Rewrite non-ssl to ssl except for given location

Jonathan Matthews contact at jpluscplusm.com
Sun Apr 15 16:50:53 UTC 2012


On 15 April 2012 17:16, Adnan RIHAN <adnan at rihan.fr> wrote:
> @Jonathan: okok
>
> Here is the known but can't be touched vhost file:
>
> #################################################################
> ########### Vhost configuration of  example.com
> #################################################################
> server {
> access_log off;
> error_log  logs/vhost-error_log warn;
> listen    80;
> server_name  example.com www.example.com;
> location ~*
> ^.+.(jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|iso|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|mp3|ogv|ogg|flv|swf|mpeg|mpg|mpeg4|mp4|avi|wmv|js|css)$
> {
> expires 24h;
> root /home/example/public_html;
> error_page  404 = @apache;
> access_log /usr/local/apache/domlogs/example.com;
> log_not_found  off;
> }
> location ~ /\.ht {
>           deny all;
> }
>
> location / {
> log_not_found  off;
>
>   client_max_body_size    2000m;
>   client_body_buffer_size 512k;
>   proxy_send_timeout   90;
>   proxy_read_timeout   90;
>   proxy_buffer_size    32k;
>   proxy_buffers     16 32k;
>   proxy_busy_buffers_size 64k;
>   proxy_temp_file_write_size 64k;
>   proxy_connect_timeout 30s;
>
>         proxy_redirect  http://www.example.com:8888
> http://www.example.com;
>         proxy_redirect  http://example.com:8888   http://example.com;
>         proxy_pass   http://87.98.132.48:8888/;
>         proxy_set_header   Host   $host;
>         proxy_set_header   X-Real-IP  $remote_addr;
>         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
>         }
> location @apache {
> internal;
>
>   client_max_body_size    2000m;
>   client_body_buffer_size 512k;
>   proxy_send_timeout   90;
>   proxy_read_timeout   90;
>   proxy_buffer_size    32k;
>   proxy_buffers     16 32k;
>   proxy_busy_buffers_size 64k;
>   proxy_temp_file_write_size 64k;
>   proxy_connect_timeout 30s;
>
>         proxy_redirect  http://example.com:8888   http://example.com;
>         proxy_pass   http://87.98.132.48:8888;
>         proxy_set_header   Host   $host;
>         proxy_set_header   X-Real-IP  $remote_addr;
>         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
>         }
> include "/etc/cpnginx/custom/example.com";
> }
>
> The only file I can modify is this one: /etc/cpnginx/custom/example.com

I don't understand how this could ever work. The only entry point
you've shown to the @apache location is if the URI's path ends in
".(jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|iso|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|mp3|ogv|ogg|flv|swf|mpeg|mpg|mpeg4|mp4|avi|wmv|js|css)"

That doesn't include ".php", so I don't see how control of
"/includes/api.php" ever hits the file you can amend.

Assuming there's something I'm missing here and .php does in fact
reach that file, here's how you might achieve what you want. It uses
PCRE negative lookaheads, which I don't know definitely work inside
nginx.

    rewrite ^/(?!includes/api\.php) https://$http_host$uri?$args;

For what it's worth, I personally wouldn't use a host that enforced
these restrictions on my configuration, like OVH appear to be doing
here. It's *extremely* unpleasant.

HTH,
Jonathan
-- 
Jonathan Matthews
Oxford, London, UK
http://www.jpluscplusm.com/contact.html



More information about the nginx mailing list