Join the community today
Register Now

acmetool.sh redirects www to non-www

Discussion in 'Add Ons' started by Jon Snow, Oct 12, 2017.

  1. Jon Snow

    Jon Snow Active Member

    811
    163
    43
    Jun 30, 2017
    Ratings:
    +240
    Local Time:
    8:26 PM
    Nginx 1.13.9
    MariaDB 10.1.31
    • CentOS Version: CentOS 7 64bit
    • Centmin Mod Version Installed: 123.09beta01
    • Nginx Version Installed: latest or next update to latest
    • PHP Version Installed: 7.1.x
    • MariaDB MySQL Version Installed: 10.1.21
    • When was last time updated Centmin Mod code base ? : today
    Used acmetool.sh to set up https right off the bat and I can't seem to find anything in my vhost file that redirects www to non-www. I always thought the two versions were available right away and we had to set up redirects ourselves (or maybe I'm thinking without using acmetool).

    Code (Text):
    #x# HTTPS-DEFAULT
     server {
       
      server_name domain.com www.domain.com;
      return 302 https://$server_name$request_uri;
     }
    
    server {
      listen 443 ssl http2;
      server_name domain.com www.domain.com;

    Placing redirects under the sever_name line just makes browsers error out because of too many redirects. I tried on private browsing modes.

    What's causing www to redirect to non-www?

     
  2. Jon Snow

    Jon Snow Active Member

    811
    163
    43
    Jun 30, 2017
    Ratings:
    +240
    Local Time:
    8:26 PM
    Nginx 1.13.9
    MariaDB 10.1.31
    Maybe I should have done this? (www included)
    Code (Text):
    ./acmetool.sh issue www.domain.com lived
     
  3. eva2000

    eva2000 Administrator Staff Member

    54,052
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    10:26 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    No do not do that command as issue only needs non-www domain as acmetool.sh adds the www version itself
    correct way would be
    Code (Text):
    ./acmetool.sh issue domain.com lived
    

    which would redirect non-https to https only. For other redirects i.e. non-www to www or www to non-www, see How to force redirect from HTTP:// to HTTPS:// ?

    How was the initial letsencrypt ssl certificate obtained ? Which method ?
    • Was the domain nginx vhost alreadying created prior or new domain nginx vhost site setup for first time ?
    • Via centmin.sh menu option 2, 22, /usr/bin/nv ?
    • If you ran centmin.sh menu option 2 or 22, which letsencrypt option did you select from
      Code (Text):
      -------------------------------------------------------------
      Setup full Nginx vhost + Wordpress + WP Plugins
      -------------------------------------------------------------
      
      Enter vhost domain name you want to add (without www. prefix): acme3.domain1.com
      
      Create a self-signed SSL certificate Nginx vhost? [y/n]: n
      Get Letsencrypt SSL certificate Nginx vhost? [y/n]: y
      
      You have 4 options:
      1. issue staging test cert with HTTP + HTTPS
      2. issue staging test cert with HTTPS default
      3. issue live cert with HTTP + HTTPS
      4. issue live cert with HTTPS default
      Enter option number 1-4: 1
      
    • Via addons/acmetool.sh ? which specific command ? examples
      Code (Text):
      ./acmetool.sh issue acme.domain.com
      
      Code (Text):
      ./acmetool.sh issue acme.domain.com live
      
      Code (Text):
      ./acmetool.sh issue acme.domain.com d
      
      Code (Text):
      ./acmetool.sh issue acme.domain.com lived
      
    • What was order of steps you did ? Did you run centmin.sh menu option 2 first with letsencrypt ? Then did you run addons/acmetool.sh afterwards ?
    what are you trying to do ? exactly ?
     
  4. Jon Snow

    Jon Snow Active Member

    811
    163
    43
    Jun 30, 2017
    Ratings:
    +240
    Local Time:
    8:26 PM
    Nginx 1.13.9
    MariaDB 10.1.31
    I did :
    Code (Text):
    cd /usr/local/src/centminmod/addons
    ./acmetool.sh issue domain.com lived

    Didn't work the first time because DNS didn't propagate I figure.

    I then ran :
    Code (Text):
    cd /usr/local/src/centminmod/addons
    ./acmetool.sh reissue domain.com lived


    SSL was installed successfully after the above.

    The aim was to set up Wordpress with www and re-direct non-www to www. Without even touching my vhost file, it redirected www to non-www and when I try to redirect, the browser reports too many redirects.
     
  5. eva2000

    eva2000 Administrator Staff Member

    54,052
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    10:26 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    You did the correct steps so far
    For other redirects i.e. non-www to www or www to non-www, see How to force redirect from HTTP:// to HTTPS:// ?
     
  6. Jon Snow

    Jon Snow Active Member

    811
    163
    43
    Jun 30, 2017
    Ratings:
    +240
    Local Time:
    8:26 PM
    Nginx 1.13.9
    MariaDB 10.1.31
  7. eva2000

    eva2000 Administrator Staff Member

    54,052
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    10:26 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    what does domain.com.ssl.conf vhost contents look like ?
     
  8. Jon Snow

    Jon Snow Active Member

    811
    163
    43
    Jun 30, 2017
    Ratings:
    +240
    Local Time:
    8:26 PM
    Nginx 1.13.9
    MariaDB 10.1.31
    File name: domain.com.ssl.conf (no domain.com.conf file)
    Code (Text):
    #x# HTTPS-DEFAULT
     server {
       
      server_name domain.com www.domain.com;
      return 302 https://$server_name$request_uri;
     }
    
    server {
      listen 443 ssl http2;
      server_name domain.com www.domain.com;
    
      include /usr/local/nginx/conf/ssl/domain.com/domain.com.crt.key.conf;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # mozilla recommended
      ssl_ciphers blah blah blah
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
    
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
     
      # enable ocsp stapling
      resolver 8.8.8.8 8.8.4.4 valid=10m;
      resolver_timeout 10s;
      ssl_stapling on;
      ssl_stapling_verify on;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/domain.com/log/access.log combined buffer=256k flush=5m;
      error_log /home/nginx/domains/domain.com/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf;
      root /home/nginx/domains/domain.com/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      location / {
    
      include /usr/local/nginx/conf/wpsecure.conf;
      include /usr/local/nginx/conf/wpnocache.conf;
    
      try_files $uri $uri/ /index.php?q=$request_uri;
      include /usr/local/nginx/conf/503include-only.conf;
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Wordpress Permalinks example
      #try_files $uri $uri/ /index.php?q=$uri&$args;
    
      }
    
      include /usr/local/nginx/conf/pre-staticfiles-local-domain.com.conf;
      include /usr/local/nginx/conf/pre-staticfiles-global.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
     
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
     
  9. eva2000

    eva2000 Administrator Staff Member

    54,052
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    10:26 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    in 2nd server{} context remove the unwanted server_name you DO NOT want to redirect to and change in 1st server{} context the $server_name to actual domain name you WANT to redirect to

    so change from
    Code (Text):
     server {
     
      server_name domain.com www.domain.com;
      return 302 https://$server_name$request_uri;
     }
    
    server {
      listen 443 ssl http2;
      server_name domain.com www.domain.com;
    

    to
    Code (Text):
     server {
     
      server_name domain.com www.domain.com;
      return 302 https://www.domain.com$request_uri;
     }
    
    server {
      listen 443 ssl http2;
      server_name www.domain.com;
    

    so it's saying for non-https non-www + www 302 redirect to www version of https and in 2nd server{} context which is https based register to www version
     
  10. Jon Snow

    Jon Snow Active Member

    811
    163
    43
    Jun 30, 2017
    Ratings:
    +240
    Local Time:
    8:26 PM
    Nginx 1.13.9
    MariaDB 10.1.31
    For some reason that just points me to the other domain I have on the server.
     
  11. Jon Snow

    Jon Snow Active Member

    811
    163
    43
    Jun 30, 2017
    Ratings:
    +240
    Local Time:
    8:26 PM
    Nginx 1.13.9
    MariaDB 10.1.31
    @eva2000 This only happens when creating a vhost domain with SSL right off the bat using the addon. Everything works fine when I switch a regular vhost to Let's Encrypt SSL.
     
  12. eva2000

    eva2000 Administrator Staff Member

    54,052
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    10:26 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Last edited: Oct 15, 2017
  13. Jon Snow

    Jon Snow Active Member

    811
    163
    43
    Jun 30, 2017
    Ratings:
    +240
    Local Time:
    8:26 PM
    Nginx 1.13.9
    MariaDB 10.1.31
    PM'd it.
     
  14. eva2000

    eva2000 Administrator Staff Member

    54,052
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    10:26 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    you wrote
    what do you get for output for curl header checks in SSH
    Code (Text):
    curl -I http://domain.org
    

    Code (Text):
    curl -I http://www.domain.org
    

    Code (Text):
    curl -I https://domain.org
    

    Code (Text):
    curl -I https://www.domain.org
    

    then try removing non-www from server_name in https port 443 server{} context
    Code (Text):
    #x# HTTPS-DEFAULT
     server {
    
      server_name domain.org www.domain.org;
      return 302 https://www.domain.org$request_uri;
     }
    
    server {
      listen 443 ssl http2;
      server_name www.domain.org;
    
     
  15. eva2000

    eva2000 Administrator Staff Member

    54,052
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    10:26 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  16. Jon Snow

    Jon Snow Active Member

    811
    163
    43
    Jun 30, 2017
    Ratings:
    +240
    Local Time:
    8:26 PM
    Nginx 1.13.9
    MariaDB 10.1.31
    1st :

    HTTP/1.1 302 Moved Temporarily
    Date: Sun, 15 Oct 2017 02:01:55 GMT
    Content-Type: text/html
    Content-Length: 154
    Connection: keep-alive
    Location: https://www.domain.org/

    2nd :

    HTTP/1.1 302 Moved Temporarily
    Date: Sun, 15 Oct 2017 02:02:55 GMT
    Content-Type: text/html
    Content-Length: 154
    Connection: keep-alive
    Location: https://www.domain.org/

    3rd :

    HTTP/1.1 200 OK
    Date: Sun, 15 Oct 2017 02:03:28 GMT
    Content-Type: text/html; charset=UTF-8
    Connection: keep-alive
    Vary: Accept-Encoding
    Link: <https://domain.org/wp-json/>; rel="REST API Handbook | WordPress Developer Resources"
    Link: <https://wp.me/some-numbers-here>; rel=shortlink


    4th :

    HTTP/1.1 301 Moved Permanently
    Date: Sun, 15 Oct 2017 02:04:25 GMT
    Content-Type: text/html; charset=UTF-8
    Connection: keep-alive
    Location: https://domain.org/
    I type the domain name in the hostname field and it returns grade A for both. In the box near the grade, it only shows the IP address and test time. The domain name is only displayed at the top heading.

    Going to try removing non-www from server_name now. Will post the outcome soon.
     
  17. Jon Snow

    Jon Snow Active Member

    811
    163
    43
    Jun 30, 2017
    Ratings:
    +240
    Local Time:
    8:26 PM
    Nginx 1.13.9
    MariaDB 10.1.31
    This just breaks the SSL. The browser brings up the security warning after I restart nginx for the effects to take place and you have to press the advance link to proceed when going to the site.
     
  18. eva2000

    eva2000 Administrator Staff Member

    54,052
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    10:26 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    There's your problem for 4th command for
    Code (Text):
    curl -I https://www.domain.org
    

    you have a 301 permanent redirect forcing www version of domain to non-www version but have a non-www forcing 302 to www so it's a redirect loop

    It's probably a browser cached 301 permanent redirect issue. If you use chrome in private incognito browsing session you probably have working www domain access ? if so you need to clear you browser of the 301 permanent redirect. If that works you need to clear your browsers' cache as outlined at Refreshyourcache.com - The Guide to Clear your Browser Cache!

    That is dangers of 301 permanent redirects as they are cached in web browsers forever until cleared. 302 temp redirects are not permanent.
     
  19. Jon Snow

    Jon Snow Active Member

    811
    163
    43
    Jun 30, 2017
    Ratings:
    +240
    Local Time:
    8:26 PM
    Nginx 1.13.9
    MariaDB 10.1.31
    But there isn't anything in the config file for redirects yet www gets redirected to non-www. When I do set up a redirect to www, Chrome gets the redirect loop problem.

    I used Chrome incognito mode without setting up a redirect and www redirects to non-www.

    Edit: Even proxies are redirecting www to non-www but there isn't anything in config.ssl demanding it does.
     
  20. eva2000

    eva2000 Administrator Staff Member

    54,052
    12,176
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,734
    Local Time:
    10:26 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    what output do you get for grep recursive search for domain in /usr/local/nginx/conf ?
    Code (Text):
    grep -rn 'domain.org' /usr/local/nginx/conf