Learn about Centmin Mod LEMP Stack today
Become a Member

SSL Cloudflare Non www to www HTTPS redirect

Discussion in 'Domains, DNS, Email & SSL Certificates' started by Fernando, Jun 27, 2018.

Tags:
  1. Fernando

    Fernando Member

    44
    8
    8
    Jul 21, 2017
    Ratings:
    +12
    Local Time:
    1:50 PM
    1.13.3
    10.1.25
    Please fill in any relevant information that applies to you:
    • CentOS Version: CentOS 7 64bit ?
    • Centmin Mod Version Installed: 123.09beta01
    • Nginx Version Installed: 1.15.0
    • PHP Version Installed: PHP 7.2.7
    • MariaDB MySQL Version Installed: 10.1.34-MariaDB
    • When was last time updated Centmin Mod code base ? : Today
    • Persistent Config: Do you have any persistent config file options set in /etc/centminmod/custom_config.inc ? You can check via this command:

      CLANG='n'
      DEVTOOLSETSEVEN='y'
      NGINX_DEVTOOLSETGCC='y'
      NGINX_HPACK='y'
      CLOUDFLARE_ZLIB='y'
      LIBRESSL_SWITCH='n'
      LETSENCRYPT_DETECT='y'
    I have followed Nginx Vhost & NSD DNS Setup - CentminMod.com LEMP Nginx web stack for CentOS but still I'm not able to do the redirect from http to https and non-www to www

    I would to use only https://www.loquevendes.com, I'm using Cloudflare too but I have pause it to perform the below tests

    Code:
    curl -I http://loquevendes.com -k
    HTTP/1.1 302 Moved Temporarily
    Date: Tue, 26 Jun 2018 20:45:26 GMT
    Content-Type: text/html
    Content-Length: 154
    Connection: keep-alive
    Location: https://www.loquevendes.com/
    Server: nginx centminmod
    X-Powered-By: centminmod
    Code:
    curl -I https://loquevendes.com -k
    HTTP/1.1 302 Moved Temporarily
    Date: Tue, 26 Jun 2018 20:46:26 GMT
    Content-Type: text/html
    Content-Length: 154
    Connection: keep-alive
    Location: https://www.loquevendes.com/
    Server: nginx centminmod
    X-Powered-By: centminmod
    Code:
    curl -I http://www.loquevendes.com -k
    HTTP/1.1 302 Moved Temporarily
    Date: Tue, 26 Jun 2018 20:44:42 GMT
    Content-Type: text/html
    Content-Length: 154
    Connection: keep-alive
    Location: https://www.loquevendes.com/
    Server: nginx centminmod
    X-Powered-By: centminmod
    All the above are fine but when I actually use https://www.loquevendes.com it redirects to https://loquevendes.com, please see the location and the 301 redirect, I don't know where this is coming from

    Code:
    curl -I https://www.loquevendes.com -k
    HTTP/1.1 301 Moved Permanently
    Date: Tue, 26 Jun 2018 20:50:12 GMT
    Content-Type: text/html; charset=UTF-8
    Connection: keep-alive
    Location: https://loquevendes.com/
    Server: nginx centminmod
    X-Powered-By: centminmod
    X-Cache: MISS
    X-Cache-2: BYPASS
    I installed Wordpress using option 22, then generated a self certificate only because I'm planning to use Cloudflare CA so I only have loquevendes.com.conf-disabled and loquevendes.com.ssl.conf

    Here's the content of loquevendes.com.ssl.conf
    Code:
    cat loquevendes.com.ssl.conf
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For HTTP/2 SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    server {
       server_name loquevendes.com www.loquevendes.com;
       return 302 https://www.loquevendes.com$request_uri;
    }
    
    server {
      listen 443 ssl http2;
      server_name loquevendes.com;
      return 302 https://www.loquevendes.com$request_uri;
    
      ssl_dhparam /usr/local/nginx/conf/ssl/loquevendes.com/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/loquevendes.com/loquevendes.com.pem;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/loquevendes.com/loquevendes.com.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    }
    
    
    server {
      listen 443 ssl http2 reuseport;
      server_name www.loquevendes.com;
    
      ssl_dhparam /usr/local/nginx/conf/ssl/loquevendes.com/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/loquevendes.com/loquevendes.com.pem;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/loquevendes.com/loquevendes.com.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    Thank you for your help and suggestions :)
     
  2. eva2000

    eva2000 Administrator Staff Member

    37,258
    8,140
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,532
    Local Time:
    5:50 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Cloudflare setup is left to end user to figure out but one Centmin Mod user wrote a guide which is listed on official Centmin Mod reviews page at Centmin Mod LEMP Reviews. Actual guide How to install Centmin Mod with Let's Encrypt and CloudFlare - Mike Tabor. If you already have Centmin Mod installed and vhost created, then only the first 6 steps for Cloudflare signup and setup are needed which also includes domain DNS updates.

    Cloudflare requires a few things on Centmin Mod end

    1. Cloudflare - Setting Up Cloudflare Authenticated Origin Pulls Protecting IP Leaks - instead of Cloudflare flexible SSL you need touse strict SSL.

    2. If using HTTPS and have nginx HTTP to HTTPS redirect set in nginx domain vhost config file, remove the redirect as you will do that redirecting via Cloudflare settings in their control panel.

    3. If you use a reverse proxy like Cloudflare, Sucuri, or Incapsula in front of Centmin Mod Nginx, you need to setup nginx realip to be passed onto Nginx.

    See Getting Started Guide step 5 and setting correct real ip via nginx module config at http://centminmod.com/nginx_configure_cloudflare.html.

    If using Centmin Mod 123.09beta01 and newer, there's an added tools/csfcf.sh script to aid in this. Details at:
    You just need to setup a cronjob to run
    Code (Text):
    /usr/local/src/centminmod/tools/csfcf.sh auto

    and ensure your nginx.conf http{} context has the include file /usr/local/nginx/conf/cloudflare.conf and/or your individual nginx vhost's server contexts has the same include file
    Code (Text):
    http {
    map_hash_bucket_size 128;
    map_hash_max_size 2048;
    server_names_hash_bucket_size 128;
    server_names_hash_max_size 2048;
    
    limit_req_zone $binary_remote_addr zone=xwplogin:16m rate=40r/m;
    #limit_conn_zone $binary_remote_addr zone=xwpconlimit:16m;
    
    more_set_headers "Server: nginx centminmod";
    more_set_headers "X-Powered-By: centminmod";
    
    include /usr/local/nginx/conf/cloudflare.conf;
    include /usr/local/nginx/conf/maintenance.conf;
    include /usr/local/nginx/conf/vts_http.conf;
    include /usr/local/nginx/conf/geoip.conf;
    #include /usr/local/nginx/conf/pagespeedadmin.conf;
    include /usr/local/nginx/conf/fastcgi_param_https_map.conf;

    Then restart nginx server via command shortcut
    Code (Text):
    ngxrestart

    or
    Code (Text):
    service nginx restart
     
  3. eva2000

    eva2000 Administrator Staff Member

    37,258
    8,140
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,532
    Local Time:
    5:50 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    FYI 301 is coming from your web browser cache and cloudflare i suspect seeing as your nginx vhost uses 302 redirects instead

    so with cloudflare remove these 2 redirects
    Code (Text):
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For HTTP/2 SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    server {
       server_name loquevendes.com www.loquevendes.com;
       return 302 https://www.loquevendes.com$request_uri;
    }
    
    server {
      listen 443 ssl http2;
      server_name loquevendes.com;
      return 302 https://www.loquevendes.com$request_uri;
    
      ssl_dhparam /usr/local/nginx/conf/ssl/loquevendes.com/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/loquevendes.com/loquevendes.com.pem;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/loquevendes.com/loquevendes.com.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    }
    
    
    

    and just set cloudflare ssl change from flexible ssl to strict ssl and do http to https redirects via cloudflare page rules
     
  4. Fernando

    Fernando Member

    44
    8
    8
    Jul 21, 2017
    Ratings:
    +12
    Local Time:
    1:50 PM
    1.13.3
    10.1.25
    Hi :) Thank you! However, I believe there's something more happening. Right now Cloudflare is disabled, when Cloudflare is enable the curl output is different:

    Code:
    curl -I https://www.loquevendes.com
    HTTP/1.1 301 Moved Permanently
    Date: Tue, 26 Jun 2018 20:14:32 GMT
    Content-Type: text/html; charset=UTF-8
    Connection: keep-alive
    Set-Cookie: __cfduid=dd4a43ac289671e6149b5480bc902a3921530044072; expires=Wed, 26-Jun-19 20:14:32 GMT; path=/; domain=.loquevendes.com; HttpOnly; Secure
    Location: https://loquevendes.com/
    X-Powered-By: centminmod
    X-Cache: MISS
    X-Cache-2: BYPASS
    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
    Server: cloudflare
    CF-RAY: 4312573badb55873-DFW
    So first before configuring Cloudflare I want to make sure that everything works without it, so that's why I'm bypassing now Cloudflare, if that's the case I think the configuration file loquevendes.com.ssl.conf should work fine, but it's not working.

    I added this time a query string to curl to avoid any caching issue, I'm running curl directly from the Linode server

    Code:
    curl -I "https://www.loquevendes.com?$(date +%s)" -k
    HTTP/1.1 301 Moved Permanently
    Date: Tue, 26 Jun 2018 21:56:54 GMT
    Content-Type: text/html; charset=UTF-8
    Connection: keep-alive
    Location: https://loquevendes.com/?1530050214
    Server: nginx centminmod
    X-Powered-By: centminmod
    X-Cache: BYPASS
    X-Cache-2: BYPASS
    
    curl -I "https://www.loquevendes.com?$(date +%s)" -k
    HTTP/1.1 301 Moved Permanently
    Date: Tue, 26 Jun 2018 21:57:01 GMT
    Content-Type: text/html; charset=UTF-8
    Connection: keep-alive
    Location: https://loquevendes.com/?1530050221
    Server: nginx centminmod
    X-Powered-By: centminmod
    X-Cache: BYPASS
    X-Cache-2: BYPASS
    I really don't know what might be wrong
     
  5. eva2000

    eva2000 Administrator Staff Member

    37,258
    8,140
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,532
    Local Time:
    5:50 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    did you set wordpress default url correctly to https www version

    What's output for these commands changing /home/nginx/domains/domain.com/public/ to the path to where you installed wordpress i.e. if domain.com/blog then it would be /home/nginx/domains/domain.com/public/blog
    Code (Text):
    cd /home/nginx/domains/domain.com/public/
    wp option get siteurl --allow-root
    wp option get home --allow-root
    
     
    • Winner Winner x 1
  6. Fernando

    Fernando Member

    44
    8
    8
    Jul 21, 2017
    Ratings:
    +12
    Local Time:
    1:50 PM
    1.13.3
    10.1.25
    Hi,
    Sorry for the delay, I decided to start over this time without Cloudflare (even though it was bypass) so I change my DNS servers and used option 22 with letsencrypt.

    After installing wordpress and using letsencrypt I did the redirect same as before and I got again 301 redirects.
    I did more research and found acmetool.sh redirects www to non-www

    Based on your previous comment, I updated the siteurl and home using wp option update siteurl and wp option update home and now all the 301 redirects are gone and everything is working as expected.

    Thank you again for your great help! :)
    Best Regards
     
  7. Fernando

    Fernando Member

    44
    8
    8
    Jul 21, 2017
    Ratings:
    +12
    Local Time:
    1:50 PM
    1.13.3
    10.1.25
    Hi, I speak too fast, it's still not working, so for now I think this is the same issue reported in acmetool.sh redirects www to non-www

    I'm using option 22 to install Wordpress, using letsencrypt, specifying the domain as: example.com, then doing the redirect in nginx from non www to www and to https as suggested in Nginx Vhost & NSD DNS Setup - CentminMod.com LEMP Nginx web stack for CentOS

    Once I do that I only get too many redirects and 301 redirects.
    I also change the siteulr and home url to Example Domain, but still it doesn't work.

    I checked the certificate in ssllabs and both are reported with grade A for non www and www version.

    I'm not sure what else to do to in order to use www version and ssl.
    Thank you for all your help.
    Best Regards
     
  8. eva2000

    eva2000 Administrator Staff Member

    37,258
    8,140
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,532
    Local Time:
    5:50 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    clear your browser caches and try in incognito chrome browser to test your site as 301 redirects are cached permanently in browser cache unless cleared

    Also if you enabled HSTS you might want to clear that cache too. I posted a thread at SSL - How to clear HSTS browser cache | Centmin Mod Community specifically for this :)

    which cache method you choose for centmin.sh menu option 22 wordpress, try clearing those caches too
     
  9. Fernando

    Fernando Member

    44
    8
    8
    Jul 21, 2017
    Ratings:
    +12
    Local Time:
    1:50 PM
    1.13.3
    10.1.25
    Hi,
    Thank you! Please see below:
    clear your browser caches and try in incognito chrome browser to test your site as 301 redirects are cached permanently in browser cache unless cleared
    - Yes :) I'm using incognito mode, it's the same issue reported in acmetool.sh redirects www to non-www I don't know where the 301 is coming from.

    Something weird is if I open the website from my cel www.loquevendes.com it works, the only one that doesn't is from my Desktop.

    I tried using Google Pagespeed PageSpeed Insights and it's able to get the mobile version but not the Desktop version it gets the redirect issue.

    I didn't enable HSTS, I basically installed Wordpress using option 22 and did the redirect.

    In regards to the cache method I choose redis, since I can't even get into Wordpress now because of the redirect issue I disabled nginx-helper using the CLI, restarted nginx but still the Desktop version gets a 301 redirect.

    Thank you,
    Best Regards
     
  10. eva2000

    eva2000 Administrator Staff Member

    37,258
    8,140
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,532
    Local Time:
    5:50 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    try clearing the redis cache and restarting nginx and php-fpm
    Code (Text):
    redis-cli flushall
    nprestart
    
     
    • Winner Winner x 1
  11. Fernando

    Fernando Member

    44
    8
    8
    Jul 21, 2017
    Ratings:
    +12
    Local Time:
    1:50 PM
    1.13.3
    10.1.25
    Perfect! It worked, thank you so much :) now everything works as expected!!
    Best Regards
     
  12. eva2000

    eva2000 Administrator Staff Member

    37,258
    8,140
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,532
    Local Time:
    5:50 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Glad to hear :)
     
..