Discover Centmin Mod today
Register Now

Nginx Use https and http both in the same virtual host (but directory is different)

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by negative, Mar 14, 2016.

  1. negative

    negative Member

    217
    22
    18
    Apr 11, 2015
    Ratings:
    +50
    Local Time:
    8:24 AM
    1.9.10
    10.1.11
    Hello

    As i ask in title; i have a cms software and xenforo directory in same virtual host and i want to use https in my CMS for now. If you ask me why you dont use the ssl in forum, i worry about SEO and ranking of my forum. Because it is 11 years old and before forum affected the negative ranking due 301's when converted from vbulletin. So, if i switch to https now, same 301's and i worry about that.

    And for now, i want switch my portal blog to https (http/2 support), but forum will be stay as http in locatin /forum directory.

    I think, it is possible with nginx but how can i define on nginx configuration ? It must listen 443 and 80 port both and "/forum" location rules should not open as https.

    Thanks.
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,992
    6,919
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,423
    Local Time:
    4:24 PM
    Nginx 1.13.x
    MariaDB 5.5
    You don't have to do much if you initially used centmin.sh menu option 2 to setup nginx vhost with self-signed ssl = yes as it would of created both non-ssl and ssl nginx vhosts config files out of box ready for you to switch from self-signed ssl to browser trusted ssl certificates as outlined below:
    This means your site will be accessible from non-https and https protocols out of the box like my site centminmod.com. There's no forced http to https redirection so you can access from both. Then all you do is for blog set https version s blog domain url. If it's wordpress, you can also set in wp-config.php to force https on the blog too so it only applies on web app level.

    If you didn't answer yes to self-signed ssl certificate at initial nginx vhost generation in centmin.sh menu option 2, you would need to create that nginx ssl vhost etc first as outlined at Nginx - Install self signed certificate after vhost is created? | Centmin Mod Community
     
  3. negative

    negative Member

    217
    22
    18
    Apr 11, 2015
    Ratings:
    +50
    Local Time:
    8:24 AM
    1.9.10
    10.1.11
    I answered "no" while creating my domain as vhost.

    So, do i must run #2 option again now ? Also, are there any moving process or something more For switch to ssl version of my current virtual host?

    Btw, i want to use custom paid certificate (I think it will be Comodo EV with green bar) so i will configure my vhost file as your documents AFTER RUN #2 option (with answer "yes") right ?
     
  4. eva2000

    eva2000 Administrator Staff Member

    30,992
    6,919
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,423
    Local Time:
    4:24 PM
    Nginx 1.13.x
    MariaDB 5.5
    no you can't run centmin.sh menu option 2 again for existing vhost, you need to follow steps i outlined at Nginx - Install self signed certificate after vhost is created? | Centmin Mod Community to manually setup the nginx ssl vhost again
    you can of course on a separate test vps run centmin.sh option 2 to create the ssl nginx vhost, then copy that nginx ssl vhost and files over to the live vps server as well.
     
    • Informative Informative x 1
  5. negative

    negative Member

    217
    22
    18
    Apr 11, 2015
    Ratings:
    +50
    Local Time:
    8:24 AM
    1.9.10
    10.1.11
    Btw excuse me, if i modify and use the

    listen 443 ssl http2;

    command, then how to open my website from standart http too ? Because no listen the port 80

    Also how can i set the all urls except under /forum directory is forcing to use https only ? (Not both http and https)

    I want to use only /forum directory from http, else everything runs only via https

    Thank you
     
  6. eva2000

    eva2000 Administrator Staff Member

    30,992
    6,919
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,423
    Local Time:
    4:24 PM
    Nginx 1.13.x
    MariaDB 5.5
    Centmin Mod is provide as is, so short of scripted related bugs or issues, any further optimisation to the web stack components - nginx, php-fpm, mariadb mysql, csf firewall etc or web app specific configurations are left to the Centmin Mod user to deal with. So I do not provide any free support for such.

    However, Centmin Mod users are free to help each other out and ask questions or give answers on this community forum. My hopes are that this community forum evolves so that more veteran long time Centmin Mod users help new Centmin Mod users out :)

    You need to create both http port 80 and https port 443 nginx vhosts as outlined either by using vhost generator or at Nginx - Use https and http both in the same virtual host (but directory is different) | Centmin Mod Community - best to use test vps to generate them and copy them over to live vps server if you don't have both domain.com.conf and domain.com.ssl.conf as outlined for centmin.sh menu option 2 at Nginx Vhost & NSD DNS Setup - CentminMod.com LEMP Nginx web stack for CentOS

    then just do as outlined at Nginx - Use https and http both in the same virtual host (but directory is different) | Centmin Mod Community and set all other blog/web apps besides /forum to using https url and leave forum accessible from http url

    You'd only be able to force other site/web apps to use https if they're off a subdirectory or subdomain i.e. in http port 80 vhost
    Code (Text):
    location ^~ /directory/ {
        rewrite ^/(.*) https://testdomain.com/$1 permanent;
    }

    or
    Code (Text):
    location ^~ /directory/ {
         return 302 https://testdomain.com$request_uri;
    }
    
    change 302 temp redirect to 301 permanent once confirmed working
     
  7. negative

    negative Member

    217
    22
    18
    Apr 11, 2015
    Ratings:
    +50
    Local Time:
    8:24 AM
    1.9.10
    10.1.11
    So, i should see domain.com.conf and domain.com.ssl.conf both in conf.d folder, isn't it ?
    Then configure them separately ?
     
  8. eva2000

    eva2000 Administrator Staff Member

    30,992
    6,919
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,423
    Local Time:
    4:24 PM
    Nginx 1.13.x
    MariaDB 5.5
    yup if you use centmin.sh menu option 2 and answer yes to self-signed ssl, it will generate both versions of nginx vhost which you can then edit and configure them separately