How to redirect all SSL traffic?

I have a SSL set up on www.mydomain.com

How can I redirect traffic on mydomain.com to https://www.mydomain.com?

I’ve tried the following

server {
    listen 443 default;
    server_name _;
    rewrite ^/(.*) https://www.mydomain.com/$1 permanent;
}

server {
    listen 443 default;
    rewrite ^ https://www.mydomain.com$request_uri?;
}

both not working…

thank’s before

On Sat, Nov 7, 2009 at 20:37, Glen L. [email protected] wrote:

I have a SSL set up on www.mydomain.com

How can I redirect traffic on mydomain.com to https://www.mydomain.com?
server {
listen 443 default;

Try port 80…

server {
listen 80;
rewrite ^(.*) https://mydomain.com$1 permanent;
}

On Sun, Nov 8, 2009 at 15:25, Glen L. [email protected] wrote:

Ok ill try that.

Why we can’t use the same method for port 443?

I assumed www.mydomain.com and mydomain.com have the same ip address
and hence will go to the same nginx instance. SSL only works with one
ip (unless you are using TLS with the server name stuff) so the server
{ listen 443; } gets traffic for both www.mydomain.com and
mydomain.com. But it needs to redirect when it does not have the www
to www.mydomain.com and also serve the real www.mydomain.com page when
you go to www.mydomain.com. Hence the difference.

Im sure there are other ways to do it, experiment a bit :slight_smile:

On Sun, Nov 8, 2009 at 03:31, Glen L. [email protected] wrote:

[ please keep the mailing list cc’ed ]

Try port 80…

On port 80 is sucessfull. Is there any way to do that on port 443?

Ahh ok so you want http://mydomain.com and https://mydomain.com to go
to https://www.mydomain.com.

Sure something like:
server {
listen 80;
rewrite (^.*) https://www.mydomain.com$1 permanent;
}

config for https://www.mydomain.com

server {
listen 443;

if ($host !~ www.mydomain.com) {
rewrite ^(.*) https://www.mydomain.com$1 permanent;
}

}

I tried this, but still doesn’t works

On Sun, Nov 08, 2009 at 05:23:02PM -0700, Alex H. wrote:

to www.mydomain.com and also serve the real www.mydomain.com page when
you go to www.mydomain.com. Hence the difference.

Im sure there are other ways to do it, experiment a bit :slight_smile:

Anyway,

   server {
       listen 443;
       server_name  mydomain.com;
   }

   server {
       listen 443;
       server_name  www.mydomain.com;
   }

should work as well as

if ($host !~ www.mydomain.com) {

however, using “if” is uneffective way.

On Mon, Nov 09, 2009 at 08:49:56AM +0700, Glen L. wrote:

I tried this, but still doesn’t works

What do you mean by “doesn’t work” ? Browser shows a warning about
invalid
certificate ? In this case you need two certificates: for
www.domain.com
and “mydomain.com” and you should configure servers on different IP
addreses.
Or you can use a certificate with two Subject Alternate Names for
domain.com” and “www.domain.com”. Then you may use the certificate in
both server with single IP address.

On Mon, Nov 9, 2009 at 3:11 PM, Glen L. [email protected]
wrote:

Yes I have a valid ssl for www.mydomain.com. I don’t have a license for mydomain.com

That’s why I want to redirect all traffic goes to mydomain.com to www.mydomain.com

create default ssl block to rewrite everything to www.mydomain.com

Hello!

On Mon, Nov 09, 2009 at 08:11:23AM +0000, Glen L. wrote:

Yes I have a valid ssl for www.mydomain.com. I don’t have a license for mydomain.com

That’s why I want to redirect all traffic goes to mydomain.com to www.mydomain.com

As long as you have no valid cert for mydomain.com - you can’t
handle requests in this domain without warnings from browsers. No
way.

Maxim D.

Yes I have a valid ssl for www.mydomain.com. I don’t have a license for
mydomain.com

That’s why I want to redirect all traffic goes to mydomain.com to
www.mydomain.com

Best Regards,

Glen L.

My question is,

Is that posibble to redirect all the traffic to www?

Best Regards,

Glen L.

On Mon, Nov 09, 2009 at 10:23:33AM +0000, Glen L. wrote:

My question is,

Is that posibble to redirect all the traffic to www?

With the “*.mydomain.com” certificate the answer is YES.

On Mon, Nov 09, 2009 at 05:34:11PM +0700, Glen L. wrote:

So I can’t use such a configuration

server {
listen 443;
rewrite (^.*) https://www.mydomain.com$1 permanent; }

?

The following configuration should work:

 server {
     listen  192.168.1.1:443;
     server_name   mydomain.com;
     ssl on;
     ssl_certificate   /path/to/wildcard.certifcate;
     ...
 }

 server {
     listen  192.168.1.1:443;
     server_name   *.mydomain.com;
     ssl on;
     ssl_certificate   /path/to/wildcard.certifcate;
     rewrite ^   https://www.mydomain.com$request_uri? permanent; }
 }

Please note, that you should use the same wildcard certifcate in both
servers.

So I can’t use such a configuration

server {
listen 443;
rewrite (^.*) https://www.mydomain.com$1 permanent; }

?

Igor S. Wrote:

?
}

Subject: Re: How to redirect all SSL traffic?

That’s why I want to redirect all traffic

Date: Mon, 9 Nov 2009 10:57:18
shows a warning about
may use the certificate in

On Sun, Nov 8, 2009 at 03:31, Glen L.
Ahh ok so you want http://mydomain.com and

config for https://www.mydomain.com


Igor S.
Igor Sysoev

Some plain SSL certificates work with both www and non-www without being
a wildcard certificate. I just learned that the $10/year PositiveSSL
that I got free from domain registration at
http://www.namecheap.com/learn/ssl-certificates/free-positive-ssl-certificates.asp
has this feature, although they don’t list it on their website.

server {
listen 443;
server_name mydomain.com;

rewrite ^ https://www.mydomain.com$request_url permanent;

ssl on;
ssl_certificate /etc/ssl/certs/mydomain.com.crt;
ssl_certificate_key /etc/ssl/private/mydomain.com.key;
}

server {
listen 443;
server_name www.mydomain.com;

ssl on;
ssl_certificate /etc/ssl/certs/mydomain.com.crt;
ssl_certificate_key /etc/ssl/private/mydomain.com.key;


}

Works fine with the cheapo PositiveSSL cert. It looks like some
companies use the feature to upsell you to their premium cert:
http://www.geocerts.com/ssl/quicksslpremium

Posted at Nginx Forum:

On Wed, Nov 11, 2009 at 09:27:22AM -0500, brianmercer wrote:

permanent; }
/path/to/wildcard.certifcate;
https://www.mydomain.com$request_uri? permanent; }

To: [email protected]
With the “*.mydomain.com” certificate the answer

Date: Mon, 9 Nov 2009 13:17:43
mydomain.com

-----Original Message-----

Subject Alternate Names for
traffic?
way to do that on port 443?

}
}
Igor Sysoev
server_name mydomain.com;
server_name www.mydomain.com;

ssl on;
ssl_certificate /etc/ssl/certs/mydomain.com.crt;
ssl_certificate_key /etc/ssl/private/mydomain.com.key;


}

Works fine with the cheapo PositiveSSL cert. It looks like some companies use the feature to upsell you to their premium cert: http://www.geocerts.com/ssl/quicksslpremium

Yes, if you have just two names, you may use such certificate.
BTW, in this case you may set it on http level:

http {

ssl_certificate /etc/ssl/certs/mydomain.com.crt;
ssl_certificate_key /etc/ssl/private/mydomain.com.key;

server {

right config:

rewrite ^ https://www.mydomain.com$request_uri? permanent;

wrong config:

Things to do here:

* Select the “A redirection to a URL” option.
* Enter the https://yourdomain.com and then $S$Q. Remember, there’s

no trailing slash after the domain.
* Select “The exact URL entered above"”
* Select “A permanent redirection for this resource”
* Set Execute permission to None.
* You can select the same app pool as the original one.