Welcome! Log In Create A New Profile

Advanced

Re: location blocks, and if conditions in server context

Previous Message Next Message
Forum List Message List New Topic Print View
Lucas Rolff
March 08, 2018 04:00AM
Hi Francis,

I indeed thought about having a separate server {} block in case there’s the http to https redirect for a specific domain.
Since it depends on the domain, I can’t make a general one to match everything.

> Or: you use $sslproxy_protocol. Where does that come from?

$sslproxy_protocol is a simple map doing:

map $https $sslproxy _protocol {
default "http";
SSL "https";
on "https";
}

Best Regards,
Lucas Rolff

On 08/03/2018, 09.44, "nginx on behalf of Francis Daly" <nginx-bounces@nginx.org on behalf of francis@daoine.org> wrote:

On Wed, Mar 07, 2018 at 04:55:15PM +0000, Lucas Rolff wrote:

Hi there,

> This means I have something like:
>
> 1: location ~* /.well-known
> 2: if condition doing redirect if protocol is http
> 3: location /
> 4: location /api
> 5: location /test
>
> All my templates include 1 to 3, and *might* have additional locations.

> My issue is – because of this if condition that does the redirect to https – it also applies to my location ~* /.well-known – thus causing a redirect, and I want to prevent this, since it breaks the Let’s Encrypt validation (they do not accept 301 redirects).

> Is there a smart way without adding too much complexity, which is still super-fast (I know if is evil) ?

As phrased, I think the short answer to your question is "no".

However...

You optionally redirect things from http to https. Is that "you want
to redirect *everything* from http to https, apart from the letsencrypt
thing"? If so, you could potentially have just one

server {
listen 80;
location / { return 301 https://$host$uri; }
location /.well-known/ { proxy_pass http://letsencrypt.validation.backend.com; }
}

and a bunch of

server {
listen 443;
}

blocks.

Or: you use $sslproxy_protocol. Where does that come from?

If it is a thing that you create to decide whether or not to redirect
to https, then could you include a check for whether the request starts
with /.well-known/, and if so set it to something other than "http"?

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

location blocks, and if conditions in server context

Lucas Rolff March 07, 2018 11:56AM

Re: location blocks, and if conditions in server context

pbooth March 07, 2018 05:10PM

Re: location blocks, and if conditions in server context

Lucas Rolff March 07, 2018 05:20PM

Re: location blocks, and if conditions in server context

Francis Daly March 08, 2018 03:46AM

Re: location blocks, and if conditions in server context

Lucas Rolff March 08, 2018 04:00AM

Re: location blocks, and if conditions in server context

Francis Daly March 08, 2018 06:34PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 162
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready