Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with OpenID
Advertise on LowEndTalk.com

In this Discussion

Nginx converting all http links automatically to https

Nginx converting all http links automatically to https

FreekFreek Member
edited November 2012 in Help

I've setup a simple cms in php and mysql (Percona) and used nginx as webserver. However, nginx feels the need to convert all http links to https links and thus are not loading. Why is that? This is my nginx configuration file: http://pastebin.com/3QLdhg1u I explicitly told nginx not to use https in the fastcgi part but it ignores that...

Thanks in advance!

Linux noob willing to learn.

Comments

  • Nginx doesn't rewrite any URLs/links on the page to use one protocol versus another. Are you sure there isn't a setting in the CMS causing everything to force HTTPS?

    If not, could you post the headers that you receive when trying to visit an HTTP page?

    DevOp based out of Chicago Somewhat knowledgeable about php.
  • Something like this?

    server {
        listen 443 ssl;
        server_name erawanarifnugroho.com;
        ssl_certificate /etc/ssl/http/www.erawanarifnugroho.com.pem;
        ssl_certificate_key /etc/ssl/http/www.erawanarinfugroho.com.key;
        rewrite ^/(.*) https://www.erawanarifnugroho.com/$1 permanent;
    }
    
    server {
        listen 443 ssl;
        server_name www.erawanarifnugroho.com;
        ssl_certificate /etc/ssl/http/www.erawanarifnugroho.com.pem;
        ssl_certificate_key /etc/ssl/http/www.erawanarinfugroho.com.key;
    
        access_log off;
        error_log /home/http/logs/erawanarifnugroho.com.log;
        index index.html index.php;
        root /home/http/hosts/erawanarifnugroho.com;
        try_files $uri $uri/ /index.php;
        client_max_body_size 200M;
    
        include /etc/nginx/conf.d/cache.conf;
        include /etc/nginx/conf.d/deny.conf;
        include /etc/nginx/php.d/erawanarifn.conf;
    }
    
    My blog | Server Uptime | I'm not working for any providers in here, all my comments just my own opinion.image
  • @Adduc said: Nginx doesn't rewrite any URLs/links on the page to use one protocol versus another. Are you sure there isn't a setting in the CMS causing everything to force HTTPS?

    ^ This

    Your CMS is probably setup in a way to redirect/force HTTPS.

    Fusioned | KVM SSD VPS | LSI RAID10 | Netherlands 1Gbps | R1Soft | IPv4 & IPv6 | SolusVM
  • I'm also experiencing the same problem. My cms made simple installation is always redirect to https all the time.

    I'm using minstall btw.

    I'm Good!

  • bamnbamn Disabled

    @ErawanArifNugroho said: rewrite ^/(.*) https://www.erawanarifnugroho.com/$1 permanent;

    That's what he needs

  • Erawan, he wants to know WHY his install is doing that despite that not being configured.

    Probably CMSMadeSimple using the $scheme and redirecting https on everything. May be worthwhile bringing it to their attention.

    -- BOFH

  •  listen 80 default_server;
        location ~ \.php$ {
                include /etc/nginx/fastcgi_params;
                fastcgi_pass 127.0.0.1:9000;

    Do you use some caching like varnish? Have you try to restart nginx, php, and other?

  • Morning Guys. Thanks for the replies :)

    @Fritz said: I'm using minstall btw.

    I also used minstall on Ubuntu 12.04 64 bit.

    @Adduc said: Are you sure there isn't a setting in the CMS causing everything to force HTTPS?

    No, the CMS actually doesn't even support HTTPS as far as I am aware. No setting for it whatsoever. I'll checkout if I can fetch the headers.

    @bamn said: That's what he needs

    Alright, will test out :)

    @Wintereise said: Probably CMSMadeSimple using the $scheme and redirecting https on everything. May be worthwhile bringing it to their attention.

    I also would like to know indeed, but it's not CMSMadeSimple but 'Newznab'.

    @gkz said: Do you use some caching like varnish? Have you try to restart nginx, php, and other?

    No varnish and rebooted the complete VPS a couple of times already :)

    Thanks! I'll keep you posted.

    Linux noob willing to learn.

  • PS: Nginx doesn't auto-convert http/https unless you clearly have it in your config, if you're visiting the site on http, and you mouse over the links that show https://* then its your scripts.

    KBeezie - Insignificant little blog about Nginx, FreeBSD, fun stuff | PhoenixVPS - Managed Support Representative
  • Not nginx.

    I work for Nodisto.

  • @kbeezie said: PS: Nginx doesn't auto-convert http/https unless you clearly have it in your config, if you're visiting the site on http, and you mouse over the links that show https://* then its your scripts.

    It does indeed exactly this!

    @Zen said: Not nginx.

    Well, this is on a freshly installed VPS with minstall in combination with nginx and percuna. I tried this before with apache and mysql and it functioned like it should. So it's either nginx or percuna ;)

    Linux noob willing to learn.

  • FritzFritz Member
    edited December 2012

    @Freek Hopefully you don't mind if I make some comments about my problem. Since we are experiencing same problem with different script but same minstall (Nginx) @maxexcloo

    The script it self points to http but the base url shows https when I look at the source.

    I'm Good!

  • Well this isn't nginx.. it wouldn't have any control over the actual links in the script, and it wouldn't be redirecting without specific rules for such action.

    I work for Nodisto.

  • Why not temporarily move the CMS to a different directory, create an index file and visit it? If if still redirects to HTTPS, it's Nginx (highly unlikely) else it's your CMS.

  • just buy ssl. its only a couple dollars per year. problem solved

    vpsdash.com - Tips and tricks in life, information and technology news to get things done

  • @Freek said: It does indeed exactly this!

    No where in your pastebin config does it show any http server { } block redirecting to an https server block.

    The ONLY time I've seen something almost exactly as you described it was because either wordpress, WHMCS, etc etc were setting the links in the returned PHP source as https://. If you point it to a txt or static html file and it doesn't change... well then it's your CMS's settings.

    With your lack of information and cryptic feedback doesn't help either, the solution is very simple... you're just not listening.

    KBeezie - Insignificant little blog about Nginx, FreeBSD, fun stuff | PhoenixVPS - Managed Support Representative
  • FreekFreek Member
    edited December 2012

    Digging in the source code of the index.php I find this:

    <script type="text/javascript">
        var WWW_TOP = "";
        var SERVERROOT = "https://<IP>/";
        var UID = "";
        var RSSTOKEN = "";
    </script>
    

    Now trying to find out where this little joke is coming from

    @Fritz said: @Freek Hopefully you don't mind if I make some comments about my problem.

    Sure no problem!

    @Evixo said: Why not temporarily move the CMS to a different directory, create an index file and visit it? If if still redirects to HTTPS, it's Nginx (highly unlikely) else it's your CMS.

    Good one. The index file of the CMS as well loads without https but now I see certain subpages load with https and others without. I can't

    @cosmicgate said: just buy ssl. its only a couple dollars per year. problem solved

    Car doesn't run. Just buy a bike. It's just a couple of bucks. .... Appreciate your input but this doesn't make much sense to me.

    @kbeezie said: With your lack of information and cryptic feedback doesn't help either, the solution is very simple... you're just not listening.

    Beg pardon? I'm sorry but I am doing the best I can here. How exactly is my feedback cryptic? You know my OS, the setup and the CMS involved. I described the problem I am facing, what I'm seeing on my screen and posted the nginx config file. The fact that I keep coming back to nginx is that other people are also asking questions with the intention to gather more information about the problem and thus debug it. If that's your definition of not listening well then I am sorry. I try to answer every question and yes indeed that's coming back to nginx even if you have said already that it's not caused by nginx. I appreciate your help but telling me that I'm not listening is not true. I am just not as skilled as you are in Linux so things aren't as obvious for me as they are for you.

    @kbeezie said: No where in your pastebin config does it show any http server { } block redirecting to an https server block.

    Well I can't help it but that's what I'm seeing here. Here's the URL if that helps: http://tinyurl.com/cvquvn4 However, I do see now that not all URLs are converted into https, some are in http some in http. I searched through the documentation of the CMS and nowhere is something mentioned about https or ssl regarding html/php at all. Just for setting up the connection to the usenet server but that's a complete other story. I.e. SSL/HTTPS is not supported by the CMS.

    @kbeezie said:

    The ONLY time I've seen something almost exactly as you described it was because either wordpress, WHMCS, etc etc were setting the links in the returned PHP source as https://. If you point it to a txt or static html file and it doesn't change... well then it's your CMS's settings.

    I don't have much settings that I can change. Here this is pretty much it:

    `<?php

    $www_top = str_replace("\","/",dirname( $_SERVER['PHP_SELF'] )); if(strlen($www_top) == 1) $www_top = "";

    // // used everywhere an href is output, includes the full path to the newznab install // define('WWW_TOP', $www_top);

    // // used to refer to the /www/lib class files // define('WWW_DIR', realpath(dirname(FILE)).'/');

    // // path to smarty files // define('SMARTY_DIR', WWW_DIR.'lib/smarty/');

    // // number of results per page // define("ITEMS_PER_PAGE", "50");`

    @bamn said: @ErawanArifNugroho said: rewrite ^/(.*) https://www.erawanarifnugroho.com/$1 permanent;

    That's what he needs

    Apparently this is exactly the opposite of what I need? It rewrites everything to https? I tried setting it to http instead but he didn't like that. Pages where not loading after that

    I'm now trying to see if I can fetch the headers for @Adduc

    Linux noob willing to learn.

  • kbeeziekbeezie Member
    edited December 2012

    @Freek said: Beg pardon? I'm sorry but I am doing the best I can here. How exactly is my feedback cryptic? You know my OS, the setup and the CMS involved. I described the problem I am facing, what I'm seeing on my screen and posted the nginx config file. The fact that I keep coming back to nginx is that other people are also asking questions with the intention to gather more information about the problem and thus debug it. If that's your definition of not listening well then I am sorry. I try to answer every question and yes indeed that's coming back to nginx even if you have said already that it's not caused by nginx. I appreciate your help but telling me that I'm not listening is not true. I am just not as skilled as you are in Linux so things aren't as obvious for me as they are for you.

    Well point is... It's not nginx, it's the script so... fix the script.

    Trying to make nginx do a https back to http is not fixing the problem but intensifying it (since every link would be http page -> https link -> http redirect), and course if you don't have an SSL certificate install it'll still just stop dead at the https link.

    Also the CMS itself doesn't have to "support" it since it's a webserver+cert thing, it would need only set the scheme of the url depending on how it was coded, most of the time if it was set up with relative links, then the links would be relative to the current scheme.

    Far as "cryptic", cryptic in the sense that the url of the site is not shown, if known some of us could actually do a look at the page source to see if it's hard-coded by the CMS or if there's a redirect going on with a curl/etc pull.

    I imagine if it's not in the code, it's in the database, much like how wordpress normally saves it's site-url/etc in the database if it's not hardcoded into the wp-config.php, or how WHMCS will cause a redirect to https if you set it in the setting. Fact of the matter is... It's not Nginx, and not something you'd correct in nginx.

    On the flip side, you could pay someone to fix it, depending on how many hours you've spent on it already.

    KBeezie - Insignificant little blog about Nginx, FreeBSD, fun stuff | PhoenixVPS - Managed Support Representative
  • Guys, I've found the solution. It was indeed not nginx, but that was obvious by now ;) First, I apologize for giving false information. Apparently the CMS uses some form or smarty caching/optimization so @gkz was quite warm. I didn't know that, so again my apologies. My fault, my bad.

    When checking out the page source in FireFox, I found this in the index:

    <script type="text/javascript">
        var WWW_TOP = "";
        var SERVERROOT = "https://<IP>/";
        var UID = "";
        var RSSTOKEN = "";
    </script>
    

    However, this was nowhere to be found in the php files. Then I stumbled on a file named basepage.php in the CMS folder /lib/framework which contained this:

    $this->serverurl = (isset($_SERVER["HTTPS"]) ? "https://" : "http://").$_SERVER["SERVER_NAME"].($_SERVER["SERVER_PORT"] != "80" ? ":".$_SERVER["SERVER_PORT"] : "").WWW_TOP.'/';

    Simply changing HTTPS to HTTP and rebooting solved my problem :)

    I would like to thank everyone for their time, patience and pointing me into the right direction :) Thanks for participating in this thread!

    Linux noob willing to learn.

  • kbeeziekbeezie Member
    edited December 2012

    @Freek said: However, this was nowhere to be found in the php files. Then I stumbled on a file named basepage.php in the CMS folder /lib/framework which contained this:

    $this->serverurl = (isset($_SERVER["HTTPS"]) ? "https://" : "http://").$_SERVER["SERVER_NAME"].($_SERVER["SERVER_PORT"] != "80" ? ":".$_SERVER["SERVER_PORT"] : "").WWW_TOP.'/';

    Simply changing HTTPS to HTTP and rebooting solved my problem :)

    I would like to thank everyone for their time, patience and pointing me into the right direction :) Thanks for participating in this thread!

    Seems odd for it to change the url specifically on that. Normally you could tell it to use https in nginx via the fastcgi_param such as:

    fastcgi_param HTTPS on;

    but the code is only checking to see if it's set, not if it's on/off, true/false, etc. So perhaps for whatever reason via PHP it thinks the HTTPS variable is set (though it should actually first check to see if it's set, THEN see if it's on or off, that probably would have saved you the trouble of having to code it in manually.

    By the way that segment of code

    isset($_SERVER["HTTPS"]) ? "https://" : "http://"

    is the same as: CONDITION ? Value-If-True : Value-If-False

    In case you didn't know that.

    KBeezie - Insignificant little blog about Nginx, FreeBSD, fun stuff | PhoenixVPS - Managed Support Representative
  • changing the https to http in php is not really a good option I believe.

    As for my problem, I've tried to use Apache and the problems was elimimated. but, I love Nginx already.

    @Freek , have you tried to use Apache?

    I'm Good!

  • @Fritz said: changing the https to http in php is not really a good option I believe.

    As for my problem, I've tried to use Apache and the problems was elimimated. but, I love Nginx already.

    @Freek , have you tried to use Apache?

    I know, but this is the only thing that solved my problem. Yes, apache doesn't have this problem here either.

    @kbeezie said: o perhaps for whatever reason via PHP it thinks the HTTPS variable is set (though it should actually first check to see if it's set, THEN see if it's on or off, that probably would have saved you the trouble of having to code it in manually.

    Could be, the only thing I know is that changing it to HTTP solved my problem :)

    Linux noob willing to learn.

  • image

    Clearly there are implementation differences in the HTTPS parameter, across HTTPds.

    Appreciate my posts/software/guides? Donate (PayPal/Flattr/Bitcoin): http://cryto.net/~joepie91/donate.html | irc.freenode.net #lowendbox

Sign In or Register to comment.