Im using Nginx in centos. Im facing an issue with redirection.
I want to redirect all requests to https://some-domain.com/url
Im able to redirect
http://www.some-domain.com to https://some-domain.com
www.some-domain.com to https://some-domain.com
http://some-domain.com to https://some-domain.com
But im not able to redirect https://www.some-domain.com
conf file:
server
{
listen 443 ssl;
server_name some-domain.com www.some-domain.com;
ssl_certificate /etc/nginx/ssl/some-domain.com.chained.crt;
ssl_certificate_key /etc/nginx/ssl/some-domain.com.key;
if ($host = https://www.some-domin.com) {
return 301 https://some-domin.com$request_uri;
}
}
It's best to separate two server brackets to evade the use of "if". Your problem was that you added "https://" to the host, when it's only www.some-domain.com what you needed to compare.
This example is simpler:
#Server bracket for https connections that come with host www.some-domain.com
server
{
listen 443 ssl;
server_name www.some-domain.com;
ssl_certificate /etc/nginx/ssl/some-domain.com.chained.crt;
ssl_certificate_key /etc/nginx/ssl/some-domain.com.key;
#redirects to https://non-www
location / {
return 301 https://some-domin.com$request_uri;
}
}
# and then you can set a server bracket for non-www https connections.
# nginx will sort the connections depending on host for itself
server
{
listen 443 ssl;
server_name some-domain.com;
ssl_certificate /etc/nginx/ssl/some-domain.com.chained.crt;
ssl_certificate_key /etc/nginx/ssl/some-domain.com.key;
#Here it arrives 443 and without www, do what you wanted here
}
Related
I have an nginx conf:
ssl_certificate /etc/letsencrypt/live/collabora.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/collabora.example.com/privkey.pem;
server {
listen 80;
server_name www.collabora.example.com;
server_name collabora.example.com;
return 301 https://collabora.example.com$request_uri;
}
server {
listen 443 ssl;
server_name www.collabora.example.com;
return 301 $scheme://collabora.example.com$request_uri;
}
server {
listen 443 ssl;
server_name collabora.example.com;
location / {
proxy_pass http://collabora:9980;
access_log off;
proxy_set_header Host $host;
}
With this set up the following redirects function as desired:
www.collabora.example.com redirects to https://collabora.example.com
collabora.example.com redirects to https://collabora.example.com
However, this redirect does not occur, ssl www to non www:
https://www.collabora.example.com : no redirect, instead site cert warning.
How can I adjust my blocks so that https://www.collabora.example.com redirects to https://collabora.example.com?
Lets encrypt lets you create certificates which are valid for more than one URL.
You could try to create a certificate (or update yours) with the www. and normal version of your website.
This answer is based on the questions asked by #richardSmith.
Nginx is 1.14.1 version
have several virtual hosts and default in the /etc/nging/sites-enabled:
I've tried to configure using this doc: http://nginx.org/en/docs/http/request_processing.html
default
server {
listen 80;
server_name "";
return 444;
}
server {
listen 443 ssl http2 default_server;
server_name _;
ssl_certificate ....
ssl_certificate_key .....
add_header Strict-Transport-Security 'max-age=31536000';
return 444;
}
domain1
server{
listen 80;
server_name domain1;
return 301 https://$server_name;
}
server {
server_name domain1;
listen 443 ssl;
..................
}
but when tried to get access using server IP nginx redirect to domain1. please help what's wrong here. I'd like to deny access by IP to sites and leave only requests with domain name
I want do redirect all requests from my.domain.de to my.domain.com, including rewriting http to https.
The redirection only works with http://my.domain.de which is redirected to https://my.domain.com which is the goal.
When I call https://my.domain.de, it is not redirected.
But when I try to access my.domain.com or http://my.domain.com, the redirect to https scheme fails. Strange, because I used the same rewrite rule for my.domain.de before switching to .com domain and it worked.
Here is my nginx.conf file:
# my.domain.de
server {
listen 80;
server_name my.domain.de;
return 301 https://my.domain.com$request_uri;
}
# my.domain.com
server {
listen 80;
listen 443;
ssl on;
ssl_certificate /path/to/cert;
ssl_certificate_key /path/to/key;
server_name my.domain.com;
# Url rewrite does not seem to work:
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
}
EDIT:
Formerly I wrote that the redirect from everything at the .de domain works. Unfortunately, it only works, if I enter http://my.domain.de or without http://
When I use https://my.domain.de, it get a warning because of invalid certificate. So there is also something wrong in the rewrite rule for my.domain.de.
EDIT2:
Now I re-installed a cert for my.domain.de, so the only problem I have right know is, that http://my.domain.com is not redirected to https.
Edited nginx.conf:
# my.domain.de
server {
listen 80;
listen 443 ssl;
ssl_certificate /path/to/cert.de;
ssl_certificate_key /path/to/key.de;
server_name my.domain.de;
return 301 https://my.domain.com$request_uri;
}
# my.domain.com
server {
listen 80;
listen 443 ssl;
ssl_certificate /path/to/cert.com;
ssl_certificate_key /path/to/key.com;
server_name my.domain.com;
# Url rewrite does not seem to work:
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
}
You have SSL enabled for both port 80 and port 443. The use of ssl on; is deprecated, use the ssl option of the listen directive instead.
Use an explicit default server as a "catch-all" to redirect everything that is not my.domain.com and any http address to https://my.domain.com.
server {
listen 80 default_server;
listen 443 default_server ssl;
ssl_certificate /path/to/domain.de/cert;
ssl_certificate_key /path/to/domain.de/key;
return 301 https://my.domain.com$request_uri;
}
server {
listen 443 ssl;
server_name my.domain.com;
ssl_certificate /path/to/domain.com/cert;
ssl_certificate_key /path/to/domain.com/key;
...
}
Note that one server block uses the old certificate and one server block uses the new certificate.
See this document for more.
As the rewrite does not work for me and I could not set up a default server block because of other servers on the machine, I finally solved the problem by adding two servers, one for port 80 and one for port 443 of my.domain.com. I did not now that this is possible. So this is my new nginx.conf:
# my.domain.de
server {
listen 80;
listen 443 ssl;
ssl_certificate /path/to/cert.de;
ssl_certificate_key /path/to/key.de;
server_name my.domain.de;
return 301 https://my.domain.com$request_uri;
}
# my.domain.com http
server {
listen 80;
server_name my.domain.com;
return 301 https://my.domain.com$request_uri;
}
# my.domain.com https
server {
listen 443 ssl;
ssl_certificate /path/to/cert.com;
ssl_certificate_key /path/to/key.com;
server_name my.domain.com;
}
I'm currently playing around with nginx and am trying to redirect all traffic for e.g. firstdomain.org to seconddomain.org This is working fine with a simple redirect but I now also want it to hand on the URI, the scheme and the subdomain.
E.g.
http(s)://firstdomain.org/ redirects to http(s)://seconddomain.org/,
http(s)://firstdomain.org/test redirects to http(s)://seconddomain.org/test,
http(s)://test.firstdomain.org/ redirects to http(s)://test.seconddomain.org/
and so on..
My current set up is like this:
server {
listen 80;
listen 443 ssl;
server_name ~^(?<sub>\w+)\.firstdomain\.org$, firstdomain.org;
ssl_certificate /path/to/certificate;
ssl_certificate_key /path/to/certificatekety;
location / {
if ($sub = '') {
return 301 $scheme://seconddomain.org$request_uri;
}
return 301 $scheme://$sub.seconddomain.org$request_uri;
}
}
This is redirecting links without subdomain just fine but as soon as it's e.g. http(s)://test.subdomain.org or http(s)://test.subdomain.org/test it does not work anymore.
Is there anything I have missed or is there maybe even an easier way nginx supports to achieve what I want to do?
You can simplify by capturing the . in $sub:
server {
listen 80;
listen 443 ssl;
server_name ~^(?<sub>\w+\.)?firstdomain\.org$;
ssl_certificate /path/to/certificate;
ssl_certificate_key /path/to/certificatekety;
return 301 "$scheme://${sub}seconddomain.org$request_uri";
}
I own a website, like example.com by HTTP. Considering the secure stuff, now I want to change the HTTP to HTTPS. And I hope all the old customers could still be able to visit my website even they use example.com which will be redirect to https via Nginx.
Of course, I googled a lot, then my solution is:
upstream www {
server 127.0.0.1:4000;
}
server {
listen 80;
listen 443 ssl;
server_name localhost www example.com;
ssl on;
ssl_certificate /usr/local/etc/docs/example.crt;
ssl_certificate_key /usr/local/etc/docs/example.key;
if ($ssl_protocol = "") {
rewrite ^ https://$host$request_uri? permanent;
}
# below are some other stuff
# ...
}
But when I visit example.com, I got:
400 Bad Request The plain HTTP request was sent to HTTPS port
Then I change the nginx.conf, after reading Redirect in nginx , and config the error_page by 497:
upstream www {
server 127.0.0.1:4000;
}
server {
listen 80;
listen 443 ssl;
server_name localhost www example.com;
ssl on;
ssl_certificate /usr/local/etc/docs/example.crt;
ssl_certificate_key /usr/local/etc/docs/example.key;
error_page 497 https://$host$request_uri;
# below are some other stuff
# ...
}
Then it works, everything is fine. But I just don't know why and the solution of error_page just seems werid. So
after reading Dealing with nginx 400 “The plain HTTP request was sent to HTTPS port” error, I add the default and remove the ssl on.
upstream www {
server 127.0.0.1:4000;
}
server {
listen 80;
listen 443 default ssl;
server_name localhost www example.com;
ssl on;
ssl_certificate /usr/local/etc/docs/example.crt;
ssl_certificate_key /usr/local/etc/docs/example.key;
if ($ssl_protocol = "") {
rewrite ^ https://$host$request_uri? permanent;
}
# below are some other stuff
# ...
}
Great! It works again. But I am not for sure:
Which solution is correct?
If both correct, which is more friendly for SEO?
Solution 1st is really wired, from http://moz.com/learn/seo/redirection, can find that permanent redirection is more friendly.
server {
listen 80;
server_name www.example.com;
return 301 https://$host$request_uri;
}
server {
listen 443 default ssl;
server_name www example.com;
ssl on;
ssl_certificate /usr/local/etc/docs/example.crt;
ssl_certificate_key /usr/local/etc/docs/example.key;
# below are some other stuff
# ...
}