Stripping www and forcing ssl

Hi all,

I am attempting to strip www. and force SSL. Here are the blocks I’m
using:

    server {
            listen 50.250.218.168:80;
            listen 50.250.218.168:443 ssl;
            listen [2001:470:67:2b5::10]:80;
            listen [2001:470:67:2b5::10]:443 ssl;

            server_name www.disunitedstates.org;
            include ssl_common;

            access_log

/var/log/nginx/disunitedstates.org/access.log;
error_log
/var/log/nginx/disunitedstates.org/error.log;

            return 301 https://disunitedstates.org$request_uri;
    }

    server {
            listen 50.250.218.168:80;
            listen [2001:470:67:2b5::10]:80;

            server_name disunitedstates.org;

            access_log

/var/log/nginx/disunitedstates.org/access.log;
error_log
/var/log/nginx/disunitedstates.org/error.log;

            return 301 https://disunitedstates.org$request_uri;
    }

I have a separate server block for actually serving the site.

But when one tries to access http://disunitedstates.org, one gets a
400 error, “The plain HTTP request was sent to HTTPS port.” The
information I’m finding out on the web about this is confusing and
contradictory.

How should this be done?

Thanks!

You have a duplicate listen directive with same IP address and same port
in
both server blocks.
I doubt that is a valid configuration. Have you checked nginx -t and
error
logs on reload/start?

I suggest you have a server block listening for HTTP on port 80 and
another
block reponsible for HTTPS traffic listening on 443, and then
redirecting
the HTTP block to the HTTPS one.

B. R.

On Fri, Mar 20, 2015 at 7:01 PM, David Benfell <

On 20.03.2015 20:01, David Benfell wrote:

             include ssl_common;
             listen 50.250.218.168:80;
     }

I have a separate server block for actually serving the site.

But when one tries to access http://disunitedstates.org, one gets a
400 error, “The plain HTTP request was sent to HTTPS port.” The
information I’m finding out on the web about this is confusing and
contradictory.

How should this be done?

Probably “include ssl_common;” contains “ssl on;”
directive, which forces nginx to use HTTPS on 50.250.218.168:80

http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl

Just remove “ssl on;” from ssl_common include file and reload nginx.


Best regards,
Gena

On 20.03.2015 20:35, B.R. wrote:

You have a duplicate listen directive with same IP address and same port
in both server blocks.
I doubt that is a valid configuration.

Yes, this is valid configuration. See

http://nginx.org/en/docs/http/request_processing.html
http://nginx.org/en/docs/http/server_names.html
http://nginx.org/en/docs/http/configuring_https_servers.html

for details in nginx documentation nginx documentation


Best regards,
Gena

On Fri, Mar 20, 2015 at 08:57:10PM +0200, Gena M. wrote:

Probably “include ssl_common;” contains “ssl on;”
directive, which forces nginx to use HTTPS on 50.250.218.168:80

Yup. This was right. I was shocked because I had thought I had omitted
this directive. But I looked and there it was.

Thanks very much!