nginx - redirection doesn't work as expected

Posted by Luis on Server Fault See other posts from Server Fault or by Luis
Published on 2011-11-08T16:14:54Z Indexed on 2011/11/14 1:54 UTC
Read the original article Hit count: 566

Filed under:

I have a domain listening on both http and https. I want to redirect all the traffic to https except for two specific locations. It works, but only for mydomain.com, not for www.mydomain.com.

Here the config:

upstream mydomain_rails {
  server unix:/home/deploy/mydomain/shared/pids/unicorn.sock;
}

# blog.mydomain.com
server {
  listen 80;
  server_name blog.mydomain.com;
  rewrite ^ http://www.mydomain.com/de/blog permanent;
}

# blog.mydomain.com.br
server {
  listen 80;
  server_name blog.mydomain.com.br;
  rewrite ^ http://www.mydomain.com/br/blog permanent;
}

# www.mydomain.de
server { 
  listen 80;
  server_name mydomain.de www.mydomain.de;
  rewrite ^ https://www.mydomain.com/de permanent;
}

# www.mydomain.com.br
server {
  listen 80;
  server_name mydomain.com.br www.mydomain.com.br;
  rewrite ^ https://www.mydomain.com/br permanent;
}

server {
listen 80;
server_name mydomain.com;
rewrite ^ http://www.mydomain.com$request_uri permanent;
}

## www.mydomain.com
## Redirect http to https, keep blogs on plain http
server {
  listen      80;
  server_name www.mydomain.com;

  location / {
#     if ($host ~* ^(www\.mydomain\.com)$ ) {
       rewrite  ^/(.*)$  https://www.mydomain.com/$1  permanent;
#     }
#     return 444;
   }

  # Matches any request starting with '/br/blog' and proxies to the upstream blog instance
  location ~* /br/blog {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;

    if (!-f $request_filename) {
      rewrite ^/br/blog$ /;
      rewrite ^/br/blog/(.*)$ /$1;
      proxy_pass http://mydomain_blog_br;

      break;
    }
  }

  # Matches any request starting with '/de/blog' and proxies to the upstream blog instance
  location ~* /de/blog {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;

    if (!-f $request_filename) {
      rewrite ^/de/blog$ /;
      rewrite ^/de/blog/(.*)$ /$1;
      proxy_pass http://mydomain_blog;

      break;
    }
  }
}

# www.mydomain.com
server {
  add_header Cache-Control "public, must-revalidate";
  server_name mydomain.com www.mydomain.com;
  listen 443;

  ssl on;
  ssl_certificate /etc/ssl/mydomain.com/sslchain.crt;
  ssl_certificate_key /etc/ssl/mydomain.com/privatekey.key;

## Strict Transport Security (ForceHTTPS), max-age 30d
  add_header Strict-Transport-Security "max-age=2592000; includeSubdomains";

## Due SSL encryption, rather to increase the keepalive requests and timeout
  keepalive_requests 10;
  keepalive_timeout 60 60;

  root       /home/deploy/mydomain/current/public/;
  error_log  /home/deploy/mydomain/shared/log/nginx.error.log info;
  access_log /home/deploy/mydomain/shared/log/nginx.access.log main;

## Redirect from non-www to www
  if ($host = 'mydomain.com' ) {
      rewrite  ^/(.*)$  https://www.mydomain.com/$1  permanent;
  }

## Caching images for 3 months
  location ~* \.(ico|css|js|gif|jpe?g|png)\?[0-9]+$ {
      expires 30d;
      break;
  }
## Deny illegal Host headers
  if ($host !~* ^(mydomain.com|www.mydomain.com)$ ) {
      return 444;
  }

## Deny certain User-Agents (case insensitive)
  if ($http_user_agent ~* (Baiduspider|webalta|Wget|WordPress|youdao|jakarta) ) {
      return 444;
  }

## Deny certain Referers (case insensitive)
  if ($http_referer ~* (dating|diamond|forsale|girl|jewelry|nudit|poker|porn|poweroversoftware|sex|teen|webcam|zippo|zongdo) ) {
      return 444;
  }

## Enable maintenance page. The page is copied in during capistrano deployment
  set $maintenance 0;
  if (-f $document_root/index.html) {
    set $maintenance 1;
  }
  if ($request_uri ~* (jpg|jpeg|gif|png|js|css)$) {
    set $maintenance 0;
  }
  if ($maintenance) {
    rewrite ^(.*)$ /index.html last;
    break;
  }

  location /uk  {
    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/htpasswd;
    root /home/deploy/mydomain/current/public/; 
    try_files $uri @fallback;
  }


  # Matches any request starting with '/br/blog' and proxies to the upstream blog instance
  location ^~ /br/blog {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;

    if (!-f $request_filename) {
      rewrite ^/br/blog$ /;
      rewrite ^/br/blog/(.*)$ /$1;
      proxy_pass http://mydomain_blog_br;

      break;
    }
  }

  # Matches any request starting with '/de/blog' and proxies to the upstream blog instance
  location ^~ /de/blog {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;

    if (!-f $request_filename) {
      rewrite ^/de/blog$ /;
      rewrite ^/de/blog/(.*)$ /$1;
      proxy_pass http://mydomain_blog;

      break;
}} 

  # Matches any request starting with '/lp' and proxies to the upstream blog instance
  location /lp {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;

    rewrite ^/lp(/?.*)$ /$1;
    proxy_pass http://mydomain_landingpage;

    break;
  }

 #Matches any request, and looks for static files before reverse proxying to the upstream app server socket
  location / {
    root /home/deploy/mydomain/current/public/; 
    try_files $uri @fallback;
  }

  # Called after the above pattern, if no static file is found
  location @fallback {
    proxy_set_header X-Sendfile-Type X-Accel-Redirect;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;

    proxy_pass http://mydomain_rails;
  }



## All other errors get the generic error page
  error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 495 496 497 500 501 502 503 504 505 506 507 /500.html;
      location  /500.html {
          root /home/deploy/mydomain/current/public/;
      }
}

I defined the blog upstream. As said, it works properly for mydomain.com, but not for www.mydomain.com.

Any idea?

© Server Fault or respective owner

Related posts about nginx