/ Register

Learn about Centmin Mod LEMP Stack today
Become a Member

Domains The page isn't redirecting properly

Discussion in 'Domains, DNS, Email & SSL Certificates' started by Josephm, Oct 28, 2015.

Previous Thread Next Thread
Loading...
  1. Oct 28, 2015 #1
    Josephm

    Josephm Active Member

    126
    43
    28
    Aug 26, 2014
    Ratings:
    +45
    Local Time:
    5:53 AM
    1.9.5
    10.0.21
    I've been working around to upgrade my non-SSL site to SSL site. I renamed my domain.com.conf to domain.com.conf-disable. Created new domain.com.ssl.conf like this:
    Code:
    server {
  server_name domain.com www.domain.com;
  return 302 https://domain.com$request_uri;
}

server {
  listen 443 ssl http2;
  server_name domain.com www.domain.com;

  ssl_dhparam /usr/local/nginx/conf/ssl/domain.com/dhparam.pem;
  ssl_certificate  /usr/local/nginx/conf/ssl/domain.com/domain_com.crt;
  ssl_certificate_key  /usr/local/nginx/conf/ssl/domain.com/domain_com.key;
  include /usr/local/nginx/conf/ssl_include.conf;

  # mozilla recommended
  ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
  ssl_prefer_server_ciphers  on;
  #add_header Alternate-Protocol  443:npn-spdy/3;
  #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
  #add_header  X-Content-Type-Options "nosniff";
  #add_header X-Frame-Options DENY;
  #spdy_headers_comp 5;
  ssl_buffer_size 1400;
  ssl_session_tickets on;

  # enable ocsp stapling
  resolver 8.8.8.8 8.8.4.4 valid=10m;
  resolver_timeout 10s;
  ssl_stapling on;
  ssl_stapling_verify on;
  ssl_trusted_certificate /usr/local/nginx/conf/ssl/domain.com/ssl-trusted.crt; 

# ngx_pagespeed & ngx_pagespeed handler
include /usr/local/nginx/conf/pagespeed.conf;
include /usr/local/nginx/conf/pagespeedhandler.conf;
include /usr/local/nginx/conf/pagespeedstatslog.conf;
include /usr/local/nginx/conf/wordpress/general.conf;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  #access_log /home/nginx/domains/domain.com/log/access.log combined buffer=256k flush=60m;
  #error_log /home/nginx/domains/domain.com/log/error.log;

  root /home/nginx/domains/domain.com/public;

  # prevent access to ./directories and files
  location ~ (?:^|/)\. {
  deny all;
  } 

  location /home/nginx/domains/domain.com/public {

# block common exploits, sql injections etc
#include /usr/local/nginx/conf/block.conf;

  # Enables directory listings when index file not found
  #autoindex  on;

  # Shows file listing times as local time
  #autoindex_localtime on;

  # Enable for vBulletin usage WITHOUT vbSEO installed
  # More example Nginx vhost configurations at
  # http://centminmod.com/nginx_configure.html
  #try_files  $uri $uri/ /index.php;

  }

  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/php.conf;
  include /usr/local/nginx/conf/drop.conf;
  include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}
    My test site in localhost is ok, but in actual host is not. I turnt off the cloudflare but not work too. I'm using wordpress, the config /usr/local/nginx/conf/wordpress/general.conf is followed:
    Code:
    location / {
try_files $uri $uri/ /index.php?$args;
}
# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires max;
}
    Any ideas anyone?
    Thanks so much.
     
  2. Oct 28, 2015 #2
    eva2000

    eva2000 Administrator Staff Member

    36,863
    8,068
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,426
    Local Time:
    8:53 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    need to elaborate as to what the errors or symptoms of not working are ? if you had test site on localhost using same domain, then you will need to clear browser cache and flush dns cache on local pc

    test in incognito and private browser mode
     
  3. Oct 28, 2015 #3
    Josephm

    Josephm Active Member

    126
    43
    28
    Aug 26, 2014
    Ratings:
    +45
    Local Time:
    5:53 AM
    1.9.5
    10.0.21
    Find out the problem, I do not know why "Flexible" SSL mode of Cloudflare made this loop redirect. I had to switch to "Strict" mode and OK now.
    Cloudflare is not supported HTTP2 yet, so the browser still detects my site as SPDY 3.1.
     
    • Informative Informative x 1
  4. Oct 28, 2015 #4
    eva2000

    eva2000 Administrator Staff Member

    36,863
    8,068
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,426
    Local Time:
    8:53 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    flexible has Cloudflare SSL on client end only - communication between cloudflare and origin your server is non-https. Only Strict has cloudflare to origin communicated over https
     
Previous Thread Next Thread
Loading...
..

.