https redirection not working correctly

Kevin Worthington kworthington at gmail.com
Wed Dec 30 14:51:28 UTC 2015


Hello!

After your upstream block, but before your server (https) block put
something like this:

server {
        listen         80;
        server_name    xxxxxxxxx.ch www.xxxxxxxxx.ch;
        return         301 https://$server_name$request_uri;
}

...and remove the ## http redirects to https ## at the bottom.

Best regards,
Kevin
--
Kevin Worthington
kworthington att gmail dat com
http://kevinworthington.com/
http://twitter.com/kworthington

On Wed, Dec 30, 2015 at 9:36 AM, Parzip <nginx-forum at forum.nginx.org> wrote:

> Hello!
>
> I am trying to set up nginx to
>
> - switch from http traffic to https
> - send alls https traffic to my odoo backend on port 8069
>
> This is already working for different subdomains, but not for the domain
> itself.
>
> http://(www.)subdomain.domain.ch => https://(www.)subdomain.domain.ch
> http://(www.)domain.ch => http://(www.)domain.ch, backend ist beeing
> loaded
> but not secured
>
> 1) Why is domain.ch not beeing redirected to https://domain.ch?
>
> 2) I would like to set up the let's encrypt ssl renewal script described
> here:
>
> https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-14-04
> For this I need to put a file into the webroot folder, but I don't know how
> to define this folder...
>
> Thank you for your help.
>
>
> This is my "odoo" file in sites-available:
>
>
> ## odoo backend ##
> upstream odoo {
>     server 127.0.0.1:8069;
> }
>
> ## https site##
> server {
>     listen      443 default;
>     server_name *.xxxxx.ch xxxxx.ch www.xxxxx.ch;
>     # root        /usr/share/nginx/html;
>     # index       index.html index.htm;
>
>     # log files
>     access_log  /var/log/nginx/odoo-access.log;
>     error_log   /var/log/nginx/odoo-error.log;
>
>     # ssl files
>     ssl on;
>     ssl_certificate /etc/letsencrypt/live/xxxxx.ch/fullchain.pem;
>     ssl_certificate_key /etc/letsencrypt/live/xxxxx.ch/privkey.pem;
>     keepalive_timeout   60;
>
>     # limit ciphers
>     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
>     ssl_prefer_server_ciphers on;
>     ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
>
>
>     # proxy buffers
>     proxy_buffers 16 64k;
>     proxy_buffer_size 128k;
>
>     ## default location ##
>     location / {
>         proxy_pass  http://odoo;
>         # force timeouts if the backend dies
>         proxy_next_upstream error timeout invalid_header http_500 http_502
> http_503 http_504;
>         proxy_redirect off;
>
>         # set headers
>         proxy_set_header    Host            $host;
>         proxy_set_header    X-Real-IP       $remote_addr;
>         proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
>         proxy_set_header    X-Forwarded-Proto https;
>     }
>
>     # cache some static data in memory for 60mins
>     location ~* /web/static/ {
>         proxy_cache_valid 200 60m;
>         proxy_buffering on;
>         expires 864000;
>         proxy_pass http://odoo;
>     }
> }
>
> ## http redirects to https ##
> server {
>     listen      80;
>     server_name *.xxxxx.ch www.xxxxx.ch xxxxx.ch;
>
>     # Strict Transport Security
>     add_header Strict-Transport-Security max-age=2592000;
>     rewrite ^/.*$ https://$host$request_uri? permanent;
> }
>
> Posted at Nginx Forum:
> https://forum.nginx.org/read.php?2,263786,263786#msg-263786
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20151230/39be4db5/attachment.html>


More information about the nginx mailing list