location blocks, and if conditions in server context

[Francis Daly]

On Thu, Mar 08, 2018 at 08:57:29AM +0000, Lucas Rolff wrote:

Hi there,

> I indeed thought about having a separate server {} block in case there’s the http to https redirect for a specific domain.
> Since it depends on the domain, I can’t make a general one to match everything.

So, if I read this correctly, the new "requirement statement" is: some
domains want to redirect everything (apart from the letsencrypt piece)
from http to https; and some domains do not want to redirect anything
from http to https.

In that case, the one server with "listen 80 default;" and the two
locations, one with "return 301" and the other with "proxy_pass"; plus
the multiple servers with "listen 443" should Just Work.

If you do want the to-https redirect for this domain, do not add "listen
80" in the 443 server. If you do not want the to-https redirect for that
domain, do add "listen 80" in the 443 server.

Am I missing something?

> >    Or: you use $sslproxy_protocol. Where does that come from?
> 
> $sslproxy_protocol is a simple map doing:
> 
> map $https $sslproxy _protocol {
>     default "http";
>     SSL     "https";
>     on      "https";
> }

Because I don't know what else you use that variable for, perhaps you
could make a new variable $redirect_to_https, like so (untested):

  map $https$uri $redirect_to_https {
    default "yes";
    ~^SSL   "no";
    ~^on    "no";
    ~^/.well-known/ "no";
  }

and then redirect based on the value of that variable, where it might matter.

(I presume that $https is empty in http-mode, per http://nginx.org/r/$https)

I prefer the first solution, without the extra variable-and-if; but it's
not my server.

Good luck with it,

	f
-- 
Francis Daly        francis at daoine.org