http -> https redirection, with a twist?

Brad Knowles brad at shub-internet.org
Wed Feb 29 03:26:01 UTC 2012


On Feb 28, 2012, at 8:20 PM, António P. P. Almeida wrote:

> If I understood correctly. Try:
> 
> server { 
>    server_name a.domain.com c.domain.com d.domain.com; 
>    listen 80; 
>    return 301 https://$host:8443$request_uri; 
> }

That works for the one site that needs to be redirected to port 8443, but doesn't work for any of the other sites that should instead be redirected to port 443.

I need both sets of redirects -- most to port 443, but one to port 8443 instead.

> You can use a wildcard to match all subdomains. Perhaps it suits you:
> 
> server { 
>    server_name *.domain.com; # this is more generic [1] 
>    listen 80; 
>    return 301 https://$host:8443$request_uri; 
> }

I would like to avoid wildcards because they're not going to happen in the real world (our list of sites that we serve is static), and I want to prevent redirects from happening for anything but the real sites that we do actually serve.

The only queries that would be coming into us that would match the wildcard and would NOT match the static list of sites would be people who are fishing around for security vulnerabilities or other types of less intelligent robots.  I don't want them causing any further load on our systems than we will already have.

--
Brad Knowles <brad at shub-internet.org>
LinkedIn Profile: <http://tinyurl.com/y8kpxu>



More information about the nginx mailing list