Rewrite non-ssl to ssl except for given location

Adnan RIHAN adnan at rihan.fr
Sun Apr 15 16:57:11 UTC 2012


Actually, I'm the CEO of that host.  

The thing is that we're using CPanel, and a module called CPNginx.
I've send some features requests like moving the include and/or changing some positions. I've also asked them to add a "custom field" in the customer's panel to allow customers to edit their config (which will only be the include file).

Currently, I'm editing by hands included files, and I can't change the way cpnginx rebuild vhosts because it's scripts are ioncubed T_T

So, I'm hacking as I can.
-----
I don't get what you're "missing". PHP Files are never matched because there is no location block including them.
I've put my rewrite outside any blocks actually.

Thank your for your help, I'll check this soon.
--  
Cordialement, Adnan RIHAN.
Président-Fondateur de l'association (de loi 1901) Virtual-Info (http://www.virtual-info.info/), hébergeur Web et Serveurs de Jeux.
Consultant (http://rihan.fr/)-Technicien Supérieur en Informatique de Gestion.
Ambassadeur Qt (http://lyt.me/7E) (Projet Tag-PG (http://rihan.fr/fr/projets/tagpg)).


Le dimanche 15 avril 2012 à 18:50, Jonathan Matthews a écrit :

> On 15 April 2012 17:16, Adnan RIHAN <adnan at rihan.fr (mailto:adnan at rihan.fr)> wrote:
> > @Jonathan: okok
> >  
> > Here is the known but can't be touched vhost file:
> >  
> > #################################################################
> > ########### Vhost configuration of  example.com (http://example.com)
> > #################################################################
> > server {
> > access_log off;
> > error_log  logs/vhost-error_log warn;
> > listen    80;
> > server_name  example.com www.example.com (http://www.example.com);
> > location ~*
> > ^.+.(jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|iso|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|mp3|ogv|ogg|flv|swf|mpeg|mpg|mpeg4|mp4|avi|wmv|js|css)$
> > {
> > expires 24h;
> > root /home/example/public_html;
> > error_page  404 = @apache;
> > access_log /usr/local/apache/domlogs/example.com (http://example.com);
> > log_not_found  off;
> > }
> > location ~ /\.ht {
> >           deny all;
> > }
> >  
> > location / {
> > log_not_found  off;
> >  
> >   client_max_body_size    2000m;
> >   client_body_buffer_size 512k;
> >   proxy_send_timeout   90;
> >   proxy_read_timeout   90;
> >   proxy_buffer_size    32k;
> >   proxy_buffers     16 32k;
> >   proxy_busy_buffers_size 64k;
> >   proxy_temp_file_write_size 64k;
> >   proxy_connect_timeout 30s;
> >  
> >         proxy_redirect  http://www.example.com:8888
> > http://www.example.com;
> >         proxy_redirect  http://example.com:8888   http://example.com;
> >         proxy_pass   http://87.98.132.48:8888/;
> >         proxy_set_header   Host   $host;
> >         proxy_set_header   X-Real-IP  $remote_addr;
> >         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
> >         }
> > location @apache {
> > internal;
> >  
> >   client_max_body_size    2000m;
> >   client_body_buffer_size 512k;
> >   proxy_send_timeout   90;
> >   proxy_read_timeout   90;
> >   proxy_buffer_size    32k;
> >   proxy_buffers     16 32k;
> >   proxy_busy_buffers_size 64k;
> >   proxy_temp_file_write_size 64k;
> >   proxy_connect_timeout 30s;
> >  
> >         proxy_redirect  http://example.com:8888   http://example.com;
> >         proxy_pass   http://87.98.132.48:8888;
> >         proxy_set_header   Host   $host;
> >         proxy_set_header   X-Real-IP  $remote_addr;
> >         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
> >         }
> > include "/etc/cpnginx/custom/example.com (http://example.com)";
> > }
> >  
> > The only file I can modify is this one: /etc/cpnginx/custom/example.com (http://example.com)
>  
> I don't understand how this could ever work. The only entry point
> you've shown to the @apache location is if the URI's path ends in
> ".(jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|iso|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|mp3|ogv|ogg|flv|swf|mpeg|mpg|mpeg4|mp4|avi|wmv|js|css)"
>  
> That doesn't include ".php", so I don't see how control of
> "/includes/api.php" ever hits the file you can amend.
>  
> Assuming there's something I'm missing here and .php does in fact
> reach that file, here's how you might achieve what you want. It uses
> PCRE negative lookaheads, which I don't know definitely work inside
> nginx.
>  
> rewrite ^/(?!includes/api\.php) https://$http_host$uri?$args;
>  
> For what it's worth, I personally wouldn't use a host that enforced
> these restrictions on my configuration, like OVH appear to be doing
> here. It's *extremely* unpleasant.
>  
> HTH,
> Jonathan
> --  
> Jonathan Matthews
> Oxford, London, UK
> http://www.jpluscplusm.com/contact.html
>  
> _______________________________________________
> nginx mailing list
> nginx at nginx.org (mailto:nginx at nginx.org)
> http://mailman.nginx.org/mailman/listinfo/nginx
>  
>  


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120415/d6e860e2/attachment.html>


More information about the nginx mailing list