SSL location keep redirecting to non-SSL

dubstep · September 3, 2011, 2:52am

Ok…my brain’s been hurting on this one tonight.

My site’s been running fine on nginx for years. have SSL and non-SSL
locations. PHP runs through .shtml files

Working on a Facebook app and right now need to have it work with both
the SSL and non-SSL URL. Testing the coding on my server right now.

If I go to http://www.example.com/myappsname the page loads.
If I go to https://www.example.com/myappsname/index.shtml the page
loads. <-note https
If I go to https://www.example.com/myappsname/ the page redirects to
http://www.example.com/myappsname. <-note https on first URL

Here are the relevant locations in the SSL server section:

location / {
root /usr/local/apache/htdocs;
rewrite ^(.+) http://www.digitalhit.com$1 permanent;
index index.shtml index.php;
}

location ~ .(shtml|php|inc)$ {
root /usr/local/apache/htdocs;
include /usr/local/nginx/conf/fastcgi-php.conf;
fastcgi_pass 127.0.0.1:10004;
}

location ^~ /myappsname/ {
index index.shtml
root /usr/local/apache/htdocs/;
fastcgi_intercept_errors on;
include /usr/local/nginx/conf/fastcgi-php.conf;
fastcgi_pass 127.0.0.1:10004;
fastcgi_param HTTPS on;
}

I’ll probably smack my head when this is pointed out to me. All my other
SSL locations work fine. Any idea why including the filename stays SSL
but dropping it redirects?

Thanks.

peterpiper · September 3, 2011, 10:18am

Been scratching my head on this one all night.

Been working on it a bit and now if I go to:
https://www.example.com/myfacebookapp/index.shtml the page loads but
https://www.example.com/myfacebookapp is tossing a 404

I’m really boggled here because the other subdirs are woring and the
only difference is they’re password protected.

Here’s the full ssl server conf section:

server {
server_name www.example.com;
listen 443;
root /usr/local/apache/htdocs/;

ssl on;
ssl_certificate /usr/local/apache/conf/server.pem;
ssl_certificate_key /usr/local/apache/conf/server.key;
ssl_session_timeout 5m;
error_page 404 /dhe404.shtml;

location / {
rewrite ^(.+) http://www.example.com$1 permanent;
index index.shtml index.php;
}

location ~ .(shtml|php|inc)$ {
include /usr/local/nginx/conf/fastcgi-php.conf;
fastcgi_pass 127.0.0.1:10004;
}

location ^~ /myfacebookapp/ {
fastcgi_intercept_errors on;
include /usr/local/nginx/conf/fastcgi-php.conf;
fastcgi_pass 127.0.0.1:10004;
fastcgi_param HTTPS on;
}

location ^~ /subdir2/ {
index index.php;
fastcgi_intercept_errors on;
include /usr/local/nginx/conf/fastcgi-php.conf;
fastcgi_pass 127.0.0.1:10004;
fastcgi_index index.php;
fastcgi_param HTTPS on;
}

location ^~ /subdir3/ {
fastcgi_intercept_errors on;
include /usr/local/nginx/conf/fastcgi-php.conf;
fastcgi_pass 127.0.0.1:10004;
fastcgi_param HTTPS on;
auth_basic “example”;
auth_basic_user_file /usr/local/apache/passwd/passwords;
}

location /subdir4/ {
index index.shtml index.php index.html;
auth_basic “example”;
auth_basic_user_file /usr/local/apache/passwd/passwords;
}

location /subdir5/ {
index index.html;
auth_basic “example”;
auth_basic_user_file /usr/local/apache/passwd/passwords;
}

location ~* ^.+.(png|gif)$ {
expires off;
}

serve static files directly

location ~* ^.+.(css|gif|jpe?g|bmp|js|png|ico)$ {
expires 30d;
}

}

peterpiper · September 3, 2011, 11:21am

still expermineting…just looked at the debug log. Even if I change the
location to location = /myfacebookapp a call to myfacebookapp still
isn’t matching the location.

Really don’t get what’s happening here. Why are my other ssl locations
working?

peterpiper · September 3, 2011, 11:24am

You should set a serverwide index directive. You should move index
index.shtml index.php; from location / {} to server {}

Also your rewrite rule rewrite ^(.+) http://www.example.com$1 permanent;
sould be rewritten into rewrite ^ http://www.example.com$request_uri?
permanent;

Take a look at Pitfalls and Common Mistakes | NGINX

peterpiper · September 3, 2011, 11:35am

On 03/09/2011 5:23 AM, Calin D. wrote:

You should set a serverwide index directive. You should move index
index.shtml index.php; from location / {} to server {}

Also your rewrite rule rewrite ^(.+) http://www.example.com
http://www.example.com/$1 permanent; sould be rewritten into rewrite ^
http://www.example.com http://www.example.com/$request_uri? permanent;

Made your suggested changes.

After doing so tested location = /myfacebookapp which redirected to
http, not what I want and location ~ /myfacebookapp which tossed a
404…also not what I want.

5:34 am…argh.

peterpiper · September 3, 2011, 12:18pm

On 03/09/2011 5:23 AM, Calin D. wrote:

Also your rewrite rule rewrite ^(.+) http://www.example.com
http://www.example.com/$1 permanent; sould be rewritten into rewrite ^
http://www.example.com http://www.example.com/$request_uri? permanent;

Just wondering…instead of a blanket redirect and then location that
try to overide it, would it be better to have a rewrite that says “if
not subdir1|subdir2|myfacebookapp rewrite to http”. Then locations for
those subdirs if they require passwords, etc.

How would I do the if not subdir1|subdir2|myfacebookapp rewrite to http
check?

peterpiper · September 3, 2011, 12:25pm

On 03/09/2011 6:14 AM, Stefan C. wrote:

This looks odd to me, I’ve never seen a rewrite in an ssl config. It
will complicate things.

Leave the index to the server config, and take out the location / rewrite.

Simplify.
Stefan,

The only reason I had the rewrite in there (and I think it was
recommended to me years ago) was to prevent people or bots from calling
the non-ssl directories of the site with https and creating duplicates
in Google, etc. e.g. calling http://www.example.com/ and
https://www.example.com/ when my homepage doesn’t need https.

I only needs https calls on my phpMyAdmin, webmail, facebookapp and site
admin subdirectories. I just wrote another email in the thread asking if
I should only do a rewrite if it’s NOT those directories.

peterpiper · September 3, 2011, 12:14pm

On Sat, Sep 3, 2011 at 4:17 AM, Ian E. [email protected]
wrote:

location / {
rewrite ^(.+) http://www.example.com$1 permanent;
index index.shtml index.php;
}

This looks odd to me, I’ve never seen a rewrite in an ssl config. It
will complicate things.

Leave the index to the server config, and take out the location /
rewrite.

Simplify.

Get the general app working, and then apply specialized rules for
directories and urls. Remember, if you have told nginx to do something
that it can do, the logs won’t show much except that it’s doing what
it’s been told.

peterpiper · September 3, 2011, 9:51pm

After a few hours sleep, it appears that the location was missing:

fastcgi_index index.shtml;

Seems to work now.