Glen_L
November 8, 2009, 4:44am
1
I have a SSL set up on www.mydomain.com
How can I redirect traffic on mydomain.com to https://www.mydomain.com ?
I’ve tried the following
server {
listen 443 default;
server_name _;
rewrite ^/(.*) https://www.mydomain.com/$1 permanent;
}
server {
listen 443 default;
rewrite ^ https://www.mydomain.com$request_uri?;
}
both not working…
thank’s before
Glen_L
November 8, 2009, 4:50am
2
On Sat, Nov 7, 2009 at 20:37, Glen L. [email protected] wrote:
I have a SSL set up on www.mydomain.com
How can I redirect traffic on mydomain.com to https://www.mydomain.com ?
server {
listen 443 default;
Try port 80…
server {
listen 80;
rewrite ^(.*) https://mydomain.com$1 permanent;
}
Glen_L
November 9, 2009, 6:34pm
3
On Sun, Nov 8, 2009 at 15:25, Glen L. [email protected] wrote:
Ok ill try that.
Why we can’t use the same method for port 443?
I assumed www.mydomain.com and mydomain.com have the same ip address
and hence will go to the same nginx instance. SSL only works with one
ip (unless you are using TLS with the server name stuff) so the server
{ listen 443; } gets traffic for both www.mydomain.com and
mydomain.com . But it needs to redirect when it does not have the www
to www.mydomain.com and also serve the real www.mydomain.com page when
you go to www.mydomain.com . Hence the difference.
Im sure there are other ways to do it, experiment a bit
Glen_L
November 9, 2009, 4:18pm
4
On Sun, Nov 8, 2009 at 03:31, Glen L. [email protected] wrote:
[ please keep the mailing list cc’ed ]
Try port 80…
On port 80 is sucessfull. Is there any way to do that on port 443?
Ahh ok so you want http://mydomain.com and https://mydomain.com to go
to https://www.mydomain.com .
Sure something like:
server {
listen 80;
rewrite (^.*) https://www.mydomain.com$1 permanent;
}
server {
listen 443;
…
if ($host !~ www.mydomain.com) {
rewrite ^(.*) https://www.mydomain.com$1 permanent;
}
}
Glen_L
November 9, 2009, 7:57pm
5
I tried this, but still doesn’t works
Glen_L
November 10, 2009, 2:02am
6
On Sun, Nov 08, 2009 at 05:23:02PM -0700, Alex H. wrote:
to www.mydomain.com and also serve the real www.mydomain.com page when
you go to www.mydomain.com . Hence the difference.
Im sure there are other ways to do it, experiment a bit
Anyway,
server {
listen 443;
server_name mydomain.com;
}
server {
listen 443;
server_name www.mydomain.com;
}
should work as well as
if ($host !~ www.mydomain.com) {
however, using “if” is uneffective way.
Glen_L
November 10, 2009, 2:02am
7
On Mon, Nov 09, 2009 at 08:49:56AM +0700, Glen L. wrote:
I tried this, but still doesn’t works
What do you mean by “doesn’t work” ? Browser shows a warning about
invalid
certificate ? In this case you need two certificates: for
“www.domain.com ”
and “mydomain.com ” and you should configure servers on different IP
addreses.
Or you can use a certificate with two Subject Alternate Names for
“domain.com ” and “www.domain.com ”. Then you may use the certificate in
both server with single IP address.
Glen_L
November 10, 2009, 3:03am
8
On Mon, Nov 9, 2009 at 3:11 PM, Glen L. [email protected]
wrote:
Yes I have a valid ssl for www.mydomain.com . I don’t have a license for mydomain.com
That’s why I want to redirect all traffic goes to mydomain.com to www.mydomain.com
create default ssl block to rewrite everything to www.mydomain.com
Glen_L
November 10, 2009, 4:26am
9
Hello!
On Mon, Nov 09, 2009 at 08:11:23AM +0000, Glen L. wrote:
Yes I have a valid ssl for www.mydomain.com . I don’t have a license for mydomain.com
That’s why I want to redirect all traffic goes to mydomain.com to www.mydomain.com
As long as you have no valid cert for mydomain.com - you can’t
handle requests in this domain without warnings from browsers. No
way.
Maxim D.
Glen_L
November 10, 2009, 2:23am
10
Yes I have a valid ssl for www.mydomain.com . I don’t have a license for
mydomain.com
That’s why I want to redirect all traffic goes to mydomain.com to
www.mydomain.com
Best Regards,
Glen L.
Glen_L
November 10, 2009, 4:32am
11
My question is,
Is that posibble to redirect all the traffic to www?
Best Regards,
Glen L.
Glen_L
November 10, 2009, 4:35am
12
On Mon, Nov 09, 2009 at 10:23:33AM +0000, Glen L. wrote:
My question is,
Is that posibble to redirect all the traffic to www?
With the “*.mydomain.com” certificate the answer is YES.
Glen_L
November 10, 2009, 4:49am
13
On Mon, Nov 09, 2009 at 05:34:11PM +0700, Glen L. wrote:
So I can’t use such a configuration
server {
listen 443;
rewrite (^.*) https://www.mydomain.com$1 permanent; }
?
The following configuration should work:
server {
listen 192.168.1.1:443;
server_name mydomain.com;
ssl on;
ssl_certificate /path/to/wildcard.certifcate;
...
}
server {
listen 192.168.1.1:443;
server_name *.mydomain.com;
ssl on;
ssl_certificate /path/to/wildcard.certifcate;
rewrite ^ https://www.mydomain.com$request_uri? permanent; }
}
Please note, that you should use the same wildcard certifcate in both
servers.
Glen_L
November 10, 2009, 4:41am
14
So I can’t use such a configuration
server {
listen 443;
rewrite (^.*) https://www.mydomain.com$1 permanent; }
?
Glen_L
November 11, 2009, 3:36pm
15
Igor S. Wrote:
?
}
Subject: Re: How to redirect all SSL traffic?
That’s why I want to redirect all traffic
Date: Mon, 9 Nov 2009 10:57:18
shows a warning about
may use the certificate in
On Sun, Nov 8, 2009 at 03:31, Glen L.
Ahh ok so you want http://mydomain.com and
–
Igor S.
Igor Sysoev
Some plain SSL certificates work with both www and non-www without being
a wildcard certificate. I just learned that the $10/year PositiveSSL
that I got free from domain registration at
http://www.namecheap.com/learn/ssl-certificates/free-positive-ssl-certificates.asp
has this feature, although they don’t list it on their website.
server {
listen 443;
server_name mydomain.com ;
rewrite ^ https://www.mydomain.com$request_url permanent;
ssl on;
ssl_certificate /etc/ssl/certs/mydomain.com.crt;
ssl_certificate_key /etc/ssl/private/mydomain.com.key;
}
server {
listen 443;
server_name www.mydomain.com ;
ssl on;
ssl_certificate /etc/ssl/certs/mydomain.com.crt;
ssl_certificate_key /etc/ssl/private/mydomain.com.key;
…
}
Works fine with the cheapo PositiveSSL cert. It looks like some
companies use the feature to upsell you to their premium cert:
http://www.geocerts.com/ssl/quicksslpremium
Posted at Nginx Forum:
Glen_L
November 11, 2009, 4:04pm
16
On Wed, Nov 11, 2009 at 09:27:22AM -0500, brianmercer wrote:
permanent; }
/path/to/wildcard.certifcate;
https://www.mydomain.com$request_uri? permanent; }
To: [email protected]
With the “*.mydomain.com” certificate the answer
Date: Mon, 9 Nov 2009 13:17:43
mydomain.com
-----Original Message-----
Subject Alternate Names for
traffic?
way to do that on port 443?
}
}
Igor Sysoev
server_name mydomain.com ;
server_name www.mydomain.com ;
ssl on;
ssl_certificate /etc/ssl/certs/mydomain.com.crt;
ssl_certificate_key /etc/ssl/private/mydomain.com.key;
…
}
Works fine with the cheapo PositiveSSL cert. It looks like some companies use the feature to upsell you to their premium cert: http://www.geocerts.com/ssl/quicksslpremium
Yes, if you have just two names, you may use such certificate.
BTW, in this case you may set it on http level:
http {
ssl_certificate /etc/ssl/certs/mydomain.com.crt;
ssl_certificate_key /etc/ssl/private/mydomain.com.key;
server {
Glen_L
December 29, 2010, 7:24am
18
Things to do here:
* Select the “A redirection to a URL” option.
* Enter the https://yourdomain.com and then $S$Q. Remember, there’s
no trailing slash after the domain.
* Select “The exact URL entered above"”
* Select “A permanent redirection for this resource”
* Set Execute permission to None.
* You can select the same app pool as the original one.