Good evening, friends, I come again to ask you for help about a problem.
I have a server with nginx + apache + varnish, most sites in it are with let’s encript and run perfectly.
However, I have a domain I preferred to keep without ssl for a few reasons.
For some reason I have not yet discovered, the site is redirected to a url that starts with https (it’s not the site code I’ve checked), and this error page shows that this site that does not have ssl is trying to use the certificate from another domain that has ssl.
I can not find any logical explanation for this redirection to a certificate from another domain, since that site does not even have a certificate created.
See below for links to understand better
Non-SSL Site:
Note that the certificate that appears as an error is the domain www.legisperitis.com.br, this site is functioning normally and has nothing to do with the reported site.
The solutions that I look for are trying to avoid this redirection or to know where this error comes from, or to create some internal redirect in nginx so that if the error occurs the own nginx redirected again to the url without the SSL.
can you help me? I’ve been for months without finding a solution.
This is the default behaviour of most webservers: if the webserver doesn't have a HTTPS virtualhost for the hostname provided by the clients (e.g., browser) SNI variable, it serves a "default" certificate. This is also the certificate provided by clients without a SNI hostname. Most of the time this is the first virtualhost a webservers loads in its configuration.
Also, I'm not getting the redirect you're mentioning. It serves the site perfectly through HTTP without any error.
Thanks for the quick response
Yes, the server is mine, how could I do a vHost for this purpose? Nginx is new to me and I’m still learning.
Or at least how to disable this function to capture https traffic without there being this in the domain?
I use CWP, on Vhosts it only allows recompiling, but I do not see an option to change.
It is a part that I have never needed to change (now I need, rs …), if you have an example of a code that does this function I can check the documentation and apply it according to my server.
I would need a start on that.
I’ve been researching in CWP the possibility you mentioned.
There is a field that is Vhost template, in it is the basic structure that is used when we create a new domain (I think plesk and cpanel have something similar), but the difference is that we can edit it.
I’ll put down the code, but as I said, my knowledge about this part is not enough, as far as I can guide I thank.
This changed code I just need to rebuild Vhost (or edit the file directly from it, I find it easier and I know where they are, direct change).
See below:
# Virtual host file starts here
server {
listen YOURSERVERIP:NGINXPORT;
access_log /var/log/nginx/access.YOURDOMAIN.log;
error_log /var/log/nginx/error.YOURDOMAIN.log;
server_name YOURDOMAIN www.YOURDOMAIN;
root DOCROOT;
location / {
location ~.*\.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff|ttf|svg|eot|sh)\$ {
expires 7d; #Comment this out if you are using the apache backend cache-control/expires headers.
try_files \$uri \@backend;
}
error_page 405 = \@backend;
error_page 500 = \@custom;
add_header X-Cache "HIT from Backend";
proxy_pass http://YOURSERVERIP:PROXYPORT;
include proxy.inc;
}
location \@backend {
internal;
proxy_pass http://YOURSERVERIP:PROXYPORT;
include proxy.inc;
}
location \@custom {
internal;
proxy_pass http://YOURSERVERIP:PROXYPORT;
include proxy.inc;
}
location ~ .*\.(php|jsp|cgi|pl|py)?\$ {
proxy_pass http://YOURSERVERIP:PROXYPORT;
include proxy.inc;
}
location ~ /\.ht {
deny all;
}
}
# Virtual host file ends here
Sorry for the delay for the answer, I’ve been very busy these days.
As we were talking about automatic mechanisms for this, I just demonstrated the template code, that is, the file that reconstructed vhost when using the interface, what really interests us is the vhost ready file of the site in question.
I am sending the code below for analysis.
For it we could edit this option, but I can not do some script that works, you will see in the end several commented lines in which I tried to run some scripts, all to no avail.
Every help is welcome.
Note
I know the comment is used as #
but to post here the letters became gigantic and therefore only for this post, replace with //
Where you see // understand that it is #