Yesterday I have changed my domain name hat was foobar.tk and it was running over https. For now, on my new domain foobar.eu I does not have ssl.
I have succeed with redireting using CNAME records while I am not using https, but somehow I cannot redirect https://www.example.tk to http://www.example.eu Chrome says that connection was resset. Firefox says that content cannot be validated,...
For redirection I am using these lines:
server {
listen 443; (note: i have tried with *:443, *:443 ssl, 443 ssl)
server_name www.example.tk; (i have tried with orwithout www.)
return 301 http://www.example.eu$request_uri; (i have tried to redir to $host also where then cname will handle the issue)
}
What works:
http://www.example.tk -> http://www.example.eu using CNAME (and all other subdomains)
What is not working:
https://www.example.tk -> http://www.example.eu
I still can certificates backed-up, so if it can help in some way please tell me.
Thank you
When setting up SSL on Nginx you should use ssl_certificate and ssl_certificate_key directives.
server {
listen 443 ssl;
server_name www.example.tk;
ssl_certificate /path/to/certificate; #.crt, .cert, .cer, or .pem file
ssl_certificate_key /path/to/private/key;
return 301 http://www.example.eu$request_uri;
}
These two files you can get from your Certificate Authority.
Also you should add ssl parameter to listen directive.
Related
I'd like to redirect one of my domain to another one. Both domains are configured on Digital Ocean where I set up the DNS to point to the IP adresse of the server
nginx
server {
server_name domain1.com;
rewrite ^/(.*)$ http://domain2.com/$1 permanent;
}
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name domain2.com www.domain2.com;
......
}
nginx-t runs fine.
Problems
The address www.domain2.com is working but www.domain1.com is not redirected. What am I missing ?
I cleared the cache of Chrome and Safari and it is fine.
Hello I have this config
server {
listen 82;
server_name myapp.mydomain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name myapp.mydomain.com
# ... remain of the stuff here
}
Before that I had other websites running in ports: 80, 3000 etc... now when I access http://myapp.mydomain.com automatically redirects me to my app (as is I were invoking port 82) and if I try to access another app running on 3000 port it tries to rewrite the https://myapp.mydomain.com:3000 as well... if I use the ip it works as expected (not the ssl part).
Full config can be found at:
https://gist.github.com/angvp/363f50ff8b8d345126adaf1595cd2523
Any ideas?
Ok after I start digging I had this on my nginx conf:
add_header Strict-Transport-Security max-age=15768000;
This is a security measure but that was causing all the subdomains even on different ports will try always https .. the correct way should be to have different subdomains per vhost per port..
I have an SSL wildcard certificate for *.example.com which is not valid for the root domain. I would like Nginx on Ubuntu 14.04 to
accept only requests for defined hosts
redirect all http requests for root domain and www subdomain to https www subdomain
return 404 for the root domain only on port 443, e.g. if reuqest is
https://example.com
I managed to achieve 1 and 2 with the configuration copied below.
server {
#listen 80;
#isten 443;
return 404;
}
server {
listen 80;
server_name example.com www.example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl;
#certificate and key referenced in common.conf
server_name www.example.com;
root /usr/share/nginx/html/example.com;
index index.php index.html index.htm;
include common/common.conf;
}
When I remove comment marks from the second and third lines above, hoping to return 404 only for https://example.com - nothing works. For example, I get ERR_CONNECTION_CLOSED in Chrome for both https://www.example.com/ and http://ww.example.com/.
What should I do to achieve 1), 2) and 3) together?
Many thanks.
... wildcard certificate for *.example.com which is not valid for the root domain
... return 404 for the root domain only on port 443, e.g. if reuqest is https://example.com
This is not possible. With https the HTTP response is generated inside an established TLS connection for the host in the URL. Thus to return a 404 for access to https://example.com you must first have a validated TLS connection. But because example.com is not contained in your certificate you get a validation error when trying to establish the TLS connection and thus no TLS connection is successfully established and no 404 can be returned inside the connection.
I've deployed a CentOS server with ISPConfig and Nginx.
Also I was able to configure Nginx, manually (by editing /etc/nginx/sites-available/mysite.com.vhost), to redirect http requests to https:
server {
listen 80;
server_name mysite.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
..
}
As I edited the file manually, every time I change a setting with ISPConfig, my vhost file gets overwritten and I lose my redirection's trick.
Do you know a way to config the redirection above using ISPConfig panel instead editing the nginx file manually ?
Thanks in avance.
I've configured the redirection as the accepted answer suggested.
Also I've included an external config so I put all our manual configurations.
In our version of ISPConfig, I did this:
if ($scheme != "https") {
rewrite ^ https://$http_host$request_uri? permanent;
}
include /etc/nginx/sites-available/my-own-config.conf;
That way, ISPConfig won't break our configs.
On the more recent versions of ISPConfig, you can simply select the website to use SSL (and that means HTTPS, and optionally, SPDY or HTTP/2), with an additional checkbox to redirect all HTTP requests permanently to HTTPS, and ISPConfig will automatically generate the vhosts files correctly.
For the sake of completude, this is what ISPConfig adds:
server {
listen *:80;
listen *:443 ssl;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /var/www/clients/clientX/webY/ssl/your.web.site.crt;
ssl_certificate_key /var/www/clients/clientX/webY/ssl/your.web.site.key;
server_name your.web.site www.your.web.site;
root /var/www/your.web.site/web/;
if ($http_host = "www.your.web.site") {
rewrite ^ $scheme://your.web.site$request_uri? permanent;
}
if ($scheme != "https") {
rewrite ^ https://$http_host$request_uri? permanent;
}
index index.html index.htm index.php index.cgi index.pl index.xhtml;
I only have an SSL certificate for example.com and want to redirect both http://example.com and http://*.example.com to https://example.com using nginx. I'm aware of it being impossible to redirect subdomains via SSL without a certificate including all the subdomains, but at least, I should be able to redirect users who are typing www.example.com (port 80) to the SSL homepage.
My current nginx config starts as follows:
server {
# This should catch all non-HTTPS requests to example.com and *.example.com
listen 80;
server_name example.com *.example.com;
access_log off;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
# Actual server config starts here...
Requesting http://example.com will be redirected properly to https://example.com, whereas http://www.example.com leads to https://www.example.com (and of course, the browser is showing a certificate error). I think it has something to do with the processing order of the server_name values, but I haven't found any information about how to enforce a certain order.
Try to add another server {}
server {
listen 80;
server_name www.example.com
access_log off;
return 301 https://example.com$request_uri;
}
Try:
server_name example.com www.example.com *.example.com;
Taken directly from the Nginx docs.