We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Wrong SSL when nginx proxy disabled for a given site?
Wrong SSL when nginx proxy disabled for a given site?
Hello. I have ubuntu running vestacp with nginx as proxy and apache serving few websites, all having valid SSL from letsencrypt.
If I disable nginx proxy for any website, when I try to access https://url I'm getting SSL error - cause nginx serves it from another website, on which I didnt disable nginx as proxy.
Whenever I access https://url:8443 - direct apache2 ssl port - I'm getting correct SSL response.
I checked nginx config, it has no default SSL configuration :( Is this a normal behavior or my installation is corrupted?
Is it possible to solve this?
Thanks.
If I disable nginx proxy for any website, when I try to access https://url I'm getting SSL error - cause nginx serves it from another website, on which I didnt disable nginx as proxy.
Whenever I access https://url:8443 - direct apache2 ssl port - I'm getting correct SSL response.
I checked nginx config, it has no default SSL configuration :( Is this a normal behavior or my installation is corrupted?
Is it possible to solve this?
Thanks.
Re: Wrong SSL when nginx proxy disabled for a given site?
Upon digging more into this issue I reached dead end.
You can have only 1 app listening on the port. So Once NGINX is up, all goes through it. When u disable nginx in VestaCP - it removes specific nginx conf file.
Now, when u try to access that domain over SSL, nginx has no clue what to do with that request, so it goes on default site conf, getting SSL cert from it, that's why u get an SSL mismatch.
While it's possible to catch_all requests like these, u have to specify cert file anyway, no way around it. There is blind TCP proxy option, but u cant have that up for specific domains, cause it has now clue what's server_name is.
So dead end. You cant disable nginx as proxy and have proper SSL up. :(
You can have only 1 app listening on the port. So Once NGINX is up, all goes through it. When u disable nginx in VestaCP - it removes specific nginx conf file.
Now, when u try to access that domain over SSL, nginx has no clue what to do with that request, so it goes on default site conf, getting SSL cert from it, that's why u get an SSL mismatch.
While it's possible to catch_all requests like these, u have to specify cert file anyway, no way around it. There is blind TCP proxy option, but u cant have that up for specific domains, cause it has now clue what's server_name is.
So dead end. You cant disable nginx as proxy and have proper SSL up. :(