Ssl redirect issue

luislavena · September 22, 2011, 11:18am

Hi,

I have an ssl nginx setup which was working fine with one server { ssl
on }. However I have legacy ssl server_names that I would like to have
a ‘catch all’ for that should be redirected back to the ‘main’ ssl
server name. Config is pasted here.

#user nobody;worker_processes 6;#error_log logs/error.log;#error_log - Pastebin.com ( I removed some sections for brevity
)

When the following lines are enabled:

server {
    listen 443 default;
    server_name _;
    rewrite ^(.*) https://my.example.net$1 permanent;
}

I will get:

SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)

If i comment those lines out, the request will go thru just fine.
However since:

server {
    listen 443;
    server_name  my.example.net;

is treated as the default vhost, even ssl requests for
myold.example.net are serviced by this server {} and are not redirected
to https://my.example.net (obviously not what I want).

Thanks for the help in advanced.

Adam_Tistler · September 22, 2011, 1:24pm

Actually, I can work around this issue by adding:

    if ($host !~* ^(my.example.net)$ ) {
       rewrite ^(.*) https://my.example.net$1 permanent;
    }

I am curious however this does not work when I put the redirect in the
default ( ‘_’ ) server config

Adam_Tistler · September 22, 2011, 2:42pm

On 22 Set 2011 12h23 WEST, [email protected] wrote:

Actually, I can work around this issue by adding:

if ($host !~* ^(my.example.net)$ ) {
rewrite ^(.*) https://my.example.net$1 permanent;
}

I am curious however this does not work when I put the redirect in
the default ( ‘_’ ) server config

‘_’ is a not a valid hostname. The reason it’s used in the recommended
configuration for default servers is that there’s no risk of colliding
with anything else and you can have individual vhost configs for each
proper hostname.

Your config should be something like this:

server {
server_name my.example.net;
return 301 https://myexample.net$request_uri;
}

Then you should have the regular HTTPs server config that listens on
port 443.

server {
listen 443 ssl;
server_name my.example.net;

# remaining server config...

}

Repeat the above for each domain redirect you want to have.

Additional reading:
http://nginx.org/en/docs/http/configuring_https_servers.html
http://nginx.org/en/docs/http/server_names.html

— appa