ssl - Ruby on Rails in nginx server, HTTPS redirects to HTTP -


i have client wanted ssl on site got certificate , set nginx conf (below config) it. if dont point root of https part real server root works, if set root site files https gets redirected http. no error messages.

any ideas?

user  www-data; worker_processes  4;  error_log  logs/error.log; #error_log  logs/error.log  notice; #error_log  logs/error.log  info;  #pid        logs/nginx.pid;   events {     worker_connections  1024; }  http {     passenger_root /usr/local/rvm/gems/ruby-1.9.3-p448/gems/passenger-4.0.14;     passenger_ruby /usr/local/rvm/wrappers/ruby-1.9.3-p448/ruby;      include       mime.types;     default_type  application/octet-stream;      #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '     #                  '$status $body_bytes_sent "$http_referer" '     #                  '"$http_user_agent" "$http_x_forwarded_for"';      #access_log  logs/access.log  main;      sendfile        on;     #tcp_nopush     on;      #keepalive_timeout  0;     keepalive_timeout  65;      #gzip  on;      server {         listen       80;         server_name  www.nope.se;      passenger_enabled on;      root /var/www/current/public/;          #charset koi8-r;          #access_log  logs/host.access.log main;          #error_page  404              /404.html;          # redirect server error pages static page /50x.html         #         #error_page   500 502 503 504  /50x.html;         #location = /50x.html {         #    root   html;         #}          # proxy php scripts apache listening on 127.0.0.1:80         #         #location ~ \.php$ {         #    proxy_pass   http://127.0.0.1;         #}          # pass php scripts fastcgi server listening on 127.0.0.1:9000         #         #location ~ \.php$ {         #    root           html;         #    fastcgi_pass   127.0.0.1:9000;         #    fastcgi_index  index.php;         #    fastcgi_param  script_filename  /scripts$fastcgi_script_name;         #    include        fastcgi_params;         #}          # deny access .htaccess files, if apache's document root         # concurs nginx's 1         #         #location ~ /\.ht {         #    deny  all;         #}     }       # virtual host using mix of ip-, name-, , port-based configuration     #     #server {     #    listen       8000;     #    listen       somename:8080;     #    server_name  somename  alias  another.alias;      #    location / {     #        root   html;     #        index  index.html index.htm;     #    }     #}       # https server     #     server {         listen       443;         server_name  www.nope.se;          ssl                  on;         ssl_certificate      /opt/nginx/cert/www.nope.se.crt;         ssl_certificate_key  /opt/nginx/cert/www.nope.se.key;          ssl_session_timeout  10m;          #ssl_protocols  sslv2 sslv3 tlsv1;         #ssl_ciphers  high:!anull:!md5;         #ssl_prefer_server_ciphers   on;      passenger_enabled on;         root /var/www/current/public/;      #    location / {     #        root   html;     #        index  index.html index.htm;     #    }     }  }

i not understand question. here gyan on how typical nginx-https configuration done. hope find useful.

ssl protocol works 1 layer below http. think of tunnel inside http protocol travels. hence ssl certificates loaded, no matter specify them, before http related configuration. reason why there should 1 ssl setting per nginx instance.

i recommend move ssl certificate related logic separate server block this.

server {    listen                    443 ssl default_server;    ssl_certificate           ssl/website.pem;    ssl_certificate_key       ssl/website.key;    ssl_trusted_certificate   ssl/ca.all.pem;    ssl_session_cache         builtin:1000     shared:ssl:10m;      ssl_session_timeout       5m;      ssl_protocols             sslv3 tlsv1 tlsv1.1 tlsv1.2; # default on newer versions    ssl_prefer_server_ciphers on;     # following 1 long line. use explicit list of ciphers enable    # forward secrecy without exposing ciphers vulnerable beast attack     ssl_ciphers  ecdhe-rsa-aes256-gcm-sha384:ecdhe-rsa-aes128-gcm-sha256:ecdhe-rsa-rc4-sha:ecdhe-rsa-aes128-sha:rc4-sha:rc4-md5:ecdhe-rsa-aes256-sha:aes256-sha:ecdhe-rsa-des-cbc3-sha:des-cbc3-sha:aes128-sha;     # following reference. needs specified again    # in each virtualhost, in both http , non-http versions.    # directive tell browser use https version of site , remember month   add_header                strict-transport-security    max-age=2592000; }

i recommend set 301 redirect in non-https server block shown below.

change this:

 server {     listen       80;     server_name  www.nope.se;       ...   }

to this: 

server {     listen       80;     server_name  www.nope.se;     add_header   strict-transport-security  max-age=7200;     return       301                        https://$host$request_uri;  }

with in place, when user visits http://www.nope.se automatically redirected https://www.nope.se


Comments

Post a Comment

Popular posts from this blog

java.util.scanner - How to read and add only numbers to array from a text file -

i'm learning java , have question regarding reading file want read numbers file contains strings well. here example of file: 66.56 "3 java 3-43 5-42 2.1 1 and here coding: public class test { public static void main (string [] args){ if (0 < args.length) { file x = new file(args[0]); try{ scanner in = new scanner( new fileinputstream(x)); arraylist<double> test = new arraylist<>(); while(in.hasnext()){ if(in.hasnextdouble()){ double f=in.nextdouble(); test.add(f);} else {in.next();} } catch(ioexception e) { system.err.println("exception during reading: " + e); } } my problem add 66.56,2.1 , 1 doesn't add 3 after "3 or ignores 3-43 , 5-42 can tell me how skip strings , add doubles here? thanks all said 3 ie; "3, 3-43 , 4-42 strings either u read string , split , check number @ " , - or put in space between characters , integers. jvm after compilation tre...
Read more

rewrite - Trouble with Wordpress multiple custom querystrings -

i'm working on adding multiple querystring , doesn't seem work. i've found codes seems work others might i'm missing something. i want like: http://mydomain.com/board/?getyear=2013&getsometext2=sometext to http://mydomain.com/board/2013/sometext/ i added code below functions.php file. doesn't seem work should though. this works. echoing querystring gets both variable without problem. http://mydomain.com/board/2013/sometext/ but doesn't. tested querystring vis isset() seems nothing being set/get http://mydomain.com/board/2013/ function add_query_vars($vars) { $vars[] = "getyear"; $vars[] = "getsometext2"; return $vars; } add_filter('query_vars', 'add_query_vars'); function add_rewrite_rules($arules) { $anewrules = array('board/([^/]+)/([^/]+)/?$' => 'index.php?pagename=board&getyear=$matches[1]&getsometext2=$matches[2]'); $arules = $a...
Read more