap_index.xml$ /index.php?sitemap=1 last;
rewrite ^/([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?sitemap=$1&sitemap_$
include hhvm.conf;
include uk.domain.com-ps.conf;
include multisite.conf;
include uk.elsitar.com-ps.conf;
include multisite.conf;
rewrite /wp-admin$ $scheme://$server_name$uri/ permanent;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
if ($bad_client) { return 403; }
location / {
try_files $uri $uri/ /index.php?$args;
add_header Access-Control-Allow-Headers "X-Requested-With";
add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS";
add_header Access-Control-Allow-Origin "*";
}
}
HHVM config with fallback to fpm :
location ~ \.(hh|php)$ {
proxy_intercept_errors on;
error_page 502 = @fpm;
try_files $uri /index.php;
fastcgi_keep_conn on;
fastcgi_pass unix:/var/run/hhvm/hhvm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location @fpm {
try_files $uri /index.php;
include fastcgi_params;
# fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
# fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:8000;
fastcgi_buffers 32 16k;
}
WordPress Multisite rewrites :
# Rewrite rules for WordPress Multi-site.
if (!-e $request_filename) {
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 last;
rewrite ^/[_0-9a-zA-Z-]+(/.*\.php)$ $1 last;
}
Best Answer
1.) Remove your default config
2.) Move your Configurations into the sites-available folder
3.) Link all Configurations in the sites-enabled folder to "enable" them.
4.) Reload Nginx
Check all your Configuration for the following Parts in the listen directive: "default_site" and "_"
Both work as an Catch all mechanismus.
Edit nginx.conf
remove all includes and add: include /etc/nginx/sites-enabled/*
Following this procedur, you have no "Wildcard" Nginx config anymore. To enable "Catch all", just create a new config, or edit a existing config and add "default_server", looks like:
BR Bernd