Multiple domains for same NC with Nginx

Good day,
Please help me to set up second domain to use with the same NC instance.

here are my carrent settings:

Domain 1 nginx settings

upstream php-handler {
    server unix:/var/run/php/php7.4-fpm.sock;
}

server {
    listen 80;
    listen [::]:80;
    server_name cloud.example1.net;
    return 301 https://$server_name:443$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name cloud.example1.net;

    ssl_certificate /etc/letsencrypt/live/cloud.example1.net/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/cloud.example1.net/privkey.pem;

    ssl_dhparam /etc/nginx/ssl/dhparams.pem;
    ssl_trusted_certificate /etc/letsencrypt/cloud.example1.net/ca.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AE>
    ssl_ecdh_curve secp521r1:secp384r1;
    ssl_prefer_server_ciphers on;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_session_timeout 24h;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;

    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
    add_header Referrer-Policy "no-referrer" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Download-Options "noopen" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Permitted-Cross-Domain-Policies "none" always;
    add_header X-Robots-Tag "none" always;
    add_header X-XSS-Protection "1; mode=block" always;

    fastcgi_hide_header X-Powered-By;

    access_log off;

    }

    location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
        try_files $uri /index.php$request_uri;
        # Optional: Don't log access to other assets
        access_log off;
    }

    location /.well-known/carddav {
            return 301 $scheme://$host/remote.php/dav;
    }

    location /.well-known/caldav {
            return 301 $scheme://$host/remote.php/dav;
    }

    rewrite ^/.well-known/webfinger /index.php$uri redirect;
    rewrite ^/.well-known/nodeinfo /index.php$uri redirect;

}

Domain 2 settings

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name cloud.example2.net;

    ssl_certificate /etc/letsencrypt/live/cloud.example2.net/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/cloud.example2.net/privkey.pem;

    ssl_dhparam /etc/nginx/ssl/dhparams.pem;
    ssl_trusted_certificate /etc/letsencrypt/cloud.example2.net/ca.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AE>
    ssl_ecdh_curve secp521r1:secp384r1;
    ssl_prefer_server_ciphers on;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_session_timeout 24h;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;

    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
    add_header Referrer-Policy "no-referrer" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Download-Options "noopen" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Permitted-Cross-Domain-Policies "none" always;
    add_header X-Robots-Tag "none" always;
    add_header X-XSS-Protection "1; mode=block" always;

    fastcgi_hide_header X-Powered-By;

    access_log off;

    }

    location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
        try_files $uri /index.php$request_uri;
        # Optional: Don't log access to other assets
        access_log off;
    }

    location /.well-known/carddav {
            return 301 $scheme://$host/remote.php/dav;
    }

    location /.well-known/caldav {
            return 301 $scheme://$host/remote.php/dav;
    }

    rewrite ^/.well-known/webfinger /index.php$uri redirect;
    rewrite ^/.well-known/nodeinfo /index.php$uri redirect;

}

nano /etc/hosts

127.0.0.1 cloud.example1.net
127.0.0.1 cloud.example2.net

If I put the config in an extra file nginx is not restarting, if I put it in the same file of the Domain 1 that runs well it is restarting but the Domain 2 is not reachable.

Thanks!

Hi @W202mg

Im not an nginx expert. But why not just use one configuartion for both domains?

server_name cloud.example1.net cloud.example2.net;

The first name will then be used as canonical name and the second one as an alias, similiar to Apache’s ServerName and ServerAlias directives…

I think this is something for wildcard domains, otherwise the SSL cert wil be not working.

Ah yes, you’re right. This only works with diffrent subdomains of the same domain name, but not with diffrent domain names. Unfortunately, I don’t know why the separate files / server blocks don’t work. As I said, I don’t really know much about nginx… I assume that the second config is enabled and that a corresponding DNS record exists and is resolved correctly…

For the moment I can get connected to my example2.net but I see only the nginx page. I had to comment out several lines because nginx was not starting with them.

#upstream php-handler {
 #   server unix:/var/run/php/php7.4-fpm.sock;
#}

server {
    listen 80;
    listen [::]:80;
    server_name cloud.example2.net;
    return 301 https://$server_name:443$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name cloud.example2.net;

    ssl_certificate /etc/letsencrypt/live/cloud.example2.net/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/cloud.example2.net/privkey.pem;

    ssl_dhparam /etc/nginx/ssl/dhparams.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/cloud.example2.net/cert.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384';
    ssl_ecdh_curve secp521r1:secp384r1;
    ssl_prefer_server_ciphers on;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_session_timeout 24h;
#    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;

    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
    add_header Referrer-Policy "no-referrer" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Download-Options "noopen" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Permitted-Cross-Domain-Policies "none" always;
    add_header X-Robots-Tag "none" always;
    add_header X-XSS-Protection "1; mode=block" always;

    fastcgi_hide_header X-Powered-By;

    access_log off;

    }

#    location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
 #       try_files $uri /index.php$request_uri;
        # Optional: Don't log access to other assets
#        access_log off;
#    }

 #   location /.well-known/carddav {
  #          return 301 $scheme://$host/remote.php/dav;
 #   }

#    location /.well-known/caldav {
 #           return 301 $scheme://$host/remote.php/dav;
 #   }

#    rewrite ^/.well-known/webfinger /index.php$uri redirect;
 #   rewrite ^/.well-known/nodeinfo /index.php$uri redirect;