domain only reachable with https:// in front

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

domain only reachable with https:// in front

ayman
Hi,

I'm using nginx as reverse proxy for guacamole, I can only reach my domain
with https://pstn.host or https://www.pstn.host, it won't work without https
or with even with https.

here's my sites-enabled/pstn.host https://pastebin.com/raw/dKiEi72q

any ideas what's wrong or missing?

thanks!

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,277546,277546#msg-277546

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: domain only reachable with https:// in front

Alexander Naumann
Hi,

you have :
if ($scheme != "https") {
        return 301 https://$host$request_uri;
} # managed by Certbot
in your config, that redirects everything to https.


Mit freundlichen Grüßen / best regards
Alexander Naumann

artcom venture GmbH


Von: "pstnta" <[hidden email]>
An: [hidden email]
Gesendet: Dienstag, 28. November 2017 17:27:57
Betreff: domain only reachable with https:// in front

Hi,

I'm using nginx as reverse proxy for guacamole, I can only reach my domain
with https://pstn.host or https://www.pstn.host, it won't work without https
or with even with https.

here's my sites-enabled/pstn.host https://pastebin.com/raw/dKiEi72q

any ideas what's wrong or missing?

thanks!

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,277546,277546#msg-277546

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx


_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: domain only reachable with https:// in front

ayman
hi,

thanks for answering,

shouldn't that forward everything to https? so shouldn't it work with just
pstn.host? instead of https://pstn.host

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,277546,277548#msg-277548

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: domain only reachable with https:// in front

Jeff Dyke
I think it is unfortunate that certbot does it this way, with an if statement, which i believe is evaluated in every request. I use something like the following (with your names):

server {
  listen 80 default_server;
  listen [::]:80 default_server;
  server_name pstn.host www.pstn.host;
  return 301 https://$host$request_uri;
}


server {
  listen 443 ssl default_server;
  ssl_certificate /etc/letsencrypt/live/pstn.host/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/pstn.host/privkey.pem;

  ....reset of config
}

Not part of your question, but I also use the hooks in webroot mode, rather than nginx, for certbot, so it's never modifies my configuration, as the sites-enabled files are managed by a configuration management system across about 100 domains, some with special requirements.

HTH,
Jeff

On Tue, Nov 28, 2017 at 11:40 AM, pstnta <[hidden email]> wrote:
hi,

thanks for answering,

shouldn't that forward everything to https? so shouldn't it work with just
pstn.host? instead of https://pstn.host

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,277546,277548#msg-277548

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx


_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: domain only reachable with https:// in front

nginx mailing list
Your ISP is blocking port 80, so you cannot get redirected to HTTPS.


On Tue, Nov 28, 2017 at 6:17 PM, Jeff Dyke <[hidden email]> wrote:
I think it is unfortunate that certbot does it this way, with an if statement, which i believe is evaluated in every request. I use something like the following (with your names):

server {
  listen 80 default_server;
  listen [::]:80 default_server;
  server_name pstn.host www.pstn.host;
  return 301 https://$host$request_uri;
}


server {
  listen 443 ssl default_server;
  ssl_certificate /etc/letsencrypt/live/pstn.host/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/pstn.host/privkey.pem;

  ....reset of config
}

Not part of your question, but I also use the hooks in webroot mode, rather than nginx, for certbot, so it's never modifies my configuration, as the sites-enabled files are managed by a configuration management system across about 100 domains, some with special requirements.

HTH,
Jeff

On Tue, Nov 28, 2017 at 11:40 AM, pstnta <[hidden email]> wrote:
hi,

thanks for answering,

shouldn't that forward everything to https? so shouldn't it work with just
pstn.host? instead of https://pstn.host

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,277546,277548#msg-277548

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx


_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx


_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: domain only reachable with https:// in front

ayman
In reply to this post by ayman
ahhh that's right, thanks for all your help guys !

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,277546,277561#msg-277561

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx