Multidomain - Redirect problem

Question

Multidomain - Redirect problem

Closed this issue 7 years ago · 8 comments

We also have a multidomain redirect problem where even if we use the "prioritized" one we redirecting all traffic from domain2.com to https://domain1.com when using redirect=https

Answer 1 · 2017-03-27T22:15:58.000Z

I believe the other projects handle this by using the first listed domain as the primary domain - certificates get grouped under the primary domain, but I am not sure about the redirect.

2 thoughts:

rgon.redirect=https://domain.com instead of =true
Add an extra label to specify primary domain to receive redirects

Answer 2 · 2017-03-28T06:46:36.000Z

Thats something i want avoid - There are a plenty of Frameworks or CM Systems out there which have the capability to use multidomains in one app. Something like:
www.example.com -> ships the User frontend
api.example.com -> ships only json

Answer 3 · 2017-03-28T06:48:51.000Z

The acmetool writes both domains into the live folder but symlink them to the same certificate so we can create 2 server blocks or something like that.
Maybe we can use some nginx variable magic to redirect http to the right https domain without generating to much server blocks

Answer 4 · 2017-03-28T09:58:07.000Z

For the redirects we can use $hostname from nginx to redirect to the specific https domain

Answer 5 · 2017-03-31T08:29:41.000Z

#27 uses $hostname from nginx to redirect each domain to the right https version

Answer 6 · 2017-04-20T17:22:52.000Z

Just did some testing, and we found that $hostname ended up redirecting the browser to whatever the container hostname is set to, not the actual domain name in question. We can't guarantee that the container hostname will be set to the desired domain name, so this needs to change.

I propose that we use the primary domain for redirection. For example, the config looks like this:

{{- define "httpServer"}}
  {{- $domain := index .domains 0}}
  server_name {{join .domains " "}};
  listen 80;
  access_log /var/log/nginx/access.log vhost;

  location ^~ /.well-known/acme-challenge/ {
    proxy_pass http://acmetool;
    break;
  }

  {{ if .should_redirect }}
    return 301 https://$hostname$request_uri;
  {{- else }}
    {{- template "locationBlock" (dict "domain" $domain)}}
  {{ end -}}
{{- end}}

... since $domain references the first domain in the map, it should instead be this:

{{- define "httpServer"}}
  {{- $domain := index .domains 0}}
  server_name {{join .domains " "}};
  listen 80;
  access_log /var/log/nginx/access.log vhost;

  location ^~ /.well-known/acme-challenge/ {
    proxy_pass http://acmetool;
    break;
  }

  {{ if .should_redirect }}
    return 301 https://{{$domain}}$request_uri;
  {{- else }}
    {{- template "locationBlock" (dict "domain" $domain)}}
  {{ end -}}
{{- end}}

Answer 7 · 2017-04-20T20:48:25.000Z

After more testing, it appears that $host is the best way to go!

{{- define "httpServer"}}
  {{- $domain := index .domains 0}}
  server_name {{join .domains " "}};
  listen 80;
  access_log /var/log/nginx/access.log vhost;

  location ^~ /.well-known/acme-challenge/ {
    proxy_pass http://acmetool;
    break;
  }

  {{ if .should_redirect }}
    return 301 https://$host$request_uri;
  {{- else }}
    {{- template "locationBlock" (dict "domain" $domain)}}
  {{ end -}}
{{- end}}

Answer 8 · 2017-05-24T20:30:45.000Z

feature is implemented in the dev branch