Welcome! Log In Create A New Profile

Advanced

redirect related questions...

Posted by ST 
ST
redirect related questions...
July 28, 2017 01:20PM
Hello,

I have several questions related to redirects:

Here is my setup:

server {
server_name www.example.org example.com; # and some more domains
return 301 $scheme://example.org$request_uri;
}

server {
listen 80;
server_name example.org;
...
if ($http_user_agent !~ facebookexternalhit/1.1) {
return 301 https://$host$request_uri;
}
}

server {
listen 443 ssl;
server_name example.org;
...
}

1. http://example.com redirects correctly to https://example.org (via
http://example.org), but not https://example.com - why?

2. neither http://www.example.org nor https://www.example.org redirect
to https://example.org (not even to http://example.org) - why?

How can I achieve that?

Thank you in advance!

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Francis Daly
Re: redirect related questions...
July 29, 2017 09:30PM
On Fri, Jul 28, 2017 at 02:13:23PM +0300, ST wrote:

Hi there,

> server {
> server_name www.example.org example.com; # and some more domains
> return 301 $scheme://example.org$request_uri;
> }
>
> server {
> listen 80;
> server_name example.org;
> ...
> if ($http_user_agent !~ facebookexternalhit/1.1) {
> return 301 https://$host$request_uri;
> }
> }
>
> server {
> listen 443 ssl;
> server_name example.org;
> ...
> }

If that is your config, then the first server{} is used for http
connections for everything except example.org; the second server is used
for http connections for only example.org; and the third server is used
for all https connections.

> 1. http://example.com redirects correctly to https://example.org (via
> http://example.org), but not https://example.com - why?

https goes to server{} three; you have no redirection there.

> 2. neither http://www.example.org nor https://www.example.org redirect
> to https://example.org (not even to http://example.org) - why?

https won't anyway, as per question 1.

http would, but only if the request actually gets to nginx. What do the
nginx logs say? Does www.example.org resolve to an address on the nginx
server, as far as this client is concerned?

> How can I achieve that?

See why it fails right now.

If the request does not get to nginx, change things outside nginx so
that the request does get to nginx.

If the request does get to nginx, change things inside nginx so that it
does what you want.

That probably involves no change for http, but might involve a new server
for https which is the default server, and which does the redirect that
you want. Note that the client may choose not to accept the (redirect)
response if the certificate does not match whatever name they used to
connect to the server.

Good luck with it,

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
ST
Re: redirect related questions...
July 30, 2017 11:20AM
Hi Francis,

thank you for the detailed answer...
I tried to take care of the first problem by doing this:


server {
listen 80;
listen 443 ssl;
server_name www.example.org example.com; # and some more domains
return 301 https://example.org$request_uri;
}

But the site stopped working all together, both http and https once
checked with curl say:
curl: (35) Unknown SSL protocol error in connection to
www.example.org:443

Why? Is it wrong to have two listen directives in one server?

Thank you!

On Sat, 2017-07-29 at 20:25 +0100, Francis Daly wrote:
> On Fri, Jul 28, 2017 at 02:13:23PM +0300, ST wrote:
>
> Hi there,
>
> > server {
> > server_name www.example.org example.com; # and some more domains
> > return 301 $scheme://example.org$request_uri;
> > }
> >
> > server {
> > listen 80;
> > server_name example.org;
> > ...
> > if ($http_user_agent !~ facebookexternalhit/1.1) {
> > return 301 https://$host$request_uri;
> > }
> > }
> >
> > server {
> > listen 443 ssl;
> > server_name example.org;
> > ...
> > }
>
> If that is your config, then the first server{} is used for http
> connections for everything except example.org; the second server is used
> for http connections for only example.org; and the third server is used
> for all https connections.
>
> > 1. http://example.com redirects correctly to https://example.org (via
> > http://example.org), but not https://example.com - why?
>
> https goes to server{} three; you have no redirection there.
>
> > 2. neither http://www.example.org nor https://www.example.org redirect
> > to https://example.org (not even to http://example.org) - why?
>
> https won't anyway, as per question 1.
>
> http would, but only if the request actually gets to nginx. What do the
> nginx logs say? Does www.example.org resolve to an address on the nginx
> server, as far as this client is concerned?
>
> > How can I achieve that?
>
> See why it fails right now.
>
> If the request does not get to nginx, change things outside nginx so
> that the request does get to nginx.
>
> If the request does get to nginx, change things inside nginx so that it
> does what you want.
>
> That probably involves no change for http, but might involve a new server
> for https which is the default server, and which does the redirect that
> you want. Note that the client may choose not to accept the (redirect)
> response if the certificate does not match whatever name they used to
> connect to the server.
>
> Good luck with it,
>
> f

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
ST
Re: redirect related questions...
July 30, 2017 11:40AM
PS:

actually merely adding "listen 443 ssl;" to the first server causes the
same error (curl: (35) Unknown SSL protocol error in connection to
www.example.org:443)

server {
listen 443 ssl;
server_name www.example.org example.com; # and some more domains
return 301 https://example.org$request_uri;
}

Why? nginx restarts normally... is there any conflicts in such a setup
with other 2 servers?

Thank you!

---------------------------------------

Hi Francis,

thank you for the detailed answer...
I tried to take care of the first problem by doing this:


server {
listen 80;
listen 443 ssl;
server_name www.example.org example.com; # and some more domains
return 301 https://example.org$request_uri;
}

But the site stopped working all together, both http and https once
checked with curl say:
curl: (35) Unknown SSL protocol error in connection to
www.example.org:443

Why? Is it wrong to have two listen directives in one server?

Thank you!

On Sat, 2017-07-29 at 20:25 +0100, Francis Daly wrote:
> On Fri, Jul 28, 2017 at 02:13:23PM +0300, ST wrote:
>
> Hi there,
>
> > server {
> > server_name www.example.org example.com; # and some more domains
> > return 301 $scheme://example.org$request_uri;
> > }
> >
> > server {
> > listen 80;
> > server_name example.org;
> > ...
> > if ($http_user_agent !~ facebookexternalhit/1.1) {
> > return 301 https://$host$request_uri;
> > }
> > }
> >
> > server {
> > listen 443 ssl;
> > server_name example.org;
> > ...
> > }
>
> If that is your config, then the first server{} is used for http
> connections for everything except example.org; the second server is used
> for http connections for only example.org; and the third server is used
> for all https connections.
>
> > 1. http://example.com redirects correctly to https://example.org (via
> > http://example.org), but not https://example.com - why?
>
> https goes to server{} three; you have no redirection there.
>
> > 2. neither http://www.example.org nor https://www.example.org redirect
> > to https://example.org (not even to http://example.org) - why?
>
> https won't anyway, as per question 1.
>
> http would, but only if the request actually gets to nginx. What do the
> nginx logs say? Does www.example.org resolve to an address on the nginx
> server, as far as this client is concerned?
>
> > How can I achieve that?
>
> See why it fails right now.
>
> If the request does not get to nginx, change things outside nginx so
> that the request does get to nginx.
>
> If the request does get to nginx, change things inside nginx so that it
> does what you want.
>
> That probably involves no change for http, but might involve a new server
> for https which is the default server, and which does the redirect that
> you want. Note that the client may choose not to accept the (redirect)
> response if the certificate does not match whatever name they used to
> connect to the server.
>
> Good luck with it,
>
> f


_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
ST
Re: redirect related questions...
July 30, 2017 12:00PM
PPS:

my fault: there is no ssl key info so obviously it should not work. At
least for those server name listed inside first server{} (strange is
that https://example.org - server{} three also stops working...)

Is it a good idea to use DNS forwarding in order not to obtain/install
ssl keys for example.com as we don't plan to use it? This should make
redirection faster and requires no setup on nginx... Are there any down
sides of such a solution?

Thank you!

---------------------------------------

PS:

actually merely adding "listen 443 ssl;" to the first server causes the
same error (curl: (35) Unknown SSL protocol error in connection to
www.example.org:443)

server {
listen 443 ssl;
server_name www.example.org example.com; # and some more domains
return 301 https://example.org$request_uri;
}

Why? nginx restarts normally... is there any conflicts in such a setup
with other 2 servers?

Thank you!

---------------------------------------

Hi Francis,

thank you for the detailed answer...
I tried to take care of the first problem by doing this:


server {
listen 80;
listen 443 ssl;
server_name www.example.org example.com; # and some more domains
return 301 https://example.org$request_uri;
}

But the site stopped working all together, both http and https once
checked with curl say:
curl: (35) Unknown SSL protocol error in connection to
www.example.org:443

Why? Is it wrong to have two listen directives in one server?

Thank you!

On Sat, 2017-07-29 at 20:25 +0100, Francis Daly wrote:
> On Fri, Jul 28, 2017 at 02:13:23PM +0300, ST wrote:
>
> Hi there,
>
> > server {
> > server_name www.example.org example.com; # and some more domains
> > return 301 $scheme://example.org$request_uri;
> > }
> >
> > server {
> > listen 80;
> > server_name example.org;
> > ...
> > if ($http_user_agent !~ facebookexternalhit/1.1) {
> > return 301 https://$host$request_uri;
> > }
> > }
> >
> > server {
> > listen 443 ssl;
> > server_name example.org;
> > ...
> > }
>
> If that is your config, then the first server{} is used for http
> connections for everything except example.org; the second server is used
> for http connections for only example.org; and the third server is used
> for all https connections.
>
> > 1. http://example.com redirects correctly to https://example.org (via
> > http://example.org), but not https://example.com - why?
>
> https goes to server{} three; you have no redirection there.
>
> > 2. neither http://www.example.org nor https://www.example.org redirect
> > to https://example.org (not even to http://example.org) - why?
>
> https won't anyway, as per question 1.
>
> http would, but only if the request actually gets to nginx. What do the
> nginx logs say? Does www.example.org resolve to an address on the nginx
> server, as far as this client is concerned?
>
> > How can I achieve that?
>
> See why it fails right now.
>
> If the request does not get to nginx, change things outside nginx so
> that the request does get to nginx.
>
> If the request does get to nginx, change things inside nginx so that it
> does what you want.
>
> That probably involves no change for http, but might involve a new server
> for https which is the default server, and which does the redirect that
> you want. Note that the client may choose not to accept the (redirect)
> response if the certificate does not match whatever name they used to
> connect to the server.
>
> Good luck with it,
>
> f



_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Francis Daly
Re: redirect related questions...
July 30, 2017 08:40PM
On Sun, Jul 30, 2017 at 12:56:55PM +0300, ST wrote:

Hi there,

> Is it a good idea to use DNS forwarding in order not to obtain/install
> ssl keys for example.com as we don't plan to use it? This should make
> redirection faster and requires no setup on nginx... Are there any down
> sides of such a solution?

I'm not sure what exactly you mean by that.

nginx can listen on one or more address:port combinations, for http
or https.

Each hostname that your client will try to connect to will resolve to
one address (at a time) that the client will try to use.

If your client connects to an address:port that nginx is listening on,
nginx will have to do some work to process the request. If you do not,
nginx will not.

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Sorry, only registered users may post in this forum.

Click here to login