Nginx SSL redirects

churchill · Dec 29, 2016

I've read everything about nginx redirects but i'm stuck.
I disabled the domain.com.conf and used the domain.com.ssl.conf.
But everything i do it always goes too https://domain.com.

I want always the www and https so Domain Name Registration and Web Hosting | Domain.com

my domain.com.ssl.conf is :

Code:

# Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html
# For SPDY SSL Setup
# read http://centminmod.com/nginx_configure_https_ssl_spdy.html

# redirect from www to non-www  forced SSL
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
server {
  listen 80;
  server_name domain.nl www.domain.nl;
  return 302 https://www.domain.nl$request_uri;
}

server {
  listen 443 ssl http2;
  server_name domain.nl;
  #return 302 https://www.domain.nl$request_uri;


  ssl_dhparam /usr/local/nginx/conf/ssl/domain.nl/dhparam.pem;
  ssl_certificate      /usr/local/nginx/conf/ssl/domain.nl/certificate.crt;
  ssl_certificate_key  /usr/local/nginx/conf/ssl/domain.nl/certificate.key;
  include /usr/local/nginx/conf/ssl_include.conf;

  http2_max_field_size 16k;
  http2_max_header_size 32k;
  # mozilla recommended
  ssl_ciphers (removed);
  ssl_prefer_server_ciphers   on;
  #add_header Alternate-Protocol  443:npn-spdy/3;

  # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
  #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  #add_header X-Frame-Options SAMEORIGIN;
  #add_header X-Xss-Protection "1; mode=block" always;
  #add_header X-Content-Type-Options "nosniff" always;
  #spdy_headers_comp 5;
  ssl_buffer_size 1369;
  ssl_session_tickets on;
 
  # enable ocsp stapling
  resolver 8.8.8.8 8.8.4.4 valid=10m;
  resolver_timeout 10s;
  ssl_stapling on;
  ssl_stapling_verify on;
  ssl_trusted_certificate /usr/local/nginx/conf/ssl/domain.nl/cabundle.crt; 

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  #add_header X-Frame-Options SAMEORIGIN;
  #add_header X-Xss-Protection "1; mode=block" always;
  #add_header X-Content-Type-Options "nosniff" always;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/domain.nl/log/access.log main_ext buffer=256k flush=60m;
  error_log /home/nginx/domains/domain.nl/log/error.log;

  include /usr/local/nginx/conf/autoprotect/domain.nl/autoprotect-domain.nl.conf;
  root /home/nginx/domains/domain.nl/public;
  # uncomment cloudflare.conf include if using cloudflare for
  # server and/or vhost site
  #include /usr/local/nginx/conf/cloudflare.conf;
  include /usr/local/nginx/conf/503include-main.conf;

  include /usr/local/nginx/conf/wpincludes/domain.nl/wpcacheenabler_domain.nl.conf;
  #include /usr/local/nginx/conf/wpincludes/domain.nl/wpsupercache_domain.nl.conf;
  # https://community.centminmod.com/posts/18828/
  #include /usr/local/nginx/conf/wpincludes/domain.nl/rediscache_domain.nl.conf; 

  location / {
  include /usr/local/nginx/conf/503include-only.conf;
 

  # Enables directory listings when index file not found
  #autoindex  on;

  # for wordpress super cache plugin
  #try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args;

  # for wp cache enabler plugin
  try_files $cache_enabler_uri $uri $uri/ $custom_subdir/index.php?$args; 

  # Wordpress Permalinks
  #try_files $uri $uri/ /index.php?q=$uri&$args;

  # Nginx level redis Wordpress
  # https://community.centminmod.com/posts/18828/
  #try_files $uri $uri/ /index.php?$args;

  }

location ~* /(wp-login\.php) {
    limit_req zone=xwplogin burst=1 nodelay;
    #limit_conn xwpconlimit 30;
    auth_basic "Private";
    auth_basic_user_file /home/nginx/domains/domain.nl/htpasswd_wplogin;   
    include /usr/local/nginx/conf/php-wpsc.conf;
    # https://community.centminmod.com/posts/18828/
    #include /usr/local/nginx/conf/php-rediscache.conf;
}

location ~* /(xmlrpc\.php) {
    limit_req zone=xwprpc burst=45 nodelay;
    #limit_conn xwpconlimit 30;
    include /usr/local/nginx/conf/php-wpsc.conf;
    # https://community.centminmod.com/posts/18828/
    #include /usr/local/nginx/conf/php-rediscache.conf;
}

# Block PHP files in uploads directory.
location ~* /(?:uploads|files)/.*\.php$ {
  deny all;
}
# Block PHP files in content directory.
location ~* /wp-content/.*\.php$ {
  deny all;
}
# Block PHP files in includes directory.
location ~* /wp-includes/.*\.php$ {
  deny all;
}
# Block PHP files in uploads, content, and includes directory.
location ~* /(?:uploads|files|wp-content|wp-includes)/.*\.php$ {
  deny all;
}

  include /usr/local/nginx/conf/wpincludes/domain.nl/wpsecure_domain.nl.conf;
  include /usr/local/nginx/conf/php-wpsc.conf;
  # https://community.centminmod.com/posts/18828/
  #include /usr/local/nginx/conf/php-rediscache.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}

if i put "return 302 https://www.domain.nl$request_uri;" inside server listen 443 i get an error too many redirects in chrome

Can somebody help me with this?

eva2000 · Dec 29, 2016

your main ssl server{} context is missing www in server_name so change it

change

from

Code (Text):

server {
  listen 80;
  server_name domain.nl www.domain.nl;
  return 302 https://www.domain.nl$request_uri;
}

server {
  listen 443 ssl http2;
  server_name domain.nl;
  #return 302 https://www.domain.nl$request_uri;

to

Code (Text):

server {
  listen 80;
  server_name domain.nl www.domain.nl;
  return 302 https://www.domain.nl$request_uri;
}

server {
  listen 443 ssl http2;
  server_name www.domain.nl;
  #return 302 https://www.domain.nl$request_uri;

churchill · Dec 29, 2016

I had that already just deleted it to test something. But is will still go to the non-www version

eva2000 · Dec 29, 2016

your browser might have cached the redirect test in ssh via curl
Code (Text):
curl -I http://www.domain.nl
curl -I http://domain.nl
what the full output of those 2 commands in ssh ? does output's Location: field say should go to https version of www

do you have cloudflare in front ? that might force it's own http to https redirect

churchill · Dec 29, 2016

oke thisis weird because it is all oke over there but if i go with my browsers (even edge) (and on chrome with tools for developers or kill cache on) it still goes to the non-www version even on my phone.

Code:

[root@vps1 ~]# curl -I http://www.domain.nl
HTTP/1.1 301 Moved Permanently
Date: Wed, 28 Dec 2016 15:56:02 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://www.domain.nl/
Server: nginx centminmod
X-Powered-By: centminmod

[root@vps1 ~]# curl -I http://domain.nl
HTTP/1.1 301 Moved Permanently
Date: Wed, 28 Dec 2016 15:56:40 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://www.domain.nl/
Server: nginx centminmod
X-Powered-By: centminmod

eva2000 · Dec 29, 2016

clear browser caches and maybe reboot local pc

you have 301 redirects but nginx vhost has 302 redirects so the ones being redirected are nginx level ? you have cloudflare in front ? or did you change 302 to 301 ?

churchill · Dec 29, 2016

i changed it to test it.
no cloudflare.

i'm going to test the server and local pc reboot.

churchill · Dec 31, 2016

If i go to domain.nl it shows the www version for like 1 second and then it goes to the non-www version.
The login page does show the www.

eva2000 · Dec 31, 2016

Did you delete /usr/local/nginx/conf/conf.d/newdomain.com.conf ? how did you disable /usr/local/nginx/conf/conf.d/newdomain.com.conf ?

Repost the contents of /usr/local/nginx/conf/conf.d/newdomain.com.conf and if applicable /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf wrapped in CODE tags (outlined at How to use forum BBCODE code tags)

churchill · Dec 31, 2016

i removed domain.nl.conf and ssl version looks like this.

Code:

# Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html
# For SPDY SSL Setup
# read http://centminmod.com/nginx_configure_https_ssl_spdy.html

# redirect from www to non-www  forced SSL
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
server {
  listen 80;
  server_name domain.nl www.domain.nl;
  return 301 https://www.domain.nl$request_uri;
}

server {
  listen 443 ssl http2;
  server_name domain.nl www.domain.nl;
  #return 302 https://www.domain.nl$request_uri;


  ssl_dhparam /usr/local/nginx/conf/ssl/domain.nl/dhparam.pem;
  ssl_certificate      /usr/local/nginx/conf/ssl/domain.nl/certificate.crt;
  ssl_certificate_key  /usr/local/nginx/conf/ssl/domain.nl/certificate.key;
  include /usr/local/nginx/conf/ssl_include.conf;

  http2_max_field_size 16k;
  http2_max_header_size 32k;
  # mozilla recommended
  ssl_ciphers (removed);
  ssl_prefer_server_ciphers   on;
  #add_header Alternate-Protocol  443:npn-spdy/3;

  # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
  #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  #add_header X-Frame-Options SAMEORIGIN;
  #add_header X-Xss-Protection "1; mode=block" always;
  #add_header X-Content-Type-Options "nosniff" always;
  #spdy_headers_comp 5;
  ssl_buffer_size 1369;
  ssl_session_tickets on;
 
  # enable ocsp stapling
  resolver 8.8.8.8 8.8.4.4 valid=10m;
  resolver_timeout 10s;
  ssl_stapling on;
  ssl_stapling_verify on;
  ssl_trusted_certificate /usr/local/nginx/conf/ssl/domain.nl/cabundle.crt; 

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  #add_header X-Frame-Options SAMEORIGIN;
  #add_header X-Xss-Protection "1; mode=block" always;
  #add_header X-Content-Type-Options "nosniff" always;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/domain.nl/log/access.log main_ext buffer=256k flush=60m;
  error_log /home/nginx/domains/domain.nl/log/error.log;

  include /usr/local/nginx/conf/autoprotect/domain.nl/autoprotect-domain.nl.conf;
  root /home/nginx/domains/domain.nl/public;
  # uncomment cloudflare.conf include if using cloudflare for
  # server and/or vhost site
  #include /usr/local/nginx/conf/cloudflare.conf;
  include /usr/local/nginx/conf/503include-main.conf;

  include /usr/local/nginx/conf/wpincludes/domain.nl/wpcacheenabler_domain.nl.conf;
  #include /usr/local/nginx/conf/wpincludes/domain.nl/wpsupercache_domain.nl.conf;
  # https://community.centminmod.com/posts/18828/
  #include /usr/local/nginx/conf/wpincludes/domain.nl/rediscache_domain.nl.conf; 

  location / {
  include /usr/local/nginx/conf/503include-only.conf;
 

  # Enables directory listings when index file not found
  #autoindex  on;

  # for wordpress super cache plugin
  #try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args;

  # for wp cache enabler plugin
  try_files $cache_enabler_uri $uri $uri/ $custom_subdir/index.php?$args; 

  # Wordpress Permalinks
  #try_files $uri $uri/ /index.php?q=$uri&$args;

  # Nginx level redis Wordpress
  # https://community.centminmod.com/posts/18828/
  #try_files $uri $uri/ /index.php?$args;

  }

location ~* /(wp-login\.php) {
    limit_req zone=xwplogin burst=1 nodelay;
    #limit_conn xwpconlimit 30;
    auth_basic "Private";
    auth_basic_user_file /home/nginx/domains/domain.nl/htpasswd_wplogin;   
    include /usr/local/nginx/conf/php-wpsc.conf;
    # https://community.centminmod.com/posts/18828/
    #include /usr/local/nginx/conf/php-rediscache.conf;
}

location ~* /(xmlrpc\.php) {
    limit_req zone=xwprpc burst=45 nodelay;
    #limit_conn xwpconlimit 30;
    include /usr/local/nginx/conf/php-wpsc.conf;
    # https://community.centminmod.com/posts/18828/
    #include /usr/local/nginx/conf/php-rediscache.conf;
}

# Block PHP files in uploads directory.
location ~* /(?:uploads|files)/.*\.php$ {
  deny all;
}
# Block PHP files in content directory.
location ~* /wp-content/.*\.php$ {
  deny all;
}
# Block PHP files in includes directory.
location ~* /wp-includes/.*\.php$ {
  deny all;
}
# Block PHP files in uploads, content, and includes directory.
location ~* /(?:uploads|files|wp-content|wp-includes)/.*\.php$ {
  deny all;
}

  include /usr/local/nginx/conf/wpincludes/domain.nl/wpsecure_domain.nl.conf;
  include /usr/local/nginx/conf/php-wpsc.conf;
  # https://community.centminmod.com/posts/18828/
  #include /usr/local/nginx/conf/php-rediscache.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}

eva2000 · Dec 31, 2016

looks good if you aren't using cloudflare in front of nginx, it should be working

churchill · Dec 31, 2016

i can give you my test domain.
it still doesn't work, it drives me crazy.
mmds.nl

eva2000 · Dec 31, 2016

churchill said: ↑

i can give you my test domain.
it still doesn't work, it drives me crazy.
mmds.nl
Click to expand...

test at HTTP Header Check with an online CURL tool for http and https version shows http works but https has hostname issue

http version
Code (Text):
HTTP/1.1 301 Moved Permanently
Date: Sat, 31 Dec 2016 10:51:50 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://www.mmds.nl/
Server: nginx centminmod
X-Powered-By: centminmod
https version
Code (Text):
Host not found...
from https://intodns.com/mmds.nl you setup www version as CNAME of mmds.nl ? tried changing www version to an A DNS record pointing to server ip ?

but seems your https ssl certificate configuration isn't complete or incorrect according to ssl check at SSL Server Test: mmds.nl (Powered by Qualys SSL Labs)

ensure you concatenated the ssl provider's ssl certificate files appropriately for centmin mod nginx outlined at Nginx SPDY SSL Configuration - CentminMod.com LEMP Nginx web stack for CentOS

churchill · Dec 31, 2016

it was a a record i changed it to test it to a cname but i'm going to change it back now.
and doing the ssl certification thing over again.

Thank you very much

churchill · Dec 31, 2016

can you maybe tell which one to pick.
the files i got are:

cabundle.crt

certificate.crt

certificate.key

certificate.p7b

eva2000 · Dec 31, 2016

from Nginx SPDY SSL Configuration - CentminMod.com LEMP Nginx web stack for CentOS you need to in ssh as root user concat these files
Only for paid SSL certificates (NOT self signed SSL certificates), would you next you need to create the /usr/local/nginx/conf/ssl/domaincom/ssl-unified.crt file that Nginx SSL Vhost below will use. This unified.crt is created from concatentation of your domain's SSL certificate yourdomain.crt, the providers intermediate and root certificates in this particular order. In SSH telnet within /usr/local/nginx/conf/ssl/domaincom/ directory, type the following commands:
Code (Text):
  cd /usr/local/nginx/conf/ssl/domaincom/
Code (Text):
  cat yourdomain.crt intermediate.crt root.pem > ssl-unified.crt
For /usr/local/nginx/conf/ssl/domaincom/ssl-trusted.crt
Code (Text):
  cat intermediate.crt root.pem > ssl-trusted.crt
If your SSL provider only provides something like yourdomain_com.crt and yourdomain_com.ca-bundle, then concat them this way:

For ssl-unified.crt
Code (Text):
  cat yourdomain_com.crt yourdomain_com.ca-bundle > ssl-unified.crt
For ssl-trusted.crt
Code (Text):
  cat yourdomain_com.ca-bundle > ssl-trusted.crt
You'll end up with ssl-unified.crt file at /usr/local/nginx/conf/ssl/domaincom/ssl-unified.crt and ssl-trusted.crt at /usr/local/nginx/conf/ssl/domaincom/ssl-trusted.crt
Click to expand...

eva2000 · Dec 31, 2016

So for your files

Code (Text):

cd /usr/local/nginx/conf/ssl/domaincom/
cat certificate.crt cabundle.crt > ssl-unified.crt
cat cabundle.crt > ssl-trusted.crt

then setup in domain.com.ssl.conf vhost

Code (Text):

       ssl_certificate      /usr/local/nginx/conf/ssl/domaincom/ssl-unified.crt;
       ssl_certificate_key  /usr/local/nginx/conf/ssl/domaincom/ssl.key;
       # enable ocsp stapling
       resolver 8.8.8.8;
       ssl_stapling on;
       ssl_stapling_verify on;
       ssl_trusted_certificate /usr/local/nginx/conf/ssl/domaincom/ssl-trusted.crt;

churchill · Dec 31, 2016

I did everything, i did the concat for the certificates and made it a A rocord.

But at HTTP Header Check with an online CURL tool

mmds.nl – Just another WordPress site and mmds.nl – Just another WordPress site gave me:
Code:
HTTP/1.1 301 Moved Permanently
Date: Sat, 31 Dec 2016 11:41:29 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://www.mmds.nl/
Server: nginx centminmod
X-Powered-By: centminmod
but mmds.nl – Just another WordPress site:
Code:
HTTP/1.1 200 OK
Date: Sat, 31 Dec 2016 11:42:59 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 51960
Last-Modified: Sat, 31 Dec 2016 00:06:02 GMT
Connection: keep-alive
Vary: Accept-Encoding
ETag: "5866f66a-caf8"
Server: nginx centminmod
X-Powered-By: centminmod
Accept-Ranges: bytes
and mmds.nl – Just another WordPress site:
Code:
HTTP/1.1 301 Moved Permanently
Date: Sat, 31 Dec 2016 11:43:43 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Location: https://mmds.nl/
Server: nginx centminmod
X-Powered-By: centminmod
so why is https://www.mmds.nl is moved to https://mmds.nl?

where can i change that

churchill · Dec 31, 2016

I did everything, i did the concat for the certificates and made it a A rocord.

But at HTTP Header Check with an online CURL tool

Code:

http://www.mmds.nl

and

Code:

http://mmds.nl

gave me:

Code:

HTTP/1.1 301 Moved Permanently
Date: Sat, 31 Dec 2016 11:41:29 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://www.mmds.nl/
Server: nginx centminmod
X-Powered-By: centminmod

but

Code:

https://mmds.nl

:

Code:

HTTP/1.1 200 OK
Date: Sat, 31 Dec 2016 11:42:59 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 51960
Last-Modified: Sat, 31 Dec 2016 00:06:02 GMT
Connection: keep-alive
Vary: Accept-Encoding
ETag: "5866f66a-caf8"
Server: nginx centminmod
X-Powered-By: centminmod
Accept-Ranges: bytes

and

Code:

https://www.mmds.nl

:

Code:

HTTP/1.1 301 Moved Permanently
Date: Sat, 31 Dec 2016 11:43:43 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Location: https://mmds.nl/
Server: nginx centminmod
X-Powered-By: centminmod

so why is

Code:

https://www.mmds.nl

is moved to

Code:

https://mmds.nl

where can i change that

churchill · Dec 31, 2016

sorry for the strange layout but the links kept changing so i put them in code brackets

Log in / Register

Forums

Welcome to Centmin Mod Community

Nginx SSL redirects

churchill New Member

eva2000 Administrator Staff Member

churchill New Member

eva2000 Administrator Staff Member

churchill New Member

eva2000 Administrator Staff Member

churchill New Member

churchill New Member

eva2000 Administrator Staff Member

churchill New Member

eva2000 Administrator Staff Member

churchill New Member

eva2000 Administrator Staff Member

churchill New Member

churchill New Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

churchill New Member

churchill New Member

churchill New Member

.

Log in / Register

Useful Searches

Welcome to Centmin Mod Community

Nginx SSL redirects

churchill New Member

eva2000 Administrator Staff Member

churchill New Member

eva2000 Administrator Staff Member

churchill New Member

eva2000 Administrator Staff Member

churchill New Member

churchill New Member

eva2000 Administrator Staff Member

churchill New Member

eva2000 Administrator Staff Member

churchill New Member

eva2000 Administrator Staff Member

churchill New Member

churchill New Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

churchill New Member

churchill New Member

churchill New Member

.