Want to subscribe to topics you're interested in?
Become a Member

Nginx SSL redirects

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by churchill, Dec 29, 2016.

  1. churchill

    churchill New Member

    23
    6
    3
    Sep 25, 2014
    Ratings:
    +6
    Local Time:
    6:14 PM
    I've read everything about nginx redirects but i'm stuck.
    I disabled the domain.com.conf and used the domain.com.ssl.conf.
    But everything i do it always goes too https://domain.com.

    I want always the www and https so Domain Name Registration and Web Hosting | Domain.com

    my domain.com.ssl.conf is :

    Code:
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For SPDY SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    server {
      listen 80;
      server_name domain.nl www.domain.nl;
      return 302 https://www.domain.nl$request_uri;
    }
    
    server {
      listen 443 ssl http2;
      server_name domain.nl;
      #return 302 https://www.domain.nl$request_uri;
    
    
      ssl_dhparam /usr/local/nginx/conf/ssl/domain.nl/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/domain.nl/certificate.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/domain.nl/certificate.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # mozilla recommended
      ssl_ciphers (removed);
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
    
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
     
      # enable ocsp stapling
      resolver 8.8.8.8 8.8.4.4 valid=10m;
      resolver_timeout 10s;
      ssl_stapling on;
      ssl_stapling_verify on;
      ssl_trusted_certificate /usr/local/nginx/conf/ssl/domain.nl/cabundle.crt; 
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/domain.nl/log/access.log main_ext buffer=256k flush=60m;
      error_log /home/nginx/domains/domain.nl/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/domain.nl/autoprotect-domain.nl.conf;
      root /home/nginx/domains/domain.nl/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      include /usr/local/nginx/conf/wpincludes/domain.nl/wpcacheenabler_domain.nl.conf;
      #include /usr/local/nginx/conf/wpincludes/domain.nl/wpsupercache_domain.nl.conf;
      # https://community.centminmod.com/posts/18828/
      #include /usr/local/nginx/conf/wpincludes/domain.nl/rediscache_domain.nl.conf; 
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
     
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # for wordpress super cache plugin
      #try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args;
    
      # for wp cache enabler plugin
      try_files $cache_enabler_uri $uri $uri/ $custom_subdir/index.php?$args; 
    
      # Wordpress Permalinks
      #try_files $uri $uri/ /index.php?q=$uri&$args;
    
      # Nginx level redis Wordpress
      # https://community.centminmod.com/posts/18828/
      #try_files $uri $uri/ /index.php?$args;
    
      }
    
    location ~* /(wp-login\.php) {
        limit_req zone=xwplogin burst=1 nodelay;
        #limit_conn xwpconlimit 30;
        auth_basic "Private";
        auth_basic_user_file /home/nginx/domains/domain.nl/htpasswd_wplogin;   
        include /usr/local/nginx/conf/php-wpsc.conf;
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /(xmlrpc\.php) {
        limit_req zone=xwprpc burst=45 nodelay;
        #limit_conn xwpconlimit 30;
        include /usr/local/nginx/conf/php-wpsc.conf;
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    # Block PHP files in uploads directory.
    location ~* /(?:uploads|files)/.*\.php$ {
      deny all;
    }
    # Block PHP files in content directory.
    location ~* /wp-content/.*\.php$ {
      deny all;
    }
    # Block PHP files in includes directory.
    location ~* /wp-includes/.*\.php$ {
      deny all;
    }
    # Block PHP files in uploads, content, and includes directory.
    location ~* /(?:uploads|files|wp-content|wp-includes)/.*\.php$ {
      deny all;
    }
    
      include /usr/local/nginx/conf/wpincludes/domain.nl/wpsecure_domain.nl.conf;
      include /usr/local/nginx/conf/php-wpsc.conf;
      # https://community.centminmod.com/posts/18828/
      #include /usr/local/nginx/conf/php-rediscache.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    
    if i put "return 302 https://www.domain.nl$request_uri;" inside server listen 443 i get an error too many redirects in chrome

    Can somebody help me with this?
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,164
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,135
    Local Time:
    2:14 AM
    Nginx 1.13.x
    MariaDB 5.5
    your main ssl server{} context is missing www in server_name so change it

    change

    from
    Code (Text):
    server {
      listen 80;
      server_name domain.nl www.domain.nl;
      return 302 https://www.domain.nl$request_uri;
    }
    
    server {
      listen 443 ssl http2;
      server_name domain.nl;
      #return 302 https://www.domain.nl$request_uri;

    to
    Code (Text):
    server {
      listen 80;
      server_name domain.nl www.domain.nl;
      return 302 https://www.domain.nl$request_uri;
    }
    
    server {
      listen 443 ssl http2;
      server_name www.domain.nl;
      #return 302 https://www.domain.nl$request_uri;
     
  3. churchill

    churchill New Member

    23
    6
    3
    Sep 25, 2014
    Ratings:
    +6
    Local Time:
    6:14 PM
    I had that already just deleted it to test something. But is will still go to the non-www version
     
  4. eva2000

    eva2000 Administrator Staff Member

    30,164
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,135
    Local Time:
    2:14 AM
    Nginx 1.13.x
    MariaDB 5.5
    your browser might have cached the redirect test in ssh via curl
    Code (Text):
    curl -I http://www.domain.nl
    curl -I http://domain.nl
    

    what the full output of those 2 commands in ssh ? does output's Location: field say should go to https version of www

    do you have cloudflare in front ? that might force it's own http to https redirect
     
  5. churchill

    churchill New Member

    23
    6
    3
    Sep 25, 2014
    Ratings:
    +6
    Local Time:
    6:14 PM
    oke thisis weird because it is all oke over there but if i go with my browsers (even edge) (and on chrome with tools for developers or kill cache on) it still goes to the non-www version even on my phone.

    Code:
    [root@vps1 ~]# curl -I http://www.domain.nl
    HTTP/1.1 301 Moved Permanently
    Date: Wed, 28 Dec 2016 15:56:02 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
    Location: https://www.domain.nl/
    Server: nginx centminmod
    X-Powered-By: centminmod
    
    [root@vps1 ~]# curl -I http://domain.nl
    HTTP/1.1 301 Moved Permanently
    Date: Wed, 28 Dec 2016 15:56:40 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
    Location: https://www.domain.nl/
    Server: nginx centminmod
    X-Powered-By: centminmod
    
     
  6. eva2000

    eva2000 Administrator Staff Member

    30,164
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,135
    Local Time:
    2:14 AM
    Nginx 1.13.x
    MariaDB 5.5
    clear browser caches and maybe reboot local pc

    you have 301 redirects but nginx vhost has 302 redirects so the ones being redirected are nginx level ? you have cloudflare in front ? or did you change 302 to 301 ?
     
  7. churchill

    churchill New Member

    23
    6
    3
    Sep 25, 2014
    Ratings:
    +6
    Local Time:
    6:14 PM
    i changed it to test it.
    no cloudflare.

    i'm going to test the server and local pc reboot.
     
  8. churchill

    churchill New Member

    23
    6
    3
    Sep 25, 2014
    Ratings:
    +6
    Local Time:
    6:14 PM
    If i go to domain.nl it shows the www version for like 1 second and then it goes to the non-www version.
    The login page does show the www.
     
  9. eva2000

    eva2000 Administrator Staff Member

    30,164
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,135
    Local Time:
    2:14 AM
    Nginx 1.13.x
    MariaDB 5.5
    Did you delete /usr/local/nginx/conf/conf.d/newdomain.com.conf ? how did you disable /usr/local/nginx/conf/conf.d/newdomain.com.conf ?

    Repost the contents of /usr/local/nginx/conf/conf.d/newdomain.com.conf and if applicable /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf wrapped in CODE tags (outlined at How to use forum BBCODE code tags)
     
  10. churchill

    churchill New Member

    23
    6
    3
    Sep 25, 2014
    Ratings:
    +6
    Local Time:
    6:14 PM
    i removed domain.nl.conf and ssl version looks like this.

    Code:
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For SPDY SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    server {
      listen 80;
      server_name domain.nl www.domain.nl;
      return 301 https://www.domain.nl$request_uri;
    }
    
    server {
      listen 443 ssl http2;
      server_name domain.nl www.domain.nl;
      #return 302 https://www.domain.nl$request_uri;
    
    
      ssl_dhparam /usr/local/nginx/conf/ssl/domain.nl/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/domain.nl/certificate.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/domain.nl/certificate.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # mozilla recommended
      ssl_ciphers (removed);
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
    
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
     
      # enable ocsp stapling
      resolver 8.8.8.8 8.8.4.4 valid=10m;
      resolver_timeout 10s;
      ssl_stapling on;
      ssl_stapling_verify on;
      ssl_trusted_certificate /usr/local/nginx/conf/ssl/domain.nl/cabundle.crt; 
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/domain.nl/log/access.log main_ext buffer=256k flush=60m;
      error_log /home/nginx/domains/domain.nl/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/domain.nl/autoprotect-domain.nl.conf;
      root /home/nginx/domains/domain.nl/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      include /usr/local/nginx/conf/wpincludes/domain.nl/wpcacheenabler_domain.nl.conf;
      #include /usr/local/nginx/conf/wpincludes/domain.nl/wpsupercache_domain.nl.conf;
      # https://community.centminmod.com/posts/18828/
      #include /usr/local/nginx/conf/wpincludes/domain.nl/rediscache_domain.nl.conf; 
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
     
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # for wordpress super cache plugin
      #try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args;
    
      # for wp cache enabler plugin
      try_files $cache_enabler_uri $uri $uri/ $custom_subdir/index.php?$args; 
    
      # Wordpress Permalinks
      #try_files $uri $uri/ /index.php?q=$uri&$args;
    
      # Nginx level redis Wordpress
      # https://community.centminmod.com/posts/18828/
      #try_files $uri $uri/ /index.php?$args;
    
      }
    
    location ~* /(wp-login\.php) {
        limit_req zone=xwplogin burst=1 nodelay;
        #limit_conn xwpconlimit 30;
        auth_basic "Private";
        auth_basic_user_file /home/nginx/domains/domain.nl/htpasswd_wplogin;   
        include /usr/local/nginx/conf/php-wpsc.conf;
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /(xmlrpc\.php) {
        limit_req zone=xwprpc burst=45 nodelay;
        #limit_conn xwpconlimit 30;
        include /usr/local/nginx/conf/php-wpsc.conf;
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    # Block PHP files in uploads directory.
    location ~* /(?:uploads|files)/.*\.php$ {
      deny all;
    }
    # Block PHP files in content directory.
    location ~* /wp-content/.*\.php$ {
      deny all;
    }
    # Block PHP files in includes directory.
    location ~* /wp-includes/.*\.php$ {
      deny all;
    }
    # Block PHP files in uploads, content, and includes directory.
    location ~* /(?:uploads|files|wp-content|wp-includes)/.*\.php$ {
      deny all;
    }
    
      include /usr/local/nginx/conf/wpincludes/domain.nl/wpsecure_domain.nl.conf;
      include /usr/local/nginx/conf/php-wpsc.conf;
      # https://community.centminmod.com/posts/18828/
      #include /usr/local/nginx/conf/php-rediscache.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    
     
  11. eva2000

    eva2000 Administrator Staff Member

    30,164
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,135
    Local Time:
    2:14 AM
    Nginx 1.13.x
    MariaDB 5.5
    looks good if you aren't using cloudflare in front of nginx, it should be working
     
  12. churchill

    churchill New Member

    23
    6
    3
    Sep 25, 2014
    Ratings:
    +6
    Local Time:
    6:14 PM
    i can give you my test domain.
    it still doesn't work, it drives me crazy.
    mmds.nl
     
  13. eva2000

    eva2000 Administrator Staff Member

    30,164
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,135
    Local Time:
    2:14 AM
    Nginx 1.13.x
    MariaDB 5.5
    test at HTTP Header Check with an online CURL tool for http and https version shows http works but https has hostname issue

    http version
    Code (Text):
    HTTP/1.1 301 Moved Permanently
    Date: Sat, 31 Dec 2016 10:51:50 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
    Location: https://www.mmds.nl/
    Server: nginx centminmod
    X-Powered-By: centminmod
    

    https version
    Code (Text):
    Host not found...


    from https://intodns.com/mmds.nl you setup www version as CNAME of mmds.nl ? tried changing www version to an A DNS record pointing to server ip ?

    but seems your https ssl certificate configuration isn't complete or incorrect according to ssl check at SSL Server Test: mmds.nl (Powered by Qualys SSL Labs)

    ensure you concatenated the ssl provider's ssl certificate files appropriately for centmin mod nginx outlined at Nginx SPDY SSL Configuration - CentminMod.com LEMP Nginx web stack for CentOS
     
  14. churchill

    churchill New Member

    23
    6
    3
    Sep 25, 2014
    Ratings:
    +6
    Local Time:
    6:14 PM
    it was a a record i changed it to test it to a cname but i'm going to change it back now.
    and doing the ssl certification thing over again.

    Thank you very much
     
    • Like Like x 1
  15. churchill

    churchill New Member

    23
    6
    3
    Sep 25, 2014
    Ratings:
    +6
    Local Time:
    6:14 PM
    can you maybe tell which one to pick.
    the files i got are:
    • cabundle.crt
    • certificate.crt
    • certificate.key
    • certificate.p7b
     
  16. eva2000

    eva2000 Administrator Staff Member

    30,164
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,135
    Local Time:
    2:14 AM
    Nginx 1.13.x
    MariaDB 5.5
    from Nginx SPDY SSL Configuration - CentminMod.com LEMP Nginx web stack for CentOS you need to in ssh as root user concat these files

     
  17. eva2000

    eva2000 Administrator Staff Member

    30,164
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,135
    Local Time:
    2:14 AM
    Nginx 1.13.x
    MariaDB 5.5
    So for your files
    Code (Text):
    cd /usr/local/nginx/conf/ssl/domaincom/
    cat certificate.crt cabundle.crt > ssl-unified.crt
    cat cabundle.crt > ssl-trusted.crt
    

    then setup in domain.com.ssl.conf vhost
    Code (Text):
           ssl_certificate      /usr/local/nginx/conf/ssl/domaincom/ssl-unified.crt;
           ssl_certificate_key  /usr/local/nginx/conf/ssl/domaincom/ssl.key;
           # enable ocsp stapling
           resolver 8.8.8.8;
           ssl_stapling on;
           ssl_stapling_verify on;
           ssl_trusted_certificate /usr/local/nginx/conf/ssl/domaincom/ssl-trusted.crt;
    
     
  18. churchill

    churchill New Member

    23
    6
    3
    Sep 25, 2014
    Ratings:
    +6
    Local Time:
    6:14 PM
    I did everything, i did the concat for the certificates and made it a A rocord.

    But at HTTP Header Check with an online CURL tool

    mmds.nl – Just another WordPress site and mmds.nl – Just another WordPress site gave me:
    Code:
    HTTP/1.1 301 Moved Permanently
    Date: Sat, 31 Dec 2016 11:41:29 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
    Location: https://www.mmds.nl/
    Server: nginx centminmod
    X-Powered-By: centminmod
    but mmds.nl – Just another WordPress site:
    Code:
    HTTP/1.1 200 OK
    Date: Sat, 31 Dec 2016 11:42:59 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 51960
    Last-Modified: Sat, 31 Dec 2016 00:06:02 GMT
    Connection: keep-alive
    Vary: Accept-Encoding
    ETag: "5866f66a-caf8"
    Server: nginx centminmod
    X-Powered-By: centminmod
    Accept-Ranges: bytes
    and mmds.nl – Just another WordPress site:
    Code:
    HTTP/1.1 301 Moved Permanently
    Date: Sat, 31 Dec 2016 11:43:43 GMT
    Content-Type: text/html; charset=UTF-8
    Connection: keep-alive
    Location: https://mmds.nl/
    Server: nginx centminmod
    X-Powered-By: centminmod
    
    so why is https://www.mmds.nl is moved to https://mmds.nl?

    where can i change that
     
  19. churchill

    churchill New Member

    23
    6
    3
    Sep 25, 2014
    Ratings:
    +6
    Local Time:
    6:14 PM
    I did everything, i did the concat for the certificates and made it a A rocord.

    But at HTTP Header Check with an online CURL tool

    Code:
    http://www.mmds.nl 
    and
    Code:
    http://mmds.nl
    gave me:
    Code:
    HTTP/1.1 301 Moved Permanently
    Date: Sat, 31 Dec 2016 11:41:29 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
    Location: https://www.mmds.nl/
    Server: nginx centminmod
    X-Powered-By: centminmod
    but
    Code:
    https://mmds.nl
    :
    Code:
    HTTP/1.1 200 OK
    Date: Sat, 31 Dec 2016 11:42:59 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 51960
    Last-Modified: Sat, 31 Dec 2016 00:06:02 GMT
    Connection: keep-alive
    Vary: Accept-Encoding
    ETag: "5866f66a-caf8"
    Server: nginx centminmod
    X-Powered-By: centminmod
    Accept-Ranges: bytes
    and
    Code:
    https://www.mmds.nl
    :
    Code:
    HTTP/1.1 301 Moved Permanently
    Date: Sat, 31 Dec 2016 11:43:43 GMT
    Content-Type: text/html; charset=UTF-8
    Connection: keep-alive
    Location: https://mmds.nl/
    Server: nginx centminmod
    X-Powered-By: centminmod
    
    so why is
    Code:
    https://www.mmds.nl
    is moved to
    Code:
    https://mmds.nl
    where can i change that
     
    Last edited: Dec 31, 2016
  20. churchill

    churchill New Member

    23
    6
    3
    Sep 25, 2014
    Ratings:
    +6
    Local Time:
    6:14 PM
    sorry for the strange layout but the links kept changing so i put them in code brackets