redirect related questions...

ST smntov at gmail.com
Sun Jul 30 09:12:03 UTC 2017


Hi Francis,

thank you for the detailed answer...
I tried to take care of the first problem by doing this:


server {
 listen 80;
 listen 443 ssl;
 server_name www.example.org example.com; # and some more domains
 return 301 https://example.org$request_uri;
}

But the site stopped working all together, both http and https once
checked with curl say:
curl: (35) Unknown SSL protocol error in connection to
www.example.org:443

Why? Is it wrong to have two listen directives in one server?

Thank you!

On Sat, 2017-07-29 at 20:25 +0100, Francis Daly wrote:
> On Fri, Jul 28, 2017 at 02:13:23PM +0300, ST wrote:
> 
> Hi there,
> 
> > server {
> >  server_name www.example.org example.com; # and some more domains
> >  return 301 $scheme://example.org$request_uri;
> > }
> > 
> > server {
> >  listen 80;
> >  server_name example.org;
> >  ...
> >  if ($http_user_agent !~ facebookexternalhit/1.1) {
> >   return 301 https://$host$request_uri;
> >  }
> > }
> > 
> > server {
> >  listen 443 ssl;
> >  server_name example.org;
> >  ...
> > }
> 
> If that is your config, then the first server{} is used for http
> connections for everything except example.org; the second server is used
> for http connections for only example.org; and the third server is used
> for all https connections.
> 
> > 1. http://example.com redirects correctly to https://example.org (via
> > http://example.org), but not https://example.com - why?
> 
> https goes to server{} three; you have no redirection there.
> 
> > 2. neither http://www.example.org nor https://www.example.org redirect
> > to https://example.org (not even to http://example.org) - why?
> 
> https won't anyway, as per question 1.
> 
> http would, but only if the request actually gets to nginx. What do the
> nginx logs say? Does www.example.org resolve to an address on the nginx
> server, as far as this client is concerned?
> 
> > How can I achieve that?
> 
> See why it fails right now.
> 
> If the request does not get to nginx, change things outside nginx so
> that the request does get to nginx.
> 
> If the request does get to nginx, change things inside nginx so that it
> does what you want.
> 
> That probably involves no change for http, but might involve a new server
> for https which is the default server, and which does the redirect that
> you want. Note that the client may choose not to accept the (redirect)
> response if the certificate does not match whatever name they used to
> connect to the server.
> 
> Good luck with it,
> 
> 	f



More information about the nginx mailing list