redirect related questions...
ST
smntov at gmail.com
Sun Jul 30 09:12:03 UTC 2017
Hi Francis,
thank you for the detailed answer...
I tried to take care of the first problem by doing this:
server {
listen 80;
listen 443 ssl;
server_name www.example.org example.com; # and some more domains
return 301 https://example.org$request_uri;
}
But the site stopped working all together, both http and https once
checked with curl say:
curl: (35) Unknown SSL protocol error in connection to
www.example.org:443
Why? Is it wrong to have two listen directives in one server?
Thank you!
On Sat, 2017-07-29 at 20:25 +0100, Francis Daly wrote:
> On Fri, Jul 28, 2017 at 02:13:23PM +0300, ST wrote:
>
> Hi there,
>
> > server {
> > server_name www.example.org example.com; # and some more domains
> > return 301 $scheme://example.org$request_uri;
> > }
> >
> > server {
> > listen 80;
> > server_name example.org;
> > ...
> > if ($http_user_agent !~ facebookexternalhit/1.1) {
> > return 301 https://$host$request_uri;
> > }
> > }
> >
> > server {
> > listen 443 ssl;
> > server_name example.org;
> > ...
> > }
>
> If that is your config, then the first server{} is used for http
> connections for everything except example.org; the second server is used
> for http connections for only example.org; and the third server is used
> for all https connections.
>
> > 1. http://example.com redirects correctly to https://example.org (via
> > http://example.org), but not https://example.com - why?
>
> https goes to server{} three; you have no redirection there.
>
> > 2. neither http://www.example.org nor https://www.example.org redirect
> > to https://example.org (not even to http://example.org) - why?
>
> https won't anyway, as per question 1.
>
> http would, but only if the request actually gets to nginx. What do the
> nginx logs say? Does www.example.org resolve to an address on the nginx
> server, as far as this client is concerned?
>
> > How can I achieve that?
>
> See why it fails right now.
>
> If the request does not get to nginx, change things outside nginx so
> that the request does get to nginx.
>
> If the request does get to nginx, change things inside nginx so that it
> does what you want.
>
> That probably involves no change for http, but might involve a new server
> for https which is the default server, and which does the redirect that
> you want. Note that the client may choose not to accept the (redirect)
> response if the certificate does not match whatever name they used to
> connect to the server.
>
> Good luck with it,
>
> f
More information about the nginx
mailing list