NGINX redirect for multiple domains

domainnginxredirectssl

I'm very new to NGINX and the whole configuration, so I managed to setup a server with the following config with the help from a friend:

    server {
        listen 80;
        listen [::]:80;
        server_name domain.com;
        rewrite         ^       https://$server_name$request_uri? permanent;
}

server {
        listen 80;
        listen [::]:80;
        server_name domain.de;
        rewrite         ^       https://$server_name$request_uri? permanent;
}

server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name domain.com domain.de;
        root /var/www/html;
        index index.php index.html index.htm;

there are multiple servers for my main page, some project pages, and some private pages. I have for every single TLD an own server because I don't want to have the TLD in the address bar changed on a redirect. Now my answer is, how can I simply get all these non-SSL Servers to one big Server(1/project) without redirecting to just one TLD?

Example:

Project.com, Project.de, Project.net and Project.org are redirecting over 5 of these non-SSL Servers to one SSL-enabled Server. When i'm going to http://project.net i'm beeing redirected to https://project.net. The TLD doesnt change at all, because of the single non-SSL Server setup.

What i want to achieve, that i can minify my config file to have one non-SSL Server per Project redirecting to https without changing the domain.

                                       :80 Server      :443 Server

http domain.net —> https domain.net ([non-SSL 01] —> [SSL 01])
http domain.com —> https domain.com ([non-SSL 02] —> [SSL 01])
http domain.de —> https domain.de ([non-SSL 03] —> [SSL 01])

http project.de —> https project.de ([non-SSL 04] —> [SSL 02])
http project.com —> https project.com ([non-SSL 05] —> [SSL 02])
and so on

Best Answer

What I understand is that you want to redirect multiple domains to one domain.

First, I suggest you use return 301 instead of rewrite. It is more efficient in this case.

This is the default server config. It will be served if the request does not match any of the virtual host.

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;
    return 301 https://your-correct-domain.com$request_uri;
}

Also setup the a server to receive HTTP traffic for your-correct-domain.com and redirect it to HTTPS.

server {
    listen 80;
    listen [::]:80;
    server_name your-correct-domain.com;
    return 301 https://your-correct-domain.com$request_uri;
}

Then finally, the HTTPS server of your-correct-domain.com where you have all your config.

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name your-correct-domain.com;
    root /var/www/html;
    index index.php index.html index.htm;
}

Note that this setup will serve the default server if someone accesses the IP directly. For example, your server IP is 192.168.100.100, if someone enters that in their browser, they will be redirected to https://your-correct-domain.com.

The default server will catch all request that does not have a server/virtual host prepared for it. So if someone requests for domain.de, my.domain.de, site2.domain-something.com, they will all be permanently redirected to https://your-correct-domain.com. You also have the option to redirect with 302 instead of 301.

Final note, if you have other virtual host that is not part of this setup you are making, it will not be a problem. The default server will not be served for that because Nginx will check first if a virtual host exist and serve that first.

Correct way in new versions of nginx

Turn out my first answer to this question was correct at certain time, but it turned into another pitfall - to stay up to date please check Taxing rewrite pitfalls

I have been corrected by many SE users, so the credit goes to them, but more importantly, here is the correct code:

server {
       listen         80;
       server_name    my.domain.com;
       return         301 https://$server_name$request_uri;
}

server {
       listen         443 ssl;
       server_name    my.domain.com;
       # add Strict-Transport-Security to prevent man in the middle attacks
       add_header Strict-Transport-Security "max-age=31536000" always; 

       [....]
}

Nginx – Properly setting up a “default” nginx server for https

I managed to configure a shared dedicated hosting on a single IP with nginx. Default HTTP and HTTPS serving a 404 for unknown domains incoming.

1 - Create a default zone

As nginx is loading vhosts in ascii order, you should create a 00-default file/symbolic link into your /etc/nginx/sites-enabled.

2 - Fill the default zone

Fill your 00-default with default vhosts. Here is the zone i am using:

server {
    server_name _;
    listen       80  default_server;
    return       404;
}


server {
    listen 443 ssl;
    server_name _;
    ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;
    return       404;
}

3 - Create self signed certif, test, and reload

You will need to create a self signed certificate into /etc/nginx/ssl/nginx.crt.

Create a default self signed certificate:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt

Just a reminder:

Test the nginx configuration before reloading/restarting : nginx -t
Reload a enjoy: sudo service nginx reload

Hope it helps.

Best Answer

Related Solutions

NGINX Redirect – How to Rewrite All HTTP Requests to HTTPS While Maintaining Sub-Domain

Correct way in new versions of nginx

Nginx – Properly setting up a “default” nginx server for https

Related Topic