DEV Community

KP
KP

Posted on

How to point cname to nginx server that uses reverse-proxy?

I've got a server using wildcard subdomains. I'm using nuxtjs, nginx that runs on a reverse proxy on port 3000. Every user should be able to create a subdomain on the site, for example subdomain.learnbot.tk this will then point to learnbot.tk/school/{subdomain-name}. Every user should be able to create a cname that points to their own subdomain.learnbot.tk.

But when I create a CNAME record with host as @ and target as subdomain.learnbot.tk using domain name https://creatorbrandedsite.tk/ it returns 404.

Here's my conf file for wildcard subdomains:

            server {
            listen 80;

            server_name *.learnbot.tk;
            return 301 https://$server_name$request_uri;
        }

        server {
            listen 443 ssl http2 default_server;
            listen [::]:443 ssl http2 default_server;
            #include snippets/ssl-example.com.conf;
            #include snippets/ssl-params.conf;

            ssl_certificate /etc/letsencrypt/live/learnbot.tk/fullchain.pem; # managed by Certbot
            ssl_certificate_key /etc/letsencrypt/live/learnbot.tk/privkey.pem; # managed by Certbot
            include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
            ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

            root /home/subdomain/learnbot.tk/public/current;
            index index.php index.html index.htm index.nginx-debian.html;

            server_name *.learnbot.tk;

            location / {
                proxy_pass http://localhost:3000;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
            }

            location /blog {
                try_files $uri $uri/ /index.php$is_args$args;
            }

            # For Lets Encrypt certbot
            location ~ /.well-known {
                allow all;
            }

            location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php7.0-fpm.sock;
            }

            location ~ /\.ht {
                deny all;
            }

            location /favicon.ico { alias /var/www/html/example/favicon.ico; }
            location = /favicon.ico { log_not_found off; access_log off; }
            location = /robots.txt { log_not_found off; access_log off; allow all; }
    }

nuxtjs conf file for main domain

        server {
        index index.html;
        server_name learnbot.tk www.learnbot.tk;

        location / {
            # WARNING: https in proxy_pass does NOT WORK!! I spent half a day debugging this.
            #proxy_pass https://localhost:4001;
            proxy_pass http://localhost:3000;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
        }


        error_page 404 /custom_404.html;
        location = /custom_404.html {
            root /etc/nginx/sites-available/custom_nginx_error_pages;
            internal;
        }

        listen [::]:443 ssl http2; # managed by Certbot, modified by Kunal to add http2
        listen 443 ssl http2; # managed by Certbot, modified by Kunal to add http2

        #Install SSL certificates and configure https:// on a per-domain-basis by running:
        #sudo certbot --nginx
        #(when prompted, be sure to select the option to set up redirects from http to https and effectively "disable" http)
        ssl_certificate /etc/letsencrypt/live/learnbot.tk/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/learnbot.tk/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    }

    server {
        server_name learnbot.tk;
        if ($host = learnbot.tk) {
            return 301 https://$host$request_uri;
        } # managed by Certbot

        listen 80;
        listen [::]:80;
        return 404; # managed by Certbot
    }

Discussion (2)

Collapse
irgeek profile image
James Sinclair

First, you shouldn't be using a CNAME at the zone apex. It will have strange consequences that will be really difficult to debug.

Second, creatorbrandedsite.tk doesn't match any of learnbot.tk, www.learnbot.tk or *.learnbot.tk so no servers match when creatorbrandedsite.tk is in the host request header. The request, then, will be served by the default server -- that's either one you've identified with default_server or the first one defined in the NGINX config. Is that default server set up to handle requests correctly?

Third, you'll likely get more answers asking things like this on Server Fault

Collapse
kp profile image
KP Author

@irgeek thanks a ton for your response, but I don't quite understand what the solution you are proposing is here.. (I did try to read the article you listed)