Nginx HTTP to HTTPS 301 loop redirect - nginx

I need to make HTTP->HTTPS redirection for whole site, but every time I get error message with 301 loop redirection. Please correct my conf to not get 301 error.Here is my conf file:
upstream live {
server IP:PORT;
}
server {
listen 80 default;
server_name mysite.com;
access_log off;
error_log off;
root /usr/share/nginx/html/;
index index.html index.htm;
return 301 https://$host$request_uri;
}
server {
listen 443;
root /usr/share/nginx/html/;
index index.html index.htm;
rewrite_log on;
server_name mysite.com;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log debug;
client_max_body_size 200m;
location / {
index index.html index.htm;
try_files $uri $uri/ /index.html?$uri&$args;
}
location /web {
proxy_pass https://live/gateway/web;
proxy_set_header "MP_FRONT" aaa;
proxy_pass_request_headers on;
}
}

Just try to replace first server JSON like below
server {
listen 80;
listen [::]:80 default_server ipv6only=on;
server_name example.com;
return 301 https://www.example.com$request_uri;
}
please, try and let me know its working for you or not

Related

nginx/lets-encrypt: multiple SSL domains with the same webserver configuration

I manage a dozen or so domains with SSL certs that I have generated via lets-encrypt, and I use nginx to manage the web services for these domains.
It turns out that all of these domains need to have the same nginx configuration: i.e., the same location blocks, the same root, the same site parameters, etc.
The only thing which differs for each domain are the settings for ssl_certificate, ssl_certificate_key, and ssl_trusted_certificate.
The way I have handled this is to have a dozen or so server {} blocks within my nginx configuration, each of them containing almost the same data, except for those three SSL parameters.
For example ...
server {
error_log /var/log/nginx/error.log debug;
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl http2;
server_name example-domain0.com;
ssl_certificate /etc/letsencrypt/live/example-domain0.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example-domain0.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/example-domain0.com/chain.pem;
ssl_session_cache shared:SSL:128m;
add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
ssl_stapling on;
ssl_stapling_verify on;
root /usr/share/nginx/html;
index index.php index.html index.htm;
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
location / {
try_files $uri $uri/ =404;
}
location ~ \.json {
add_header Content-Type text/plain;
}
location ~ ^/(t)($|/.*) {
alias $1$2;
include uwsgi_params;
uwsgi_pass unix:/var/run/uwsgi/flask/$1.sock;
}
location ~ ^/(css|static|hm|cy|img|sq|rc|rl|oc|m|js)($|/.*) {
root /usr/share/nginx;
}
location ~ ^/(junk)($|/.*) {
root /usr/share/nginx/html;
allow all;
autoindex on;
}
location ~ \.php$ {
include phpsite_params;
}
}
server {
error_log /var/log/nginx/error.log debug;
listen 80;
listen [::]:80;
listen 443 ssl http2;
server_name example-domain1.com;
ssl_certificate /etc/letsencrypt/live/example-domain1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example-domain1.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/example-domain01.com/chain.pem;
ssl_session_cache shared:SSL:128m;
add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
ssl_stapling on;
ssl_stapling_verify on;
root /usr/share/nginx/html;
index index.php index.html index.htm;
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
location / {
try_files $uri $uri/ =404;
}
location ~ \.json {
add_header Content-Type text/plain;
}
location ~ ^/(t)($|/.*) {
alias $1$2;
include uwsgi_params;
uwsgi_pass unix:/var/run/uwsgi/flask/$1.sock;
}
location ~ ^/(css|static|hm|cy|img|sq|rc|rl|oc|m|js)($|/.*) {
root /usr/share/nginx;
}
location ~ ^/(junk)($|/.*) {
root /usr/share/nginx/html;
allow all;
autoindex on;
}
location ~ \.php$ {
include phpsite_params;
}
}
... and then a dozen or so blocks for example-domain2.com, example-domain3.com, etc. which are identical except for the domain names and the values of those SSL parameters.
This causes lots of problems if I ever want to make site configuration changes, because then I have to make identical changes in more than a dozen places within this configuration file, and sometimes that leads to errors.
Since each SSL domain requires its own ssl_certificate, ssl_certificate_key, and ssl_trusted_certificate, I'd like to create smaller server {} blocks with only that SSL configuration info, and then factor out the other, common configuration information and only keep it in one place.
Is that possible?
Thank you very much in advance.
Oh, I didn't realize that I could use the include directive outside of a location block.
The solution to my problem is this:
server {
error_log /var/log/nginx/error.log debug;
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl http2;
server_name example-domain0.com;
ssl_certificate /etc/letsencrypt/live/example-domain0.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example-domain0.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/example-domain0.com/chain.pem;
include common/site-parms.conf;
}
server {
error_log /var/log/nginx/error.log debug;
listen 80;
listen [::]:80;
listen 443 ssl http2;
server_name example-domain1.com;
ssl_certificate /etc/letsencrypt/live/example-domain1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example-domain1.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/example-domain1.com/chain.pem;
include common/site-parms.conf;
}
... and another dozen similar server {} blocks, with all the common stuff contained in /etc/nginx/common/site-parms.conf.

Nginx HTTPS SSL redirection doesn't work in Ubuntu 18.04

I've tired to configure an Nginx server with SSL but the site is not open but with https:// it's open normally.
Here is my Nginx configuration:
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
client_max_body_size 20M;
root /var/www/mysite.in/site;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm;
server_name _;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# pass PHP scripts to FastCGI server
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
}
listen 443;
listen [::]:443;
server_name www.mysite.com;
#ssl on;
ssl_certificate /etc/nginx/ssl/mysite.com.chained.crt;
ssl_certificate_key /etc/nginx/ssl/main_private.key;
}
The SSL was generated in GoDaddy, I've found lots of solutions, but so far none of them are working.
How can I resolve this error?
You have to create two servers(http and https) in your config and create redirect from http to https:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name www.mysite.com;
return 301 https://$host$request_uri;
}
server {
listen 443;
listen [::]:443;
server_name www.mysite.com;
client_max_body_size 20M;
root /var/www/mysite.in/site;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm;
server_name _;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# pass PHP scripts to FastCGI server
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
}
ssl on;
ssl_certificate /etc/nginx/ssl/mysite.com.chained.crt;
ssl_certificate_key /etc/nginx/ssl/main_private.key;
}

nginx - Disable HTTPS redirection for specific URL

I have nginx setup to redirect all HTTP requests to HTTPS like so:
# Redirect every request to HTTPS...
server {
listen 80;
listen [::]:80;
server_name .sub.example.com;
return 301 https://$host$request_uri;
}
I have a requirement for a specific route to not be forced to HTTPS /iot/{token}/weather.
I tried updating the nginx config like so:
# Redirect every request to HTTPS...
server {
listen 80;
listen [::]:80;
location ~* ^/iot/[0-9a-z]/weather$ {
break;
}
server_name .sub.example.com;
return 301 https://$host$request_uri;
}
However the HTTP request was still being forced to HTTPS.
So I tried doing this:
# Redirect every request to HTTPS...
server {
listen 80;
listen [::]:80;
server_name .sub.example.com;
location ~* ^/iot/[0-9a-z]/weather$ {
break;
}
location / {
return 301 https://$host$request_uri;
}
}
However this still isn't working.
The above is the only file imported in the before section below:
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/sub.example.com/before/*;
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name sub.example.com;
root /home/forge/sub.example.com/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/sub.example.com/467330/server.crt;
ssl_certificate_key /etc/nginx/ssl/sub.example.com/467330/server.key;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/sub.example.com/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/sub.example.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/sub.example.com/after/*;
I'd appreciate some help setting this up so that I can specify a URL to match that should not be redirected to HTTPS and then have all other URLs redirect to HTTPS.

In Nginx, I want to redirect the sub-domain request with request-uri to sub-domain but if there is no request-uri in it should redirect to main domain

My problem statement :
my domain : example.com
sub-domain : main.example.com
when we will access:
1. http://main.example.com/xyz or https://main.example.com/xyz :
It must be redirect to https://main.example.com/xyz
http://main.example.com or https://main.example.com :
It must be redirect to https://www.example.com
I am using nginx. What will be configuration file for Nginx server?
My current setting is :
server{
listen 443;
ssl on;
ssl_certificate /var/www/html/demo.crt;
ssl_certificate_key /var/www/html/demo.key;
server_name main.example.com$request_uri;
location / {
root /var/www/html;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
}
server {
listen 80;
server_name main.example.com$request_uri;
return 301 https://main.example.com$request_uri;
}
server {
listen 80;
server_name main.example.com;
return 301 https://www.example.com;
}
server {
listen 443;
server_name main.example.com;
return 301 https://www.example.com;
}
Try
server{
listen 80;
listen 443 ssl;
server_name main.example.com;
ssl_certificate /var/www/html/demo.crt;
ssl_certificate_key /var/www/html/demo.key;
location / {
proxy_pass https://www.example.com;
}
location ~ ^(/.+) {
return 301 https://main.example.com$1;
}
}
http://nginx.org/en/docs/http/configuring_https_servers.html#single_http_https_server

Redirect all requests to https [duplicate]

I am trying to redirect all my traffic from http to https automatically. How can i do a 301 redirect to all my domain and subdomains?
This is NGINX Config file
upstream app_server {
server unix:/run/DigitalOceanOneClick/unicorn.sock fail_timeout=0;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name sprintsocial.io app.sprintsocial.io admin.sprintsocial.io;
# return 301 https://$server_name$request_uri;
}
server {
#listen 80;
listen 443;
root /home/rails/sprintsocial/public;
#server_name _;
server_name sprintsocial.io app.sprintsocial.io admin.sprintsocial.io;
ssl on;
ssl_certificate /home/sprintsocial.io.chained.crt;
ssl_certificate_key /home/sprintsocial.io.key;
index index.htm index.html;
# return 301 https://$server_name$request_uri;
# rewrite ^/(.*) https://app.sprintsocial.io/$1 permanent;
# rewrite ^/(.*) https://admin.sprintsocial.io/$1 permanent;
location / {
try_files $uri/index.html $uri.html $uri #app;
}
location ~* ^.+\.(jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|mp3|flv|mpeg|avi)$ {
try_files $uri #app;
}
location #app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_server;
}
}
The default server will accept http connections for any server name (without an explicit server block). Use the $host variable to determine the name of the requested domain.
server {
listen 80 default_server;
listen [::]:80 default_server;
return 301 https://$host$request_uri;
}
See this document for more.

Resources