Server redirecting domain to ssl from another site


#1

Good evening, friends, I come again to ask you for help about a problem.
I have a server with nginx + apache + varnish, most sites in it are with let’s encript and run perfectly.
However, I have a domain I preferred to keep without ssl for a few reasons.
For some reason I have not yet discovered, the site is redirected to a url that starts with https (it’s not the site code I’ve checked), and this error page shows that this site that does not have ssl is trying to use the certificate from another domain that has ssl.
I can not find any logical explanation for this redirection to a certificate from another domain, since that site does not even have a certificate created.
See below for links to understand better
Non-SSL Site:

Try to access this same site with https: //
https://www.base-dados-cep.com

Note that the certificate that appears as an error is the domain www.legisperitis.com.br, this site is functioning normally and has nothing to do with the reported site.

The solutions that I look for are trying to avoid this redirection or to know where this error comes from, or to create some internal redirect in nginx so that if the error occurs the own nginx redirected again to the url without the SSL.
can you help me? I’ve been for months without finding a solution.


#2

Hi @Perret

is this your own server? If yes, then you have a default configuration. That catches the https - traffic if there is no specific vHost.

The simplest solution: Create a certificate and a vHost - and then a redirect https -> http.


#3

This is the default behaviour of most webservers: if the webserver doesn’t have a HTTPS virtualhost for the hostname provided by the clients (e.g., browser) SNI variable, it serves a “default” certificate. This is also the certificate provided by clients without a SNI hostname. Most of the time this is the first virtualhost a webservers loads in its configuration.

Also, I’m not getting the redirect you’re mentioning. It serves the site perfectly through HTTP without any error.


#4

Thanks for the quick response
Yes, the server is mine, how could I do a vHost for this purpose? Nginx is new to me and I’m still learning.
Or at least how to disable this function to capture https traffic without there being this in the domain?


#5

How do you create your other certificates and vHosts? Use the same tool.

But no redirect http -> https.

Instead, if the certificate works, then manual a redirect https -> http.


#6

Would there be any example or model of what this Vhost code would look like?
I do not know how I can do it.
thank’s


#7

I use CWP, on Vhosts it only allows recompiling, but I do not see an option to change.
It is a part that I have never needed to change (now I need, rs …), if you have an example of a code that does this function I can check the documentation and apply it according to my server.
I would need a start on that.


#8

Is this something like Plesk or cPanel? If you use such an integrated system, then it may be impossible to fix that.


#9

I’ve been researching in CWP the possibility you mentioned.
There is a field that is Vhost template, in it is the basic structure that is used when we create a new domain (I think plesk and cpanel have something similar), but the difference is that we can edit it.
I’ll put down the code, but as I said, my knowledge about this part is not enough, as far as I can guide I thank.
This changed code I just need to rebuild Vhost (or edit the file directly from it, I find it easier and I know where they are, direct change).

See below:

# Virtual host file starts here

server {
listen YOURSERVERIP:NGINXPORT;
access_log /var/log/nginx/access.YOURDOMAIN.log;
error_log /var/log/nginx/error.YOURDOMAIN.log;
server_name YOURDOMAIN www.YOURDOMAIN;
root DOCROOT;

location / {
location ~.*\.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff|ttf|svg|eot|sh)\$ {
expires 7d; #Comment this out if you are using the apache backend cache-control/expires headers.
try_files \$uri \@backend;
}
error_page 405 = \@backend;
error_page 500 = \@custom;
add_header X-Cache "HIT from Backend";
proxy_pass http://YOURSERVERIP:PROXYPORT;
include proxy.inc;
}
location \@backend {
internal;
proxy_pass http://YOURSERVERIP:PROXYPORT;
include proxy.inc;
}
location \@custom {
internal;
proxy_pass http://YOURSERVERIP:PROXYPORT;
include proxy.inc;
}
location ~ .*\.(php|jsp|cgi|pl|py)?\$ {
proxy_pass http://YOURSERVERIP:PROXYPORT;
include proxy.inc;
}
location ~ /\.ht {
deny all;
}
}

# Virtual host file ends here

#10

This is a normal port 80 - standard vHost.

How did you create your ssl vHosts / port 443?

Your domain is running (port 80), so such a vHost should already exist. You need a second with SSL, then a manual redirect.

You can create the redirect in the html header of your https - version.

<meta http-equiv="refresh" content="0; URL=http://www.example.com/">

#11

Sorry for the delay for the answer, I’ve been very busy these days.
As we were talking about automatic mechanisms for this, I just demonstrated the template code, that is, the file that reconstructed vhost when using the interface, what really interests us is the vhost ready file of the site in question.
I am sending the code below for analysis.
For it we could edit this option, but I can not do some script that works, you will see in the end several commented lines in which I tried to run some scripts, all to no avail.
Every help is welcome.

Note
I know the comment is used as #
but to post here the letters became gigantic and therefore only for this post, replace with //
Where you see // understand that it is #

Virtual host file starts here

server {
listen 158.69.219.85:80;
access_log /var/log/nginx/access.base-dados-cep.com.log;
error_log /var/log/nginx/error.base-dados-cep.com.log;
server_name base-dados-cep.com www.base-dados-cep.com;
root /home/basecep/public_html;

location / {
location ~..3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff|ttf|svg|eot|sh)$ {
expires 7d; #Comment this out if you are using the apache backend cache-control/expires headers.
try_files $uri $uri @backend;
}
error_page 405 = @backend;
error_page 500 = @custom;
add_header X-Cache “HIT from Backend”;
proxy_pass http://158.69.219.85:82;
include proxy.inc;
}
location @backend {
internal;
proxy_pass http://158.69.219.85:82;
include proxy.inc;
}
location @custom {
internal;
proxy_pass http://158.69.219.85:82;
include proxy.inc;
}
location ~ .
.(php|jsp|cgi|pl|py)?$ {
proxy_pass http://158.69.219.85:82;
include proxy.inc;
}
location ~ /.ht {
deny all;
}
}

// Virtual host file ends here

//tentativa para parar com o redirecionamento indevido
server {

// if ( $scheme = “https” ) {
// return 301 http://www.base-dados-cep.com$request_uri;
// }
// if ( $scheme = “https” ){
// return 301 http://$host$request_uri;
// }
// listen 80;
// server_name base-dados-cep.com www.base-dados-cep.com;
// return 301 http://$host$request_uri;

//if ( $https != “” ) {
// return 301 http://$host$request_uri;
//}

// listen 80;
// server_name base-dados-cep.com www.base-dados-cep.com;
// return 301 http://$host$request_uri;

if ( $https = “on” ) {
return 301 http://$host$request_uri;
}

}