<div dir="ltr">Hi,<div><br></div><div>I've stripped out most of the SSL parameters, obfuscated a few paths and removed a few unrelated rewrite rules, but here it is:</div><div><br></div><div><div>server {</div><div>        listen 443 ssl http2 default_server;</div><div>        listen [::]:443 ssl http2 default_server ipv6only=on;</div><div>        server_name <a href="http://joeshaw.org">joeshaw.org</a>;</div><div><br></div><div>        charset utf-8;</div><div><br></div><div>        ssl on;</div><div>        ssl_certificate /etc/redacted.pem;</div><div>        ssl_certificate_key /etc/redacted.key;</div><div><br></div><div>        root /srv/www/<a href="http://joeshaw.org/">joeshaw.org/</a>;</div><div>        index index.html;</div></div><div><div>        error_page 404 /404.html;</div><div><br></div><div>        location / {</div><div>                try_files $uri $uri/ $uri/index.html =404;</div></div><div>        }</div><div>}</div><div><br></div><div><div>server {</div><div>        listen 443 ssl http2;</div><div>        listen [::]:443 ssl http2;</div><div>        server_name <a href="http://www.joeshaw.org">www.joeshaw.org</a>;</div><div>        charset utf-8;</div><div>        return 301 <a href="https://joeshaw.org">https://joeshaw.org</a>$request_uri;</div><div>}</div></div><div><br></div><div><div>server {</div><div>        listen 80 default_server;</div><div>        listen [::]:80 default_server ipv6only=on;</div><div>        server_name <a href="http://joeshaw.org">joeshaw.org</a> <a href="http://www.joeshaw.org">www.joeshaw.org</a>;</div><div>        charset utf-8;</div><div>        return 301 <a href="https://joeshaw.org">https://joeshaw.org</a>$request_uri;</div><div>}</div></div><div><br></div><div>Hope this helps.</div><div><br></div><div>On a related note, after I was looking at my config I realized that I probably wanted the second server clause to be the default_server (so it always redirected to my main domain regardless of what Host/:authority header was provided) and I tried swapping them.  Then whenever I hit <a href="https://joeshaw.org/">https://joeshaw.org/</a> I was entered into a redirection loop.  It seemed like it was not checking the :authority pseudo-header and always serving from the default_server.</div><div><br></div><div>Joe</div><div><br></div><div class="gmail_extra"><div class="gmail_quote">On Wed, Aug 12, 2015 at 1:24 PM, Valentin V. Bartenev <span dir="ltr"><<a href="mailto:vbart@nginx.com" target="_blank">vbart@nginx.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">On Wednesday 12 August 2015 10:53:20 Joe Shaw wrote:<br>
> Hi,<br>
><br>
> I've been taking the alpha HTTP/2 support for a spin, and noticed that 301<br>
> redirects are missing the Location response header.  Thus, browsers don't<br>
> redirect and just show an HTML page instead.<br>
><br>
> Here's the output of nginx -V:<br>
><br>
> nginx version: nginx/1.9.3<br>
> built by gcc 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04)<br>
> built with OpenSSL 1.0.2d 9 Jul 2015<br>
> TLS SNI support enabled<br>
> configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx<br>
> --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log<br>
> --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid<br>
> --lock-path=/var/run/nginx.lock<br>
> --http-client-body-temp-path=/var/cache/nginx/client_temp<br>
> --http-proxy-temp-path=/var/cache/nginx/proxy_temp<br>
> --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp<br>
> --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp<br>
> --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx<br>
> --with-http_ssl_module --with-http_realip_module<br>
> --with-http_addition_module --with-http_sub_module --with-http_dav_module<br>
> --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module<br>
> --with-http_gzip_static_module --with-http_random_index_module<br>
> --with-http_secure_link_module --with-http_stub_status_module<br>
> --with-http_auth_request_module --with-threads --with-stream<br>
> --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-file-aio<br>
> --with-http_v2_module --with-cc-opt='-g -O2 -fstack-protector<br>
> --param=ssp-buffer-size=4 -Wformat -Werror=format-security'<br>
> --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro' --with-ipv6<br>
><br>
> I'm testing using the URL <a href="https://joeshaw.org/about" rel="noreferrer" target="_blank">https://joeshaw.org/about</a> (which redirects to<br>
> /about/).<br>
><br>
> Here's the output of a HTTP/1.1 request from curl:<br>
><br>
> < HTTP/1.1 301 Moved Permanently<br>
> * Server nginx is not blacklisted<br>
> < Server: nginx<br>
> < Date: Wed, 12 Aug 2015 14:43:41 GMT<br>
> < Content-Type: text/html<br>
> < Content-Length: 178<br>
> < Location: <a href="https://joeshaw.org/about/" rel="noreferrer" target="_blank">https://joeshaw.org/about/</a><br>
> < Connection: keep-alive<br>
> < Strict-Transport-Security: max-age=15768000; preload<br>
> < Public-Key-Pins:<br>
> pin-sha256="aBBtZy0hiXFCr7RV/RqoJoTCMHEhrwtB6IfgSPCY2sA=";<br>
> pin-sha256="d6qzvu9zOKCb90Uez27xWltNsj0e1Md7GkYYkVoZwmm="; max-age=86400<br>
> < X-Frame-Options: DENY<br>
><br>
> Here's the HTTP/2 output from h2i (<br>
> <a href="https://github.com/bradfitz/http2/tree/master/h2i" rel="noreferrer" target="_blank">https://github.com/bradfitz/http2/tree/master/h2i</a>):<br>
><br>
> [FrameHeader HEADERS flags=END_HEADERS stream=1 len=284]<br>
>   :status = "301"<br>
>   server = "nginx"<br>
>   date = "Wed, 12 Aug 2015 14:44:31 GMT"<br>
>   content-type = "text/html"<br>
>   content-length = "178"<br>
>   strict-transport-security = "max-age=15768000; preload"<br>
>   public-key-pins =<br>
> "pin-sha256=\"aBBtZy0hiXFCr7RV/RqoJoTCMHEhrwtB6IfgSPCY2sA=\";<br>
> pin-sha256=\"d6qzvu9zOKCb90Uez27xWltNsj0e1Md7GkYYkVoZwmm=\"; max-age=86400"<br>
>   x-frame-options = "DENY"<br>
><br>
> I hope this is helpful.<br>
><br>
<br>
<br>
</div></div>We are unable to reproduce the problem with a simple configuration.<br>
Could you provide your config?<br>
<br>
  wbr, Valentin V. Bartenev<br>
<br>
_______________________________________________<br>
nginx-devel mailing list<br>
<a href="mailto:nginx-devel@nginx.org">nginx-devel@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx-devel" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx-devel</a><br>
</blockquote></div><br></div></div>