Vesta Control Panel - Forum

Community Forum

Skip to content

Advanced search
  • Quick links
    • Main site
    • Github repo
    • Google Search
  • FAQ
  • Login
  • Register
  • Board index Main Section Web Server
  • Search

Wrong SSL when nginx proxy disabled for a given site?

Questions regarding the Web Server
Apache + Nginx, Nginx + PHP5-FPM
Post Reply
  • Print view
Advanced search
2 posts • Page 1 of 1
hostmit
Posts: 5
Joined: Sun Apr 28, 2019 2:41 pm

Os: Ubuntu 15x
Web: apache + nginx
Wrong SSL when nginx proxy disabled for a given site?
  • Quote

Post by hostmit » Sun Apr 28, 2019 2:52 pm

Hello. I have ubuntu running vestacp with nginx as proxy and apache serving few websites, all having valid SSL from letsencrypt.

If I disable nginx proxy for any website, when I try to access https://url I'm getting SSL error - cause nginx serves it from another website, on which I didnt disable nginx as proxy.
Whenever I access https://url:8443 - direct apache2 ssl port - I'm getting correct SSL response.

I checked nginx config, it has no default SSL configuration :( Is this a normal behavior or my installation is corrupted?

Is it possible to solve this?

Thanks.
Top

hostmit
Posts: 5
Joined: Sun Apr 28, 2019 2:41 pm

Os: Ubuntu 15x
Web: apache + nginx
Re: Wrong SSL when nginx proxy disabled for a given site?
  • Quote

Post by hostmit » Mon Apr 29, 2019 6:27 am

Upon digging more into this issue I reached dead end.

You can have only 1 app listening on the port. So Once NGINX is up, all goes through it. When u disable nginx in VestaCP - it removes specific nginx conf file.
Now, when u try to access that domain over SSL, nginx has no clue what to do with that request, so it goes on default site conf, getting SSL cert from it, that's why u get an SSL mismatch.

While it's possible to catch_all requests like these, u have to specify cert file anyway, no way around it. There is blind TCP proxy option, but u cant have that up for specific domains, cause it has now clue what's server_name is.

So dead end. You cant disable nginx as proxy and have proper SSL up. :(
Top


Post Reply
  • Print view

2 posts • Page 1 of 1

Return to “Web Server”



  • Board index
  • All times are UTC
  • Delete all board cookies
  • The team
Powered by phpBB® Forum Software © phpBB Limited
*Original Author: Brad Veryard
*Updated to 3.2 by MannixMD
 

 

Login  •  Register

I forgot my password