Welcome! Log In Create A New Profile

Advanced

Re: SSL and port number [was: Rewrite -- failure]

Paul
April 28, 2020 02:58PM
On 2020-04-22 3:14 a.m., Francis Daly wrote:
> On Tue, Apr 21, 2020 at 07:09:41PM -0400, Paul wrote:
>
> Hi there,
>
> I confess I'm not quite certain what you are reporting here -- if you
> can say "with *this* config, I make *this* request and I get *this*
> response, but I want *that* response instead", it may be clearer.
>
> However, there is one thing that might be a misunderstanding here:
>
> "listen 8000;" means that nginx will listen for http, so you must make
> requests to port 8000 using http not https.
>
> "listen 8001 ssl;" means that nginx will listen for https, so you must
> make requests to port 8001 using https not http.
>
> You can have both "listen" directives in the same server{}, but you
> still must use the correct protocol on each port, or there will be errors.

Hi Francis,

Thanks. I have the two sites "mostly" working now (full config below),
but could you please expand on your comment ""listen 8001 ssl;" means
that nginx will listen for https, so you must make requests to port 8001
using https not http."

My problem is that app/server A (static html) is working perfectly, but
app/server B works only if the user's browser requests specifically
"https://... ", but returns a "400 Bad Request // The plain HTTP request
was sent to HTTPS port // nginx" if the browser requests http (which I
believe is the default for most browsers if you paste or type just the
URL into them.)

In other words, the last few lines of the config. work for port 80
(sends seamlessly the 301, then the content), but not for port 8084
(sends only the 400.)

Many thanks -- Paul


# Combined file, two servers for myapps.example.com
# myappa "A" for static site /var/wwww/myappa on 192.168.aaa.bbb
# myappb "B" for cgi site /usr/share/myappb on 192.168.xxx.yyy

# Server A
server {

listen 443 ssl;

ssl_certificate
/etc/letsencrypt/live/myapps.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key
/etc/letsencrypt/myapps.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

server_name myapps.example.com;

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/myapp-error_log;

proxy_buffering off;

location / {
proxy_pass http://myappa;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

}

# Server B
server {

listen 8084 ssl;

ssl_certificate
/etc/letsencrypt/live/myapps.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key
/etc/letsencrypt/live/myapps.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

server_name myapps.example.com;

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/myapp-error_log;

proxy_buffering off;

location / {
proxy_pass http://myappb:8084;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

}

server {
if ($host = myapps.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot

# automatically sets to https if someone comes in on http
listen 80;
listen 8084;
server_name myapps.example.com;
rewrite ^ https://$host$request_uri? permanent;
}

\\\||//
(@ @)
ooO_(_)_Ooo__________________________________
|______|_____|_____|_____|_____|_____|_____|_____|
|___|____|_____|_____|_____|_____|_____|_____|____|
|_____|_____| mailto:paul@stormy.ca _|____|____|
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Rewrite -- failure

Paul April 14, 2020 04:40PM

Re: Rewrite -- failure

gariac April 14, 2020 06:04PM

Re: Rewrite -- failure

Francis Daly April 14, 2020 06:40PM

SSL and port number [was: Rewrite -- failure]

Paul April 21, 2020 07:10PM

Re: SSL and port number [was: Rewrite -- failure]

Francis Daly April 22, 2020 03:16AM

Re: SSL and port number [was: Rewrite -- failure]

Paul April 28, 2020 02:58PM

Re: SSL and port number [was: Rewrite -- failure]

Francis Daly April 29, 2020 12:48PM

Re: SSL and port number [was: Rewrite -- failure]

J.R. April 29, 2020 07:58AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 135
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready