Hi everybody,
I’m using an internal proxy for one of my websites (just a PHP script
which does a curl request for a given script).
I’ve forced every non-ssl location to ssl with this:
rewrite ^/(.*) https://$host/$1 permanent;
The thing is that my scripts doesn’t need SSL as it’s internal, so I
want to force SSL except for a given location:
location = /includes/api.php {
}
rewrite ^/(.*) https://$host/$1 permanent;
Unfortunately, this isn’t enough and queries to
/includes/api.php?foo=bar still sends me a 301 redirect.
Am I missing something ?
Thanks for your help.
Cordialement, Adnan RIHAN.
Président-Fondateur de l’association (de loi 1901) Virtual-Info
(http://www.virtual-info.info/), hébergeur Web et Serveurs de Jeux.
Consultant (http://rihan.fr/)-Technicien Supérieur en Informatique de
Gestion.
Ambassadeur Qt (YOURLS — Your Own URL Shortener | https://lyt.me/) (Projet Tag-PG
(http://rihan.fr/fr/projets/tagpg)).
2012/4/15 Adnan RIHAN [email protected]:
The thing is that my scripts doesn’t need SSL as it’s internal, so I want to
force SSL except for a given location:
location = /includes/api.php {
}
rewrite ^/(.*) https://$host/$1 permanent;
Unfortunately, this isn’t enough and queries to /includes/api.php?foo=bar
still sends me a 301 redirect.
Am I missing something ?
location / {
return 301 https://$host$request_uri;
}
location = /includes/api.php {
…
}
location / {
return 301 https://$host$request_uri;
}
location = /includes/api.php {
…
}
The problem is that I’m on a web hosting service which allow s customers
to edit an included config file.
So, “location /” is a duplicate 
Isn’t there a way to write “location [not matching] /includes/api.php
{}” ?
Cordialement, Adnan RIHAN.
Président-Fondateur de l’association (de loi 1901) Virtual-Info
(http://www.virtual-info.info/), hébergeur Web et Serveurs de Jeux.
Consultant (http://rihan.fr/)-Technicien Supérieur en Informatique de
Gestion.
Ambassadeur Qt (YOURLS — Your Own URL Shortener | https://lyt.me/) (Projet Tag-PG
(http://rihan.fr/fr/projets/tagpg)).
Le dimanche 15 avril 2012 à 17:28, Edho A. a écrit :
On 15 April 2012 16:32, Adnan RIHAN [email protected] wrote:
Isn’t there a way to write “location [not matching] /includes/api.php {}” ?
The method mentioned above is the canonical way to do that. It’s in
the docs somewhere.
Anything else will be a hack of some kind, strongly influenced by your
specific nginx setup. You’ll need to give more complete information
about the nuances of the shared hosting setup in order for someone to
work out if there’s a way to achieve what you want to.
Cordialement, Adnan RIHAN.
Président-Fondateur de l’association (de loi 1901) Virtual-Info, hébergeur
You have the wrong signature separator here. It’s not “—”
(dash-dash-dash), it’s "-- " (dash-dash-space).
Jonathan
Jonathan M.
Oxford, London, UK
http://www.jpluscplusm.com/contact.html
2012/4/15 Adnan RIHAN [email protected]:
This is valid:
location / {
location / {
}
}
On 15 April 2012 17:16, Adnan RIHAN [email protected] wrote:
listen 80;
location ~ /.ht {
proxy_buffer_size 32k;
proxy_set_header X-Real-IP $remote_addr;
proxy_buffers 16 32k;
include “/etc/cpnginx/custom/example.com”;
}
The only file I can modify is this one: /etc/cpnginx/custom/example.com
I don’t understand how this could ever work. The only entry point
you’ve shown to the @apache location is if the URI’s path ends in
“.(jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|iso|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|mp3|ogv|ogg|flv|swf|mpeg|mpg|mpeg4|mp4|avi|wmv|js|css)”
That doesn’t include “.php”, so I don’t see how control of
“/includes/api.php” ever hits the file you can amend.
Assuming there’s something I’m missing here and .php does in fact
reach that file, here’s how you might achieve what you want. It uses
PCRE negative lookaheads, which I don’t know definitely work inside
nginx.
rewrite ^/(?!includes/api\.php) https://$http_host$uri?$args;
For what it’s worth, I personally wouldn’t use a host that enforced
these restrictions on my configuration, like OVH appear to be doing
here. It’s extremely unpleasant.
HTH,
Jonathan
Jonathan M.
Oxford, London, UK
http://www.jpluscplusm.com/contact.html
Actually, I’m the CEO of that host.
The thing is that we’re using CPanel, and a module called CPNginx.
I’ve send some features requests like moving the include and/or changing
some positions. I’ve also asked them to add a “custom field” in the
customer’s panel to allow customers to edit their config (which will
only be the include file).
Currently, I’m editing by hands included files, and I can’t change the
way cpnginx rebuild vhosts because it’s scripts are ioncubed T_T
So, I’m hacking as I can.
I don’t get what you’re “missing”. PHP Files are never matched because
there is no location block including them.
I’ve put my rewrite outside any blocks actually.
Thank your for your help, I’ll check this soon.
Cordialement, Adnan RIHAN.
Président-Fondateur de l’association (de loi 1901) Virtual-Info
(http://www.virtual-info.info/), hébergeur Web et Serveurs de Jeux.
Consultant (http://rihan.fr/)-Technicien Supérieur en Informatique de
Gestion.
Ambassadeur Qt (YOURLS — Your Own URL Shortener | https://lyt.me/) (Projet Tag-PG
(http://rihan.fr/fr/projets/tagpg)).
Le dimanche 15 avril 2012 à 18:50, Jonathan M. a écrit :
By the way,
rewrite ^/(?!includes/api.php) https://$http_host$uri?$args;
Is working weeeell, thank you 
–
Cordialement, Adnan RIHAN.
Président-Fondateur de l’association (de loi 1901) Virtual-Info
(http://www.virtual-info.info/), hébergeur Web et Serveurs de Jeux.
Consultant (http://rihan.fr/)-Technicien Supérieur en Informatique de
Gestion.
Ambassadeur Qt (YOURLS — Your Own URL Shortener | https://lyt.me/) (Projet Tag-PG
(http://rihan.fr/fr/projets/tagpg)).
Le dimanche 15 avril 2012 à 18:50, Jonathan M. a écrit :
@Jonathan: okok
Here is the known but can’t be touched vhost file:
root /home/example/public_html;
proxy_redirect http://www.example.com:8888 http://www.example.com;
client_body_buffer_size 512k;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
include “/etc/cpnginx/custom/example.com”;
}
The only file I can modify is this one: /etc/cpnginx/custom/example.com
For forcing SSL, here is what I wrote in the custom file:
root@shadow [/etc/cpnginx/custom]# cat example.com
rewrite ^/(.*) https://$host/$1 permanent;
I’ve also changed my signature 
Cordialement, Adnan RIHAN.
Président-Fondateur de l’association (de loi 1901) Virtual-Info
(http://www.virtual-info.info/), hébergeur Web et Serveurs de Jeux.
Consultant (http://rihan.fr/)-Technicien Supérieur en Informatique de
Gestion.
Ambassadeur Qt (YOURLS — Your Own URL Shortener | https://lyt.me/) (Projet Tag-PG
(http://rihan.fr/fr/projets/tagpg)).
Le dimanche 15 avril 2012 à 17:42, Jonathan M. a écrit :
That’s what I answered, it’s working and thank you.
And sorry for being a host which enforce strange configs, but I’m
currently trying to do better, and it’s not easy (as the dev of the
softwares I’m using are a bit short-minded…).
Have a nice day !
–
Cordialement, Adnan RIHAN.
Président-Fondateur de l’association (de loi 1901) Virtual-Info
(http://www.virtual-info.info/), hébergeur Web et Serveurs de Jeux.
Consultant (http://rihan.fr/)-Technicien Supérieur en Informatique de
Gestion.
Ambassadeur Qt (YOURLS — Your Own URL Shortener | https://lyt.me/) (Projet Tag-PG
(http://rihan.fr/fr/projets/tagpg)).
Le dimanche 15 avril 2012 à 19:20, Jonathan M. a écrit :
On 15 April 2012 17:57, Adnan RIHAN [email protected] wrote:
[snip]
I don’t get what you’re “missing”. PHP Files are never matched because there
is no location block including them.
I’ve put my rewrite outside any blocks actually.
Ah; your indenting fooled me into thinking your include was the last
line of the @apache location. Now that I’ve noticed it’s /outside/ any
location, I can see how it works. The negative lookahead should work
fine here
Jonathan
Jonathan M.
Oxford, London, UK
http://www.jpluscplusm.com/contact.html