wildcard redirect

Igor Sysoev is at rambler-co.ru
Wed Aug 12 19:24:42 MSD 2009


On Wed, Aug 12, 2009 at 05:01:17PM +0200, InterNetX - J??rgen Gotteswinter wrote:

> ok here we go, rebuilded

> 2009/08/12 16:49:19 [debug] 21301#0: *685 event timer del: 208: 
> 1250088619898
> 2009/08/12 16:49:19 [debug] 21301#0: *685 generic phase: 0
> 2009/08/12 16:49:19 [debug] 21301#0: *685 add cleanup: 000000001B1D18F8
> 2009/08/12 16:49:19 [debug] 21301#0: *685 generic phase: 1
> 2009/08/12 16:49:19 [debug] 21301#0: *685 http script regex: "^/(.*)"
> 2009/08/12 16:49:19 [notice] 21301#0: *685 "^/(.*)" matches 
> "/favicon.ico", client: 62.116.135.150, server: *.xxx.com, request: "GET 
> /favicon.ico HTTP/1.0", host: "login.xxx.com"
> 2009/08/12 16:49:19 [debug] 21301#0: *685 http script copy: 
> "https://login.xxx.com"
> 2009/08/12 16:49:19 [debug] 21301#0: *685 http script var: "/favicon.ico"
> 2009/08/12 16:49:19 [debug] 21301#0: *685 http script regex end
> 2009/08/12 16:49:19 [notice] 21301#0: *685 rewritten redirect: 
> "https://login.xxx.com/favicon.ico", client: 62.116.135.150, server: 
> *.xxx.com, request: "GET /favicon.ico HTTP/1.0", host: "login.xxx.com"
> 2009/08/12 16:49:19 [debug] 21301#0: *685 http finalize request: 301, 
> "/favicon.ico?" 1
> 2009/08/12 16:49:19 [debug] 21301#0: *685 http special response: 301, 
> "/favicon.ico?"
> 2009/08/12 16:49:19 [debug] 21301#0: *685 http set discard body
> 2009/08/12 16:49:19 [debug] 21301#0: *685 HTTP/1.1 301 Moved Permanently
> Server: nginx/0.7.61
> Date: Wed, 12 Aug 2009 14:49:19 GMT
> Content-Type: text/html
> Content-Length: 185
> Connection: close
> Location: https://login.xxx.com/favicon.ico
> 
> 2009/08/12 16:49:19 [debug] 21301#0: *685 write new buf t:1 f:0 
> 000000001B1D1B18, pos 000000001B1D1B18, size: 207 file: 0, size: 0
> 2009/08/12 16:49:19 [debug] 21301#0: *685 http write filter: l:0 f:0 s:207
> 2009/08/12 16:49:19 [debug] 21301#0: *685 http output filter "/favicon.ico?"
> 2009/08/12 16:49:19 [debug] 21301#0: *685 copy filter: "/favicon.ico?"
> 2009/08/12 16:49:19 [debug] 21301#0: *685 http postpone filter 
> "/favicon.ico?" 000000001B1D1D20
> 2009/08/12 16:49:19 [debug] 21301#0: *685 write old buf t:1 f:0 
> 000000001B1D1B18, pos 000000001B1D1B18, size: 207 file: 0, size: 0
> 2009/08/12 16:49:19 [debug] 21301#0: *685 write new buf t:0 f:0 
> 0000000000000000, pos 0000000000690D40, size: 132 file: 0, size: 0
> 2009/08/12 16:49:19 [debug] 21301#0: *685 write new buf t:0 f:0 
> 0000000000000000, pos 0000000000690B40, size: 53 file: 0, size: 0
> 2009/08/12 16:49:19 [debug] 21301#0: *685 http write filter: l:1 f:0 s:392
> 2009/08/12 16:49:19 [debug] 21301#0: *685 http write filter limit 0
> 2009/08/12 16:49:19 [debug] 21301#0: *685 writev: 392
> 2009/08/12 16:49:19 [debug] 21301#0: *685 http write filter 0000000000000000
> 2009/08/12 16:49:19 [debug] 21301#0: *685 copy filter: 0 "/favicon.ico?"
> 2009/08/12 16:49:19 [debug] 21301#0: *685 http finalize request: 0, 
> "/favicon.ico?" 1
> 2009/08/12 16:49:19 [debug] 21301#0: *685 http close request
> 2009/08/12 16:49:19 [debug] 21301#0: *685 http log handler
> 2009/08/12 16:49:19 [debug] 21301#0: *685 free: 000000001B1D0EC0, 
> unused: 129
> 2009/08/12 16:49:19 [debug] 21301#0: *685 close http connection: 208
> 2009/08/12 16:49:19 [debug] 21301#0: *685 free: 000000001B2500B0
> 2009/08/12 16:49:19 [debug] 21301#0: *685 free: 000000001B24FBA0
> 2009/08/12 16:49:19 [debug] 21301#0: *685 free: 000000001B23DE90, unused: 8
> 2009/08/12 16:49:19 [debug] 21301#0: *685 free: 000000001B23DFA0, 
> unused: 128
> 
> or better readable @ http://de.pastebin.ca/1526602
> 
> i am totally lost at the moment... :(

There are several strange things:

1) the debug log is not from the very start of the request. Probably, because
   debug error_log is set in *.xxx.com only.

2) I see that the requests are handled by non-SSL server (I do not know
   server port, however, due to missing start part of the log), but
   I do not understand why client sent plain text request after redirect
   to http_S_://...

What servers do you have ? Could you show them in this short format

server {
   listen ...
   server_name ...
}

?

> Igor Sysoev wrote:
> >On Wed, Aug 12, 2009 at 03:07:41PM +0200, InterNetX - J??rgen Gotteswinter 
> >wrote:
> >
> >>2009/08/12 15:04:48 [notice] 16134#0: *76 "^/(.*)" matches "/", client: 
> >>62.116.135.150, server: *.xxx.com, request: "GET / HTTP/1.0", host: 
> >>"login.xxx.com"
> >>2009/08/12 15:04:48 [notice] 16134#0: *76 rewritten redirect: 
> >>"https://login.xxx.com/", client: 62.116.135.150, server: *.xxx.com, 
> >>request: "GET / HTTP/1.0", host: "login.xxx.com"
> >
> >>perhaps better readable @ http://de.pastebin.ca/1526481
> >
> >You need to rebuild nginx --with-debug and set
> >
> >error_log /path/to/log  debug;
> >
> >
> >>Igor Sysoev wrote:
> >>>On Wed, Aug 12, 2009 at 12:10:28PM +0200, Juergen Gotteswinter wrote:
> >>>
> >>>>but it loops :(
> >>>>
> >>>>heres the full part incl. ssl part
> >>>>
> >>>>
> >>>> server {
> >>>>       listen  xxx:80;
> >>>>       server_name *.xxx.com;
> >>>>
> >>>>       rewrite ^/(.*) https://login.xxx.com$request_uri permanent;
> >>>>   }
> >>>>
> >>>>
> >>>>
> >>>>server {
> >>>>listen               xxxxx:443;
> >>>>ssl                  on;
> >>>>ssl_protocols        SSLv3 TLSv1;
> >>>>ssl_ciphers         AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
> >>>>ssl_certificate      /etc/nginx/ssl/www.xxx.com.crt;
> >>>>ssl_certificate_key  /etc/nginx/ssl/www.xxx.com.key;
> >>>>ssl_session_cache    shared:SSL:10m;
> >>>>ssl_session_timeout  10m;
> >>>>
> >>>>
> >>>>   server_name _;
> >>>>       location / {
> >>>>         proxy_pass http://www.xxx.com;
> >>>>         access_log off;
> >>>>         proxy_set_header X-Real-IP $remote_addr;
> >>>>         proxy_set_header Host $host;
> >>>>         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> >>>>       }
> >>>>   }
> >>>It should work. Probably, redirect may be sent by backend.
> >>>Could you create debug log of the looping request ?
> >>>
> >>>>Igor Sysoev wrote:
> >>>>>On Wed, Aug 12, 2009 at 11:21:13AM +0200, Juergen Gotteswinter wrote:
> >>>>>
> >>>>>>Hi Igor,
> >>>>>>
> >>>>>>i got something like
> >>>>>>
> >>>>>>server {
> >>>>>>      listen  xxx:80;
> >>>>>>      server_name www.xxx.com xxx.com login.xxx.com;
> >>>>>>
> >>>>>>      rewrite ^ https://login.xxx.com$request_uri permanent;
> >>>>>>  }
> >>>>>>
> >>>>>>if i add *.xxx.com, or remove the other entries in server_name and 
> >>>>>>just leave *.xxx.com i get a redirect loop?
> >>>>>No, since the redirect is to :443, but the server listens on :80.
> >>>>>
> >>>>>>sorry, but i'm lil bit confused now :)
> >>>>>>
> >>>>>>Igor Sysoev wrote:
> >>>>>>>On Wed, Aug 12, 2009 at 09:20:37AM +0200, Juergen Gotteswinter wrote:
> >>>>>>>
> >>>>>>>>Hello Folks,
> >>>>>>>>
> >>>>>>>>is there a way to do a wildcard redirect like
> >>>>>>>>
> >>>>>>>>*.blafoo.com -> alwaysthis.com
> >>>>>>>>
> >>>>>>>>?
> >>>>>>>server {
> >>>>>>> server_name  *.blafoo.com;
> >>>>>>> rewrite      ^  http://alwaysthis.com/;
> >>>>>>>}
> >>>>>>>
> >>>>>>>
> >>-- 
> >>InterNetX GmbH
> >>Maximilianstrasse 6
> >>D-93047 Regensburg
> >>
> >>Tel. +49 941 59559-480
> >>Fax  +49 941 59559-245
> >>
> >>Gesch??ftsf??hrer/CEO: Thomas M??rz
> >>Amtsgericht Regensburg, HRB 7142
> >
> 
> -- 
> InterNetX GmbH
> Maximilianstrasse 6
> D-93047 Regensburg
> 
> Tel. +49 941 59559-480
> Fax  +49 941 59559-245
> 
> Gesch??ftsf??hrer/CEO: Thomas M??rz
> Amtsgericht Regensburg, HRB 7142

-- 
Igor Sysoev
http://sysoev.ru/en/





More information about the nginx mailing list