Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Redirect httpS to httpS://www - NGinx+VestaCP
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Redirect httpS to httpS://www - NGinx+VestaCP

mehargagsmehargags Member
edited June 2016 in Help

Hello All,
On my VestaCP server, I'm using NGinx as rev. proxy

need some advise in redirecting my SSL domain properly. I have the Certificates in place. This is what I have in the Configs:

/home/admin/conf/web/nginx.conf

server {
    listen      111.222.333.444:80 ;
    server_name domain.com www.domain.com;
    return   301 https://www.$server_name$request_uri;

/home/admin/conf/web/snginx.conf

server {
    listen      111.222.333.444:443 ssl http2;
    server_name domain.com www.domain.com;

Now this is the scene when I type the URL:

domain.com redirects properly to https://www.domain.com
but
typing in https://domain.com (non-www) does NOT redirect to https://www.domain.com.

Am I doing it in correctly ?

Reading some references it suggests I need to setup separate server blocks for nginx

server {
    listen      000.000.000.000:80;
    server_name  www.mydomain.com;
    return       301 http://mydomain.com$request_uri;
}

server {
    listen      000.000.000.000:80;
    server_name mydomain.com;
    root        /home/user/web/mydomain.com/public_html;

but since Vesta creates the server block by default like
server_name domain.com www.domain.com

I was hesitant to change it to two different blocks. is that the only way ? any better suggestions ?

Comments

  • ATHKATHK Member
    edited June 2016
    server {
             listen  80 default_server;
             server_name www.site.com site.com;
             rewrite ^(.*)$ https://site.com$1 permanent;
        }
    

    The above works for me.

    Thanked by 1GCat
  • tommytommy Member

    try this

    server {
    listen 80;
    server_name DOMAIN.COM WWW.DOMAIN.COM;
    return 301 https://WWW.DOMAIN.COM$request_uri;
    root /srv/DOMAIN.COM;
    index index.php;
    }
    
    server {
    listen 443;
    server_name WWW.DOMAIN.COM;
    root /srv/DOMAIN.COM;
    index index.php;
    }
    

    put only www.domain.com on server_name on ssl block.

    Testing

    $ curl -I www.DOMAIN.COM
    HTTP/1.1 301 Moved Permanently
    Server: nginx
    Date: Wed, 08 Jun 2016 06:32:58 GMT
    Content-Type: text/html
    Location: https://www.DOMAIN.COM/
    X-UA-Compatible: IE=Edge
    Content-Length: 178
    Connection: Keep-Alive
    
    

    non-www

    $ curl -I DOMAIN.COM
    HTTP/1.1 301 Moved Permanently
    Server: nginx
    Date: Wed, 08 Jun 2016 06:34:19 GMT
    Content-Type: text/html
    Location: https://www.DOMAIN.COM/
    X-UA-Compatible: IE=Edge
    Content-Length: 178
    Connection: Keep-Alive
    
  • FalzoFalzo Member

    mehargags said: but typing in https://domain.com (non-www) does NOT redirect to https://www.domain.com.

    for sure it doesn't as you are directly jumping into the ssl-block of your nginx config, which doesn't any rewrite/redirect.

    your initial nginx.conf (the one for non ssl with listen 80) does the redirect only for all reuqest send via http://

    and the snginx.conf (listen 443) does everything directed to your server via https:// - there you don't do any rewrites so far

    to cope with the problem that vesta creates a block for both at once you could either delete the www. alias from web settings within vesta panel and let it have its own config.

    or do something like an if & rewrite statement for the non www part

    Thanked by 1mehargags
  • JasonPJasonP Member, Patron Provider

    Try below code to redirect your https://domain.com on https://www.domain.com

    server {
          listen        443;
           server_name    domain.com;
             if ($host = domain.com) {
            rewrite ^(.*) https://www.domain.com:443$request_uri? permanent;
        }
    

    Hope it will help you!

    Thanked by 2Falzo mehargags
  • FalzoFalzo Member

    @JasonP said:

    +1, that's what I meant

    while IF should be avoided if possible regarding to official nginx documentation ( http://nginx.org/en/docs/http/converting_rewrite_rules.html ) - this probably is the easiest way if there is no possibilitie to split www from non-www in the server blocks due to vesta

    if you have apache in place behind nginx, maybe the easiest way would be to do the redirect rules via htaccess instead of directly within nginx - vesta is supposed to rewrite the config file every other time, so you would not want to edit them directly...

  • ATHKATHK Member

    @ATHK said:
    server {
    listen 80 default_server;
    server_name www.site.com site.com;
    rewrite ^(.*)$ https://site.com$1 permanent;
    }

    The above works for me.

    Sorry missed the part "https doesnt redirect to https://www. My bad, same practice though as @JasonP has shown.

  • edited June 2016

    The recommended and most efficient way is by using separate server blocks. No "if" statements needed.

    The key is separating the non-www https server block and have it redirect to the main site.

    server {
        listen          000.000.000.000:80;
        server_name     mydomain.com www.mydomain.com;
        return          301 https://www.mydomain.com$request_uri;
    }
    
    
    server {
        listen          000.000.000.000:443;
        server_name     mydomain.com;
        return          301 https://www.mydomain.com$request_uri;
    }
    
    server {
        listen          000.000.000.000:443;
        server_name     www.mydomain.com;
        ...
        ...
    }
    
  • mehargagsmehargags Member
    edited June 2016

    shouldn't be so hard... but I hate to say the moment I make separate block

    server { listen 000.000.000.000:443; server_name mydomain.com; return 301 https://www.mydomain.com$request_uri; }

    in the sngnix.conf for nginx (vesta uses separate conf's), the whole site stops working.

    I tried redirecting domain to www.domain from htaccess and then setting up snignx.conf to only have server block for www. version but still the site doesn't work.

    I'm running nginx as rev. proxy, do we need to do something in apache conf instead ?

  • FalzoFalzo Member
    edited June 2016

    mehargags said: in the sngnix.conf for nginx (vesta uses separate conf's), the whole site stops working.

    you shouldn't definitely not mess around in this files, as nginx probably simply denies working if something is wrong and vesta will write over those files eventually...

    if you need to add individual rules you can add them via an (s)nginx.domain.name.conf file in the conf/web directory, as those will be included (the full name can be seen inside nginx.conf/snginx.conf at the bottom)
    yet you cannot add additional server blocks there!

    as said before I'd suggest leaving the whole configuration of that files to vesta at all, as that is what vesta is supposed to do. so do edit nothing in snginx.conf nor nginx.conf.

    just leave the default config and add a regular .htaccess rule which does the redirecting like:

    RewriteEngine On
    RewriteCond %{HTTPS} off [OR]
    RewriteCond %{HTTP_HOST} !^www\.
    RewriteRule .* https://www.mydomain.com%{REQUEST_URI} [L,R=301]
    

    you need to have mod_rewrite on apache enabled though.

  • mehargagsmehargags Member
    edited June 2016

    I too want to be minimal on editing confs and avoid that too the max I can.

    @Falzo said:

    just leave the default config and add a regular .htaccess rule which does the redirecting like:

    RewriteEngine On
    > RewriteCond %{HTTPS} off [OR]
    > RewriteCond %{HTTP_HOST} !^www\.
    > RewriteRule .* https://www.mydomain.com%{REQUEST_URI} [L,R=301]
    > 

    I tried your above .htaccess, it FAILS to redirect https://domain.com to https://www.domain.com
    Any clues ?

  • FalzoFalzo Member
    edited June 2016

    just to make sure I just tried on one of my servers (with vesta) - and even with a wrong certificate (after acknowledging in the browser) these rewrite rule is working for all cases to end in https://www....
    this has been done on fresh added domain with no content at all.

    maybe let vesta rewrite the config for that domain (if you haven't done that already).

    does your .htaccess contain any more rewrite rules (likely with wordpress and comparable) and were did you add those rules (redirects should be on top)?

    are the sites working despite of being rewritten? I mean does http://domain.com delivers some content as does https://www.domain.com?

    as it's an OR connection on the conditions you could try and change their order to have it first check for the missing www (not that I think of it changing much at all)

    RewriteEngine On
    RewriteCond %{HTTP_HOST} !^www\. [OR]
    RewriteCond %{HTTPS} off
    RewriteRule .* https://www.mydomain.com%{REQUEST_URI} [L,R=301]
    

    I checked the syntax twice and even copied and pasted it from here, to make sure there are no typos... :/

  • @Falzo said:
    even with a wrong certificate (after acknowledging in the browser) these rewrite rule is working for all cases to end in https://www....
    this has been done on fresh added domain with no content at all.

    as it's an OR connection on the conditions you could try and change their order to have it first check for the missing www (not that I think of it changing much at all)

    > RewriteEngine On
    > RewriteCond %{HTTP_HOST} !^www\. [OR]
    > RewriteCond %{HTTPS} off
    > RewriteRule .* https://www.mydomain.com%{REQUEST_URI} [L,R=301]
    > 

    I checked the syntax twice and even copied and pasted it from here, to make sure there are no typos... :/

    Hey @Falzo , really appreciate your help, I tried using the new rules you sent...same result https://domain.com doesn't redirect to https://www.domain.com.

    I think the problem is that I am using Let's encrypt certificate which issues separate certificates for domain & www.domain while the regular SSL issued is valid for for both.

    I'm closing on the fact that I need to have a certificate (issued or self generated) in order to have it working. I guess https call simply refuses to load anything if there is no certificate in place.
    Will try and post results.

  • FalzoFalzo Member

    it may depend on how you setup your domain in vesta...

    I simply added domain.com in the control panel, which automatically adds www.domain.com as an alias by default. I don't use DNS on the server itself so deactivated this and went with the default templates for apache and proxy (nginx)

    after that activated ssl for it. filled the requested fields with some data from another cert, as I was too lazy to let letsencrypt generate a cert for that... directly after that it worked OOB with the above .htaccess ...

    let me know which templates you are using, or if you have some other options activated/deactivated. I' also go and generate a letsencrypt cert for that one, I am using https://github.com/interbrite/letsencrypt-vesta to do so ...

    will report back, if some of that changes things to reproduce your problem.

  • FalzoFalzo Member

    generated cert and tested some things and all is working as expected... despite having nginx proxy set to caching template (I normally don't use this for diferent reasons).

    with that I get issues in redirecting or reaching the pages at all, so maybe that could be a point to start with?

  • mehargagsmehargags Member
    edited June 2016

    @Falzo said:
    it may depend on how you setup your domain in vesta...

    I simply added domain.com in the control panel, which automatically adds www.domain.com as an alias by default. I don't use DNS on the server itself so deactivated this and went with the default templates for apache and proxy (nginx)

    after that activated ssl for it. filled the requested fields with some data from another cert, as I was too lazy to let letsencrypt generate a cert for that... directly after that it worked OOB with the above .htaccess ...

    Ditto setup... exactly the way you said above.
    I'll do some more settings and check if I can progress somewhere

  • FalzoFalzo Member

    In addition I experienced some weirdness probably related to browser caching while trying around. Maybe for another unbiased test choose another browser or computer at all.

  • rokokrokok Member

    Maybe non technical, Try different browser or incognito, did you you used hsts or Strict-Transport-Security max-age header? That can cause cache

  • Yes I always check on Multiple machines... and use incognito/private mode to check. I know Caching is an issue when testing domains on the fly.

    @rokok said:
    Maybe non technical, Try different browser or incognito, did you you used hsts or Strict-Transport-Security max-age header? That can cause cache

    Yes I have ssl http2 & add_header Strict-Transport-Security "max-age=15768000" always; for my server block... but then I have a Different Test Server... on which the same issue

  • On the test server without any Strict header or http2 the same issue is there.
    Can you explain something about this further ?

  • mehargagsmehargags Member
    edited June 2016

    Well, I resolved the issue... I think somehow the Cert. generated did not have naked domain covered. Reissued with "-d www.domain.tld -d domain.tld" and all htaccess rules started working. Silly...!

    Now I wanted to NOT use htaccess and let nginx redirect to https://www.
    If I write return 301 https://www.domain.com$request_uri; in the listen 172.110.20.76:443; Server block, it stops the whole site... while the same rule works for nonhttps port 80 correctly.
    What is wrong in here... any clues ?

  • FalzoFalzo Member

    Do you have one or two server blocks for port 443? Only one with that rule would most likely create an infinite loop of redirecting to itself...

  • @Falzo said:
    Do you have one or two server blocks for port 443? Only one with that rule would most likely create an infinite loop of redirecting to itself...

    Yes... only one...
    So you recommend me making a separate Server block? if so what exactly should I write in it ? can you please quote me?

  • FalzoFalzo Member

    @mehargags it's already posted somewhere above ;-)

    it should look pretty much like this:

    server {
        listen          172.110.20.76:443;
        server_name     mydomain.com;
        return          301 https://www.mydomain.com$request_uri;
    }
    
    server {
        listen          172.110.20.76:443;
        server_name     www.mydomain.com;
        ...
        ...
    }

    where the first block is only for redirecting the non-www domain and the second should contain everything you need for your site as usual.

Sign In or Register to comment.