How to get proper information about user agent in nginx log? - nginx

I've used Nginx docs and set access log format.
https://docs.nginx.com/nginx/admin-guide/monitoring/logging/
access_log /var/log/nginx/access.log;
log_format compression '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" "$gzip_ratio"';
When I access the site using Firefox I get the following log:
192.168.xx.xxx - - [13/Apr/2021:14:52:16 +0200] "GET /home HTTP/1.1" 200 21408 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:88.0) Gecko/20100101 Firefox/88.0"
But when I access the site using Chrome or Opera I get following logs:
Opera:
192.168.xx.xxx - - [13/Apr/2021:14:53:19 +0200] "GET /me HTTP/1.1" 200 24062 "https://my-site.com/me" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 OPR/64.0.3417.92"
Chrome:
192.168.xx.xxx - - [13/Apr/2021:15:06:56 +0200] "GET /me HTTP/1.1" 200 115426 "https://my-site.com/me" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"
Did I properly set my Nginx logging configuration?

Related

nginx reverse proxy worked on LAN but not public

I am setting up a Nginx reverse proxy using these docker images
nginx
jwilder/docker-gen
jrcs/letsencrypt-nginx-proxy-companion
The host where these containers are located is given public IP address so that the web app can be accessed from the internet. We registered the subdomain and set the public IP address to that subdomain.
When I test the configuration, the web app worked and https also worked but from LAN only (we have local DNS server that has the subdomain paired to a local server IP address.
But when I tried accessing it from internet it gives 301 redirected too many times. And yes I saw in the Nginx log the server logged around 20s 301 redirections and then stopped.
I am still clueless about what is wrong with the configuration. I used this template https://raw.githubusercontent.com/jwilder/nginx-proxy/master/nginx.tmpl for the auto-generated configuration files with a little modification in the location part (proxy_connect_timeout, proxy_send_timeout, proxy_read_timeout, proxy_send_lowat) to make our web app not 502 gateway timeout from long processing.
Can anyone point where my configuration failed?
# fhij.abcd.co.id
upstream fhij.abcd.co.id {
## Can be connected with "nginx-proxy" network
# fhid_web_1
server 172.20.0.8:8069;
}
server {
server_name fhij.abcd.co.id;
listen 80 ;
access_log /var/log/nginx/access.log vhost;
return 301 https://$host$request_uri;
}
server {
server_name fhij.abcd.co.id;
listen 443 ssl http2 ;
access_log /var/log/nginx/access.log vhost;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/fhij.abcd.co.id.crt;
ssl_certificate_key /etc/nginx/certs/fhij.abcd.co.id.key;
ssl_dhparam /etc/nginx/certs/fhij.abcd.co.id.dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/certs/fhij.abcd.co.id.chain.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
include /etc/nginx/vhost.d/default;
location / {
proxy_pass http://fhij.abcd.co.id;
proxy_connect_timeout 9990;
proxy_send_timeout 9990;
proxy_read_timeout 9990;
proxy_send_lowat 12000;
}
}
These are the access.log I got from accessing from internet
fhij.abcd.co.id 162.158.178.186 - - [22/Nov/2019:03:57:42 +0000] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Linux; Android 9; YAL-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.96 Mobile Safari/537.36"
fhij.abcd.co.id 162.158.178.186 - - [22/Nov/2019:03:57:43 +0000] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Linux; Android 9; YAL-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.96 Mobile Safari/537.36"
fhij.abcd.co.id 162.158.178.186 - - [22/Nov/2019:03:57:43 +0000] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Linux; Android 9; YAL-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.96 Mobile Safari/537.36"
fhij.abcd.co.id 162.158.178.186 - - [22/Nov/2019:03:57:43 +0000] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Linux; Android 9; YAL-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.96 Mobile Safari/537.36"
fhij.abcd.co.id 162.158.178.186 - - [22/Nov/2019:03:57:43 +0000] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Linux; Android 9; YAL-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.96 Mobile Safari/537.36"
fhij.abcd.co.id 162.158.178.186 - - [22/Nov/2019:03:57:43 +0000] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Linux; Android 9; YAL-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.96 Mobile Safari/537.36"
fhij.abcd.co.id 162.158.178.186 - - [22/Nov/2019:03:57:44 +0000] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Linux; Android 9; YAL-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.96 Mobile Safari/537.36"
fhij.abcd.co.id 162.158.178.186 - - [22/Nov/2019:03:57:44 +0000] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Linux; Android 9; YAL-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.96 Mobile Safari/537.36"
fhij.abcd.co.id 162.158.178.186 - - [22/Nov/2019:03:57:44 +0000] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Linux; Android 9; YAL-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.96 Mobile Safari/537.36"
fhij.abcd.co.id 162.158.178.186 - - [22/Nov/2019:03:57:45 +0000] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Linux; Android 9; YAL-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.96 Mobile Safari/537.36"
fhij.abcd.co.id 162.158.178.186 - - [22/Nov/2019:03:57:45 +0000] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Linux; Android 9; YAL-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.96 Mobile Safari/537.36"
fhij.abcd.co.id 162.158.178.186 - - [22/Nov/2019:03:57:46 +0000] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Linux; Android 9; YAL-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.96 Mobile Safari/537.36"
fhij.abcd.co.id 162.158.178.186 - - [22/Nov/2019:03:57:46 +0000] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Linux; Android 9; YAL-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.96 Mobile Safari/537.36"
fhij.abcd.co.id 162.158.178.186 - - [22/Nov/2019:03:57:46 +0000] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Linux; Android 9; YAL-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.96 Mobile Safari/537.36"
fhij.abcd.co.id 162.158.178.186 - - [22/Nov/2019:03:57:46 +0000] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Linux; Android 9; YAL-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.96 Mobile Safari/537.36"
fhij.abcd.co.id 162.158.178.186 - - [22/Nov/2019:03:57:46 +0000] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Linux; Android 9; YAL-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.96 Mobile Safari/537.36"
fhij.abcd.co.id 162.158.178.186 - - [22/Nov/2019:03:57:47 +0000] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Linux; Android 9; YAL-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.96 Mobile Safari/537.36"
fhij.abcd.co.id 162.158.178.186 - - [22/Nov/2019:03:57:47 +0000] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Linux; Android 9; YAL-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.96 Mobile Safari/537.36"
fhij.abcd.co.id 162.158.178.186 - - [22/Nov/2019:03:57:47 +0000] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Linux; Android 9; YAL-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.96 Mobile Safari/537.36"
fhij.abcd.co.id 162.158.178.186 - - [22/Nov/2019:03:57:47 +0000] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Linux; Android 9; YAL-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.96 Mobile Safari/537.36"
And these are from LAN
fhij.abcd.co.id 192.168.130.127 - - [22/Nov/2019:05:21:29 +0000] "GET / HTTP/2.0" 303 215 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0"
fhij.abcd.co.id 192.168.130.127 - - [22/Nov/2019:05:21:29 +0000] "GET /web HTTP/2.0" 303 227 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0"
fhij.abcd.co.id 192.168.130.127 - - [22/Nov/2019:05:21:29 +0000] "GET /web/login HTTP/2.0" 200 4383 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0"
fhij.abcd.co.id 192.168.130.127 - - [22/Nov/2019:05:21:29 +0000] "GET /web/content/269-ceb8fb1/web.assets_common.0.css HTTP/2.0" 499 0 "https://fhij.abcd.co.id/web/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0"
fhij.abcd.co.id 192.168.130.127 - - [22/Nov/2019:05:21:29 +0000] "GET /web/content/276-771d39e/web.assets_frontend.0.css HTTP/2.0" 499 0 "https://fhij.abcd.co.id/web/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0"
fhij.abcd.co.id 192.168.130.127 - - [22/Nov/2019:05:21:29 +0000] "GET /web/webclient/qweb?mods= HTTP/2.0" 304 0 "https://fhij.abcd.co.id/web/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0"
fhij.abcd.co.id 192.168.130.127 - - [22/Nov/2019:05:21:29 +0000] "POST /web/webclient/bootstrap_translations HTTP/2.0" 200 87 "https://fhij.abcd.co.id/web/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0"
Why it is so different? Nginx response to internet request was 301 and response to LAN was 303

Turned out there is a mistake in our Cloudflare DNS and WAF configuration. Modifying these configuration fixed this issue.

Nginx redirect except some extensions

I wrote a script that configures a captive portal and everything is working fine. The problem I'm having is because nginx is redirecting all the requests to http://hotspot.localnet/index.php is also redirecting all requests for images. So none of the images in index.php work.
Is there a way to exclude png,pdf files from being redirected to index.php and be displayed? Tried many regex examples found on the internet but having no luck.
The source code of the nginx config file is here: https://github.com/tretos53/Captive-Portal/blob/master/default_nginx
This is access.log with the above configuration:
192.168.137.1 - - [03/Dec/2018:19:53:16 +0000] "GET /index.php HTTP/1.1" 200 582 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36"
192.168.137.1 - - [03/Dec/2018:19:53:16 +0000] "GET /images/1.jpg HTTP/1.1" 302 161 "http://hotspot.localnet/index.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36"
192.168.137.1 - - [03/Dec/2018:19:53:16 +0000] "GET /images/2.png HTTP/1.1" 302 161 "http://hotspot.localnet/index.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36"
192.168.137.1 - - [03/Dec/2018:19:53:16 +0000] "GET /images/3.png HTTP/1.1" 302 161 "http://hotspot.localnet/index.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36"
192.168.137.1 - - [03/Dec/2018:19:53:16 +0000] "GET /images/4.png HTTP/1.1" 302 161 "http://hotspot.localnet/index.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36"
192.168.137.1 - - [03/Dec/2018:19:53:16 +0000] "GET /images/5.png HTTP/1.1" 302 161 "http://hotspot.localnet/index.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36"
192.168.137.1 - - [03/Dec/2018:19:53:16 +0000] "GET /images/6.png HTTP/1.1" 302 161 "http://hotspot.localnet/index.php" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36"

Add this to your config:
location ~ \.(?:pdf|png)$ {
try_files $uri =404;
}

WooCommerce-WorldPay checkout taking forever to complete

I've been having trouble getting the Online Worldpay plugin (from https://wordpress.paymentplugins.com/product-category/worldpay/) to work with WooCommerce and after multiple trial and error, although it seems to be working now, it's taking forever to complete a transaction.
The first issue was this in the server log:
upstream timed out (110: Connection timed out) while reading response header from upstream
After searching on SO and a few trial and error, adding the following nginx directives seem to have fixed it:
proxy_connect_timeout 159s;
proxy_send_timeout 600;
proxy_read_timeout 600;
However it's still not fixed the problem. It's taking up to 5 minutes between clicking checkout and showing the confirmation page.
Here's my server log:
xxx.xxx.xxx.xxx - - [29/Aug/2018:11:51:40 +0100] "POST /staging/wp-
admin/admin-ajax.php HTTP/1.0" 200 1140 "https://website.com/staging/wp- admin/edit.php?post_type=shop_order" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
xxx.xxx.xxx.xxx - - [29/Aug/2018:11:49:02 +0100] "POST /staging/?wc- ajax=checkout HTTP/1.0" 200 1522 "https://website.com/staging/checkout/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
xxx.xxx.xxx.xxx - - [29/Aug/2018:11:53:17 +0100] "GET /staging/checkout/order-received/1001?key=wc_order_5b867a1e36616 HTTP/1.0" 301 4616 "https://website.com/staging/checkout/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
xxx.xxx.xxx.xxx - - [29/Aug/2018:11:53:17 +0100] "GET /staging/checkout/order-received/1001/?key=wc_order_5b867a1e36616 HTTP/1.0" 200 77776 "https://website.com/staging/checkout/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
xxx.xxx.xxx.xxx - - [29/Aug/2018:11:53:18 +0100] "GET /staging/wp-content/uploads/2018/08/fromUpload/37124872560_f78336501a_k-3-1024x485.jpg HTTP/1.0" 200 491 "-" "-"
xxx.xxx.xxx.xxx - - [29/Aug/2018:11:53:18 +0100] "GET /staging/wp-content/themes/website/functions/includes/im_cart_order.php?path=https://website.com/staging/wp-content/uploads/2018/08/fromUpload/37124872560_f78336501a_k-3-1024x485.jpg&crop_left=26.329113924050635&crop_top=0&crop_width=47.34177215189874&crop_height=100&rotate=0&filter=0&mirror=0&flip=0 HTTP/1.0" 200 59870 "https://website.com/staging/checkout/order-received/1001/?key=wc_order_5b867a1e36616" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
Appreciate any insight :)
Thanks!

Nginx: Add $host to log

How can I (or why can't I) add the $host variable to my nginx configuration file to see what domain (or subdomain) a client is requesting?
Current Format:
log_format main '$remote_addr - $remote_user [$time_local] $status '
'"$host" "$request" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
Current Output:
10.7.2.104 - - [17/Feb/2017:14:31:15 -0600] "GET /crazystairs HTTP/1.1" 404 2327 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.14393"
Desired Ouput:
10.7.2.104 - - [17/Feb/2017:14:31:15 -0600] "GET example.com/crazystairs HTTP/1.1" 404 2327 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.14393"
Notice the host in front of the request

I found the problem. You must declare main after setting the directory where the log will be saved for the main format to be used.
access_log logs/crazystairs/portal/access.log main;

how to make proxied wordpress page not to change typed url

I am using apache rewriterule to redirect url when client SSL certificate is not used. When I am redirecting to static page using [P] proxy flag, everything work as expected. But if I change redirection to page in wordpress, typed url disapeared and there is wordpress page permalink. I want to leave unchanged typed url in address bar, just to be able to use reload after connecting to VPN or using correct certificate.
RewriteRules as used in virtual host conf.
# SSL User Authentication
SSLVerifyClient optional
SSLVerifyDepth 3
# redirect all url when not in VPN or LOCAL NET
#RedirectMatch ^/(.*) http://terminus.terminus.cz
# to be able to debug rewrite in apache2 error log
LogLevel alert rewrite:trace6
# Error handling = unsuccessfull SSL user authetication
RewriteEngine on
Options +FollowSymLinks
Options +SymLinksIfOwnerMatch
# No authentification certificate
RewriteCond %{SSL:SSL_CLIENT_VERIFY} !^SUCCESS$
RewriteCond %{HTTP_HOST} ^trading\.terminus\.cz$ [NC]
# RewriteCond {HTTP_REFERER} value is blank
RewriteCond %{HTTP_REFERER} ^$
RewriteRule ^ http://terminus.terminus.cz/no_ssl_client_certificate.htm [L,NE,P,E=ssl_authentication_error_detected:1]
# RewriteRule show typed domain name, proxying to other domain, same query
#RewriteRule ^ http://terminus.terminus.cz%{REQUEST_URI} [L,NE,P,E=ssl_authentication_error_detected:1]
# RewriteCond {HTTP_REFERER} value is not blank
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{SSL:SSL_CLIENT_VERIFY} !^SUCCESS$
RewriteCond %{HTTP_HOST} ^trading\.terminus\.cz$ [NC]
# RewriteRule show typed domain name, proxying to other domain, same query
RewriteRule ^ http://terminus.terminus.cz%{REQUEST_URI} [L,NE,P,E=ssl_authentication_error_detected:1]
When I change proxied url to
RewriteRule ^ http://terminus-dev.terminus.cz/index.php/no_ssl_certificate [L,NE,P,E=ssl_authentication_error_detected:1]
It starts to changing typed URL in address bar to wordpress permalink, so [P] flag does not work expected way.
And from wordpress virtual host access log
37.48.19.237 - - [19/Jul/2016:09:28:42 +0200] "GET /index.php/no-ssl-certificate/ HTTP/1.1" 200 17126 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
37.48.19.237 - - [19/Jul/2016:09:28:43 +0200] "GET /wp-includes/js/wp-emoji-release.min.js?ver=4.5.3 HTTP/1.1" 304 - "http://terminus-dev.terminus.cz/index.php/no-ssl-certificate/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
37.48.19.237 - - [19/Jul/2016:09:28:43 +0200] "GET /wp-content/plugins/theme-my-login/theme-my-login.css?ver=6.4.5 HTTP/1.1" 304 - "http://terminus-dev.terminus.cz/index.php/no-ssl-certificate/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
37.48.19.237 - - [19/Jul/2016:09:28:43 +0200] "GET /wp-content/plugins/wp-filebase/wp-filebase.css?t=1467256824&ver=3.4.4 HTTP/1.1" 304 - "http://terminus-dev.terminus.cz/index.php/no-ssl-certificate/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
37.48.19.237 - - [19/Jul/2016:09:28:43 +0200] "GET /wp-content/plugins/llorix-one-companion//css/style.css?ver=4.5.3 HTTP/1.1" 304 - "http://terminus-dev.terminus.cz/index.php/no-ssl-certificate/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
37.48.19.237 - - [19/Jul/2016:09:28:43 +0200] "GET /wp-content/plugins/wordpress-social-login/assets/css/style.css?ver=4.5.3 HTTP/1.1" 304 - "http://terminus-dev.terminus.cz/index.php/no-ssl-certificate/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
37.48.19.237 - - [19/Jul/2016:09:28:43 +0200] "GET /wp-content/themes/llorix-one-lite/css/font-awesome.min.css?ver=4.4.0 HTTP/1.1" 304 - "http://terminus-dev.terminus.cz/index.php/no-ssl-certificate/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
37.48.19.237 - - [19/Jul/2016:09:28:43 +0200] "GET /wp-content/themes/llorix-one-lite/css/bootstrap.min.css?ver=3.3.1 HTTP/1.1" 304 - "http://terminus-dev.terminus.cz/index.php/no-ssl-certificate/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
37.48.19.237 - - [19/Jul/2016:09:28:44 +0200] "GET /wp-content/themes/llorix-one-lite/style.css?ver=1.0.0 HTTP/1.1" 304 - "http://terminus-dev.terminus.cz/index.php/no-ssl-certificate/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
37.48.19.237 - - [19/Jul/2016:09:28:44 +0200] "GET /wp-includes/js/jquery/jquery.js?ver=1.12.4 HTTP/1.1" 304 - "http://terminus-dev.terminus.cz/index.php/no-ssl-certificate/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
37.48.19.237 - - [19/Jul/2016:09:28:44 +0200] "GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 HTTP/1.1" 304 - "http://terminus-dev.terminus.cz/index.php/no-ssl-certificate/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
37.48.19.237 - - [19/Jul/2016:09:28:44 +0200] "GET /wp-content/themes/llorix-one-lite/js/bootstrap.min.js?ver=3.3.5 HTTP/1.1" 304 - "http://terminus-dev.terminus.cz/index.php/no-ssl-certificate/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
37.48.19.237 - - [19/Jul/2016:09:28:44 +0200] "GET /wp-content/themes/llorix-one-lite/fonts/fontawesome-webfont.woff?v=4.5.0 HTTP/1.1" 304 - "http://terminus-dev.terminus.cz/index.php/no-ssl-certificate/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
37.48.19.237 - - [19/Jul/2016:09:28:44 +0200] "GET /wp-content/themes/llorix-one-lite/js/custom.all.js?ver=2.0.2 HTTP/1.1" 304 - "http://terminus-dev.terminus.cz/index.php/no-ssl-certificate/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
37.48.19.237 - - [19/Jul/2016:09:28:44 +0200] "GET /wp-content/themes/llorix-one-lite/js/skip-link-focus-fix.js?ver=1.0.0 HTTP/1.1" 304 - "http://terminus-dev.terminus.cz/index.php/no-ssl-certificate/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"
37.48.19.237 - - [19/Jul/2016:09:28:44 +0200] "GET /wp-includes/js/wp-embed.min.js?ver=4.5.3 HTTP/1.1" 304 - "http://terminus-dev.terminus.cz/index.php/no-ssl-certificate/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586"

The redirect_canonical filter is responsible for url rewriting. So there is possibility to selectively disable this depending on the requested page.
Solved by placing following code to theme function.php
function ssl_certicate_pages_disable_canonical_redirect( $query ) {
if( 'no_ssl_certificate' == $query->query_vars['pagename'] )
remove_filter( 'template_redirect', 'redirect_canonical' );
if( 'wrong_ssl_certificate' == $query->query_vars['pagename'] )
remove_filter( 'template_redirect', 'redirect_canonical' );
}
add_action( 'parse_query', 'ssl_certicate_pages_disable_canonical_redirect' );

Resources