Join Log in
Score:1
DevOpsSauce avatar Server

Redirect secure domain to another via CNAME and an Nginx Docker Container

jp flag
DevOpsSauce

Update: I have appended a 2nd attempt at the bottom of this post. It is "working," but I would like to make my original idea work.

I am attempting to redirect an https request for a domain to another via a redirect server.

I will use https://website.com, https://website2.com, and https://myredirectserver.com for examples.

I have an SSL cert purchased for website.com, and it's DNS is CNAMED at www to myredirectserver.com. There is also an SSL cert for mywebsite2.com, and it currently sits on a server. All is well as a standalone domain.

myredirectserver.com has two Traffic Management A Records (high availability) that point to two IP addresses.

Those two IP addresses are NAT'd in a firewall to a proxy server.

On that proxy server, there is a Docker Container, running Alpine/Nginx.

The Dockerfile for the container:

FROM nginx:1.17.7-alpine    
RUN apk add --no-cache tzdata    
ENV TZ America/Chicago    
RUN rm /etc/nginx/conf.d/default.conf    
COPY myredirectserver.com.conf /etc/nginx/conf.d/myredirectserver.com.conf
RUN rm /etc/nginx/nginx.conf    
COPY nginx.conf /etc/nginx/nginx.conf    
COPY myredirectserver.com.crt /etc/nginx/ssl/myredirectserver.com.crt    
COPY myredirectserver.com.key /etc/nginx/ssl/myredirectserver.com.key    
COPY proxy_params /etc/nginx/proxy_params

The docker run portion to start it up (there are volumes mounted for dynamic config file creation via backend code):

docker run --name=myredirectserver --restart always --log-opt max-size=50m --log-opt max-file=5 -d -v /etc/nginx/myredirectserverBuild:/etc/nginx/myredirectserverBuild -v /etc/nginx/myredirectserverSSL:/etc/nginx/myredirectserverSSL -p 8224:443 -p 8223:80 myredirectserver

In that Docker Container, the Nginx config file is located in /etc/nginx/conf.d/myredirectserver.com.conf:

 #I DO NOT KNOW IF THIS IS CORRECT FOR WHAT I NEED
    server {
                listen 443 ssl;
    
                server_name myredirectserver.com www.myredirectserver.com;
                ssl_certificate /etc/nginx/ssl/myredirectserver.com.crt;
                ssl_certificate_key /etc/nginx/ssl/myredirectserver.com.key;
            }
            server {
                listen 80;
                server_name myredirectserver.com www.myredirectserver.com;
                return 301 https://www.myredirectserver.com$request_uri;
            }
    
    include /etc/nginx/myredirectserverBuild/*.conf;

The include file at the end contains the original requested domain, mywebsite.com.conf:

 ## www.mywebsite.com virtual host
        server {
            listen 443 ssl;

            server_name mywebsite.com www.mywebsite.com;
            ssl_certificate /etc/nginx/myredirectwebsiteSSL/mywebsite.com.crt;
            ssl_certificate_key /etc/nginx/myredirectwebsiteSSL/mywebsite.com.key;               
        }
        server {
            listen 80;
            server_name mywebsite.com www.mywebsite.com;
            return 301 https://www.mywebsite2.com$request_uri; <--- The redirect
        }

The website2.com domain is on the host server, and I can request that one just as normal. I just cannot figure out where I've gone wrong. I feel like it's in my Nginx config(s), but my Nginx syntax is not the greatest. Why is my return 301 not working and redirecting me to the domain?

A couple of notes during troubleshooting:

wget 0.0.0.0:8223 returns:

  --2021-07-26 23:44:19--  http://0.0.0.0:8223/
Connecting to 0.0.0.0:8223... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://www.mywebsite2.com/ [following]
--2021-07-25 23:44:19--  https://www.mywebsite2.com/
Resolving www.mywebsite2.com (www.mywebsite2.com)... XX.XXX.XXX.XXX
Connecting to www.mywebsite2.com (www.mywebsite2.com)|XX.XXX.XXX.XXX|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘index.html’

index.html                                               [ <=>                                                                                                                  ]  37.56K   231KB/s    in 0.2s    

2021-07-25 23:44:20 (231 KB/s) - ‘index.html’ saved [38461]

curl --resolve www.myredirectserver.com:8223:0.0.0.0 http://www.myredirectserver.com/ returns a timeout, as does the browser.

While on the local network, entering the IP of the Docker container in the address bar (192.168.69.140:8223) takes me to https://www.website2.com.

Entering https://192.168.69.140:8224 takes me to a security splash warning page. Click proceed, and it gives me a 404.

I am at a loss because I don't know how to handle the request when it reaches the IP of the CNAME myredirectserver.com. How can I tell Nginx to look at the original requested domain website.com?

Update (2nd attempt):

I stopped the Docker container, and changed the CNAME at the www level in DNS to point to an already existed Highly Available IP. I'll call it destinationserver.net. So basically:

`mywebsite.com`
|
|---> CNAME 'destinationserver.net'

`destinationserver.net`
|
|----> A XX.XXX.XXX.XXX --> Firewall --> Proxy

|----> A XX.XXX.XXX.XXX --> Firewall --> Proxy

On the destinationserver.net server, I have the following in the Nginx config for website.com:

# ## www.mywebsite.com virtual host
        server {
            listen 8222 ssl;

            server_name mywebsite.com www.mywebsite.com;
            ssl_certificate /etc/nginx/ssl/mywebsite.com.crt;
            ssl_certificate_key /etc/nginx/ssl/mywebsite.com.key;
            return 301 http://www.mywebsite2.com$request_uri;
        }
        server {
            listen 8221;
            server_name mywebsite.com www.mywebsite.com;
            return 301 https://www.mywebsite2$request_uri;
        }

As I stated in the 'Update' on the first line of the question, this is "working," but it would be nice to handle these redirects in a separate space, hence the Docker container idea.

573
1 + 0
Score:0
DevOpsSauce avatar Server
jp flag
DevOpsSauce

I have discarded the redirect server idea, and went instead with two things:

I added an ANAME (Alias) to the root domain so www requests would go to the same Highly Available traffic manager location as the non-www requests. Then, in the Nginx config, I added the following to redirect the requests:

# ## www.mywebsite.com virtual host
        server {
            listen 8222 ssl;

            server_name mywebsite.com www.mywebsite.com;
            ssl_certificate /etc/nginx/ssl/mywebsite.com.crt;
            ssl_certificate_key /etc/nginx/ssl/mywebsite.com.key;
            return 301 https://www.mywebsite2.com$request_uri;
        }
        server {
            listen 8221;
            server_name mywebsite.com www.mywebsite.com;
            return 301 https://www.mywebsite2$request_uri;
        }

This is working for what I need it to do, so unless anyone chimes in with a better method, I'll leave it as is.

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.