Enable SSL for a specific directory?

luislavena · November 19, 2011, 7:47pm

Hi,

I’m trying to enable SSL for a specific directory only. In other words,
the / directory is not encrypted, while the /protected is.

server {
listen 192.168.1.2:80 default_server;
server_name www.domain.com;
root /var/www/html;

location / {
try_files $uri $uri/ index.php?q=$uri&$args;
}

location /protected/ {
rewrite ^ https://www.domain.com$request_uri? permanent;
}

…
}

server {
listen 192.168.1.2:443 ssl;
server_name www.domain.com;
root /var/www/html;

location / {
rewrite ^ http://www.domain.com$request_uri? permanent;
}

location /protected/ {
try_files $uri $uri/ /index.php?q=$uri&$args;
}

…
}

Right now, I get a slashed https into browser, with the message:
Your connection to www.domain.com is encrypted with 256-bit encryption.
However, this page includes other resources which are not secure. These
resources can be viewed by others while in transit and can be modified
by an attacker to change the behavior of the page.

The /protected directory is a “virtual” one that does not exist in
reality. It is created by /index.php with some SEO technique.
In real life, the URL format is: index.php?protected

Thanks for your help.

Posted at Nginx Forum:

teck · November 19, 2011, 10:01pm

Hello!

On Sat, Nov 19, 2011 at 01:46:54PM -0500, TECK wrote:

[…]

Right now, I get a slashed https into browser, with the message:
Your connection to www.domain.com is encrypted with 256-bit encryption.
However, this page includes other resources which are not secure. These
resources can be viewed by others while in transit and can be modified
by an attacker to change the behavior of the page.

This is because reply from the protected page includes links to
unprotected resources (most likely some javascript files). You
have to load other resources from https as well.

Maxim D.

teck · November 19, 2011, 11:34pm

On 19 Nov 2011 18h46 WET, [email protected] wrote:

location / {

location /protected/ {
try_files $uri $uri/ /index.php?q=$uri&$args;
}

…
}

Define a vhost for SSL that has all the same locations, meaning static
resources and such. Then do on the HTTP host.

location ^~ /protected {
return 301 http://www.domain.com$request_uri;
}

On the SSL host:

location / {
return 301 http://www.domain.com$request_uri;
}

location ^~ /protected {
try_files $uri $uri/ /index.php?q=$uri&$args;
}

— appa

teck · November 21, 2011, 2:15pm

Actually, in my case the fix was to add:
fastcgi_param HTTPS on;

Posted at Nginx Forum: