redirect related questions...

classic Classic list List threaded Threaded
6 messages Options
ST
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

redirect related questions...

ST
Hello,

I have several questions related to redirects:

Here is my setup:

server {
 server_name www.example.org example.com; # and some more domains
 return 301 $scheme://example.org$request_uri;
}

server {
 listen 80;
 server_name example.org;
 ...
 if ($http_user_agent !~ facebookexternalhit/1.1) {
  return 301 https://$host$request_uri;
 }
}

server {
 listen 443 ssl;
 server_name example.org;
 ...
}

1. http://example.com redirects correctly to https://example.org (via
http://example.org), but not https://example.com - why?

2. neither http://www.example.org nor https://www.example.org redirect
to https://example.org (not even to http://example.org) - why?

How can I achieve that?

Thank you in advance!

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: redirect related questions...

Francis Daly
On Fri, Jul 28, 2017 at 02:13:23PM +0300, ST wrote:

Hi there,

> server {
>  server_name www.example.org example.com; # and some more domains
>  return 301 $scheme://example.org$request_uri;
> }
>
> server {
>  listen 80;
>  server_name example.org;
>  ...
>  if ($http_user_agent !~ facebookexternalhit/1.1) {
>   return 301 https://$host$request_uri;
>  }
> }
>
> server {
>  listen 443 ssl;
>  server_name example.org;
>  ...
> }

If that is your config, then the first server{} is used for http
connections for everything except example.org; the second server is used
for http connections for only example.org; and the third server is used
for all https connections.

> 1. http://example.com redirects correctly to https://example.org (via
> http://example.org), but not https://example.com - why?

https goes to server{} three; you have no redirection there.

> 2. neither http://www.example.org nor https://www.example.org redirect
> to https://example.org (not even to http://example.org) - why?

https won't anyway, as per question 1.

http would, but only if the request actually gets to nginx. What do the
nginx logs say? Does www.example.org resolve to an address on the nginx
server, as far as this client is concerned?

> How can I achieve that?

See why it fails right now.

If the request does not get to nginx, change things outside nginx so
that the request does get to nginx.

If the request does get to nginx, change things inside nginx so that it
does what you want.

That probably involves no change for http, but might involve a new server
for https which is the default server, and which does the redirect that
you want. Note that the client may choose not to accept the (redirect)
response if the certificate does not match whatever name they used to
connect to the server.

Good luck with it,

        f
--
Francis Daly        [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
ST
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: redirect related questions...

ST
Hi Francis,

thank you for the detailed answer...
I tried to take care of the first problem by doing this:


server {
 listen 80;
 listen 443 ssl;
 server_name www.example.org example.com; # and some more domains
 return 301 https://example.org$request_uri;
}

But the site stopped working all together, both http and https once
checked with curl say:
curl: (35) Unknown SSL protocol error in connection to
www.example.org:443

Why? Is it wrong to have two listen directives in one server?

Thank you!

On Sat, 2017-07-29 at 20:25 +0100, Francis Daly wrote:

> On Fri, Jul 28, 2017 at 02:13:23PM +0300, ST wrote:
>
> Hi there,
>
> > server {
> >  server_name www.example.org example.com; # and some more domains
> >  return 301 $scheme://example.org$request_uri;
> > }
> >
> > server {
> >  listen 80;
> >  server_name example.org;
> >  ...
> >  if ($http_user_agent !~ facebookexternalhit/1.1) {
> >   return 301 https://$host$request_uri;
> >  }
> > }
> >
> > server {
> >  listen 443 ssl;
> >  server_name example.org;
> >  ...
> > }
>
> If that is your config, then the first server{} is used for http
> connections for everything except example.org; the second server is used
> for http connections for only example.org; and the third server is used
> for all https connections.
>
> > 1. http://example.com redirects correctly to https://example.org (via
> > http://example.org), but not https://example.com - why?
>
> https goes to server{} three; you have no redirection there.
>
> > 2. neither http://www.example.org nor https://www.example.org redirect
> > to https://example.org (not even to http://example.org) - why?
>
> https won't anyway, as per question 1.
>
> http would, but only if the request actually gets to nginx. What do the
> nginx logs say? Does www.example.org resolve to an address on the nginx
> server, as far as this client is concerned?
>
> > How can I achieve that?
>
> See why it fails right now.
>
> If the request does not get to nginx, change things outside nginx so
> that the request does get to nginx.
>
> If the request does get to nginx, change things inside nginx so that it
> does what you want.
>
> That probably involves no change for http, but might involve a new server
> for https which is the default server, and which does the redirect that
> you want. Note that the client may choose not to accept the (redirect)
> response if the certificate does not match whatever name they used to
> connect to the server.
>
> Good luck with it,
>
> f

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
ST
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: redirect related questions...

ST
In reply to this post by Francis Daly
PS:

actually merely adding "listen 443 ssl;" to the first server causes the
same error (curl: (35) Unknown SSL protocol error in connection to
www.example.org:443)

server {
 listen 443 ssl;
 server_name www.example.org example.com; # and some more domains
 return 301 https://example.org$request_uri;
}

Why? nginx restarts normally... is there any conflicts in such a setup
with other 2 servers?

Thank you!

---------------------------------------

Hi Francis,

thank you for the detailed answer...
I tried to take care of the first problem by doing this:


server {
 listen 80;
 listen 443 ssl;
 server_name www.example.org example.com; # and some more domains
 return 301 https://example.org$request_uri;
}

But the site stopped working all together, both http and https once
checked with curl say:
curl: (35) Unknown SSL protocol error in connection to
www.example.org:443

Why? Is it wrong to have two listen directives in one server?

Thank you!

On Sat, 2017-07-29 at 20:25 +0100, Francis Daly wrote:

> On Fri, Jul 28, 2017 at 02:13:23PM +0300, ST wrote:
>
> Hi there,
>
> > server {
> >  server_name www.example.org example.com; # and some more domains
> >  return 301 $scheme://example.org$request_uri;
> > }
> >
> > server {
> >  listen 80;
> >  server_name example.org;
> >  ...
> >  if ($http_user_agent !~ facebookexternalhit/1.1) {
> >   return 301 https://$host$request_uri;
> >  }
> > }
> >
> > server {
> >  listen 443 ssl;
> >  server_name example.org;
> >  ...
> > }
>
> If that is your config, then the first server{} is used for http
> connections for everything except example.org; the second server is used
> for http connections for only example.org; and the third server is used
> for all https connections.
>
> > 1. http://example.com redirects correctly to https://example.org (via
> > http://example.org), but not https://example.com - why?
>
> https goes to server{} three; you have no redirection there.
>
> > 2. neither http://www.example.org nor https://www.example.org redirect
> > to https://example.org (not even to http://example.org) - why?
>
> https won't anyway, as per question 1.
>
> http would, but only if the request actually gets to nginx. What do the
> nginx logs say? Does www.example.org resolve to an address on the nginx
> server, as far as this client is concerned?
>
> > How can I achieve that?
>
> See why it fails right now.
>
> If the request does not get to nginx, change things outside nginx so
> that the request does get to nginx.
>
> If the request does get to nginx, change things inside nginx so that it
> does what you want.
>
> That probably involves no change for http, but might involve a new server
> for https which is the default server, and which does the redirect that
> you want. Note that the client may choose not to accept the (redirect)
> response if the certificate does not match whatever name they used to
> connect to the server.
>
> Good luck with it,
>
> f


_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
ST
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: redirect related questions...

ST
In reply to this post by Francis Daly
PPS:

my fault: there is no ssl key info so obviously it should not work. At
least for those server name listed inside first server{} (strange is
that https://example.org - server{} three also stops working...)

Is it a good idea to use DNS forwarding in order not to obtain/install
ssl keys for example.com as we don't plan to use it? This should make
redirection faster and requires no setup on nginx... Are there any down
sides of such a solution?

Thank you!

---------------------------------------

PS:

actually merely adding "listen 443 ssl;" to the first server causes the
same error (curl: (35) Unknown SSL protocol error in connection to
www.example.org:443)

server {
 listen 443 ssl;
 server_name www.example.org example.com; # and some more domains
 return 301 https://example.org$request_uri;
}

Why? nginx restarts normally... is there any conflicts in such a setup
with other 2 servers?

Thank you!

---------------------------------------

Hi Francis,

thank you for the detailed answer...
I tried to take care of the first problem by doing this:


server {
 listen 80;
 listen 443 ssl;
 server_name www.example.org example.com; # and some more domains
 return 301 https://example.org$request_uri;
}

But the site stopped working all together, both http and https once
checked with curl say:
curl: (35) Unknown SSL protocol error in connection to
www.example.org:443

Why? Is it wrong to have two listen directives in one server?

Thank you!

On Sat, 2017-07-29 at 20:25 +0100, Francis Daly wrote:

> On Fri, Jul 28, 2017 at 02:13:23PM +0300, ST wrote:
>
> Hi there,
>
> > server {
> >  server_name www.example.org example.com; # and some more domains
> >  return 301 $scheme://example.org$request_uri;
> > }
> >
> > server {
> >  listen 80;
> >  server_name example.org;
> >  ...
> >  if ($http_user_agent !~ facebookexternalhit/1.1) {
> >   return 301 https://$host$request_uri;
> >  }
> > }
> >
> > server {
> >  listen 443 ssl;
> >  server_name example.org;
> >  ...
> > }
>
> If that is your config, then the first server{} is used for http
> connections for everything except example.org; the second server is used
> for http connections for only example.org; and the third server is used
> for all https connections.
>
> > 1. http://example.com redirects correctly to https://example.org (via
> > http://example.org), but not https://example.com - why?
>
> https goes to server{} three; you have no redirection there.
>
> > 2. neither http://www.example.org nor https://www.example.org redirect
> > to https://example.org (not even to http://example.org) - why?
>
> https won't anyway, as per question 1.
>
> http would, but only if the request actually gets to nginx. What do the
> nginx logs say? Does www.example.org resolve to an address on the nginx
> server, as far as this client is concerned?
>
> > How can I achieve that?
>
> See why it fails right now.
>
> If the request does not get to nginx, change things outside nginx so
> that the request does get to nginx.
>
> If the request does get to nginx, change things inside nginx so that it
> does what you want.
>
> That probably involves no change for http, but might involve a new server
> for https which is the default server, and which does the redirect that
> you want. Note that the client may choose not to accept the (redirect)
> response if the certificate does not match whatever name they used to
> connect to the server.
>
> Good luck with it,
>
> f



_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: redirect related questions...

Francis Daly
On Sun, Jul 30, 2017 at 12:56:55PM +0300, ST wrote:

Hi there,

> Is it a good idea to use DNS forwarding in order not to obtain/install
> ssl keys for example.com as we don't plan to use it? This should make
> redirection faster and requires no setup on nginx... Are there any down
> sides of such a solution?

I'm not sure what exactly you mean by that.

nginx can listen on one or more address:port combinations, for http
or https.

Each hostname that your client will try to connect to will resolve to
one address (at a time) that the client will try to use.

If your client connects to an address:port that nginx is listening on,
nginx will have to do some work to process the request. If you do not,
nginx will not.

        f
--
Francis Daly        [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Loading...