Learn about Centmin Mod LEMP Stack today
Register Now

Sysadmin Website headers

Discussion in 'System Administration' started by fabianski, May 19, 2019.

  1. fabianski

    fabianski Member

    102
    13
    18
    Feb 20, 2019
    Brazil
    Ratings:
    +35
    Local Time:
    5:51 AM
    something strange happens with my site.
    When accessing with WWW (https://www.mydomain.org) the headers are shown correctly.
    http://prntscr.com/nq9pwq

    But by directly accessing (https://mydomain.org) some headers shown in the other version are not shown
    https://prnt.sc/nq9qc2

    I remember having tested at SecurityHeaders some time ago and all the headers were shown correctly, I do not know what might have led to this.

    Here are my nginx configuration files
    mydomain.org.ssl.conf
    I just modified two things.
    Line 61 wprocket
    Line 142 ip acess redirection

    nginx.conf
    no changes

    *I use the cloudflare only for dns

    Thanks
     
  2. eva2000

    eva2000 Administrator Staff Member

    41,386
    9,297
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,261
    Local Time:
    6:51 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    believe you have incorrect redirect if your main domain is with non-www version the 2nd server{} context needs to list in server_name only the domain you intend to be the main destination domain = non-www version so

    change from
    Code (Text):
     server {
       
       server_name mydomain.org www.mydomain.org;
       return 302 https://mydomain.org$request_uri;
       include /usr/local/nginx/conf/staticfiles.conf;
     }
    
    server {
      listen 443 ssl http2 reuseport;
      server_name mydomain.org www.mydomain.org;
    

    change to
    Code (Text):
     server {
       
       server_name mydomain.org www.mydomain.org;
       return 302 https://mydomain.org$request_uri;
       include /usr/local/nginx/conf/staticfiles.conf;
     }
    
    server {
      listen 443 ssl http2 reuseport;
      server_name mydomain.org;
    

    otherwise you're testing header for the 302 redirect itself with www version of your domain
     
  3. fabianski

    fabianski Member

    102
    13
    18
    Feb 20, 2019
    Brazil
    Ratings:
    +35
    Local Time:
    5:51 AM
    Hi, thanks for the help.
    The problem was being caused by wprocket, some pages that were not cached had their header displayed correctly, users logged in as well.
     
    • Informative Informative x 1
  4. eva2000

    eva2000 Administrator Staff Member

    41,386
    9,297
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,261
    Local Time:
    6:51 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Ah wp plugin related :)