Forum: NGINX redirect from http to https

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Steve Z. (Guest)
on 2009-03-08 22:28
Hi

I'm trying to redirect all income request from http to https:  i've
tried the rewrite module , but i always got the redirect in a loop
issue. please help.


server {
        listen       80;
        server_name  www.domain.com domain.com;
       rewrite     ^(.*)  https://$server_name$1 permanent;

       '''''''
       }

 server {
        listen       443;
        server_name  www.domain.com domain.com;
        .....
        }



Thank You.
Grzegorz N. (Guest)
on 2009-03-09 00:52
(Received via mailing list)
On Sun, Mar 08, 2009 at 09:28:46PM +0100, Steve Z. wrote:
> Hi
>
> I'm trying to redirect all income request from http to https:  i've
> tried the rewrite module , but i always got the redirect in a loop
> issue. please help.

You need to enable SSL on port 443.

>         listen       443;
>         server_name  www.domain.com domain.com;

+    ssl_certificate /path/to/server.crt;
+    ssl_certificate_key /path/to/server.key;
+    ssl on;

>         .....
>         }

Best regards,
 Grzegorz N. (replying by diffs is fun! ;))
Steve Z. (Guest)
on 2009-03-09 01:04
Hi, thanks for the reply, i enable SSL on port 443, i just didn't paste
it.  Here is a more complete version.  if i use https://domain.com, it
works no problem, just when i tried to redirect from http to https, it
went into a redirect loop..

 server {
        listen       80;
        server_name  www.domain.com domain.com;
       rewrite     ^(.*)  https://$server_name$1 permanent;


location / {

                 # needed for HTTPS
                 proxy_set_header  X-Real-IP  $remote_addr;
                 proxy_set_header  X-Forwarded-For
$proxy_add_x_forwarded_for;
                 proxy_set_header Host $http_host;
        }
}

 server {
        listen       443;
        server_name  www.domain.com domain.com;

        ssl                  on;
        ssl_certificate      /path/myssl.crt;
        ssl_certificate_key  /path/myssl.key;

        ssl_session_timeout  5m;



 location / {
      proxy_pass  http://mysvr;
   }
}


Thank You




Grzegorz N. wrote:
> On Sun, Mar 08, 2009 at 09:28:46PM +0100, Steve Z. wrote:
>> Hi
>>
>> I'm trying to redirect all income request from http to https:  i've
>> tried the rewrite module , but i always got the redirect in a loop
>> issue. please help.
>
> You need to enable SSL on port 443.
>
>>         listen       443;
>>         server_name  www.domain.com domain.com;
>
> +    ssl_certificate /path/to/server.crt;
> +    ssl_certificate_key /path/to/server.key;
> +    ssl on;
>
>>         .....
>>         }
>
> Best regards,
>  Grzegorz N. (replying by diffs is fun! ;))
mike (Guest)
on 2009-03-09 01:23
(Received via mailing list)
On Sun, Mar 8, 2009 at 3:04 PM, Steve Z. <removed_email_address@domain.invalid> 
wrote:
> Hi, thanks for the reply, i enable SSL on port 443, i just didn't paste
> it.  Here is a more complete version.  if i use https://domain.com, it
> works no problem, just when i tried to redirect from http to https, it
> went into a redirect loop..

i don't see why it would be (first off)

try using lynx -mime_header http://foo.com/ and see what it says. i do
http to https all the time without an issue. you need to inspect the
headers and what is happening on the client side. firebug for firefox
or fiddler even could help too.

why do you have this chunk? these headers are being sent to the
upstream and there is no upstream.

> location / {
>
>                 # needed for HTTPS
>                 proxy_set_header  X-Real-IP  $remote_addr;
>                 proxy_set_header  X-Forwarded-For
> $proxy_add_x_forwarded_for;
>                 proxy_set_header Host $http_host;
>        }
> }

>
>
>  location / {
>      proxy_pass  http://mysvr;

this would be where you would put the proxy_set_headers
Steve Z. (Guest)
on 2009-03-09 02:08
Hi mike, i have a upstream portion:

upstream mysvr   {
        server 127.0.0.1 weight=1;
}


Is there other things i'm missing besides rewrite module to do the
redirect from http to https?  I'm still new to nginx. any help is
appreciated.. Thank You



mike wrote:
> On Sun, Mar 8, 2009 at 3:04 PM, Steve Z. <removed_email_address@domain.invalid> wrote:
>> Hi, thanks for the reply, i enable SSL on port 443, i just didn't paste
>> it.  Here is a more complete version.  if i use https://domain.com, it
>> works no problem, just when i tried to redirect from http to https, it
>> went into a redirect loop..
>
> i don't see why it would be (first off)
>
> try using lynx -mime_header http://foo.com/ and see what it says. i do
> http to https all the time without an issue. you need to inspect the
> headers and what is happening on the client side. firebug for firefox
> or fiddler even could help too.
>
> why do you have this chunk? these headers are being sent to the
> upstream and there is no upstream.
>
>> location / {
>>
>>                 # needed for HTTPS
>>                 proxy_set_header  X-Real-IP  $remote_addr;
>>                 proxy_set_header  X-Forwarded-For
>> $proxy_add_x_forwarded_for;
>>                 proxy_set_header Host $http_host;
>>        }
>> }
>
>>
>>
>>  location / {
>>      proxy_pass  http://mysvr;
>
> this would be where you would put the proxy_set_headers
mike (Guest)
on 2009-03-09 03:55
(Received via mailing list)
your proxy_set_header stuff would go where you proxy things, not on
your redirection

your http to https should be a simple

 server {
       listen       80;
       server_name  www.domain.com domain.com;
      rewrite     ^(.*)  https://$server_name$1 permanent;
}

this is literally one i have working flawlessly (just changed the
domain):

        server {
                listen 80;
                server_name foo.com bar.com;
                rewrite ^/(.*) https://foo.com/$1 permanent;
        }
Steve Z. (Guest)
on 2009-03-09 05:43
Thanks mike, it's working now, but i encounter another problem, every
time i visited the website, it had so many log entries, like few hundred
of them. all from the same ip address.  Any ideas?

thank you


mike wrote:
> your proxy_set_header stuff would go where you proxy things, not on
> your redirection
>
> your http to https should be a simple
>
>  server {
>        listen       80;
>        server_name  www.domain.com domain.com;
>       rewrite     ^(.*)  https://$server_name$1 permanent;
> }
>
> this is literally one i have working flawlessly (just changed the
> domain):
>
>         server {
>                 listen 80;
>                 server_name foo.com bar.com;
>                 rewrite ^/(.*) https://foo.com/$1 permanent;
>         }
mike (Guest)
on 2009-03-09 06:27
(Received via mailing list)
a) is debugging on ?

b) maybe you're getting flooded, or you're popular somehow?

c) is it a search engine crawler, or some application like it? i've
been flooded with a bunch of requests per minute for weeks before we
noticed someone was hitting our website for no good reason...
Steve Z. (Guest)
on 2009-03-10 01:42
No, only myself are testing the site, when i visiting the site, somehow
it generates so many log entries at the same time....

127.0.0.1 - main [09/Mar/2009:23:36:52 +0000] "GET /favicon.ico
HTTP/1.1" 302 161 "-" "Mozilla/5.0 (X11; U; Linux
 i686; en-US; rv:1.9b5) Gecko/2008041514 Firefox/3.0b5"
127.0.0.1 - main [09/Mar/2009:23:36:52 +0000] "GET /favicon.ico
HTTP/1.1" 302 161 "-" "Mozilla/5.0 (X11; U; Linux
 i686; en-US; rv:1.9b5) Gecko/2008041514 Firefox/3.0b5"
127.0.0.1 - main [09/Mar/2009:23:36:52 +0000] "GET /favicon.ico
HTTP/1.1" 302 161 "-" "Mozilla/5.0 (X11; U; Linux
 i686; en-US; rv:1.9b5) Gecko/2008041514 Firefox/3.0b5"
127.0.0.1 - main [09/Mar/2009:23:36:52 +0000] "GET /favicon.ico
HTTP/1.1" 302 161 "-" "Mozilla/5.0 (X11; U; Linux
 i686; en-US; rv:1.9b5) Gecko/2008041514 Firefox/3.0b5"



mike wrote:
> a) is debugging on ?
>
> b) maybe you're getting flooded, or you're popular somehow?
>
> c) is it a search engine crawler, or some application like it? i've
> been flooded with a bunch of requests per minute for weeks before we
> noticed someone was hitting our website for no good reason...
mike (Guest)
on 2009-03-10 02:01
(Received via mailing list)
no clue, maybe there's multiple access log directives and each one is
active

i'd have to defer to igor to answer/ask the better questions
Steve Z. (Guest)
on 2009-03-10 02:13
one more question, now the website can be redirect to https if i enter
http://domain.com/newpage.html, but i don't know somehow if i only enter
http://domain.com/,  but doesn't redirect and outputs and redirect loop
error.




mike wrote:
> no clue, maybe there's multiple access log directives and each one is
> active
>
> i'd have to defer to igor to answer/ask the better questions
Dave C. (Guest)
on 2009-03-10 07:43
(Received via mailing list)
curl -I http://yoursite/favicon.ico

I wouldn't be supprised if you're generating a redirect from
/favicon.ico to
favicon.ico.

Cheers

Dave


mike writes:
Steve Z. (Guest)
on 2009-03-10 20:02
I didn't redirect from /favicon.ico, i think this happens when it goes
into a loop, let's say if i enter the http://domain.com/status,  the log
will show as
127.0.0.1 - main [09/Mar/2009:23:36:52 +0000] "GET /status
HTTP/1.1" 302 161 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b5)
Gecko/2008041514 Firefox/3.0b5"

Only when i enter http://domain.com/  will show  "/favicon.co" in the
log.

127.0.0.1 - main [09/Mar/2009:23:36:52 +0000] "GET /favicon.ico
HTTP/1.1" 302 161 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b5)
Gecko/2008041514 Firefox/3.0b5"


Dave C. wrote:
> curl -I http://yoursite/favicon.ico
>
> I wouldn't be supprised if you're generating a redirect from
> /favicon.ico to
> favicon.ico.
>
> Cheers
>
> Dave
>
>
> mike writes:
Igor S. (Guest)
on 2009-03-10 21:07
(Received via mailing list)
On Tue, Mar 10, 2009 at 07:02:57PM +0100, Steve Z. wrote:

> 127.0.0.1 - main [09/Mar/2009:23:36:52 +0000] "GET /favicon.ico
> HTTP/1.1" 302 161 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b5)
> Gecko/2008041514 Firefox/3.0b5"

Could you create a debug log:

./configure  --with-debug ...

nginx.conf:

error_log  /path/to/log  debug;
Steve Z. (Guest)
on 2009-03-10 21:51
42 entries were logged...

*1 "^/(.*)" matches "/", client: 10.10.10.10, server: www.domain.com,
request: "GET / HTTP/1.1", host: "www.domain.com"
2009/03/10 15:40:31 [notice] 15197#0: *1 rewritten redirect:
"https://www.domain.com/", client: 10.10.10.10, server: www.domain.com,
request: "GET / HTTP/1.1", host: "www.domain.com"
2009/03/10 15:40:32 [notice] 15197#0: *4 "^/(.*)" matches "/", client:
127.0.0.1, server: www.domain.com, request: "GET / HTTP/1.0", host:
"www.domain.com"
2009/03/10 15:40:32 [notice] 15197#0: *4 rewritten redirect:
"https://www.domain.com/", client: 127.0.0.1, server: www.domain.com,
request: "GET / HTTP/1.0", host: "www.domain.com"
2009/03/10 15:40:32 [notice] 15197#0: *6 "^/(.*)" matches "/", client:
127.0.0.1, server: www.domain.com, request: "GET / HTTP/1.0", host:
"www.domain.com"
2009/03/10 15:40:32 [notice] 15197#0: *6 rewritten redirect:
"https://domain.com/", client: 127.0.0.1, server: www.domain.com,
request: "GET / HTTP/1.0", host: "www.domain.com"
2009/03/10 15:40:32 [notice] 15197#0: *8 "^/(.*)" matches "/", client:
127.0.0.1, server: www.domain.com, request: "GET / HTTP/1.0", host:
"www.domain.com"
2009/03/10 15:40:32 [notice] 15197#0: *8 rewritten redirect:
"https://www.domain.com/", client: 127.0.0.1, server: www.domain.com,
request: "GET / HTTP/1.0", host: "www.domain.com"
2009/03/10 15:40:32 [notice] 15197#0: *10 "^/(.*)" matches "/", client:
127.0.0.1, server: www.domain.com, request: "GET / HTTP/1.0", host:
"www.domain.com"
2009/03/10 15:40:32 [notice] 15197#0: *10 rewritten redirect:
"https://www.domain.com/", client: 127.0.0.1, server: www.domain.com,
request: "GET / HTTP/1.0", host: "www.domain.com"
2009/03/10 15:40:33 [notice] 15197#0: *12 "^/(.*)" matches "/", client:
127.0.0.1, server: www.domain.com, request: "GET / HTTP/1.0", host:
"www.domain.com"

.........

2009/03/10 15:40:36 [notice] 15197#0: *42 rewritten redirect:
"https://www.domain.com/", client: 127.0.0.1, server: www.domain.com,
request: "GET / HTTP/1.0", host: "www.domain.com"





Igor S. wrote:
> On Tue, Mar 10, 2009 at 07:02:57PM +0100, Steve Z. wrote:
>
>> 127.0.0.1 - main [09/Mar/2009:23:36:52 +0000] "GET /favicon.ico
>> HTTP/1.1" 302 161 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b5)
>> Gecko/2008041514 Firefox/3.0b5"
>
> Could you create a debug log:
>
> ./configure  --with-debug ...
>
> nginx.conf:
>
> error_log  /path/to/log  debug;
Igor S. (Guest)
on 2009-03-10 22:35
(Received via mailing list)
On Tue, Mar 10, 2009 at 08:51:23PM +0100, Steve Z. wrote:

> 2009/03/10 15:40:32 [notice] 15197#0: *4 rewritten redirect:
> "www.domain.com"
> 127.0.0.1, server: www.domain.com, request: "GET / HTTP/1.0", host:
> "www.domain.com"
>
> .........
>
> 2009/03/10 15:40:36 [notice] 15197#0: *42 rewritten redirect:
> "https://www.domain.com/", client: 127.0.0.1, server: www.domain.com,
> request: "GET / HTTP/1.0", host: "www.domain.com"

As client address is 127.0.0.1, it seems that your HTTPS proxy_pass

 location / {
      proxy_pass  http://mysvr;
   }

proxies just to your first server:

server {
        listen       80;
        server_name  www.domain.com domain.com;
        rewrite     ^(.*)  https://$server_name$1 permanent;
}

and here is a loop.
This topic is locked and can not be replied to.