Join Log in
Score:0
br4nnigan avatar Server

domain config leaks into subdomain?

br flag
br4nnigan

I realized the configuration of mydomain.com (namely csp rules from included conf.d/myheaders.conf) is leaking into the subdomain or lets say the subdomain inherits it somehow. Is that normal and how to configure it differently?

mydomain conf:

server {
    listen 443 ssl; # managed by Certbot

    listen 8448 ssl http2;

    server_name mydomain.com ;

    root /var/www/mydomain;

    index index.html index.htm index.php index.nginx-debian.html;
        

    ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
    
    location / {
        include includes/headers.ngx;
        include conf.d/myheaders.conf;

        location ~* "\.(?:css|js)$" {
            include     includes/headers.ngx;
            include     conf.d/myheaders.conf;
            include     includes/.static-files-one-year.ngx;
        }
        location ~* "(?:^/(?:browserconfig|crossdomain)\.xml|\.(?:3gp|cur|eot|gif|htc|ico|jng|jpe?g|mp(?:3|4)|og(?:g|v)|otf|png|svgz?|swf|tiff?|ttc|ttf|txt|wav|web(?:m|p)|woff2?))$" {
            include     includes/headers.ngx;
            include     conf.d/myheaders.conf;
            include     includes/.static-files-one-month.ngx;
        }
        location ~* "\.(?:rss|atom)$" {
            include     includes/headers.ngx;
            include     conf.d/myheaders.conf;
            include     includes/.static-files-one-hour.ngx;
        }
        location ~* "\.(?:manifest|appcache|html?|xml|json)$" {
            add_header Cache-Control "no-cache, must-revalidate";
            include     includes/headers.ngx;
            include     conf.d/myheaders.conf;
            include     includes/.static-files-none.ngx;
        }
        location /_matrix {
            proxy_pass http://127.0.0.1:8008;
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header Host $host;
        }
        location /.well-known/matrix/server {
            return 200 '{"m.server": "enterthematrix.mydomain.com:443"}';
            add_header Content-Type application/json;
        }
        location /.well-known/matrix/client {
            return 200 '{"m.homeserver": {"base_url": "https://enterthematrix.mydomain.com"},"m.identity_server": {"base_url": "https://vector.im"}}';
            add_header Content-Type application/json;
            add_header "Access-Control-Allow-Origin" *;
        }

        include /etc/nginx/bots.d/ddos.conf; 
        include /etc/nginx/bots.d/blockbots.conf;

        sub_filter_once off;
        sub_filter ijasdi4ijjiadaioq $request_id;

        try_files $uri $uri/ =404;
    }
}

subdomain conf:

server {
    server_name dimension.mydomain.in.net ;

    root /var/www/mydomain/matrix-dimension;

    index index.html;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://localhost:8184;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    include /etc/nginx/bots.d/ddos.conf; 
    include /etc/nginx/bots.d/blockbots.conf;
}

and this is my default:

server {
    server_name _
    listen 80 default_server;
    listen 443 ssl default_server; # managed by Certbot

    ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    sl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    root /var/www/mydomain;

    index 444.html index.html index.htm index.nginx-debian.html;

    return 444;
}
15
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.