All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Redirect httpS to httpS://www - NGinx+VestaCP
Hello All,
On my VestaCP server, I'm using NGinx as rev. proxy
need some advise in redirecting my SSL domain properly. I have the Certificates in place. This is what I have in the Configs:
/home/admin/conf/web/nginx.conf
server {
listen 111.222.333.444:80 ;
server_name domain.com www.domain.com;
return 301 https://www.$server_name$request_uri;
/home/admin/conf/web/snginx.conf
server {
listen 111.222.333.444:443 ssl http2;
server_name domain.com www.domain.com;
Now this is the scene when I type the URL:
domain.com redirects properly to https://www.domain.com
but
typing in https://domain.com (non-www) does NOT redirect to https://www.domain.com.
Am I doing it in correctly ?
Reading some references it suggests I need to setup separate server blocks for nginx
server {
listen 000.000.000.000:80;
server_name www.mydomain.com;
return 301 http://mydomain.com$request_uri;
}
server {
listen 000.000.000.000:80;
server_name mydomain.com;
root /home/user/web/mydomain.com/public_html;
but since Vesta creates the server block by default like
server_name domain.com www.domain.com
I was hesitant to change it to two different blocks. is that the only way ? any better suggestions ?
Comments
The above works for me.
try this
put only www.domain.com on server_name on ssl block.
Testing
non-www
for sure it doesn't as you are directly jumping into the ssl-block of your nginx config, which doesn't any rewrite/redirect.
your initial nginx.conf (the one for non ssl with listen 80) does the redirect only for all reuqest send via http://
and the snginx.conf (listen 443) does everything directed to your server via https:// - there you don't do any rewrites so far
to cope with the problem that vesta creates a block for both at once you could either delete the www. alias from web settings within vesta panel and let it have its own config.
or do something like an if & rewrite statement for the non www part
Try below code to redirect your https://domain.com on https://www.domain.com
Hope it will help you!
+1, that's what I meant
while IF should be avoided if possible regarding to official nginx documentation ( http://nginx.org/en/docs/http/converting_rewrite_rules.html ) - this probably is the easiest way if there is no possibilitie to split www from non-www in the server blocks due to vesta
if you have apache in place behind nginx, maybe the easiest way would be to do the redirect rules via htaccess instead of directly within nginx - vesta is supposed to rewrite the config file every other time, so you would not want to edit them directly...
Sorry missed the part "https doesnt redirect to https://www. My bad, same practice though as @JasonP has shown.
The recommended and most efficient way is by using separate server blocks. No "if" statements needed.
The key is separating the non-www https server block and have it redirect to the main site.
shouldn't be so hard... but I hate to say the moment I make separate block
server { listen 000.000.000.000:443; server_name mydomain.com; return 301 https://www.mydomain.com$request_uri; }
in the sngnix.conf for nginx (vesta uses separate conf's), the whole site stops working.
I tried redirecting domain to www.domain from htaccess and then setting up snignx.conf to only have server block for www. version but still the site doesn't work.
I'm running nginx as rev. proxy, do we need to do something in apache conf instead ?
you shouldn't definitely not mess around in this files, as nginx probably simply denies working if something is wrong and vesta will write over those files eventually...
if you need to add individual rules you can add them via an (s)nginx.domain.name.conf file in the conf/web directory, as those will be included (the full name can be seen inside nginx.conf/snginx.conf at the bottom)
yet you cannot add additional server blocks there!
as said before I'd suggest leaving the whole configuration of that files to vesta at all, as that is what vesta is supposed to do. so do edit nothing in snginx.conf nor nginx.conf.
just leave the default config and add a regular .htaccess rule which does the redirecting like:
you need to have mod_rewrite on apache enabled though.
I too want to be minimal on editing confs and avoid that too the max I can.
I tried your above .htaccess, it FAILS to redirect https/domain.com to https/www.domain.com
Any clues ?
just to make sure I just tried on one of my servers (with vesta) - and even with a wrong certificate (after acknowledging in the browser) these rewrite rule is working for all cases to end in https://www....
this has been done on fresh added domain with no content at all.
maybe let vesta rewrite the config for that domain (if you haven't done that already).
does your .htaccess contain any more rewrite rules (likely with wordpress and comparable) and were did you add those rules (redirects should be on top)?
are the sites working despite of being rewritten? I mean does http://domain.com delivers some content as does https://www.domain.com?
as it's an OR connection on the conditions you could try and change their order to have it first check for the missing www (not that I think of it changing much at all)
I checked the syntax twice and even copied and pasted it from here, to make sure there are no typos...
Hey @Falzo , really appreciate your help, I tried using the new rules you sent...same result https://domain.com doesn't redirect to https://www.domain.com.
I think the problem is that I am using Let's encrypt certificate which issues separate certificates for domain & www.domain while the regular SSL issued is valid for for both.
I'm closing on the fact that I need to have a certificate (issued or self generated) in order to have it working. I guess https call simply refuses to load anything if there is no certificate in place.
Will try and post results.
it may depend on how you setup your domain in vesta...
I simply added domain.com in the control panel, which automatically adds www.domain.com as an alias by default. I don't use DNS on the server itself so deactivated this and went with the default templates for apache and proxy (nginx)
after that activated ssl for it. filled the requested fields with some data from another cert, as I was too lazy to let letsencrypt generate a cert for that... directly after that it worked OOB with the above .htaccess ...
let me know which templates you are using, or if you have some other options activated/deactivated. I' also go and generate a letsencrypt cert for that one, I am using https://github.com/interbrite/letsencrypt-vesta to do so ...
will report back, if some of that changes things to reproduce your problem.
generated cert and tested some things and all is working as expected... despite having nginx proxy set to caching template (I normally don't use this for diferent reasons).
with that I get issues in redirecting or reaching the pages at all, so maybe that could be a point to start with?
Ditto setup... exactly the way you said above.
I'll do some more settings and check if I can progress somewhere
In addition I experienced some weirdness probably related to browser caching while trying around. Maybe for another unbiased test choose another browser or computer at all.
Maybe non technical, Try different browser or incognito, did you you used hsts or Strict-Transport-Security max-age header? That can cause cache
Yes I always check on Multiple machines... and use incognito/private mode to check. I know Caching is an issue when testing domains on the fly.
Yes I have
ssl http2
&add_header Strict-Transport-Security "max-age=15768000" always;
for my server block... but then I have a Different Test Server... on which the same issueOn the test server without any Strict header or http2 the same issue is there.
Can you explain something about this further ?
Never - ever - use - if
when it's not needed.
https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
Well, I resolved the issue... I think somehow the Cert. generated did not have naked domain covered. Reissued with "-d www.domain.tld -d domain.tld" and all htaccess rules started working. Silly...!
Now I wanted to NOT use htaccess and let nginx redirect to https://www.
If I write
return 301 https://www.domain.com$request_uri;
in the listen 172.110.20.76:443; Server block, it stops the whole site... while the same rule works for nonhttps port 80 correctly.What is wrong in here... any clues ?
Do you have one or two server blocks for port 443? Only one with that rule would most likely create an infinite loop of redirecting to itself...
Yes... only one...
So you recommend me making a separate Server block? if so what exactly should I write in it ? can you please quote me?
@mehargags it's already posted somewhere above ;-)
it should look pretty much like this:
where the first block is only for redirecting the non-www domain and the second should contain everything you need for your site as usual.