Get the most out of your Centmin Mod LEMP stack
Become a Member

Redirects

Discussion in 'Feature Requests & Suggestions' started by raciasolvo, Oct 10, 2016.

  1. raciasolvo

    raciasolvo Member

    98
    11
    8
    Oct 7, 2016
    Ratings:
    +28
    Local Time:
    11:04 AM
    Nginx 1.11.6
    MariaDB 10.0.27
    What do you think about adding to 2 and 22 redirect options? I think that it is often necessary to do this operation manually now.


    For example https-www-redirect:
    Code (Text):
    server {
        server_name %domain% www.%domain%;
    
        # turn off HSTS and browsers do not use 307 redirect
        # BUT we have "man-in-the-middle" attack
        #add_header Strict-Transport-Security "max-age=0; includeSubDomains";
    
        return 301 https://www.%domain%$request_uri;
    }
    
    server {
        listen 443 ssl http2;
        server_name %domain%;
    
        return 301 https://www.%domain%$request_uri;
    
        ssl_dhparam         /usr/local/nginx/conf/ssl/%domain%/dhparam.pem;
        ssl_certificate     /usr/local/nginx/conf/ssl/%domain%/%domain%.crt;
        ssl_certificate_key /usr/local/nginx/conf/ssl/%domain%/%domain%.key;
        include             /usr/local/nginx/conf/ssl_include.conf;
    }

    and change %domain%.ssl.conf:
    Code (Text):
        server_name www.%domain%;
     
  2. eva2000

    eva2000 Administrator Staff Member

    54,110
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,739
    Local Time:
    6:04 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    it's manually as there are consequences for http to https forced directs when user only wants http and https working side by side i.e. testing https

    So need to do it manually as outlined at How to force redirect from HTTP:// to HTTPS:// ? :)

    also financial consequences for some as their advertising providers might not support HTTPS fully, so result in reduced income for their site.
     
  3. raciasolvo

    raciasolvo Member

    98
    11
    8
    Oct 7, 2016
    Ratings:
    +28
    Local Time:
    11:04 AM
    Nginx 1.11.6
    MariaDB 10.0.27
    Yes, it's sad. So it is nice to have options for various installations. ;) I like bash, but the automatic installation liked more. :)
     
  4. raciasolvo

    raciasolvo Member

    98
    11
    8
    Oct 7, 2016
    Ratings:
    +28
    Local Time:
    11:04 AM
    Nginx 1.11.6
    MariaDB 10.0.27
    Do you use templates for creat confs?
     
  5. eva2000

    eva2000 Administrator Staff Member

    54,110
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,739
    Local Time:
    6:04 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  6. eva2000

    eva2000 Administrator Staff Member

    54,110
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,739
    Local Time:
    6:04 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    fyi these templates get overridden when you run centmin.sh menu option 23 for updating code though

    in future maybe add support for customising templates for nginx vhosts
     
  7. raciasolvo

    raciasolvo Member

    98
    11
    8
    Oct 7, 2016
    Ratings:
    +28
    Local Time:
    11:04 AM
    Nginx 1.11.6
    MariaDB 10.0.27
    I understand. Therefore, I try to use the connection point *.conf
    Code (Text):
    %domain%.<some_action>.conf


    It would be good to use %domain%*.conf in remove scripts and connection point (/usr/local/nginx/conf/inc/%domain%/*.inc) in %domain%.conf and %domain%.ssl.conf:
    Code (Text):
    include /usr/local/nginx/conf/inc/%domain%/*.inc;
     
  8. eva2000

    eva2000 Administrator Staff Member

    54,110
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,739
    Local Time:
    6:04 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    ${vhostname} is usually used from inputted domain name :)
     
  9. raciasolvo

    raciasolvo Member

    98
    11
    8
    Oct 7, 2016
    Ratings:
    +28
    Local Time:
    11:04 AM
    Nginx 1.11.6
    MariaDB 10.0.27
    Ok. :)
    I am newbie and I have not read your code carefully. :)
     
  10. eva2000

    eva2000 Administrator Staff Member

    54,110
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,739
    Local Time:
    6:04 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    excuse the code, it's a mixture of year 2011 noob at bash/shell scripting learning as I go till 2016 where not a noob anymore :D
     
  11. raciasolvo

    raciasolvo Member

    98
    11
    8
    Oct 7, 2016
    Ratings:
    +28
    Local Time:
    11:04 AM
    Nginx 1.11.6
    MariaDB 10.0.27
    What do you think about adding
    Code (Text):
    include /usr/local/nginx/conf/inc/${vhostname}/*.inc;

    in ${vhostname}.conf and ${vhostname}.ssl.conf?
     
  12. eva2000

    eva2000 Administrator Staff Member

    54,110
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,739
    Local Time:
    6:04 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    so you can drop in your own include files ? that would be one way but order of nginx rules matter, so really depends on where you place that include and it's relative position to the rest of the rules as there are other include files in templates for nginx vhosts for other things
     
  13. raciasolvo

    raciasolvo Member

    98
    11
    8
    Oct 7, 2016
    Ratings:
    +28
    Local Time:
    11:04 AM
    Nginx 1.11.6
    MariaDB 10.0.27
    Top of the conf is the best place, but it can appear many user errors. Therefore, the bottom of the conf is a good place.
     
  14. raciasolvo

    raciasolvo Member

    98
    11
    8
    Oct 7, 2016
    Ratings:
    +28
    Local Time:
    11:04 AM
    Nginx 1.11.6
    MariaDB 10.0.27
    Edit conf is not a good practice. Include can correct the situation. It is the second point as *.conf.

    And during installation, after the question
    Code (Text):
    Enter vhost domain name you want to add (without www. prefix):

    need a question:
    Code (Text):
    Add www.${vhostname} site? (y/n)

    Now we do not need to edit confs.
     
  15. eva2000

    eva2000 Administrator Staff Member

    54,110
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,739
    Local Time:
    6:04 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yeah but what if folks do not know if they want to default to www or non-www yet ? they generally wouldn't know how to re-add what is missing. But yeah needs more thought

    gets even more complicated when you add letsencrypt integration where you need to issue a ssl cert which covers www and non-www versions
     
  16. raciasolvo

    raciasolvo Member

    98
    11
    8
    Oct 7, 2016
    Ratings:
    +28
    Local Time:
    11:04 AM
    Nginx 1.11.6
    MariaDB 10.0.27
    change-the-default-site.sh? :)
     
  17. eva2000

    eva2000 Administrator Staff Member

    54,110
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,739
    Local Time:
    6:04 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yeah that is another possible way.
     
  18. raciasolvo

    raciasolvo Member

    98
    11
    8
    Oct 7, 2016
    Ratings:
    +28
    Local Time:
    11:04 AM
    Nginx 1.11.6
    MariaDB 10.0.27
    I have read this manual. I do not like this code:
    Code (Text):
       ##  redirect https www to https non-www
          if ($host = 'www.mydomain.com' ) {
             return 302 https://mydomain.com$request_uri;
          }

    You use it, because you have:
    Code (Text):
    server_name newdomain.com www.newdomain.com;

    if is imperative code. Nginx in general is declarative.
    Maybe I'm wrong, but this code is better and faster:
    Code (Text):
    server {listen 443 ssl http2; server_name newdomain.com;}
    server {listen 443 ssl http2; server_name www.newdomain.com; return 301 https://newdomain.com$request_uri;}

    Probably possible to use a stubs (server-section) and "conf-disable". I should think.
     
  19. eva2000

    eva2000 Administrator Staff Member

    54,110
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,739
    Local Time:
    6:04 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yeah you can use that too, just gets messy when it comes to letsencrypt automatic via addons/acmetool.sh when it comes to automated choices for whether you want http + https or https only default so usually leave it to end users to decide what they want.

    i'll add both methods to the web page instructions so end users can decide for themselves though that lengthens the code of the vhost as you need the rest of ssl related settings in the redirect server context too which may confuse newbies.
     
  20. raciasolvo

    raciasolvo Member

    98
    11
    8
    Oct 7, 2016
    Ratings:
    +28
    Local Time:
    11:04 AM
    Nginx 1.11.6
    MariaDB 10.0.27
    I agree that this is not an easy task. You're doing it right. I test acmetool.sh and see that it parses сonf. Hard work. I try use:
    Code (Text):
    #./acmetool.sh issue domain.tld,www.domain.tld live
    ...
    /root/.acme.sh/acme.sh --issue -d domain.tld -d www.domain.tld -d www.domain.tld ...
    

    Result:
    Code (Text):
    server_name domain.tld www.domain.tld www.domain.tld;
    

    No problem, I removed the double-www manually. Parsing is always difficult to test.
    May be use 1 domain in server section? Then there will be 4 (or to 2 if www do not needed) confs, which can be replaced by any redirects files without parsing.