Dear community,
I have a problem with certbot and nginx.
I have two domains on my server with two portals/websites.
I've installed with certbot both domains and one of the domains is working correct: It routs to the right portal (localhost: 1337), but the other one not. There is an error message and routes to website 1 instead of website 2.
default in sites-available is empty.
I don't know if it is a problem with certbot. But before I changed it to ssl with certbot, I think the routing was correct.
I hope somebody can help me.
Here are the facts:
My domain is:
www.kindersachenflohmarkt-teningen.de
www.vam-teningen.de
I ran this command:
certbot --nginx -d example.com -d www.example.com (for both sites)
It produced this output:
www.kindersachenflohmarkt-teningen.de routs to the correct site (port 1337), the other domain routes to port 1337, too.
My web server is (include version):
nginx
The operating system my web server runs on is (include version):
ubuntu 20.04 minimal
My hosting provider, if applicable, is:
1blu.de
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
0.40.0
here is the nginx config of one domain (the other is the same strutcure):
upstream backendA89D0468 {
server localhost:1338;
}
server{
listen 80;
server_name vam-teningen.de www.vam-teningen.de;
rewrite ^ https://www.vam-teningen.de$request_uri? permanent;
rewrite_log on;
}
server{
listen 443 ssl;
server_name vam-teningen.de www.vam-teningen.de;
keepalive_timeout 70s;
ssl_certificate /etc/letsencrypt/live/vam-teningen.de/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/vam-teningen.de/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
add_header Strict-Transport-Security max-age=15768000; # six months
add_header X-Frame-Options SAMEORIGIN;
root /opt/intrexx/org/vam/external/htmlroot;
# serve favicon and robots.txt
location ~ (/favicon.ico|/robots.txt) {
try_files $uri =404;
}
# hide hidden files and directories
location ~ /\. {
return 404;
}
# hide WEB-INF
location /WEB-INF/ {
deny all;
return 404;
}
# hide IIS web.config
location ~* /web.config {
deny all;
return 404;
}
# hide the bin directory
location /bin/ {
deny all;
return 404;
}
# Static files that should be served by Nginx.
#
location ~ ^(/css|/fonts|/images|/include|/script|/thirdparty|/temp|/userfiles|/download|/is) {
sendfile on;
sendfile_max_chunk 1m;
try_files $uri =404;
}
# Delegate WebSocket requests to the Intrexx Portal Service.
#
location /ws/ {
proxy_pass http://backendA89D0468;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
# Delegate requests to the Intrexx Portal Service.
#
location / {
proxy_pass http://backendA89D0468;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Clear potentially unsafe headers. These may be enabled if the backend
# is configured to handle them correctly and in a safe manner.
proxy_set_header Forwarded "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Original-URL "";
# Security token to authenticate the reverse proxy with the backend.
proxy_set_header X-SecToken "";
# For security reasons we do not pass X-User and X-Domain to the backend by default,
# since these headers might be interpreted by the External Authentication Filter as
# authenticated use information
proxy_set_header X-User "";
proxy_set_header X-Domain "";
# additional security sensitive headers
proxy_set_header X-KrbTicket "";
proxy_set_header X-AccountName "";
# Set the maximum allowed size of the client request body. The value 0 disables
# this limit check.
# http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size
client_max_body_size 2048m;
}
}
A great thank you for your help. Who can solve this problem is my personal hero of this month