Trouble adding /pma location to all virtual hosts

Ben Johnson ben at indietorrent.org
Thu Jun 27 18:08:24 UTC 2013



On 6/27/2013 1:15 PM, B.R. wrote:
> Hello,
> 
> On Thu, Jun 27, 2013 at 1:02 PM, Ben Johnson <ben at indietorrent.org
> <mailto:ben at indietorrent.org>> wrote:
> 
> 
> 
>     On 6/27/2013 12:42 PM, Ben Johnson wrote:
>     > I don't want PMA (anything within the /pma/ location) to be accessible
>     > over a plaintext connection. In other words, I wish to force HTTPS.
>     >
>     > Do I need to add something something like this to the location block?
>     >
>     >     rewrite ^ https://domain.com$request_uri? permanent;
>     >
>     > (Ideally, I would like the "domain.com <http://domain.com>" part
>     to be dynamic, so it works
>     > for all vhosts; would I use $host, $server_name? Something else
>     entirely?)
> 
>     I ended-up with this, and it seems to work as expected:
> 
>     location ^~ /pma/ {
>         root /var/www/;
> 
>         if ($scheme = http) {
>             return 301 https://$server_name$request_uri;
>         }
> 
>         # ...
>     }
> 
>     If there's a better way of achieving the same, I'd love to be informed.
> 
>> I would have kept the rewrite
> <http://nginx.org/en/docs/http/ngx_http_rewrite_module.html#rewrite>
> statement which was a good idea.​
>  
> ​The produced redirect is always a 301 (not 302) when the replacement
> string starts with http(s) (check the doc page to which I provide the
> link).​
> Why would you replace it with a 'if' statement?
> http://wiki.nginx.org/IfIsEvil
> 
> I guess you can use the variables in the rewrite directive aswell.
> 
> 
>     Thanks,
> 
>     -Ben
>
> ---
> *B. R.*

Thanks for the feedback, B. R.

I resorted to the "if" control structure because, without it, the
browser became stuck in a redirect-loop. (The reason for this is
obvious.) Then again, I suppose that the redirect-loop would occur
regardless of whether I use a "return 301" or "rewrite".

How would you recommend avoiding the redirect-loop problem?

I would really prefer no to have to define separate "server" blocks for
ports 80 and 443, due to the complex nature of the hosting environment
in which I'm working.

Currently, all vhosts receive:

server {
    listen *:80;

    listen *:443 ssl;
}

Without separating ports 80 and 443 into individual "server" blocks, I
saw no way to avoid the loop without using an "if" structure.

Am I missing something?

Thanks again,

-Ben



More information about the nginx mailing list