Welcome! Log In Create A New Profile

Advanced

domain only reachable with https:// in front

Posted by pstnta 
pstnta
domain only reachable with https:// in front
November 28, 2017 05:30PM
Hi,

I'm using nginx as reverse proxy for guacamole, I can only reach my domain
with https://pstn.host or https://www.pstn.host, it won't work without https
or with even with https.

here's my sites-enabled/pstn.host https://pastebin.com/raw/dKiEi72q

any ideas what's wrong or missing?

thanks!

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,277546,277546#msg-277546

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Alexander Naumann
Re: domain only reachable with https:// in front
November 28, 2017 05:40PM
Hi,

you have :
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
in your config, that redirects everything to https.


Mit freundlichen Grüßen / best regards
Alexander Naumann

artcom venture GmbH

----- Ursprüngliche Mail -----

Von: "pstnta" <[email protected]>
An: nginx@nginx.org
Gesendet: Dienstag, 28. November 2017 17:27:57
Betreff: domain only reachable with https:// in front

Hi,

I'm using nginx as reverse proxy for guacamole, I can only reach my domain
with https://pstn.host or https://www.pstn.host, it won't work without https
or with even with https.

here's my sites-enabled/pstn.host https://pastebin.com/raw/dKiEi72q

any ideas what's wrong or missing?

thanks!

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,277546,277546#msg-277546

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
pstnta
Re: domain only reachable with https:// in front
November 28, 2017 05:50PM
hi,

thanks for answering,

shouldn't that forward everything to https? so shouldn't it work with just
pstn.host? instead of https://pstn.host

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,277546,277548#msg-277548

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Jeff Dyke
Re: domain only reachable with https:// in front
November 28, 2017 06:20PM
I think it is unfortunate that certbot does it this way, with an if
statement, which i believe is evaluated in every request. I use something
like the following (with your names):

server {
listen 80 default_server;
listen [::]:80 default_server;
server_name pstn.host www.pstn.host;
return 301 https://$host$request_uri;
}


server {
listen 443 ssl default_server;
ssl_certificate /etc/letsencrypt/live/pstn.host/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pstn.host/privkey.pem;

....reset of config
}

Not part of your question, but I also use the hooks in webroot mode, rather
than nginx, for certbot, so it's never modifies my configuration, as the
sites-enabled files are managed by a configuration management system across
about 100 domains, some with special requirements.

HTH,
Jeff

On Tue, Nov 28, 2017 at 11:40 AM, pstnta <[email protected]>
wrote:

> hi,
>
> thanks for answering,
>
> shouldn't that forward everything to https? so shouldn't it work with just
> pstn.host? instead of https://pstn.host
>
> Posted at Nginx Forum: https://forum.nginx.org/read.
> php?2,277546,277548#msg-277548
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Richard Stanway via nginx
Re: domain only reachable with https:// in front
November 28, 2017 08:40PM
Your ISP is blocking port 80, so you cannot get redirected to HTTPS.

http://www.dslreports.com/faq/11852

On Tue, Nov 28, 2017 at 6:17 PM, Jeff Dyke <[email protected]> wrote:

> I think it is unfortunate that certbot does it this way, with an if
> statement, which i believe is evaluated in every request. I use something
> like the following (with your names):
>
> server {
> listen 80 default_server;
> listen [::]:80 default_server;
> server_name pstn.host www.pstn.host;
> return 301 https://$host$request_uri;
> }
>
>
> server {
> listen 443 ssl default_server;
> ssl_certificate /etc/letsencrypt/live/pstn.host/fullchain.pem;
> ssl_certificate_key /etc/letsencrypt/live/pstn.host/privkey.pem;
>
> ....reset of config
> }
>
> Not part of your question, but I also use the hooks in webroot mode,
> rather than nginx, for certbot, so it's never modifies my configuration, as
> the sites-enabled files are managed by a configuration management system
> across about 100 domains, some with special requirements.
>
> HTH,
> Jeff
>
> On Tue, Nov 28, 2017 at 11:40 AM, pstnta <[email protected]>
> wrote:
>
>> hi,
>>
>> thanks for answering,
>>
>> shouldn't that forward everything to https? so shouldn't it work with just
>> pstn.host? instead of https://pstn.host
>>
>> Posted at Nginx Forum: https://forum.nginx.org/read.p
>> hp?2,277546,277548#msg-277548
>>
>> _______________________________________________
>> nginx mailing list
>> nginx@nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
pstnta
Re: domain only reachable with https:// in front
November 29, 2017 12:10AM
ahhh that's right, thanks for all your help guys !

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,277546,277561#msg-277561

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Sorry, only registered users may post in this forum.

Click here to login