rewrite to HTTPS?

Guillaume Filion gfk at logidac.com
Wed Mar 17 17:22:56 MSK 2010


Hi all,

I'd like to make a rewrite rule to redirect the client to an HTTPS page,
so that a user is redirected from:
http://host.name/p/A2010/TExfDqN5cPi/b7i8UDhqgx3rmXlc+yv+T7hmxuykWGENpg==
to:
https://my.host.name/path/to/profil/?a=A2010&c=TExfDqN5cPi/b7i8UDhqgx3rmXlc%2byv%2bT7hmxuykWGENpg==
but I'm getting a "400 Bad Request" from nginx when I try to send them
to the HTTPS site.

This works (returns a "302 Moved Temporarily"):
rewrite "^/p/([AH][0-9]{4})/(.+)$"
http://my.host.name/path/to/profil/?a=$1&c=$2 break;

This doesn't (returns a "400 Bad Request"):
rewrite "^/p/([AH][0-9]{4})/(.+)$"
https://my.host.name/path/to/profil/?a=$1&c=$2 break;

Could someone shed some light on this?

Thanks a lot!
GFK's

Here's my sanitized config:
server {
  listen 1.2.3.4:80;
  server_name my.host.name;
  proxy_connect_timeout 2;
  client_max_body_size 4M;
  access_log /var/log/nginx/my.host.name_HTTP.access.log;
  error_log /var/log/nginx/my.host.name_HTTP.error.log;

  location / {
    proxy_next_upstream error timeout invalid_header http_500;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;

    # Profil
    rewrite "^/p/([AH][0-9]{4})/(.+)$"
https://my.host.name/path/to/profil/?a=$1&c=$2 break;

    proxy_pass http://BACKEND;
  }
}

server {
  listen 1.2.3.4:443;
  server_name my.host.name;
  client_max_body_size 4M;
  access_log /var/log/nginx/my.host.name_HTTPS.access.log;
  error_log /var/log/nginx/my.host.name_HTTPS.error.log;

  ssl on;
  ssl_certificate /etc/nginx/certs/my.host.name.crt;
  ssl_certificate_key     /etc/nginx/certs/my.host.name.pem;
  ssl_protocols SSLv3 TLSv1;      ssl_ciphers
ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP;

  location / {
    proxy_next_upstream error timeout invalid_header http_500;
    proxy_set_header SSL Enabled;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;

    proxy_pass http://BACKEND;
  }
}

-- 
Guillaume Filion
http://guillaume.filion.org/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
URL: <http://nginx.org/pipermail/nginx/attachments/20100317/ca64dde6/attachment.pgp>


More information about the nginx mailing list