Hi,
I'm trying to enable SSL for a specific directory only. In other words, the / directory is not encrypted, while the /protected is.
server {
listen 192.168.1.2:80 default_server;
server_name www.domain.com;
root /var/www/html;
location / {
try_files $uri $uri/ index.php?q=$uri&$args;
}
location /protected/ {
rewrite ^ https://www.domain.com$request_uri? permanent;
}
...
}
server {
listen 192.168.1.2:443 ssl;
server_name www.domain.com;
root /var/www/html;
location / {
rewrite ^ http://www.domain.com$request_uri? permanent;
}
location /protected/ {
try_files $uri $uri/ /index.php?q=$uri&$args;
}
...
}
Right now, I get a slashed https into browser, with the message:
Your connection to www.domain.com is encrypted with 256-bit encryption. However, this page includes other resources which are not secure. These resources can be viewed by others while in transit and can be modified by an attacker to change the behavior of the page.
The /protected directory is a "virtual" one that does not exist in reality. It is created by /index.php with some SEO technique.
In real life, the URL format is: index.php?protected
Thanks for your help.