Hello,
How does the following change in 0.6.34 impact existing
configurations:
*) Feature: now the “rewrite” directive does a redirect
automatically
if the “https://” protocol is used.
What rewrites would be affected? For example: rewrite (.*)
https://$host$1 permanent;
Thanks,
Hello!
On Fri, Nov 28, 2008 at 01:41:40PM -0800, Adam Z. wrote:
Hello,
How does the following change in 0.6.34 impact existing configurations:
*) Feature: now the “rewrite” directive does a redirect automatically
if the “https://” protocol is used.What rewrites would be affected? For example: rewrite (.*)
https://$host$1 permanent;
This only affects rewrites without explicit redirect or permanent
flags set, e.g
rewrite ^ https://example.com/;
won’t do anything sensible before 0.6.34 and should be written
explicitly as
rewrite ^ https://example.com/ redirect;
- How does nginx determine the default HTTPS server? Setting the
default HTTP server is well defined, but it is not clear to me what
server is used if the default HTTP server does not support SSL.
Each server has list of listening sockets associated with it (see
http://wiki.codemongers.com/NginxHttpCoreModule#listen). Only
servers listening on particular ip:port are used when selecting
appropriate server to serve request. Since on given ip:port you
can either use ssl or not (but not both - by design of https
protocol) - servers without ssl support can’t be selected to serve
https requests.
Maxim D.
Greetings,
On Fri, Nov 28, 2008 at 2:41 PM, Maxim D. wrote: > https requests. > Perhaps I did not phrase this correctly. I have an HTTP default server such as the following:server {
listen 80 default;
}
Any HTTP request that does not match a server_name in any other
configuration block will fall back to this setting. Now, I also have
multiple HTTPS servers all using the same wildcard certificate and
port:
ssl_certificate cert/wildcard.cert;
ssl_certificate_key cert/wildcard.key;
server {
listen 443;
ssl on;
server_name foo.mydomain.com;
}
server {
listen 443;
ssl on;
server_name bar.mydomain.com;
}
Suppose a request to https://baz.mydomain.com is received by nginx.
‘baz.mydomain.com’ will not match either of the server_name settings
for SSL, but will still be forwarded to one of the above servers. It
is not clear to me how nginx picks which HTTPS server to forward the
request to, or what the correct response should be given that the
default server defined in the configuration does not support HTTPS.
Best,
Hello!
On Fri, Nov 28, 2008 at 03:50:30PM -0800, Adam Z. wrote:
servers listening on particular ip:port are used when selecting
}
listen 443;
Suppose a request to https://baz.mydomain.com is received by nginx.
‘baz.mydomain.com’ will not match either of the server_name settings
for SSL, but will still be forwarded to one of the above servers. It
is not clear to me how nginx picks which HTTPS server to forward the
request to, or what the correct response should be given that the
default server defined in the configuration does not support HTTPS.
The ‘default’ isn’t property of server, it’s property of listening
socket. In the above configuration there is no explicit default
for listen socket *:443, so default is first one (in this case -
one in foo.mydomain.com server).
Just to be clear, here is short description of procedure nginx
uses to determine correct server to process request (not exact,
but logic to keep in mind):
For each request we know local ip:port pair. For this ip:port
we select all servers that has listen on this ip:port.
If resulting list is empty - we select all servers that has
listen on *:port.
If we have only 1 server in the resulting list - we are done
(real non-virtual host case).
If more than one server found for the ip:port pair - it’s
virtual host case. Here server_name matching against ‘Host’
header comes, with all tricky wildcards and so on. I’ll omit
details for clarity.
If server_name matching found something - we are done.
If nothing found, we use default server for this listening
socket - either explicitly specified using ‘listen … default’
or implicit one (i.e. configured first).
Maxim D.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs