WebFaction
Community site: login faq

I'm having a bit of a problem here and I can't tell if it's my own fault or because of the front-end Nginx proxy and how WF handles https.

I'm running my own Nginx server listening on a custom port with PHP-FPM and uWSGI (for Python).

I have two specific vhosts that I want to only work over https. One is a private site secured with HTTP auth that contains maintenance/statistics scripts (apc.php and phpinfo), exposes Nginx and PHP-FPM status pages, as well as anylytics tools. The second is my web2py admin panel. Both have their own subdomain.

I do not need an SSL cert, I just need forced encryption without having to manually type https:// into the address bar.

I have the HTTPS web site set up in the WF panel and I can access both sites through HTTPS by manually typing it into the address bar. For the redirect I've tried many different methods from around the web using the proper return 301 https://$server_name$request_uri; Nginx config and they all result in either infinite redirect loops or 502 errors. I've tried it using a single port for both HTTP and HTTPS as well as setting up a second listen port for SSL.

I want to avoid using .htaccess for this which would require a whole other web app layer. Nginx says not to use regex or if for redirects. What's the proper way to do this using a private Nginx server? Am I doing something wrong or does something special need to be done to make this work with the front-end proxy?

asked 23 Aug '13, 18:36

HittingSmoke
4822030
accept rate: 8%


You will have to use a second apache redirect application since all SSL validation must happen on the front end server, the decision which app it goes to first is determined there, however all back-end traffic is http, which is why normal redirects which are based on this will cause loops. You could also add code which detects the presence of the X-FORWARDED-SSL header and creates a 301 redirect, this would be a more complex solution.

permanent link

answered 23 Aug '13, 21:33

johns
5.3k312
accept rate: 23%

edited 23 Aug '13, 21:34

There is a solution which might work as well on serverfault.com detecting x-fordarded-ssl in nginx config directly

(23 Aug '13, 21:35) johns

I see. I'll check out the header option tomorrow and if it doesn't work I guess I'll just have to go with Apache/htaccess redirect.

(24 Aug '13, 00:27) HittingSmoke
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×186
×76
×74

question asked: 23 Aug '13, 18:36

question was seen: 3,470 times

last updated: 24 Aug '13, 00:27

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2019 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM