NGINX — conflicting server name «sub.domain.com» on 0.0.0.0:80, ignored — как исправить?

Приветствую, уважаемое комюнити!

Подскажите пожалуйста как пофиксить ошибку NGINXa:

NGINX - conflicting server name "sub.domain.com" on 0.0.0.0:80, ignored


domain.com в конфиге вирт.хоста я делаю редирект на https.

server {
server_name domain.com;
listen 80;
return 301 https://www.domain.com$request_uri;
}

server {

listen 80;
listen 443 ssl spdy;

server_name www.domain.com;
keepalive_timeout 70;

error_log /var/log/nginx/domain-errors.log;
access_log /var/log/nginx/domain-access.log;

root /srv/www/domain.com/;
index index.php;

ssl on;
#ssl_certificate /etc/nginx/ssl/domain.com/www.domain.com.crt;
ssl_certificate /etc/nginx/ssl/domain.com/www.domain.com.pem;
ssl_certificate_key /etc/nginx/ssl/domain.com/www.domain.com.key;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_protocols TLSv1.1 TLSv1.2;
#ssl_ciphers ALL:!ADH:!EXP:!LOW:!RC2:!3DES:!SEED:!RC4:+HIGH:+MEDIUM;
#ssl_ciphers EECDH+ECDSA+AESGCM:AES128+EECDH:AES128+EDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!CAMELLIA:!ADH;
ssl_ciphers kEECDH+AESGCM+AES128:kEECDH+AES128:kRSA+AESGCM+AES128:kRSA+AES128:!RC4:!aNULL:!eNULL:!MD5:!EXPORT:!LOW:!SEED:!CAMELLIA:!IDEA:!PSK:!SRP:!SSLv2;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report";
#resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver 127.0.0.1;
resolver_timeout 10s;

# config to enable HSTS(HTTP Strict Transport Security) to avoid ssl stripping https://en.wikipedia.org/wiki/SSL_stripping#SSL_st...
add_header Strict-Transport-Security "max-age=31536000";

location / {
# Front Controller Pattern
# Roundcube doesn't require the query string /index.php?q=$uri&$args, and can read from REQUEST_URI /index.php
try_files $uri $uri/ /index.php;
#auth_basic "Restricted"; #For Basic Auth
#auth_basic_user_file /etc/nginx/.htpasswd; #For Basic Auth
}

# Deny access to the following files
location ~ ^/(README.md|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
deny all;
}

# Deny access to the following directories
location ~ ^/(config|temp|logs)/ {
deny all;
}

# Deny access to hidden/important files e.g: .htaccess .htpasswd
location ~ /\. {
access_log off;
log_not_found off;
deny all;
}


location = /favicon.ico {
access_log off;
log_not_found off;
}

location ~* \.(?:v|s|css|js|jp?g|gif|png|ico|mp3|wav|swf)$ {
expires 1y;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
fastcgi_hide_header Set-Cookie;
access_log off;
}

# Pass the PHP scripts to FastCGI server (locally with unix: param to avoid network overhead)
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/tmp/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}

}


вот конфиг сабдомена на который ругается в логе:

server {
server_name webmail.domain.com;
listen 80;
return 301 https://webmail.domain.com$request_uri;
}

server {

listen 80;
listen 443 ssl spdy;

server_name webmail.domain.com;
keepalive_timeout 70;

error_log /var/log/nginx/roundcube-errors.log;
access_log /var/log/nginx/roundcube-access.log;

root /srv/www/roundcube/;
index index.php;

ssl on;
#ssl_certificate /etc/nginx/ssl/webmail/webmail.domain.com.crt;
ssl_certificate /etc/nginx/ssl/webmail/webmail.domain.com.pem;
ssl_certificate_key /etc/nginx/ssl/webmail/webmail.domain.com.key;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_protocols TLSv1.1 TLSv1.2;
#ssl_ciphers ALL:!ADH:!EXP:!LOW:!RC2:!3DES:!SEED:!RC4:+HIGH:+MEDIUM;
ssl_ciphers EECDH+ECDSA+AESGCM:AES128+EECDH:AES128+EDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!CAMELLIA:!ADH;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report";
#resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver 127.0.0.1;
resolver_timeout 10s;

# config to enable HSTS(HTTP Strict Transport Security) to avoid ssl stripping https://en.wikipedia.org/wiki/SSL_stripping#SSL_st...
add_header Strict-Transport-Security "max-age=31536000";

location / {
# Front Controller Pattern
# Roundcube doesn't require the query string /index.php?q=$uri&$args, and can read from REQUEST_URI /index.php
try_files $uri $uri/ /index.php;
auth_basic "Restricted"; #For Basic Auth
auth_basic_user_file /etc/nginx/.htpasswd; #For Basic Auth
}

# Deny access to the following files
location ~ ^/(README.md|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
deny all;
}

# Deny access to the following directories
location ~ ^/(config|temp|logs)/ {
deny all;
}

# Deny access to hidden/important files e.g: .htaccess .htpasswd
location ~ /\. {
access_log off;
log_not_found off;
deny all;
}


location = /favicon.ico {
access_log off;
log_not_found off;
}

location ~* \.(?:v|s|css|js|jp?g|gif|png|ico|mp3|wav|swf)$ {
expires 1y;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
fastcgi_hide_header Set-Cookie;
access_log off;
}

# Pass the PHP scripts to FastCGI server (locally with unix: param to avoid network overhead)
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/tmp/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}

}


и еще один сабдомен с таким же конфигом...
Подскажите пожалуйста, где ошибка?

Спасибо!
  • Вопрос задан
  • 5264 просмотра
Решения вопроса 1
sim3x
@sim3x
server {

# listen 80; не нужно сулшать не https порт
listen 443 ssl spdy;

server_name webmail.domain.com;


можно ли сделать default host чтобы показывал его nginx в случае, когда поддомена не существует?

нужно регулярку пилить - указать все существующие имена
server_name "~^(^webmail|www)\.domain\.com$";
Ответ написан
Пригласить эксперта
Ваш ответ на вопрос

Войдите, чтобы написать ответ

Похожие вопросы