New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All websites when accessed via httpS redirect to SSL website- VestaCP
On one of my VestaCP Debian 7 servers, I have around 10 sites-- all NON-SSL but have one website abc.xyz using SSL and is an SSL only site.
Now all other websites when accessed through https just redirect to this same SSL site https://abc.xyz
Can you recommend if I can write some global rule in Nginx/Apache to redirect https to http for any non-ssl websites ? or will I have to do it all one by one for each of them ?
Thanks
Comments
You own Google ?
This is not a default behavior.
Well, if is possible, post your /home/'user'/conf/web/snginx.conf
(remove ips and domains)
You host abc.xyz?
You are using SNI and with only a single valid cert, basically the default cert since there are no others, it will always resolve to the only cert. How to get around this? Here are a few ways I can think up off the top of my head.
So google hosted using vestacp. Hmm..
If you can't really understand it was a dummy name I used in my post, better keep your nose out and let the others help.
@miTgiB
Thanks... I guess the easiest bet would be get a new IP for this site and put the SSL site on this IP... right ?
I was still thinking there can be a Global config way to redirect anything https to http, unless there is a specific override mentioned in the conf. Any ideas ?
You could turn off the default https site.
That way the user will not see anything unless you have created/activated ssl for that site.
Or...... Set a "dummy" site as default https site and use .htaccess to redirect to the regular http site.
Hi Mikho,
can you ellaborate what you mean by "turn off Default https site" ?
This SSL site needs to be on https -- and secure site only, I have redirected its http to https using htaccess already.
Please explain how to deactivate "default https" for any sites other than this one ?
This is by memory and I'm writing on my phone in my car so don't shoot me if I'm slightly off topic.
You can set in your config file what hostname you should be listening to, if no hostname is defined, serve pages from the default website (often the first one with an ssl cert.).
If I get the chance later tonight I can give you some real life examples.
@mikho
I shall wait for a proper pointer to what config we need... take your good time!
To lazy to read every above words, but how about add a default domain with ssl support, then add a .htaccess for that DEFAULT domain and it will redirect all https traffic to http? For the domains you have configured ssl, it will work the same as always. I think this is easier than adding another IP and stuff. Not sure if this is what you meant though.
The key here is your default domain in user admin, this will be the landing page domain for all sites not configured.
It's always a good thing to do it one by one. There won't be any mess in this process.
Tell me you never used domain.tld as a dolummy domain before, because you don't own that.
Took me long enough to get home, here is the late reply.
I didn't find my notes on how I did it last time but it has to do with nginx receives your request for a https site but since your domain is not in the config the default https domain site is shown instead. This is the first SSL site you created.
a "quick" fix is to enable ssl on all sites, generate a self-signd certificate and then use .htaccess to 301 redirect to the http version for those sites that shouldn't be accesible over https.
I'll continue to look for my notes tomorrow (if I'm not busy working with something else)
What's wrong with my method? I haven't tried it myself but I'm almost sure it will work.
If I remember correct there is no default site that it will return data from.
It is either the first site with ssl enabled OR a random site with ssl enabled.
The correct way the server should handle it is that if ssl is not enabled for a site, nothing should be returned.
I thought the first site that you add under user admin is the default one.. No?
In my single case where I tried it it was the first site added by any user that got return the most, not in every case though. Sometimes it returned the another ssl enabled site.
Another issue I noticed was that the certificates got messed up. If you had ssl enabled on two sites, the second site always used the first sites certificate. Even if they were from different users.
Nginx doesn't pass all information on to apache and apache is poorly configured by default and returns random data if it gets confusing.
Mhmm maybe you are right. I do remember this issue when I used vestacp a few months back, but I thought they fixed (?) it in the new version.
I hope they did, haven't read the release notes.
This is because of SNI & shared IP. Either place that SSL website on a seperate IP or simply install self-signed SSL certificates on rest of websites so those will show security warning instead of redirect.
Wow, i saw the google owner. Can you mail me a pair of google glass for free?
last release of vesta is very bugged. really, a lot of annoing things with phpmyadmin / mysql connection, fpm, etc shit... really sad thing.