nginx with subdomains and two servers

I have two servers: the first one has the IP address 192.168.1.216 and is configured with the hostname hub.domain.tld (jupyterhub). The DNS record is pointing to the public IP address, and all requests on ports 80 and 443 are forwarded to 192.168.1.216.

The initial Nginx configuration on the first server was simple to set up and is functioning properly.

However, the issue arises with the second server, which is also configured with Nginx as described below. The problem is, that all requests made to vscode.domain.tld are being redirected to hub.domain.tld instead of 192.168.1.234:8080 (code-server)

However, when I move and add this configuration to the first server, everything works perfectly.

I want to split the configuration file. Because I want to containerize Nginx in the docker compose:

• code-server,
• questdb,
• grafana.

# /etc/nginx/sites-available/default




# top-level http config for websocket headers
# If Upgrade is defined, Connection = upgrade
# If Upgrade is empty, Connection = close
map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

# HTTP server to redirect all 80 traffic to SSL/HTTPS
server {
    listen 80;
    server_name vscode.domain.tld;

    # Tell all requests to port 80 to be 302 redirected to HTTPS
    return 302 https://$host$request_uri;
}

# HTTPS server to handle VS Code
server {
    listen 443 ssl;
    server_name vscode.domain.tld;

    ssl_certificate /etc/letsencrypt/live/vscode.domain.tld/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/vscode.domain.tld/privkey.pem;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_stapling on;
    ssl_stapling_verify on;
    add_header Strict-Transport-Security max-age=15768000;

    # Managing literal requests to the VS Code front end
    location / {
        proxy_pass http://192.168.1.234:8080;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        # websocket headers
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header X-Scheme $scheme;

        proxy_buffering off;
    }

    # Managing requests to verify letsencrypt host
    location ~ /.well-known {
        allow all;
    }
}

Nginx is not correctly configured to proxy_pass, there is no proxy configuration to direct traffic to the code-server at 192.168.1.234:8080.

In your HTTPS server block lets add this block to proxy requests:

server {
    listen 443 ssl;
    server_name vscode.domain.tld;

    ssl_certificate /etc/letsencrypt/live/vscode.domain.tld/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/vscode.domain.tld/privkey.pem;

    # ...

    location / {
        proxy_pass http://192.168.1.234:8080;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Accept-Encoding gzip;
    }
}