Nginx $scheme doesn't always work while using SSL for one specific page
Posted
by
jjiceman
on Server Fault
See other posts from Server Fault
or by jjiceman
Published on 2012-06-03T03:56:43Z
Indexed on
2012/06/03
4:42 UTC
Read the original article
Hit count: 490
I read and followed this question in order to configure nginx to force SSL for one page (admin.php for XenForo), and it is working well for a few of the site administrators but is not for myself. I was wondering if anyone has any advice on how to improve this configuration:
...
ssl_certificate example.net.crt;
ssl_certificate_key example.key;
server {
listen 80 default;
listen 443 ssl;
server_name www.example.net example.net;
access_log /srv/www/example.net/logs/access.log;
error_log /srv/www/example.net/logs/error.log;
root /srv/www/example.net/public_html;
index index.php index.html;
location / {
if ( $scheme = https ){
rewrite ^ http://example.net$request_uri? permanent;
}
try_files $uri $uri/ /index.php?$uri&$args;
index index.php index.html;
}
location ^~ /admin.php {
if ( $scheme = http ) {
rewrite ^ https://example.net$request_uri? permanent;
}
try_files $uri /index.php;
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on;
}
location ~ \.php$ {
try_files $uri /index.php;
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS off;
}
}
...
It seems that the extra information in the location ^~ /admin.php
block is unecessary, does anyone know of an easy way to avoid duplicate code? Without it it skips the php block and just returns the php files.
Currently it applies https correctly in Firefox when I navigate to admin.php
. In Chrome, it downloads the admin.php
page. When returning to the non-https website in Firefox, it does not correctly return to http but stays as SSL. Like I said earlier, this only happens for me, the other admins can go back and forth without a problem.
Is this an issue on my end that I can fix? And does anyone know of any ways I could reduce duplicate configuration options in the configuration? Thanks in advance!
© Server Fault or respective owner