I've got a server using wildcard subdomains. I'm using nuxtjs, nginx that runs on a reverse proxy on port 3000. Every user should be able to create a subdomain on the site, for example subdomain.learnbot.tk this will then point to learnbot.tk/school/{subdomain-name}. Every user should be able to create a cname that points to their own subdomain.learnbot.tk.
But when I create a CNAME record with host as @ and target as subdomain.learnbot.tk using domain name https://creatorbrandedsite.tk/ it returns 404.
Here's my conf file for wildcard subdomains:
server {
listen 80;
server_name *.learnbot.tk;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
#include snippets/ssl-example.com.conf;
#include snippets/ssl-params.conf;
ssl_certificate /etc/letsencrypt/live/learnbot.tk/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/learnbot.tk/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
root /home/subdomain/learnbot.tk/public/current;
index index.php index.html index.htm index.nginx-debian.html;
server_name *.learnbot.tk;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /blog {
try_files $uri $uri/ /index.php$is_args$args;
}
# For Lets Encrypt certbot
location ~ /.well-known {
allow all;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location /favicon.ico { alias /var/www/html/example/favicon.ico; }
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
}
nuxtjs conf file for main domain
server {
index index.html;
server_name learnbot.tk www.learnbot.tk;
location / {
# WARNING: https in proxy_pass does NOT WORK!! I spent half a day debugging this.
#proxy_pass https://localhost:4001;
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
error_page 404 /custom_404.html;
location = /custom_404.html {
root /etc/nginx/sites-available/custom_nginx_error_pages;
internal;
}
listen [::]:443 ssl http2; # managed by Certbot, modified by Kunal to add http2
listen 443 ssl http2; # managed by Certbot, modified by Kunal to add http2
#Install SSL certificates and configure https:// on a per-domain-basis by running:
#sudo certbot --nginx
#(when prompted, be sure to select the option to set up redirects from http to https and effectively "disable" http)
ssl_certificate /etc/letsencrypt/live/learnbot.tk/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/learnbot.tk/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
server_name learnbot.tk;
if ($host = learnbot.tk) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
return 404; # managed by Certbot
}
Latest comments (2)
First, you shouldn't be using a CNAME at the zone apex. It will have strange consequences that will be really difficult to debug.
Second,
creatorbrandedsite.tkdoesn't match any oflearnbot.tk,www.learnbot.tkor*.learnbot.tkso no servers match whencreatorbrandedsite.tkis in the host request header. The request, then, will be served by the default server -- that's either one you've identified with default_server or the first one defined in the NGINX config. Is that default server set up to handle requests correctly?Third, you'll likely get more answers asking things like this on Server Fault
@irgeek thanks a ton for your response, but I don't quite understand what the solution you are proposing is here.. (I did try to read the article you listed)