Answer the question
In order to leave comments, you need to log in
D
D
Dmitry Sonko2014-02-04 09:21:48
Dmitry Sonko, 2014-02-04 09:21:48
Hosts in nginx with ssl?
There is a site where SSL is forcibly enabled, an example config:
server {
listen 80 default_server;
listen 443 default_server ssl;
server_name www.site.com site.com;
access_log /var/www/site.com/logs/nginx.access_log;
error_log /var/www/site.com/logs/nginx.error_log;
if ($scheme != 'https') {
rewrite ^/(.*)$ https://$host/$1 permanent;
}
if ($host != 'site.com') {
rewrite ^/(.*)$ https://site.com/$1 permanent;
}
#fix for error 400 Bad Request\nThe plain HTTP request was sent to HTTPS port
error_page 497 https://$host:443$request_uri;
root /var/www/site.com/public_html;
index index.html index.htm;
ssl on;
ssl_certificate /etc/nginx/ssl/site.com.compiled.crt;
ssl_certificate_key /etc/nginx/ssl/site.com.key;
#ssl_session_timeout 5m;
#ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
#ssl_prefer_server_ciphers on;
location / {
try_files $uri $uri/ =404;
fastcgi_param HTTPS on;
}
}server {
listen 80;
server_name dev.site.com www.dev.site.com;
access_log /var/www/dev.site.com/logs/nginx.access_log;
error_log /var/www/dev.site.com/logs/nginx.error_log;
if ($host != 'dev.site.com') {
rewrite ^/(.*)$ http://dev.site.com/$1 permanent;
}
# error_page 497 http://$host$request_uri;
root /var/www/dev.site.com/public_html;
index index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
} 2 answer(s)
@SonkoDmitry
and second, test host
@sergiks
Write the same for the test.
D
Dmitry Sonko, 2014-02-04 @SonkoDmitry
It turned out to solve the problem with the following config:
site.com - only https
server {
listen 80 default_server;
server_name www.site.com site.com;
access_log /var/www/site.com/logs/nginx.access_log;
error_log /var/www/site.com/logs/nginx.error_log;
return 301 https://site.com$request_uri;
}
server {
listen 443 ssl;
server_name www.site.com;
access_log /var/www/site.com/logs/nginx.access_log;
error_log /var/www/site.com/logs/nginx.error_log;
ssl on;
ssl_certificate /etc/nginx/ssl/site.com.compiled.crt;
ssl_certificate_key /etc/nginx/ssl/site.com.key;
return 301 https://site.com$request_uri;
}
server {
listen 443 default_server ssl;
server_name site.com;
access_log /var/www/site.com/logs/nginx.access_log;
error_log /var/www/site.com/logs/nginx.error_log;
root /var/www/site.com/public_html;
index index.html index.htm;
ssl on;
ssl_certificate /etc/nginx/ssl/site.com.compiled.crt;
ssl_certificate_key /etc/nginx/ssl/site.com.key;
location / {
try_files $uri $uri/ =404;
fastcgi_param HTTPS on;
}
}and second, test host
server {
listen 443 ssl;
server_name www.dev.site.com dev.site.com;
access_log /var/www/dev.site.com/logs/nginx.access_log;
error_log /var/www/dev.site.com/logs/nginx.error_log;
return 301 http://dev.site.com$request_uri;
}
server {
listen 80;
server_name www.dev.site.com;
access_log /var/www/dev.site.com/logs/nginx.access_log;
error_log /var/www/dev.site.com/logs/nginx.error_log;
return 301 http://dev.site.com$request_uri;
}
server {
listen 80;
server_name dev.site.com;
access_log /var/www/dev.site.com/logs/nginx.access_log;
error_log /var/www/dev.site.com/logs/nginx.error_log;
root /var/www/dev.site.com/public_html;
index index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
}S
Sergey Sokolov, 2014-02-04 @sergiks
Blocks with if{...} are evil. For only SSL and only without www, write auxiliary redirects in separate configs:
# Ловит всех по http
server {
listen 80;
server_name site.com www.site.com;
return 301 https://site.com$request_uri;
}
# Только https, с лишним www.
server {
listen 443 ssl;
server_name www.site.com;
return 301 https://site.com$request_uri;
}Write the same for the test.
Similar questions
T
G
N
T
V
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question