Set the "default" virtual-host (with NGINX) when by IP and all websites are bound to wildcard (*)

Discussion in 'Installation/Configuration' started by cbj4074, Jun 18, 2015.

  1. cbj4074

    cbj4074 Member

    Hello!

    As a longtime ISPConfig user, this is something that has never felt straightforward to me. Knowing the ISPConfig developers, there is logic in the implementation, but it has been lost on me thus far.

    Say I have 10 websites, all of which are bound to all IP addresses ("listen *:80" in NGINX configuration). I've done this by setting "IPv4-Address" to "*" for all 10 websites, in the ISPConfig interface.

    How does one designate a specific site/virtual-host as the "default" virtual-host, and more specifically, the virtual-host that is selected when a user requests the IP address that is present in the domain's PTR (reverse-lookup) record?

    Basically, I wish to ensure that when a user-agent requests my server by IP address, NGINX always selects a specific virtual-host to service the request.

    I notice that the symbolic links in the "sites-enabled" directory contain a numeric prefix. ISPConfig's own virtual-hosts seem to be prefixed with "000-", ensuring that they are first in line.

    One of my sites has a "100-" prefix (this is the site that is selected when the user-agent requests the server by IP address). I have no idea why.

    The rest of my sites have a "900-" prefix. Again, it's not clear what setting within ISPConfig determines this prefix.

    I can't set the IP address for the virtual-host that I want to be the "default" explicitly in ISPConfig; doing this causes requests to all other virtual-hosts (that are still bound to "*") to be redirected to whichever virtual-host has been bound explicitly to the IP address in question.

    Surely there is a simple means by which to choose a "default" virtual-host, given the scenario I describe.

    Thanks in advance for any help with this!
     
    Last edited: Jun 18, 2015
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Apache and nginx will show the first website in alphabetical oder in that case. To create a default vhost, you have to create a website with a domain that always the fisrt in alphabet (does not matter if the domain exists). E.g. add a website with this fake domain "000default.tld".

    Thats determined by the auto subdomain *. All auto subdomain * domains have to be after all other domains, thats why the get a 900 prefix while domains with auto subdomain www or no auto subdomain get a 100 prefix. The reason is the same behaviour that I explained above for the default vhost, if you would have a website:

    *.domain.tld

    and

    www.domain.tld

    then the www.domain.tld would never get a single request as the *.domain.tld would catch all requests and not just the non www requests.

    You cant mix * and IP in vhosts that point to the same IP (on apache an nginx) as an IP is always a strnger match then a wildcard, so the site with the IP would get all requests independant of the domain name. So you can set all sites to * or all to the IP but you cant mix the two options.
     
  3. cbj4074

    cbj4074 Member

    I meant to thank you for this thorough explanation, Till. I appreciate it tremendously.

    I only have one follow-up question, which is regarding this bit:

    Suppose that I want to make an existing website that already has a real domain name the default website. How would I do that using this "trick"? Could I use an Aliasdomain or similar?
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes, you would use an alias domain. Change the current domain to something like 000-default.tld and then add the original domain back as aliasdomain.
     
    cbj4074 likes this.
  5. cbj4074

    cbj4074 Member

    Thanks for the quick reply, Till.

    Changing the current domain to 000-default.tld and adding the original domain back as an alias domain seems to work.

    The only drawback I've noticed thus far is that in PHP, $_SERVER['SERVER_NAME'] is set to "000-default.tld".

    How would you recommend overriding this value with the desired value?

    Also, suppose I want to redirect all requests that NGINX routes to 000-default.tld to the aliasdomain. For example, if someone requests the site by IP address, I want to forward the request to the aliasdomain. I tried adding the aliasdomain to 000-default.tld Website -> Redirect -> Redirect Path (with Permanent for the type), but this seems to create a redirect loop.

    Thanks again for your help!
     
  6. cbj4074

    cbj4074 Member

    P.S. I just lost a post again. I mentioned this problem a while back at https://www.howtoforge.com/communit...es-to-all-pools-in-php-fpm.69718/#post-329901 .

    I captured a sequence of screenshots that detail what just happened.

    1.) login-prompt.png This is what appeared after I finished composing my post clicked "Post Reply".

    login-prompt.png

    2.) security-error.png This is what happened after I entered my credentials and submitted the form that is pictured in the first screenshot.

    security-error.png

    3.) document-expired.png This is what happened when I followed the instructions in the above screenshot (click your browser's back button).

    document-expired.png

    So, I hit Back one more time, which brought me back to the post composition screen, but the contents of my post were old (I had been chipping away at the post over a period of hours). The draft that was displayed was either from yesterday or several hours prior.

    Am I doing something wrong?
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Maybe you can do that with a php prepend file.

    Regarding the post, the problem is probably the long time that you had the post open. Web systems have to protect themselves from csrf attacks, such an attack i basically a cross post coming from a different software or website, therefor each page with an input form has ahidden form field with a one-time token that expires after some time, so when a page is left open for hours then it can happen that this one time token has expired.
     
  8. cbj4074

    cbj4074 Member

    Okay, thanks for the info.

    Yes, the CSRF token bit makes sense. I just wish it was handled more elegantly so that the post contents were not lost under the scenario that I described. There's no technical reason for which the post contents cannot be retained in some fashion. But I suppose you are at the mercy of the forum software in that regard. Maybe they will fix it some day.

    Did you see this bit in my previous post? Any thoughts on that part?

    If I can get that working correctly I'll be quite happy. :)
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    I guess you have to add something like this:

    Code:
    if ($http_host != "www.aliasdomain.tld") {
    rewrite ^ $scheme://www.aliasdomain.tld$request_uri? permanent;
    }
     
    cbj4074 likes this.
  10. cbj4074

    cbj4074 Member

    Awesome! That works the way I'd like! Thank you, Till!
     

Share This Page