nginx - redirection doesn't work as expected
Posted
by
Luis
on Server Fault
See other posts from Server Fault
or by Luis
Published on 2011-11-08T16:14:54Z
Indexed on
2011/11/14
1:54 UTC
Read the original article
Hit count: 566
nginx
I have a domain listening on both http and https. I want to redirect all the traffic to https except for two specific locations. It works, but only for mydomain.com, not for www.mydomain.com.
Here the config:
upstream mydomain_rails {
server unix:/home/deploy/mydomain/shared/pids/unicorn.sock;
}
# blog.mydomain.com
server {
listen 80;
server_name blog.mydomain.com;
rewrite ^ http://www.mydomain.com/de/blog permanent;
}
# blog.mydomain.com.br
server {
listen 80;
server_name blog.mydomain.com.br;
rewrite ^ http://www.mydomain.com/br/blog permanent;
}
# www.mydomain.de
server {
listen 80;
server_name mydomain.de www.mydomain.de;
rewrite ^ https://www.mydomain.com/de permanent;
}
# www.mydomain.com.br
server {
listen 80;
server_name mydomain.com.br www.mydomain.com.br;
rewrite ^ https://www.mydomain.com/br permanent;
}
server {
listen 80;
server_name mydomain.com;
rewrite ^ http://www.mydomain.com$request_uri permanent;
}
## www.mydomain.com
## Redirect http to https, keep blogs on plain http
server {
listen 80;
server_name www.mydomain.com;
location / {
# if ($host ~* ^(www\.mydomain\.com)$ ) {
rewrite ^/(.*)$ https://www.mydomain.com/$1 permanent;
# }
# return 444;
}
# Matches any request starting with '/br/blog' and proxies to the upstream blog instance
location ~* /br/blog {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
if (!-f $request_filename) {
rewrite ^/br/blog$ /;
rewrite ^/br/blog/(.*)$ /$1;
proxy_pass http://mydomain_blog_br;
break;
}
}
# Matches any request starting with '/de/blog' and proxies to the upstream blog instance
location ~* /de/blog {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
if (!-f $request_filename) {
rewrite ^/de/blog$ /;
rewrite ^/de/blog/(.*)$ /$1;
proxy_pass http://mydomain_blog;
break;
}
}
}
# www.mydomain.com
server {
add_header Cache-Control "public, must-revalidate";
server_name mydomain.com www.mydomain.com;
listen 443;
ssl on;
ssl_certificate /etc/ssl/mydomain.com/sslchain.crt;
ssl_certificate_key /etc/ssl/mydomain.com/privatekey.key;
## Strict Transport Security (ForceHTTPS), max-age 30d
add_header Strict-Transport-Security "max-age=2592000; includeSubdomains";
## Due SSL encryption, rather to increase the keepalive requests and timeout
keepalive_requests 10;
keepalive_timeout 60 60;
root /home/deploy/mydomain/current/public/;
error_log /home/deploy/mydomain/shared/log/nginx.error.log info;
access_log /home/deploy/mydomain/shared/log/nginx.access.log main;
## Redirect from non-www to www
if ($host = 'mydomain.com' ) {
rewrite ^/(.*)$ https://www.mydomain.com/$1 permanent;
}
## Caching images for 3 months
location ~* \.(ico|css|js|gif|jpe?g|png)\?[0-9]+$ {
expires 30d;
break;
}
## Deny illegal Host headers
if ($host !~* ^(mydomain.com|www.mydomain.com)$ ) {
return 444;
}
## Deny certain User-Agents (case insensitive)
if ($http_user_agent ~* (Baiduspider|webalta|Wget|WordPress|youdao|jakarta) ) {
return 444;
}
## Deny certain Referers (case insensitive)
if ($http_referer ~* (dating|diamond|forsale|girl|jewelry|nudit|poker|porn|poweroversoftware|sex|teen|webcam|zippo|zongdo) ) {
return 444;
}
## Enable maintenance page. The page is copied in during capistrano deployment
set $maintenance 0;
if (-f $document_root/index.html) {
set $maintenance 1;
}
if ($request_uri ~* (jpg|jpeg|gif|png|js|css)$) {
set $maintenance 0;
}
if ($maintenance) {
rewrite ^(.*)$ /index.html last;
break;
}
location /uk {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/htpasswd;
root /home/deploy/mydomain/current/public/;
try_files $uri @fallback;
}
# Matches any request starting with '/br/blog' and proxies to the upstream blog instance
location ^~ /br/blog {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
if (!-f $request_filename) {
rewrite ^/br/blog$ /;
rewrite ^/br/blog/(.*)$ /$1;
proxy_pass http://mydomain_blog_br;
break;
}
}
# Matches any request starting with '/de/blog' and proxies to the upstream blog instance
location ^~ /de/blog {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
if (!-f $request_filename) {
rewrite ^/de/blog$ /;
rewrite ^/de/blog/(.*)$ /$1;
proxy_pass http://mydomain_blog;
break;
}}
# Matches any request starting with '/lp' and proxies to the upstream blog instance
location /lp {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
rewrite ^/lp(/?.*)$ /$1;
proxy_pass http://mydomain_landingpage;
break;
}
#Matches any request, and looks for static files before reverse proxying to the upstream app server socket
location / {
root /home/deploy/mydomain/current/public/;
try_files $uri @fallback;
}
# Called after the above pattern, if no static file is found
location @fallback {
proxy_set_header X-Sendfile-Type X-Accel-Redirect;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://mydomain_rails;
}
## All other errors get the generic error page
error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 495 496 497 500 501 502 503 504 505 506 507 /500.html;
location /500.html {
root /home/deploy/mydomain/current/public/;
}
}
I defined the blog upstream. As said, it works properly for mydomain.com, but not for www.mydomain.com.
Any idea?
© Server Fault or respective owner