L
L
Lesha Kiselev2014-08-29 11:36:00
Nginx
Lesha Kiselev, 2014-08-29 11:36:00

Why does nginx automatically redirect http to https?

There is nginx config:

server {
        listen 80 default;
        root /var/www/....;
        index index.php index.html index.htm;
        server_name site.com;

        location / {
                try_files $uri $uri/ =404;
        }

        location ~ \.php$ {
                add_header 'Access-Control-Allow-Origin' '*';
                add_header 'Access-Control-Allow-Methods' 'POST, GET, OPTIONS';
                add_header 'Access-Control-Max-Age' 1728000;

                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_index index.php;
                include fastcgi_params;
        }
}

server {
        listen 443 ssl;
        root /var/www/....;
        index index.php index.html index.htm;
        server_name site.com;

        ##
        # SSL
        ##
        ssl_certificate     /usr/local/ssl/sert.crt;
        ssl_certificate_key /usr/local/ssl/private.key;
        ssl_session_timeout 5m;
        ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
        ssl_prefer_server_ciphers on;
        keepalive_timeout   60;
        add_header Strict-Transport-Security 'max-age=604800';

        location / {
                try_files $uri $uri/ =404;
        }

        location ~ \.php$ {
                add_header 'Access-Control-Allow-Origin' '*';
                add_header 'Access-Control-Allow-Methods' 'POST, GET, OPTIONS';
                add_header 'Access-Control-Max-Age' 1728000;

                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_param HTTPS on;
                fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_index index.php;
                include fastcgi_params;
        }
}

When you go to http://my.site.com , there is an automatic redirect to https://my.site.com , but I didn't set it up or code it. What could be the problem? Or maybe I made a mistake with the config?

Answer the question

In order to leave comments, you need to log in

4 answer(s)
V
Vlad Zhivotnev, 2014-08-29
@Yakud

add_header Strict-Transport-Security 'max-age=604800';

What did you expect? )
Once a browser visits this host via https, it will no longer access it via http due to the received Strict-Transport-Security header (translated as "always use HTTPS to communicate with this site").
How to reset it in the browser, by the way, hell knows - clearing the cache does not help.

K
kompi, 2014-08-29
@kompi

There are no redirects in this config, look in your php/js scripts for redirects.
PS I hope you don't forget to restart the server after changing the configs.

R
Random_var, 2014-08-29
@Random_var

RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Is there something similar in .htacces?

V
Valentine, 2014-08-29
@vvpoloskin

Because the config is not written like that) You should have listen 80 and listen 443 for each server, and specify redirect there. Rather write, but it is not logical. It's not clear what happens if you specify different server_names. And now it's fashionable to redirect using HTTP-Strict-Transport-Security

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question