Answer the question
In order to leave comments, you need to log in
Why does nginx automatically redirect http to https?
There is nginx config:
server {
listen 80 default;
root /var/www/....;
index index.php index.html index.htm;
server_name site.com;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'POST, GET, OPTIONS';
add_header 'Access-Control-Max-Age' 1728000;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}
server {
listen 443 ssl;
root /var/www/....;
index index.php index.html index.htm;
server_name site.com;
##
# SSL
##
ssl_certificate /usr/local/ssl/sert.crt;
ssl_certificate_key /usr/local/ssl/private.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
keepalive_timeout 60;
add_header Strict-Transport-Security 'max-age=604800';
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'POST, GET, OPTIONS';
add_header 'Access-Control-Max-Age' 1728000;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param HTTPS on;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}
Answer the question
In order to leave comments, you need to log in
add_header Strict-Transport-Security 'max-age=604800';
There are no redirects in this config, look in your php/js scripts for redirects.
PS I hope you don't forget to restart the server after changing the configs.
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Because the config is not written like that) You should have listen 80 and listen 443 for each server, and specify redirect there. Rather write, but it is not logical. It's not clear what happens if you specify different server_names. And now it's fashionable to redirect using HTTP-Strict-Transport-Security
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question