Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Two node.js domains with SSL on same nginx server - duplicate listen options for 443

I've set up two web applications in my DigitalOcean droplet, and I'm trying to run both applications on different domains, with SSL encryption.

I can confirm that everything works if I only use one of the domains, and the error occurs when I try to run both at the same time.

nginx -t
duplicate listen options for [::]:443 in /etc/nginx/sites-enabled/hello.com:26

/etc/nginx/sites-avilable/hello.com

server {
    server_name hello.com www.hello.com;

    location / {
            proxy_pass http://localhost:4000;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
    }

    listen [::]:443 ssl ipv6only=on default_server; # managed by Certbot
    listen 443 ssl default_server; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/hello.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/hello.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}

server {
        if ($host = www.hello.com) {
                return 301 https://$host$request_uri;
        } # managed by Certbot


    if ($host = hello.com) {
            return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80 default_server;
    listen [::]:80 default_server;

    server_name hello.com www.hello.com;
    return 404; # managed by Certbot
}

/etc/nginx/sites-available/example.com

server {
    server_name example.com www.example.com;

    location / {
            proxy_pass http://localhost:3000;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
    }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}

server {
        if ($host = www.example.com) {
                return 301 https://$host$request_uri;
        } # managed by Certbot


    if ($host = example.com) {
            return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    listen [::]:80;

    server_name example.com www.example.com;
    return 404; # managed by Certbot
}

What can I do to avoid this error? Further improvements in the nginx files are very much appreciated.

I've used the following guides:

How To Set Up Nginx Server Blocks: https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-server-blocks-virtual-hosts-on-ubuntu-14-04-lts

How To Set Up a Node.js Application for Production on Ubuntu 16.04: https://www.digitalocean.com/community/tutorials/how-to-set-up-a-node-js-application-for-production-on-ubuntu-16-04

How To Secure Nginx with Let's Encrypt on Ubuntu 16.04: https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04

like image 294
Martin Brandhaug Avatar asked Apr 20 '18 09:04

Martin Brandhaug


1 Answers

The problem is ipv6only=on, which can only be specified once according to the documentation.

The default value is on anyway, so the option can be safely removed.

like image 146
Richard Smith Avatar answered Oct 05 '22 22:10

Richard Smith