nginx mengabaikan server_name atau seluruh host virtual

Saya memiliki pengaturan nginx ini:

# Default server configuration
#
server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;
    server_name _;

    root /usr/share/nginx/html;

    index index.php index.html index.htm index.nginx-debian.html;

    location / {
        try_files $uri $uri/ =404;
    }

    error_page 404 /404.html;
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/html;
    }

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }

    location ~ /\.ht {
        deny all;
    }
}

owncloud:

upstream php-handler {
  server 127.0.0.1:9000;
}

add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;

server {
  listen 80;
  server_name cloud.example.com;
  # enforce https
  return 301 https://$server_name$request_uri;
}

server {
  listen 443 ssl;
  server_name cloud.example.com;


  ssl_certificate /etc/ssl/nginx/server.crt;
  ssl_certificate_key /etc/ssl/nginx/server.key;

  ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
  ssl_prefer_server_ciphers on;
  ssl_dhparam /etc/nginx/ssl/dhparam.pem;

  # Add headers to serve security related headers
  add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";

  # Path to the root of your installation
  root /var/www/owncloud/;

  # set max upload size
  client_max_body_size 10G;
  fastcgi_buffers 64 4K;

  rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
  rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
  rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;

  index index.php;
  error_page 403 /core/templates/403.php;
  error_page 404 /core/templates/404.php;

  location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
    }

  location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){
    deny all;
  }

  location / {
   # The following 2 rules are only needed with webfinger
   rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
   rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

   rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
   rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;

   rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;

   try_files $uri $uri/ /index.php;
   }

location ~ \.php(?:$|/) {
   fastcgi_split_path_info ^(.+\.php)(/.+)$;
   include fastcgi_params;
   fastcgi_pass unix:/var/run/php5-fpm.sock;
   fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
   fastcgi_param PATH_INFO $fastcgi_path_info;
   fastcgi_param PHP_VALUE "upload_max_filesize = 8000M
   post_max_size = 8000M
   output_buffering = 0";
   fastcgi_param HTTPS on;
   }

   # Optional: set long EXPIRES header on static assets
   location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
       expires 30d;
       # Optional: Don't log access to assets
         access_log off;
   }

}

mediawiki

server {
        server_name wiki.example.com;
        listen 80;

        root /var/www/mediawiki;
        index index.html index.php;
        autoindex off;

        access_log /var/log/nginx/access-mediawiki.log;
        error_log /var/log/nginx/error-mediawiki.log;

        location / {
                try_files $uri $uri/ @rewrite;
        }

        location @rewrite {
                rewrite ^/(.*)$ /index.php?title=$1&$args;
        }

        location ^~ /maintenance/ {
                return 403;
        }

        location ~ \.php$ {
                include fastcgi_params;
                fastcgi_pass unix:/var/run/php5-fpm.sock;
        }

        location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
                try_files $uri /index.php;
                expires max;
                log_not_found off;
        }

        location = /_.gif {
                expires max;
                empty_gif;
        }

        location ^~ /cache/ {
                deny all;
        }

        location /dumps {
                root /var/www/mediawiki/local;
                autoindex on;
        }

}

Ketika saya mengakses cloud.example.comsemuanya baik-baik saja. Tetapi ketika saya pergi ke wiki.example.comsaya diarahkan ke https://wiki.example.comdan mendapatkan jawaban dari owncloudserver. Jadi sepertinya, server wiki diabaikan.

Hapus includeSubDomainsheader dari HSTS Anda.

includeSubDomains Opsional

Jika parameter opsional ini ditentukan, aturan ini juga berlaku untuk semua subdomain situs.

Bagaimana browser menanganinya

Pertama kali situs Anda diakses menggunakan HTTPS dan mengembalikan header Strict-Transport-Security, browser mencatat informasi ini, sehingga upaya selanjutnya untuk memuat situs menggunakan HTTP akan secara otomatis menggunakan HTTPS.

Ketika waktu kedaluwarsa yang ditentukan oleh header Strict-Transport-Security berlalu, upaya berikutnya untuk memuat situs melalui HTTP akan berjalan seperti biasa alih-alih secara otomatis menggunakan HTTPS.

Setiap kali header Strict-Transport-Security dikirim ke browser, itu akan memperbarui waktu kedaluwarsa untuk situs itu, sehingga situs dapat menyegarkan informasi ini dan mencegah batas waktu habis. Jika diperlukan untuk menonaktifkan Keamanan Transportasi Ketat, mengatur usia maks ke 0 (melalui koneksi https) akan segera mengakhiri header Keamanan Transportasi Ketat, yang memungkinkan akses melalui http.

Sumber: https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security