Http -> https redirection, with a twist?

Folks,

I’ve been trying to figure out how to set this up, I’ve gone through as
much of the web site and wiki as I can, and I’ve searched on the net as
much as I can. I’m still stumped.

We have several different servers that we want to redirect from port 80,
and most of them will land on the same machine but on port 443.
However, one of those needs to land on a different port – 8443.

If this were a simple redirect without a twist, I’d probably go with
something like the example shown at
http://serverfault.com/questions/192382/nginx-redirect-all-traffic/263091#263091,
although because I’m doing a one-to-one mapping of multiple FQDNs, and
not just mapping a bunch of FQDNs to a single name, I’d be inclined to
use an example more like this:

server {
server_name a.domain.com c.domain.com d.domain.com; # you can serve
any number of redirects from here…
listen 80;
rewrite ^ https://$host$1$uri$is_arg$args permanent;
}

But with the single server definition listening to port 80 on all
interfaces, I don’t see how to make that one FQDN get redirected to port
8443 instead of port 443.

Am I missing something obvious here?


Brad K. [email protected]
LinkedIn Profile: http://tinyurl.com/y8kpxu

On 29 Fev 2012 03h07 CET, [email protected] wrote:

If this were a simple redirect without a twist, I’d probably go with
But with the single server definition listening to port 80 on all
interfaces, I don’t see how to make that one FQDN get redirected to
port 8443 instead of port 443.

Am I missing something obvious here?

If I understood correctly. Try:

server {
server_name a.domain.com c.domain.com d.domain.com;
listen 80;
return 301 https://$host:8443$request_uri;
}

You can use a wildcard to match all subdomains. Perhaps it suits you:

server {
server_name *.domain.com; # this is more generic [1]
listen 80;
return 301 https://$host:8443$request_uri;
}

— appa

[1] http://nginx.org/en/docs/http/server_names.html#wildcard_names

On Feb 28, 2012, at 8:20 PM, Antnio P. P. Almeida wrote:

If I understood correctly. Try:

server {
server_name a.domain.com c.domain.com d.domain.com;
listen 80;
return 301 https://$host:8443$request_uri;
}

That works for the one site that needs to be redirected to port 8443,
but doesn’t work for any of the other sites that should instead be
redirected to port 443.

I need both sets of redirects – most to port 443, but one to port 8443
instead.

You can use a wildcard to match all subdomains. Perhaps it suits you:

server {
server_name *.domain.com; # this is more generic [1]
listen 80;
return 301 https://$host:8443$request_uri;
}

I would like to avoid wildcards because they’re not going to happen in
the real world (our list of sites that we serve is static), and I want
to prevent redirects from happening for anything but the real sites that
we do actually serve.

The only queries that would be coming into us that would match the
wildcard and would NOT match the static list of sites would be people
who are fishing around for security vulnerabilities or other types of
less intelligent robots. I don’t want them causing any further load on
our systems than we will already have.


Brad K. [email protected]
LinkedIn Profile: http://tinyurl.com/y8kpxu

On Feb 28, 2012, at 9:42 PM, Antnio P. P. Almeida wrote:

Then just define two server blocks. One redirects to 443 and the other
to 8443.

I didn’t realize that you could have multiple server blocks that were
listening to the same port. That was the piece I was missing!

server_name a.domain.com c.domain.com d.domain.com f.domain.com; # list all
domains
listen 80;
return 301 https://$host:$redirect_port$request_uri;
}

Ahh, that’s very cool, too. Now I have two solutions for just the one
problem.

Thanks!


Brad K. [email protected]
LinkedIn Profile: http://tinyurl.com/y8kpxu

On 29 Fev 2012 04h26 CET, [email protected] wrote:

That works for the one site that needs to be redirected to port
8443, but doesn’t work for any of the other sites that should
instead be redirected to port 443.

I need both sets of redirects – most to port 443, but one to port
8443 instead.

Then just define two server blocks. One redirects to 443 and the other
to 8443.

server {
server_name a.domain.com c.domain.com d.domain.com; # redirect to
8443
listen 80;
return 301 https://$host:8443$request_uri;
}

server {
server_name e.domain.com f.domain.com g.domain.com; # redirect to
443
listen 80;
return 301 https://$host$request_uri;
}

split the server blocks according to the redirect you want.

Alternatively you could use map and a single server block. At the http
level.

map $host $redirect_port {
hostnames;
default 443;
f.domain.com 8443; # this is the domain that redirects to 8443
}

server {
server_name a.domain.com c.domain.com d.domain.com f.domain.com; #
list all domains
listen 80;
return 301 https://$host:$redirect_port$request_uri;
}

— appa

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs