My current nginx configuration is as follows:
specific configuration for (currently two) domains:
server {
listen 443 ssl;
server_name studiotv.service.tebusco.lan phpmyadmin.service.tebusco.lan;
ssl_certificate /home/administrador/nginx-confs/ssl/service.tebusco.lan.crt;
ssl_certificate_key /home/administrador/nginx-confs/ssl/service.tebusco.lan.key;
location / {
proxy_pass http://127.0.0.1:8180;
proxy_set_header Host $http_host:8180;
}
}
default configuration for unmatched ssl connections:
server {
listen 443 default ssl;
ssl_certificate /home/administrador/nginx-confs/ssl/service.tebusco.lan.crt;
ssl_certificate_key /home/administrador/nginx-confs/ssl/service.tebusco.lan.key;
location / {
return 403;
}
}
http configuration:
server {
listen 80;
rewrite ^ https://$host$request_uri? permanent;
}
The intention is clear:
Redirect http traffic to https.
Proxy each https:// call from phpmyadmin.service.tebusco.lan and studiotv.service.tebusco.lan to apache2. This includes passing a host header, which is detected.
Each unmatched ssl connection must return a 403 in nginx. Does not even reach apache2.
In the apache2 side of the life, I have a default site, and a non-default site which will match studiotv.service.tebusco.lan:
000-default.conf file (available and enabled):
<VirtualHost 127.0.0.1:8180>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName localhost
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
<Directory /var/www/html>
Order deny,allow
Require all granted
</Directory>
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
studiotv.conf file (available and enabled):
<VirtualHost *:8180>
ServerName studiotv.service.tebusco.lan
ServerAdmin
[email protected]
DocumentRoot /var/www/studiotv
<Directory /var/www/studiotv/>
Options -Indexes +FollowSymLinks
AllowOverride None
Order deny,allow
Allow from all
Require all granted
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
# No usamos ${APACHE_LOG_DIR} sino en su lugar /var/log/<host>
ErrorLog /var/log/apache2/studiotv/error.log
CustomLog /var/log/apache2/studiotv/access.log combined
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
However, when I hit the browser with http://studiotv.service.tebusco.lan, the default php page is shown instead.
Question: What am I missing? (apache
2.
4.7, nginx 1.6.0, ubuntu server 14.04).