Rewrite non-ssl to ssl except for given location

Adnan RIHAN adnan at rihan.fr
Sun Apr 15 17:16:04 UTC 2012 

By the way,
rewrite ^/(?!includes/api\.php) https://$http_host$uri?$args;

Is working weeeell, thank you :)  

--  
Cordialement, Adnan RIHAN.
Président-Fondateur de l'association (de loi 1901) Virtual-Info (http://www.virtual-info.info/), hébergeur Web et Serveurs de Jeux.
Consultant (http://rihan.fr/)-Technicien Supérieur en Informatique de Gestion.
Ambassadeur Qt (http://lyt.me/7E) (Projet Tag-PG (http://rihan.fr/fr/projets/tagpg)).


Le dimanche 15 avril 2012 à 18:50, Jonathan Matthews a écrit :

> On 15 April 2012 17:16, Adnan RIHAN <adnan at rihan.fr (mailto:adnan at rihan.fr)> wrote:
> > @Jonathan: okok
> >  
> > Here is the known but can't be touched vhost file:
> >  
> > #################################################################
> > ########### Vhost configuration of  example.com (http://example.com)
> > #################################################################
> > server {
> > access_log off;
> > error_log  logs/vhost-error_log warn;
> > listen    80;
> > server_name  example.com www.example.com (http://www.example.com);
> > location ~*
> > ^.+.(jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|iso|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|mp3|ogv|ogg|flv|swf|mpeg|mpg|mpeg4|mp4|avi|wmv|js|css)$
> > {
> > expires 24h;
> > root /home/example/public_html;
> > error_page  404 = @apache;
> > access_log /usr/local/apache/domlogs/example.com (http://example.com);
> > log_not_found  off;
> > }
> > location ~ /\.ht {
> >           deny all;
> > }
> >  
> > location / {
> > log_not_found  off;
> >  
> >   client_max_body_size    2000m;
> >   client_body_buffer_size 512k;
> >   proxy_send_timeout   90;
> >   proxy_read_timeout   90;
> >   proxy_buffer_size    32k;
> >   proxy_buffers     16 32k;
> >   proxy_busy_buffers_size 64k;
> >   proxy_temp_file_write_size 64k;
> >   proxy_connect_timeout 30s;
> >  
> >         proxy_redirect  http://www.example.com:8888
> > http://www.example.com;
> >         proxy_redirect  http://example.com:8888   http://example.com;
> >         proxy_pass   http://87.98.132.48:8888/;
> >         proxy_set_header   Host   $host;
> >         proxy_set_header   X-Real-IP  $remote_addr;
> >         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
> >         }
> > location @apache {
> > internal;
> >  
> >   client_max_body_size    2000m;
> >   client_body_buffer_size 512k;
> >   proxy_send_timeout   90;
> >   proxy_read_timeout   90;
> >   proxy_buffer_size    32k;
> >   proxy_buffers     16 32k;
> >   proxy_busy_buffers_size 64k;
> >   proxy_temp_file_write_size 64k;
> >   proxy_connect_timeout 30s;
> >  
> >         proxy_redirect  http://example.com:8888   http://example.com;
> >         proxy_pass   http://87.98.132.48:8888;
> >         proxy_set_header   Host   $host;
> >         proxy_set_header   X-Real-IP  $remote_addr;
> >         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
> >         }
> > include "/etc/cpnginx/custom/example.com (http://example.com)";
> > }
> >  
> > The only file I can modify is this one: /etc/cpnginx/custom/example.com (http://example.com)
>  
> I don't understand how this could ever work. The only entry point
> you've shown to the @apache location is if the URI's path ends in
> ".(jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|iso|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|mp3|ogv|ogg|flv|swf|mpeg|mpg|mpeg4|mp4|avi|wmv|js|css)"
>  
> That doesn't include ".php", so I don't see how control of
> "/includes/api.php" ever hits the file you can amend.
>  
> Assuming there's something I'm missing here and .php does in fact
> reach that file, here's how you might achieve what you want. It uses
> PCRE negative lookaheads, which I don't know definitely work inside
> nginx.
>  
> rewrite ^/(?!includes/api\.php) https://$http_host$uri?$args;
>  
> For what it's worth, I personally wouldn't use a host that enforced
> these restrictions on my configuration, like OVH appear to be doing
> here. It's *extremely* unpleasant.
>  
> HTH,
> Jonathan
> --  
> Jonathan Matthews
> Oxford, London, UK
> http://www.jpluscplusm.com/contact.html
>  
> _______________________________________________
> nginx mailing list
> nginx at nginx.org (mailto:nginx at nginx.org)
> http://mailman.nginx.org/mailman/listinfo/nginx
>  
>  


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120415/6c7d09e3/attachment-0001.html>

More information about the nginx mailing list