In your current Nginx configuration, you have two server blocks handling requests for example1.com and www.example1.com. The HTTP (port 80) server block redirects to HTTPS version of www.example1.com, while the HTTPS (port 443) server block proxies requests to your Django application running on port 8001.
When you added example2.company.com to point to the same server, you encountered an issue where HTTP requests to this domain were being redirected to www.example1.com instead of staying within the same domain's HTTPS version.
Here's the complete Nginx configuration that handles both domains properly:
# HTTP server block for example1.com
server {
listen 80;
server_name example1.com www.example1.com;
return 301 https://www.example1.com$request_uri;
}
# HTTP server block for example2.company.com
server {
listen 80;
server_name example2.company.com www.example2.company.com;
return 301 https://example2.company.com$request_uri;
}
# HTTPS server block for example1.com
server {
listen 443 ssl;
server_name example1.com www.example1.com;
ssl_certificate /etc/ssl/company/company.com.chained.crt;
ssl_certificate_key /etc/ssl/company/www.company.com.key;
# SSL configuration remains the same as original
ssl_session_timeout 20m;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 20M;
location / {
proxy_pass http://127.0.0.1:8001;
proxy_connect_timeout 300s;
proxy_read_timeout 300s;
}
location /static/ {
alias /home/apps/webapp/company/new_media/;
}
location /media/ {
alias /home/apps/webapp/company/media/;
}
}
# HTTPS server block for example2.company.com
server {
listen 443 ssl;
server_name example2.company.com www.example2.company.com;
# You'll need separate SSL certificates for this domain
ssl_certificate /etc/ssl/company/example2.company.com.chained.crt;
ssl_certificate_key /etc/ssl/company/example2.company.com.key;
# Same SSL configuration as above
ssl_session_timeout 20m;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 20M;
location / {
proxy_pass http://127.0.0.1:8001;
proxy_connect_timeout 300s;
proxy_read_timeout 300s;
}
location /static/ {
alias /home/apps/webapp/company/new_media/;
}
location /media/ {
alias /home/apps/webapp/company/media/;
}
}1. You need separate SSL certificates for each domain. While it's possible to use wildcard certificates or SAN certificates, it's generally cleaner to have separate certificates for each domain.
2. The HTTP server blocks should handle only the redirection logic, while the HTTPS blocks contain the actual application configuration.
3. Make sure to test your configuration with nginx -t before reloading Nginx.
If you're still experiencing issues, check these:
# Check which server block is handling requests
tail -f /var/log/nginx/access.log
# Verify DNS resolution
dig example2.company.com
# Test redirects without browser cache
curl -v http://example2.company.comIf you need to handle multiple subdomains dynamically, consider this pattern:
server {
listen 80;
server_name ~^(www\.)?(?.+)$;
return 301 https://$domain$request_uri;
} When running multiple domains on a single server with Nginx, improper redirection handling can lead to domain leaks where requests for Domain B get redirected to Domain A. Here's the complete solution for maintaining proper domain isolation.
The existing configuration has two critical issues:
- Missing separate server block for example2.company.com
- Default HTTPS redirection applies only to primary domain
Here's the corrected configuration that handles both domains properly:
# HTTP redirect for primary domain
server {
listen 80;
server_name example1.com www.example1.com;
location / {
return 301 https://www.example1.com$request_uri;
}
}
# HTTP redirect for secondary domain
server {
listen 80;
server_name example2.company.com www.example2.company.com;
location / {
return 301 https://example2.company.com$request_uri;
}
}
# HTTPS configuration for primary domain
server {
listen 443 ssl;
server_name example1.com www.example1.com;
ssl_certificate /etc/ssl/company/company.com.chained.crt;
ssl_certificate_key /etc/ssl/company/www.company.com.key;
# ... other SSL settings remain same ...
location / {
proxy_pass http://127.0.0.1:8001;
proxy_connect_timeout 300s;
proxy_read_timeout 300s;
}
location /static/ {
alias /home/apps/webapp/company/new_media/;
}
location /media/ {
alias /home/apps/webapp/company/media/;
}
}
# HTTPS configuration for secondary domain
server {
listen 443 ssl;
server_name example2.company.com www.example2.company.com;
ssl_certificate /etc/ssl/company/example2.company.com.chained.crt;
ssl_certificate_key /etc/ssl/company/example2.company.com.key;
# ... other SSL settings remain same ...
location / {
proxy_pass http://127.0.0.1:8001;
proxy_connect_timeout 300s;
proxy_read_timeout 300s;
}
location /static/ {
alias /home/apps/webapp/company/new_media/;
}
location /media/ {
alias /home/apps/webapp/company/media/;
}
}
For this to work properly, ensure:
- Each domain has its own SSL certificate
- The DNS records for both domains point to your server IP
- You test with
curl -I http://example2.company.comto verify 301 redirects
If using a wildcard certificate (*.company.com), simplify the config:
server {
listen 443 ssl;
server_name *.company.com;
ssl_certificate /etc/ssl/company/wildcard.company.com.crt;
ssl_certificate_key /etc/ssl/company/wildcard.company.com.key;
# ... rest of config ...
}