Why Discourse redirect to dokuwiki?


(Abel Van) #1

Suppose I have a local server runing discourse with nginx (configured as here), which can be visited by http://ipaddr:8080 locally(interior network).

On the local server, there is also a dokuwiki, with nginx configuration:

server{
  listen 8084;
  listen [::]:8084;
  root /var/www/dokuwiki;
  server_name localhost;
  index index.php index.htm index.html;

  location / { try_files $uri $uri/ @dokuwiki; }

  location @dokuwiki {
    rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
    rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
    rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
    rewrite ^/(.*) /doku.php?id=$1&$args last;
  }

  location ~ \.php$ {
    try_files $uri $uri/ /doku.php;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param REDIRECT_STATUS 200;
    fastcgi_pass unix:/var/run/php5-fpm.sock;
  }
    location ~ /(data|conf|bin|inc)/ {
      deny all;
    }
    location ~ /\.ht {
      deny all;
    }
    location /data/ {
      internal;
    }
}

Now, I want it is also reachable to public, so I use the following nginx reverse proxy configuration (from DO):

server {
        listen 80;
        server_name my.server.com;
        return 301 https://$host$request_uri;
}
server {
        listen 443 ssl spdy; 
        server_name my.server.com;
        ssl_certificate /etc/letsencrypt/live/my.server.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/my.server.com/privkey.pem;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
        ssl_prefer_server_ciphers on;
        location / {
                proxy_pass      http://ipaddr:8080/;
                proxy_read_timeout      90;
                proxy_redirect  http://ipaddr:8080/ https://my.server.com;
        }
}

Of course I updated the ssl starffs

The problem is that, when I visit https://my.server.com it always redirect to (under IE, and FireFox tells: SSL_ERROR_BAD_CERT_DOMAIN error) dokuwiki’s index: https://my.server.com/doku.php, WHY?


(Erlend Sogge Heggen) #2

Maybe someone here will have an answer for you, but just to cover your bases in the meantime I would recommend reposting your query over on the Digital Ocean tutorial that brought you here. The DO folks are usually quite helpful.


(Abel Van) #3

Thanks, I get the help from google groups, and the problem is that I should remove the ipv6 listen from dokuwiki server. But I don’t know why.


(Felix Freiberger) #4

Aha! Good catch. nginx will listen on IPv6 too, but the only thing configured for IPv6 is DokuWiki. So you can either remove that (and use IPv4 only), or also configure the reverse proxy to work over IPv6.