redirect http to https by using Nginx - http

I have my Nginx configuration like this:
server {
listen 80;
server_name my-domain.co.id;
listen 443 ssl;
return 301 https://$server_name$request_uri;
ssl_certificate /etc/ssl/certs/project_chained2022.crt;
ssl_certificate_key /etc/ssl/private/pkey2022.key;
location / {
proxy_pass http://localhost:54444;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
}
I tried to redirect using return 301 https://$server_name$request_uri but it doesn't work.
is there any other way to do the redirect?

You need to use two server blocks, for example:
server {
listen 80;
server_name my-domain.co.id;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name my-domain.co.id;
ssl_certificate ...;
ssl_certificate_key ...;
...
}

Related

Redirect www to non-www or vice versa not working (NGINX)

My default nginx conf file is working well for http to https redirection but I want to redirect non-www to www or www to non-www (any one of that). But this isn't working for me.
default.conf
server {
if ($host = 'www.example.com') {
return 301 https://example.com$request_uri;
} # managed by Certbot
if ($host = 'example.com') {
return 301 https://example.com$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
# server_name example.com www.example.com;
return 404; # managed by Certbot
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
location /apipoint/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://nodeserver:8082/;
}
}
server {
listen 443 ssl ;
listen [::]:443 ssl ;
ssl_certificate /etc/nginx/conf.d/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/nginx/conf.d/privkey.pem; # managed by Certbot
server_name www.example.com; # managed by Certbot
# server_name example.com www.example.com; # managed by Certbot
location /apipoint/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://nodeserver:8082/;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
}
location / {
root /var/www/html;
try_files $uri /index.html;
}
}
T have hardcoded to force any www or non-www site to redirect to https://example.com but this is not working. Though when I give http://example.com redirects to https://example.com.
What am I doing wrong? is it with my nginx config or somewhere else?

nginx with reverse-proxy and wildcard-subdomains

I become desparate... I want to write a configuration for nginx where shell.foo.org use a reverse proxy and *.shell.foo.org use a wildcard subdomain, so e.g. name1.shell.foo.org read /var/www/name1.shell.foo.org and name2.shell.foo.org read /var/www/name2.shell.foo.org. I tried a lot of versions but either the reverse proxy work or the wildcard subdomains.
My nginx-configuration is:
server {
listen 80;
listen [::]:80;
server_name ~^(www\.)(?<subdomain>.+).shell.foo.org$
~^(?<subdomain>.+).shell.foo.org$ ;
return 301 https://$host$request_uri;
}
server {
# SSL configuration
#
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
server_name ~^(www\.)(?<subdomain>.+).shell.foo.org$
~^(?<subdomain>.+).shell.foo.org$ ;
ssl_certificate /etc/letsencrypt/live/shell.foo.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/shell.foo.org/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
root /var/www/$subdomain;
index index.html index.htm;
location / {
# if I comment this out the wildcard subdomains work;
# in this version, the reverse proxy work
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_read_timeout 300;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-PORT $remote_port;
}
root /var/www/$subdomain;
index index.html index.htm;
}
Anyone an idea where my mistake is?
Thanks,
bengoshi

Nginx redirect forum.example.com to example.com

in amazon route53 for example.com and forum.example.com I have records A with ip address to my server.
Nginx config:
server {
server_name example.com;
return 301 https://example.com$request_uri;
}
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name example.com;
client_max_body_size 50M;
# RSA
ssl_certificate /etc/letsencrypt/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/example.com/private.key;
# ECDSA
ssl_certificate /etc/letsencrypt/example.com_ecc/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/example.com_ecc/private.key;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:4567;
proxy_redirect off;
# Socket.IO Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /ads.txt {
root /var/www/nodebb/public/;
}
location /loaderio-a92c8d2496979eca3c119f44e27ee2f6.txt {
root /var/www/nodebb/public/;
}
}
How can I redirect forum.example.com to example.com ? So that url in browser will be example.com.
I tried to add
server {
listen 443;
server_name forum.example.com;
return 301 https://example.com$request_uri;
}
but then nothing works ;) probably port blocked or smth.
Ok I see,
I saw error logs from nginx and realized that I am missing certs for this redirection

Robots.txt should not be redirected to HTTPS

I have a following Nginx configuration. I redirect all HTTP requests to HTTPS. What I want to achieve is that HTTP requests on robots.txt ("http://example.com/robots.txt" or "http://example2.com/robots.txt") will not be redirected to HTTPS. I struggle to find appropriate statements.
My Nginx configuration
server {
server_name example.com www.example.com example2.com www.example2.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HOST $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-HTTPS-Protocol $ssl_protocol;
proxy_set_header X-NginX-Proxy true;
location / {
proxy_pass http://127.0.0.1:9092;
}
listen 443 ssl;
ssl_certificate /path
ssl_certificate_key /path
include /path
ssl_dhparam /path
}
server {
server_name example.com www.example.com example2.com www.example2.com;
listen 80;
listen [::]:80;
#
# What to put here not to redirect robots.txt to HTTPS?
#
if ($host = www.example.com) {
return 301 https://$host$request_uri;
}
if ($host = example.com) {
return 301 https://$host$request_uri;
}
if ($host = www.example2.com) {
return 301 https://$host$request_uri;
}
if ($host = example2.com) {
return 301 https://$host$request_uri;
}
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HOST $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-HTTPS-Protocol $ssl_protocol;
proxy_set_header X-NginX-Proxy true;
location / {
proxy_pass http://127.0.0.1:9092;
}
return 404;
}
The simple answer is to scrap that second server block and start again. Maybe something like this:
server {
server_name example.com www.example.com example2.com www.example2.com;
listen 80;
listen [::]:80;
location / {
return 301 https://$host$request_uri;
}
location = /robots.txt {
root /path/to/directory;
}
}

Can't redirect nginx HTTP traffic to HTTPS

here's my nginx.conf:
upstream blah_upstream {
server web:7000;
}
server {
listen 80;
server_name blah.com www.blah.com;
# redict to HTTPS for all requests
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name blah_upstream;
server_tokens off;
# generated with help of certbot
ssl_certificate /etc/letsencrypt/live/blah.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/blah.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://blah_upstream;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /static/ {
alias /usr/src/app/public/;
}
}
this works for http://www.blah.com -> https://www.blah.com (it redirects fine).
however http://blah.com -> https://blah_upstream which of course absolutely doesn't work.
what am I doing wrong? I don't understand why it would work for the www version and not the other.
I tried switching the server_name order in
server_name blah.com www.blah.com;
but that didn't work either.

Resources