When I go on page first.pl - I don't have problem. But when I go to forum.second - have error on IE. When I switch default in listen, then work on forum.second - but on first.pl have error.
Can you help me? (This is the same IP adress).
cat first.pl.conf
upstream first-pl-webservers {
server 10.10.11.104:80;
}
server {
listen 80;
server_name first.pl;
rewrite ^(.*) scheme://$host$1 permanent;
}
server {
listen 443 default;
server_name first.pl;
server_tokens off;
ssl_certificate /etc/nginx/ssl/first_pl/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/first_pl/first.pl.key;
ssl_dhparam /etc/nginx/ssl/first_pl/dhparams.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
location / {
access_log /var/log/nginx/access-first.pl.log;
error_log /var/log/nginx/error-first.pl.log;
proxy_pass http://first-pl-webservers/;
proxy_redirect https://server_name http://first-pl-webservers/;
proxy_read_timeout 3500;
proxy_connect_timeout 3250;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header SSL_PROTOCOL $ssl_protocol;
proxy_set_header SSL_CLIENT_CERT $ssl_client_cert;
proxy_set_header SSL_CLIENT_VERIFY $ssl_client_verify;
proxy_set_header SSL_SERVER_S_DN $ssl_client_s_dn;
}
}
and second on same machine:
#HTTPS server
server {
listen 80;
server_name forum.second;
return 301 https://forum.second$request_uri;
# rewrite ^(.*) https://forum.second$1 permanent;
}
server {
listen 443 ssl;
ssl on;
server_name forum.second;
server_tokens off;
access_log /var/log/nginx/access-forum.log;
error_log /var/log/nginx/error-forum.log;
if ($scheme = http) {
return 301 https://forum.second$request_uri;
# rewrite ^(.*) https://forum.second$1 permanent;
}
location / {
access_log /var/log/nginx/access-forum.second.log;
error_log /var/log/nginx/error-forum.second.log;
proxy_pass_header Server;
proxy_set_header Host $host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_ssl_session_reuse off;
proxy_pass http://10.10.12.101:80; #http://localhost:8888;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
ssl_certificate /etc/nginx/ssl/forum-pl/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/forum-pl/forumorg.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
# ssl_session_timeout 10m;
ssl_dhparam /etc/nginx/ssl/forum-pl/dhparams.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
}
How can I set it property and don't use default?