B
B
b4rret2020-12-15 14:19:12
linux
b4rret, 2020-12-15 14:19:12

Why is there a redirect to the wrong protocol?

There is the following config. When accessing https://site.ru/path/ , the server sends a response with a header, i.e. to http and not to https
Location: http://site.ru/api/path

server {
        server_name site.ru www.site.ru;
        charset off;
        index index.php index.html;
        disable_symlinks if_not_owner from=$root_path;
        include /etc/nginx/vhosts-includes/*.conf;
        include /etc/nginx/vhosts-resources/site.ru/*.conf;
        access_log /var/www/httpd-logs/site.ru.access.log;
        error_log /var/www/httpd-logs/site.ru.error.log notice;
        ssi on;
        set $root_path /var/www/www-root/data/www/site.ru/public;
        root $root_path;
        location / {
                location ~ [^/]\.ph(p\d*|tml)$ {
                        try_files /does_not_exists @fallback;
                }
                location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf)$ {
                        try_files $uri $uri/ @fallback;
                }
                location / {
                        try_files /does_not_exists @fallback;
                }
        }
        location @fallback {
                proxy_pass http://127.0.0.1:8080;
                proxy_redirect http://127.0.0.1:8080 /;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Forwarded-Port $server_port;
                access_log off;
        }
        return 301 https://$host:443$request_uri;
        listen 194.67.110.127:80 default_server;
        listen [2a00:f940:2:1:2:0:1:53a3]:80 default_server;
}
server {
        server_name site.ru www.site.ru;
        ssl_certificate "/var/www/httpd-cert/www-root/site.ru REG.RU.crtca";
        ssl_certificate_key "/var/www/httpd-cert/www-root/site.ru REG.RU.key";
        ssl_ciphers EECDH:+AES256:-3DES:RSA+AES:!NULL:!RC4;
        ssl_prefer_server_ciphers on;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        add_header Strict-Transport-Security "max-age=31536000;";
        ssl_dhparam /etc/ssl/certs/dhparam4096.pem;
        charset off;
        index index.php index.html;
        disable_symlinks if_not_owner from=$root_path;
        include /etc/nginx/vhosts-includes/*.conf;
        include /etc/nginx/vhosts-resources/site.ru/*.conf;
        access_log /var/www/httpd-logs/site.ru.access.log;
        error_log /var/www/httpd-logs/site.ru.error.log notice;
        ssi on;
        set $root_path /var/www/www-root/data/www/site.ru/public;
        root $root_path;
        location / {
                location ~ [^/]\.ph(p\d*|tml)$ {
                        try_files /does_not_exists @fallback;
                }
                location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf)$ {
                        try_files $uri $uri/ @fallback;
                }
                location / {
                        try_files /does_not_exists @fallback;
                }
        }
        location @fallback {
                proxy_pass http://127.0.0.1:8080;
                proxy_redirect http://127.0.0.1:8080 /;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Forwarded-Port $server_port;
                access_log off;
        }
        listen 194.67.110.127:443 ssl default_server;
        listen [2a00:f940:2:1:2:0:1:53a3]:443 ssl default_server;
}

Answer the question

In order to leave comments, you need to log in

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question