https redirection not working correctly

Parzip nginx-forum at forum.nginx.org
Wed Dec 30 14:36:28 UTC 2015 

Hello!

I am trying to set up nginx to 

- switch from http traffic to https
- send alls https traffic to my odoo backend on port 8069

This is already working for different subdomains, but not for the domain
itself. 

http://(www.)subdomain.domain.ch => https://(www.)subdomain.domain.ch
http://(www.)domain.ch => http://(www.)domain.ch, backend ist beeing loaded
but not secured

1) Why is domain.ch not beeing redirected to https://domain.ch?

2) I would like to set up the let's encrypt ssl renewal script described
here:
https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-14-04
For this I need to put a file into the webroot folder, but I don't know how
to define this folder... 

Thank you for your help.


This is my "odoo" file in sites-available:


## odoo backend ##
upstream odoo {
    server 127.0.0.1:8069;
}

## https site##
server {
    listen      443 default;
    server_name *.xxxxx.ch xxxxx.ch www.xxxxx.ch;
    # root        /usr/share/nginx/html;
    # index       index.html index.htm;

    # log files
    access_log  /var/log/nginx/odoo-access.log;
    error_log   /var/log/nginx/odoo-error.log;

    # ssl files
    ssl on;
    ssl_certificate /etc/letsencrypt/live/xxxxx.ch/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/xxxxx.ch/privkey.pem;
    keepalive_timeout   60;

    # limit ciphers 
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
    

    # proxy buffers
    proxy_buffers 16 64k;
    proxy_buffer_size 128k;

    ## default location ##
    location / {
        proxy_pass  http://odoo;
        # force timeouts if the backend dies
        proxy_next_upstream error timeout invalid_header http_500 http_502
http_503 http_504;
        proxy_redirect off;

        # set headers
        proxy_set_header    Host            $host;
        proxy_set_header    X-Real-IP       $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto https;
    }

    # cache some static data in memory for 60mins
    location ~* /web/static/ {
        proxy_cache_valid 200 60m;
        proxy_buffering on;
        expires 864000;
        proxy_pass http://odoo;
    }
}

## http redirects to https ##
server {
    listen      80;
    server_name *.xxxxx.ch www.xxxxx.ch xxxxx.ch;

    # Strict Transport Security
    add_header Strict-Transport-Security max-age=2592000;
    rewrite ^/.*$ https://$host$request_uri? permanent;
}

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,263786,263786#msg-263786

More information about the nginx mailing list