Redirect from http to https


#1

Hi

I’m trying to redirect all income request from http to https: i’ve
tried the rewrite module , but i always got the redirect in a loop
issue. please help.

server {
listen 80;
server_name www.domain.com domain.com;
rewrite ^(.*) https://$server_name$1 permanent;

   '''''''
   }

server {
listen 443;
server_name www.domain.com domain.com;

}

Thank You.


#2

On Sun, Mar 08, 2009 at 09:28:46PM +0100, Steve Z. wrote:

Hi

I’m trying to redirect all income request from http to https: i’ve
tried the rewrite module , but i always got the redirect in a loop
issue. please help.

You need to enable SSL on port 443.

    listen       443;
    server_name  www.domain.com domain.com;
  • ssl_certificate /path/to/server.crt;
  • ssl_certificate_key /path/to/server.key;
  • ssl on;
    .....
    }

Best regards,
Grzegorz N. (replying by diffs is fun! ;))


#3

Hi, thanks for the reply, i enable SSL on port 443, i just didn’t paste
it. Here is a more complete version. if i use https://domain.com, it
works no problem, just when i tried to redirect from http to https, it
went into a redirect loop…

server {
listen 80;
server_name www.domain.com domain.com;
rewrite ^(.*) https://$server_name$1 permanent;

location / {

             # needed for HTTPS
             proxy_set_header  X-Real-IP  $remote_addr;
             proxy_set_header  X-Forwarded-For 

$proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
}

server {
listen 443;
server_name www.domain.com domain.com;

    ssl                  on;
    ssl_certificate      /path/myssl.crt;
    ssl_certificate_key  /path/myssl.key;

    ssl_session_timeout  5m;

location / {
proxy_pass http://mysvr;
}
}

Thank You

Grzegorz N. wrote:

On Sun, Mar 08, 2009 at 09:28:46PM +0100, Steve Z. wrote:

Hi

I’m trying to redirect all income request from http to https: i’ve
tried the rewrite module , but i always got the redirect in a loop
issue. please help.

You need to enable SSL on port 443.

    listen       443;
    server_name  www.domain.com domain.com;
  • ssl_certificate /path/to/server.crt;
  • ssl_certificate_key /path/to/server.key;
  • ssl on;
    .....
    }

Best regards,
Grzegorz N. (replying by diffs is fun! ;))


#4

On Sun, Mar 8, 2009 at 3:04 PM, Steve Z. removed_email_address@domain.invalid wrote:

Hi, thanks for the reply, i enable SSL on port 443, i just didn’t paste
it. Â Here is a more complete version. Â if i use https://domain.com, it
works no problem, just when i tried to redirect from http to https, it
went into a redirect loop…

i don’t see why it would be (first off)

try using lynx -mime_header http://foo.com/ and see what it says. i do
http to https all the time without an issue. you need to inspect the
headers and what is happening on the client side. firebug for firefox
or fiddler even could help too.

why do you have this chunk? these headers are being sent to the
upstream and there is no upstream.

location / {

        # needed for HTTPS
        proxy_set_header  X-Real-IP  $remote_addr;
        proxy_set_header  X-Forwarded-For
$proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
    }
}

 location / {
   proxy_pass  http://mysvr;

this would be where you would put the proxy_set_headers


#5

Hi mike, i have a upstream portion:

upstream mysvr {
server 127.0.0.1 weight=1;
}

Is there other things i’m missing besides rewrite module to do the
redirect from http to https? I’m still new to nginx. any help is
appreciated… Thank You

mike wrote:

On Sun, Mar 8, 2009 at 3:04 PM, Steve Z. removed_email_address@domain.invalid wrote:

Hi, thanks for the reply, i enable SSL on port 443, i just didn’t paste
it. Â Here is a more complete version. Â if i use https://domain.com, it
works no problem, just when i tried to redirect from http to https, it
went into a redirect loop…

i don’t see why it would be (first off)

try using lynx -mime_header http://foo.com/ and see what it says. i do
http to https all the time without an issue. you need to inspect the
headers and what is happening on the client side. firebug for firefox
or fiddler even could help too.

why do you have this chunk? these headers are being sent to the
upstream and there is no upstream.

location / {

        # needed for HTTPS
        proxy_set_header  X-Real-IP  $remote_addr;
        proxy_set_header  X-Forwarded-For
$proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
    }
}

 location / {
   proxy_pass  http://mysvr;

this would be where you would put the proxy_set_headers


#6

your proxy_set_header stuff would go where you proxy things, not on
your redirection

your http to https should be a simple

server {
listen 80;
server_name www.domain.com domain.com;
rewrite ^(.*) https://$server_name$1 permanent;
}

this is literally one i have working flawlessly (just changed the
domain):

    server {
            listen 80;
            server_name foo.com bar.com;
            rewrite ^/(.*) https://foo.com/$1 permanent;
    }

#7

Thanks mike, it’s working now, but i encounter another problem, every
time i visited the website, it had so many log entries, like few hundred
of them. all from the same ip address. Any ideas?

thank you

mike wrote:

your proxy_set_header stuff would go where you proxy things, not on
your redirection

your http to https should be a simple

server {
listen 80;
server_name www.domain.com domain.com;
rewrite ^(.*) https://$server_name$1 permanent;
}

this is literally one i have working flawlessly (just changed the
domain):

    server {
            listen 80;
            server_name foo.com bar.com;
            rewrite ^/(.*) https://foo.com/$1 permanent;
    }

#8

No, only myself are testing the site, when i visiting the site, somehow
it generates so many log entries at the same time…

127.0.0.1 - main [09/Mar/2009:23:36:52 +0000] “GET /favicon.ico
HTTP/1.1” 302 161 “-” “Mozilla/5.0 (X11; U; Linux
i686; en-US; rv:1.9b5) Gecko/2008041514 Firefox/3.0b5”
127.0.0.1 - main [09/Mar/2009:23:36:52 +0000] “GET /favicon.ico
HTTP/1.1” 302 161 “-” “Mozilla/5.0 (X11; U; Linux
i686; en-US; rv:1.9b5) Gecko/2008041514 Firefox/3.0b5”
127.0.0.1 - main [09/Mar/2009:23:36:52 +0000] “GET /favicon.ico
HTTP/1.1” 302 161 “-” “Mozilla/5.0 (X11; U; Linux
i686; en-US; rv:1.9b5) Gecko/2008041514 Firefox/3.0b5”
127.0.0.1 - main [09/Mar/2009:23:36:52 +0000] “GET /favicon.ico
HTTP/1.1” 302 161 “-” “Mozilla/5.0 (X11; U; Linux
i686; en-US; rv:1.9b5) Gecko/2008041514 Firefox/3.0b5”

mike wrote:

a) is debugging on ?

b) maybe you’re getting flooded, or you’re popular somehow?

c) is it a search engine crawler, or some application like it? i’ve
been flooded with a bunch of requests per minute for weeks before we
noticed someone was hitting our website for no good reason…


#9

a) is debugging on ?

b) maybe you’re getting flooded, or you’re popular somehow?

c) is it a search engine crawler, or some application like it? i’ve
been flooded with a bunch of requests per minute for weeks before we
noticed someone was hitting our website for no good reason…


#10

no clue, maybe there’s multiple access log directives and each one is
active

i’d have to defer to igor to answer/ask the better questions


#11

one more question, now the website can be redirect to https if i enter
http://domain.com/newpage.html, but i don’t know somehow if i only enter
http://domain.com/, but doesn’t redirect and outputs and redirect loop
error.

mike wrote:

no clue, maybe there’s multiple access log directives and each one is
active

i’d have to defer to igor to answer/ask the better questions


#12

curl -I http://yoursite/favicon.ico

I wouldn’t be supprised if you’re generating a redirect from
/favicon.ico to
favicon.ico.

Cheers

Dave

mike writes:


#13

I didn’t redirect from /favicon.ico, i think this happens when it goes
into a loop, let’s say if i enter the http://domain.com/status, the log
will show as
127.0.0.1 - main [09/Mar/2009:23:36:52 +0000] “GET /status
HTTP/1.1” 302 161 “-” “Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b5)
Gecko/2008041514 Firefox/3.0b5”

Only when i enter http://domain.com/ will show “/favicon.co” in the
log.

127.0.0.1 - main [09/Mar/2009:23:36:52 +0000] “GET /favicon.ico
HTTP/1.1” 302 161 “-” “Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b5)
Gecko/2008041514 Firefox/3.0b5”

Dave C. wrote:

curl -I http://yoursite/favicon.ico

I wouldn’t be supprised if you’re generating a redirect from
/favicon.ico to
favicon.ico.

Cheers

Dave

mike writes:


#14

On Tue, Mar 10, 2009 at 07:02:57PM +0100, Steve Z. wrote:

127.0.0.1 - main [09/Mar/2009:23:36:52 +0000] “GET /favicon.ico
HTTP/1.1” 302 161 “-” “Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b5)
Gecko/2008041514 Firefox/3.0b5”

Could you create a debug log:

./configure --with-debug …

nginx.conf:

error_log /path/to/log debug;


#15

On Tue, Mar 10, 2009 at 08:51:23PM +0100, Steve Z. wrote:

2009/03/10 15:40:32 [notice] 15197#0: *4 rewritten redirect:
www.domain.com
127.0.0.1, server: www.domain.com, request: “GET / HTTP/1.0”, host:
www.domain.com

2009/03/10 15:40:36 [notice] 15197#0: *42 rewritten redirect:
https://www.domain.com/”, client: 127.0.0.1, server: www.domain.com,
request: “GET / HTTP/1.0”, host: “www.domain.com

As client address is 127.0.0.1, it seems that your HTTPS proxy_pass

location / {
proxy_pass http://mysvr;
}

proxies just to your first server:

server {
listen 80;
server_name www.domain.com domain.com;
rewrite ^(.*) https://$server_name$1 permanent;
}

and here is a loop.


#16

42 entries were logged…

1 "^/(.)" matches “/”, client: 10.10.10.10, server: www.domain.com,
request: “GET / HTTP/1.1”, host: “www.domain.com
2009/03/10 15:40:31 [notice] 15197#0: *1 rewritten redirect:
https://www.domain.com/”, client: 10.10.10.10, server: www.domain.com,
request: “GET / HTTP/1.1”, host: “www.domain.com
2009/03/10 15:40:32 [notice] 15197#0: 4 "^/(.)" matches “/”, client:
127.0.0.1, server: www.domain.com, request: “GET / HTTP/1.0”, host:
www.domain.com
2009/03/10 15:40:32 [notice] 15197#0: *4 rewritten redirect:
https://www.domain.com/”, client: 127.0.0.1, server: www.domain.com,
request: “GET / HTTP/1.0”, host: “www.domain.com
2009/03/10 15:40:32 [notice] 15197#0: 6 "^/(.)" matches “/”, client:
127.0.0.1, server: www.domain.com, request: “GET / HTTP/1.0”, host:
www.domain.com
2009/03/10 15:40:32 [notice] 15197#0: *6 rewritten redirect:
https://domain.com/”, client: 127.0.0.1, server: www.domain.com,
request: “GET / HTTP/1.0”, host: “www.domain.com
2009/03/10 15:40:32 [notice] 15197#0: 8 "^/(.)" matches “/”, client:
127.0.0.1, server: www.domain.com, request: “GET / HTTP/1.0”, host:
www.domain.com
2009/03/10 15:40:32 [notice] 15197#0: *8 rewritten redirect:
https://www.domain.com/”, client: 127.0.0.1, server: www.domain.com,
request: “GET / HTTP/1.0”, host: “www.domain.com
2009/03/10 15:40:32 [notice] 15197#0: 10 "^/(.)" matches “/”, client:
127.0.0.1, server: www.domain.com, request: “GET / HTTP/1.0”, host:
www.domain.com
2009/03/10 15:40:32 [notice] 15197#0: *10 rewritten redirect:
https://www.domain.com/”, client: 127.0.0.1, server: www.domain.com,
request: “GET / HTTP/1.0”, host: “www.domain.com
2009/03/10 15:40:33 [notice] 15197#0: 12 "^/(.)" matches “/”, client:
127.0.0.1, server: www.domain.com, request: “GET / HTTP/1.0”, host:
www.domain.com

2009/03/10 15:40:36 [notice] 15197#0: *42 rewritten redirect:
https://www.domain.com/”, client: 127.0.0.1, server: www.domain.com,
request: “GET / HTTP/1.0”, host: “www.domain.com

Igor S. wrote:

On Tue, Mar 10, 2009 at 07:02:57PM +0100, Steve Z. wrote:

127.0.0.1 - main [09/Mar/2009:23:36:52 +0000] “GET /favicon.ico
HTTP/1.1” 302 161 “-” “Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b5)
Gecko/2008041514 Firefox/3.0b5”

Could you create a debug log:

./configure --with-debug …

nginx.conf:

error_log /path/to/log debug;