Forum: NGINX redirect from http to https

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
D6a86ba3e8bcf85e7dc149c1b3094a63?d=identicon&s=25 Steve Zhuo (stevezhuo)
on 2009-03-08 21:28
Hi

I'm trying to redirect all income request from http to https:  i've
tried the rewrite module , but i always got the redirect in a loop
issue. please help.


server {
        listen       80;
        server_name  www.domain.com domain.com;
       rewrite     ^(.*)  https://$server_name$1 permanent;

       '''''''
       }

 server {
        listen       443;
        server_name  www.domain.com domain.com;
        .....
        }



Thank You.
E88f834c0785a399b498b6cf70d10223?d=identicon&s=25 Grzegorz Nosek (gnosek)
on 2009-03-08 23:52
(Received via mailing list)
On Sun, Mar 08, 2009 at 09:28:46PM +0100, Steve Zhuo wrote:
> Hi
>
> I'm trying to redirect all income request from http to https:  i've
> tried the rewrite module , but i always got the redirect in a loop
> issue. please help.

You need to enable SSL on port 443.

>         listen       443;
>         server_name  www.domain.com domain.com;

+    ssl_certificate /path/to/server.crt;
+    ssl_certificate_key /path/to/server.key;
+    ssl on;

>         .....
>         }

Best regards,
 Grzegorz Nosek (replying by diffs is fun! ;))
D6a86ba3e8bcf85e7dc149c1b3094a63?d=identicon&s=25 Steve Zhuo (stevezhuo)
on 2009-03-09 00:04
Hi, thanks for the reply, i enable SSL on port 443, i just didn't paste
it.  Here is a more complete version.  if i use https://domain.com, it
works no problem, just when i tried to redirect from http to https, it
went into a redirect loop..

 server {
        listen       80;
        server_name  www.domain.com domain.com;
       rewrite     ^(.*)  https://$server_name$1 permanent;


location / {

                 # needed for HTTPS
                 proxy_set_header  X-Real-IP  $remote_addr;
                 proxy_set_header  X-Forwarded-For
$proxy_add_x_forwarded_for;
                 proxy_set_header Host $http_host;
        }
}

 server {
        listen       443;
        server_name  www.domain.com domain.com;

        ssl                  on;
        ssl_certificate      /path/myssl.crt;
        ssl_certificate_key  /path/myssl.key;

        ssl_session_timeout  5m;



 location / {
      proxy_pass  http://mysvr;
   }
}


Thank You




Grzegorz Nosek wrote:
> On Sun, Mar 08, 2009 at 09:28:46PM +0100, Steve Zhuo wrote:
>> Hi
>>
>> I'm trying to redirect all income request from http to https:  i've
>> tried the rewrite module , but i always got the redirect in a loop
>> issue. please help.
>
> You need to enable SSL on port 443.
>
>>         listen       443;
>>         server_name  www.domain.com domain.com;
>
> +    ssl_certificate /path/to/server.crt;
> +    ssl_certificate_key /path/to/server.key;
> +    ssl on;
>
>>         .....
>>         }
>
> Best regards,
>  Grzegorz Nosek (replying by diffs is fun! ;))
F5a6ed477b109fe6acc11a5a8f87e7e8?d=identicon&s=25 mike (Guest)
on 2009-03-09 00:23
(Received via mailing list)
On Sun, Mar 8, 2009 at 3:04 PM, Steve Zhuo <lists@ruby-forum.com> wrote:
> Hi, thanks for the reply, i enable SSL on port 443, i just didn't paste
> it.  Here is a more complete version.  if i use https://domain.com, it
> works no problem, just when i tried to redirect from http to https, it
> went into a redirect loop..

i don't see why it would be (first off)

try using lynx -mime_header http://foo.com/ and see what it says. i do
http to https all the time without an issue. you need to inspect the
headers and what is happening on the client side. firebug for firefox
or fiddler even could help too.

why do you have this chunk? these headers are being sent to the
upstream and there is no upstream.

> location / {
>
>                 # needed for HTTPS
>                 proxy_set_header  X-Real-IP  $remote_addr;
>                 proxy_set_header  X-Forwarded-For
> $proxy_add_x_forwarded_for;
>                 proxy_set_header Host $http_host;
>        }
> }

>
>
>  location / {
>      proxy_pass  http://mysvr;

this would be where you would put the proxy_set_headers
D6a86ba3e8bcf85e7dc149c1b3094a63?d=identicon&s=25 Steve Zhuo (stevezhuo)
on 2009-03-09 01:08
Hi mike, i have a upstream portion:

upstream mysvr   {
        server 127.0.0.1 weight=1;
}


Is there other things i'm missing besides rewrite module to do the
redirect from http to https?  I'm still new to nginx. any help is
appreciated.. Thank You



mike wrote:
> On Sun, Mar 8, 2009 at 3:04 PM, Steve Zhuo <lists@ruby-forum.com> wrote:
>> Hi, thanks for the reply, i enable SSL on port 443, i just didn't paste
>> it.  Here is a more complete version.  if i use https://domain.com, it
>> works no problem, just when i tried to redirect from http to https, it
>> went into a redirect loop..
>
> i don't see why it would be (first off)
>
> try using lynx -mime_header http://foo.com/ and see what it says. i do
> http to https all the time without an issue. you need to inspect the
> headers and what is happening on the client side. firebug for firefox
> or fiddler even could help too.
>
> why do you have this chunk? these headers are being sent to the
> upstream and there is no upstream.
>
>> location / {
>>
>>                 # needed for HTTPS
>>                 proxy_set_header  X-Real-IP  $remote_addr;
>>                 proxy_set_header  X-Forwarded-For
>> $proxy_add_x_forwarded_for;
>>                 proxy_set_header Host $http_host;
>>        }
>> }
>
>>
>>
>>  location / {
>>      proxy_pass  http://mysvr;
>
> this would be where you would put the proxy_set_headers
F5a6ed477b109fe6acc11a5a8f87e7e8?d=identicon&s=25 mike (Guest)
on 2009-03-09 02:55
(Received via mailing list)
your proxy_set_header stuff would go where you proxy things, not on
your redirection

your http to https should be a simple

 server {
       listen       80;
       server_name  www.domain.com domain.com;
      rewrite     ^(.*)  https://$server_name$1 permanent;
}

this is literally one i have working flawlessly (just changed the
domain):

        server {
                listen 80;
                server_name foo.com bar.com;
                rewrite ^/(.*) https://foo.com/$1 permanent;
        }
D6a86ba3e8bcf85e7dc149c1b3094a63?d=identicon&s=25 Steve Zhuo (stevezhuo)
on 2009-03-09 04:43
Thanks mike, it's working now, but i encounter another problem, every
time i visited the website, it had so many log entries, like few hundred
of them. all from the same ip address.  Any ideas?

thank you


mike wrote:
> your proxy_set_header stuff would go where you proxy things, not on
> your redirection
>
> your http to https should be a simple
>
>  server {
>        listen       80;
>        server_name  www.domain.com domain.com;
>       rewrite     ^(.*)  https://$server_name$1 permanent;
> }
>
> this is literally one i have working flawlessly (just changed the
> domain):
>
>         server {
>                 listen 80;
>                 server_name foo.com bar.com;
>                 rewrite ^/(.*) https://foo.com/$1 permanent;
>         }
F5a6ed477b109fe6acc11a5a8f87e7e8?d=identicon&s=25 mike (Guest)
on 2009-03-09 05:27
(Received via mailing list)
a) is debugging on ?

b) maybe you're getting flooded, or you're popular somehow?

c) is it a search engine crawler, or some application like it? i've
been flooded with a bunch of requests per minute for weeks before we
noticed someone was hitting our website for no good reason...
D6a86ba3e8bcf85e7dc149c1b3094a63?d=identicon&s=25 Steve Zhuo (stevezhuo)
on 2009-03-10 00:42
No, only myself are testing the site, when i visiting the site, somehow
it generates so many log entries at the same time....

127.0.0.1 - main [09/Mar/2009:23:36:52 +0000] "GET /favicon.ico
HTTP/1.1" 302 161 "-" "Mozilla/5.0 (X11; U; Linux
 i686; en-US; rv:1.9b5) Gecko/2008041514 Firefox/3.0b5"
127.0.0.1 - main [09/Mar/2009:23:36:52 +0000] "GET /favicon.ico
HTTP/1.1" 302 161 "-" "Mozilla/5.0 (X11; U; Linux
 i686; en-US; rv:1.9b5) Gecko/2008041514 Firefox/3.0b5"
127.0.0.1 - main [09/Mar/2009:23:36:52 +0000] "GET /favicon.ico
HTTP/1.1" 302 161 "-" "Mozilla/5.0 (X11; U; Linux
 i686; en-US; rv:1.9b5) Gecko/2008041514 Firefox/3.0b5"
127.0.0.1 - main [09/Mar/2009:23:36:52 +0000] "GET /favicon.ico
HTTP/1.1" 302 161 "-" "Mozilla/5.0 (X11; U; Linux
 i686; en-US; rv:1.9b5) Gecko/2008041514 Firefox/3.0b5"



mike wrote:
> a) is debugging on ?
>
> b) maybe you're getting flooded, or you're popular somehow?
>
> c) is it a search engine crawler, or some application like it? i've
> been flooded with a bunch of requests per minute for weeks before we
> noticed someone was hitting our website for no good reason...
F5a6ed477b109fe6acc11a5a8f87e7e8?d=identicon&s=25 mike (Guest)
on 2009-03-10 01:01
(Received via mailing list)
no clue, maybe there's multiple access log directives and each one is
active

i'd have to defer to igor to answer/ask the better questions
D6a86ba3e8bcf85e7dc149c1b3094a63?d=identicon&s=25 Steve Zhuo (stevezhuo)
on 2009-03-10 01:13
one more question, now the website can be redirect to https if i enter
http://domain.com/newpage.html, but i don't know somehow if i only enter
http://domain.com/,  but doesn't redirect and outputs and redirect loop
error.




mike wrote:
> no clue, maybe there's multiple access log directives and each one is
> active
>
> i'd have to defer to igor to answer/ask the better questions
6dbf2e500224c5304595eaa6022896a1?d=identicon&s=25 Dave Cheney (Guest)
on 2009-03-10 06:43
(Received via mailing list)
curl -I http://yoursite/favicon.ico

I wouldn't be supprised if you're generating a redirect from
/favicon.ico to
favicon.ico.

Cheers

Dave


mike writes:
D6a86ba3e8bcf85e7dc149c1b3094a63?d=identicon&s=25 Steve Zhuo (stevezhuo)
on 2009-03-10 19:02
I didn't redirect from /favicon.ico, i think this happens when it goes
into a loop, let's say if i enter the http://domain.com/status,  the log
will show as
127.0.0.1 - main [09/Mar/2009:23:36:52 +0000] "GET /status
HTTP/1.1" 302 161 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b5)
Gecko/2008041514 Firefox/3.0b5"

Only when i enter http://domain.com/  will show  "/favicon.co" in the
log.

127.0.0.1 - main [09/Mar/2009:23:36:52 +0000] "GET /favicon.ico
HTTP/1.1" 302 161 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b5)
Gecko/2008041514 Firefox/3.0b5"


Dave Cheney wrote:
> curl -I http://yoursite/favicon.ico
>
> I wouldn't be supprised if you're generating a redirect from
> /favicon.ico to
> favicon.ico.
>
> Cheers
>
> Dave
>
>
> mike writes:
5640e332954fc0006aea97a155ce0afd?d=identicon&s=25 Igor Sysoev (Guest)
on 2009-03-10 20:07
(Received via mailing list)
On Tue, Mar 10, 2009 at 07:02:57PM +0100, Steve Zhuo wrote:

> 127.0.0.1 - main [09/Mar/2009:23:36:52 +0000] "GET /favicon.ico
> HTTP/1.1" 302 161 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b5)
> Gecko/2008041514 Firefox/3.0b5"

Could you create a debug log:

./configure  --with-debug ...

nginx.conf:

error_log  /path/to/log  debug;
D6a86ba3e8bcf85e7dc149c1b3094a63?d=identicon&s=25 Steve Zhuo (stevezhuo)
on 2009-03-10 20:51
42 entries were logged...

*1 "^/(.*)" matches "/", client: 10.10.10.10, server: www.domain.com,
request: "GET / HTTP/1.1", host: "www.domain.com"
2009/03/10 15:40:31 [notice] 15197#0: *1 rewritten redirect:
"https://www.domain.com/", client: 10.10.10.10, server: www.domain.com,
request: "GET / HTTP/1.1", host: "www.domain.com"
2009/03/10 15:40:32 [notice] 15197#0: *4 "^/(.*)" matches "/", client:
127.0.0.1, server: www.domain.com, request: "GET / HTTP/1.0", host:
"www.domain.com"
2009/03/10 15:40:32 [notice] 15197#0: *4 rewritten redirect:
"https://www.domain.com/", client: 127.0.0.1, server: www.domain.com,
request: "GET / HTTP/1.0", host: "www.domain.com"
2009/03/10 15:40:32 [notice] 15197#0: *6 "^/(.*)" matches "/", client:
127.0.0.1, server: www.domain.com, request: "GET / HTTP/1.0", host:
"www.domain.com"
2009/03/10 15:40:32 [notice] 15197#0: *6 rewritten redirect:
"https://domain.com/", client: 127.0.0.1, server: www.domain.com,
request: "GET / HTTP/1.0", host: "www.domain.com"
2009/03/10 15:40:32 [notice] 15197#0: *8 "^/(.*)" matches "/", client:
127.0.0.1, server: www.domain.com, request: "GET / HTTP/1.0", host:
"www.domain.com"
2009/03/10 15:40:32 [notice] 15197#0: *8 rewritten redirect:
"https://www.domain.com/", client: 127.0.0.1, server: www.domain.com,
request: "GET / HTTP/1.0", host: "www.domain.com"
2009/03/10 15:40:32 [notice] 15197#0: *10 "^/(.*)" matches "/", client:
127.0.0.1, server: www.domain.com, request: "GET / HTTP/1.0", host:
"www.domain.com"
2009/03/10 15:40:32 [notice] 15197#0: *10 rewritten redirect:
"https://www.domain.com/", client: 127.0.0.1, server: www.domain.com,
request: "GET / HTTP/1.0", host: "www.domain.com"
2009/03/10 15:40:33 [notice] 15197#0: *12 "^/(.*)" matches "/", client:
127.0.0.1, server: www.domain.com, request: "GET / HTTP/1.0", host:
"www.domain.com"

.........

2009/03/10 15:40:36 [notice] 15197#0: *42 rewritten redirect:
"https://www.domain.com/", client: 127.0.0.1, server: www.domain.com,
request: "GET / HTTP/1.0", host: "www.domain.com"





Igor Sysoev wrote:
> On Tue, Mar 10, 2009 at 07:02:57PM +0100, Steve Zhuo wrote:
>
>> 127.0.0.1 - main [09/Mar/2009:23:36:52 +0000] "GET /favicon.ico
>> HTTP/1.1" 302 161 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b5)
>> Gecko/2008041514 Firefox/3.0b5"
>
> Could you create a debug log:
>
> ./configure  --with-debug ...
>
> nginx.conf:
>
> error_log  /path/to/log  debug;
5640e332954fc0006aea97a155ce0afd?d=identicon&s=25 Igor Sysoev (Guest)
on 2009-03-10 21:35
(Received via mailing list)
On Tue, Mar 10, 2009 at 08:51:23PM +0100, Steve Zhuo wrote:

> 2009/03/10 15:40:32 [notice] 15197#0: *4 rewritten redirect:
> "www.domain.com"
> 127.0.0.1, server: www.domain.com, request: "GET / HTTP/1.0", host:
> "www.domain.com"
>
> .........
>
> 2009/03/10 15:40:36 [notice] 15197#0: *42 rewritten redirect:
> "https://www.domain.com/", client: 127.0.0.1, server: www.domain.com,
> request: "GET / HTTP/1.0", host: "www.domain.com"

As client address is 127.0.0.1, it seems that your HTTPS proxy_pass

 location / {
      proxy_pass  http://mysvr;
   }

proxies just to your first server:

server {
        listen       80;
        server_name  www.domain.com domain.com;
        rewrite     ^(.*)  https://$server_name$1 permanent;
}

and here is a loop.
This topic is locked and can not be replied to.