search

eustasy / Bubbly

BASH: Better SSL in Nginx in 10 minutes. Configuration files and setup scripts for Certbot.
MIT License
218 stars 21 forks source link

Setting up multiple domains #2

Closed spamguy closed 8 years ago

spamguy commented 8 years ago

This has been an outstanding resource. Thank you!

The nginx configuration seems to break down after one domain instance per server, though. For example, the configuration works (mostly) out of the box for domain.com. (I swapped SPDY for HTTP/2 and added WebSockets support, but that's it.)

If I apply the same procedure with blog.domain.com (with a different Let's Encrypt certificate, obviously) and run them simultaneously, I get this nginx alert:

 * Restarting nginx nginx
nginx: [emerg] duplicate listen options for [::]:80 in /etc/nginx/conf.d/wordpress.conf:3

What would you recommend to permit n servers with n certificates to run simultaneously and independently on SSL/{SPDY|HTTP2}?

lewisgoddard commented 8 years ago

I think this is actually a duplicate of the other issue you filed. The ipv6only=on was failing to be set a second time. The config contains one redirect for http, one for https, and the actual https site, hence the default config was failing on [::]:443 out of the box, and adding a second site would fail on [::]:80 because it makes a second http server..

lewisgoddard commented 8 years ago

To clarify, fixing this is just removing all instances of ipv6only=on. They are unnecessary.

spamguy commented 8 years ago

You're right, the above error was indeed a symptom of #3. (Thanks!) I took ipv6only=on out, then took out mentions of default_server in blog.domain.com. Upon restarting, I got a few warnings:

nginx: [warn] conflicting server name "domain.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "blog.domain.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "domain.com" on [::]:443, ignored
nginx: [warn] conflicting server name "blog.domain.com" on [::]:443, ignored
nginx: [warn] conflicting server name "domain.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "blog.domain.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "domain.com" on [::]:443, ignored
nginx: [warn] conflicting server name "blog.domain.com" on [::]:443, ignored

I think, as-is, both servers are fighting over 443. I had tried and failed earlier to arrange some upstream method, but I might have more luck tomorrow with #3 out of the way. If you have any other thoughts, though, send them my way.

Unrelated note not worth a separate ticket: I noticed you have HTTP/2 support in your TODO. I have a working setup on my machine. If you have no particular fancy plans, I can throw in what I have as a commented out portion.

lewisgoddard commented 8 years ago

Huh, you shouldn't be getting that. Check all your server blocks that are listening to 443 and see what domains are listed. And yeah, I'd love a pull request for HTTP/2 support, but I don't want it as the default until it's out of mainline and into stable.