DigitalOcean Kubernetes: new control plane is faster and free, enable HA for 99.95% uptime SLA

Related

after installing iRedMail my nginx 404 error
Question
SSL Security (HTTPS) in Django one-click-install configuration
Question

Question

Having trouble with HTTP redirect to HTTPS under specific circumstances (NGINX)

I’ve set up a Nginx server on Ubuntu 16.04

I’ve done what I normally do (which works), except this time I have two sites, and not just one.

One site is www.domain.com, and the other is staging.domain.com

I have a redirect rule in the www.domain.com conf file, to direct non-www to www, and also to direct HTTP requests to HTTPS (on that domain).

The trouble is that if I type domain.com into a browser (with no http or https in front) I end up on a browser error page telling me the certificate is for an invalid domain. For some reason it redirects to https://domain.com, and tries to load the SSL certificate from staging.domain.com

If I put https://domain.com into a browser, it redirects to https://www.domain.com as expected. If I put http://www.domain.com into browser, it redirects to https as expected.

Here is the conf files from each site:

For www.domain.com

fastcgi_cache_path /home/waiheke26/sites/www.domain.co.nz/public/cache levels=1:2 keys_zone=www.domain.co.nz:100m inactive=60m;
server {
	listen 80;
	listen [::]:80;
	server_name domain.co.nz www.domain.co.nz;
	return 301 https://www.domain.co.nz$request_uri;
}
server {
	listen 443;
	listen [::]:443;
	server_name domain.co.nz;
# Note: I added following ssl_certificate lines in case that was the issue. This made no difference.
       ssl_certificate /etc/letsencrypt/live/www.domain.co.nz/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/www.domain.co.nz/privkey.pem;
	return 301 https://www.domain.co.nz$request_uri;
}
server {
	listen 443 ssl http2 default_server;
	listen [::]:443 ssl http2 default_server;
	server_name www.domain.co.nz;
	root /home/waiheke26/sites/www.domain.co.nz/public;
	ssl_certificate /etc/letsencrypt/live/www.domain.co.nz/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/www.domain.co.nz/privkey.pem;
	index index.php;
	access_log /home/waiheke26/sites/www.domain.co.nz/logs/access.log;
	error_log /home/waiheke26/sites/www.domain.co.nz/logs/error.log;
	include global/server/defaults.conf;
	include global/server/fastcgi-cache.conf;
	include global/server/ssl.conf;
	location / {
		try_files $uri $uri/ /index.php?$args;
	}
	location ~ \.php$ {
		try_files $uri =404;
		include global/fastcgi-params.conf;
		fastcgi_pass   $upstream;
		fastcgi_cache_bypass $skip_cache;
		fastcgi_no_cache $skip_cache;
		fastcgi_cache www.domain.co.nz;
		fastcgi_cache_valid 60m;
	}
	rewrite ^/robots.txt$ /index.php last;
	location ~ /purge(/.*) {
		fastcgi_cache_purge www.domain.co.nz "$scheme$request_method$host$1";
	}
}

For staging.domain.com

fastcgi_cache_path /home/waiheke26/sites/staging.domain.co.nz/public/cache levels=1:2 keys_zone=staging.domain.co.nz:100m inactive=60m;
server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;
	server_name staging.domain.co.nz;
	root /home/waiheke26/sites/staging.domain.co.nz/public;
	ssl_certificate /etc/letsencrypt/live/staging.domain.co.nz/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/staging.domain.co.nz/privkey.pem;
	index index.php;
	access_log /home/waiheke26/sites/staging.domain.co.nz/logs/access.log;
	error_log /home/waiheke26/sites/staging.domain.co.nz/logs/error.log;
	include global/server/defaults.conf;
	include global/server/fastcgi-cache.conf;
	include global/server/ssl.conf;
	location / {
		try_files $uri $uri/ /index.php?$args;
	}
	location ~ \.php$ {
		try_files $uri =404;
		include global/fastcgi-params.conf;
		fastcgi_pass   $upstream;
		fastcgi_cache_bypass $skip_cache;
		fastcgi_no_cache $skip_cache;
		fastcgi_cache staging.domain.co.nz;
		fastcgi_cache_valid 60m;
	}
	rewrite ^/robots.txt$ /index.php last;
	location ~ /purge(/.*) {
		fastcgi_cache_purge staging.domain.co.nz "$scheme$request_method$host$1";
	}
}

For default

server {
	listen 80 default_server;
	listen [::]:80 default_server;
	server_name _;
	return 444;
}

If any other config data would be useful, please let me know.

Subscribe
Share
Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

JonathanMarch 11, 2018

Thanks for the input Ryan. I am not sure why, but eventually (a day or two later) this issue ceased occurring. I am thinking perhaps it’s the way browsers store the “memory” of whether a domain was accessed over HTTPS or HTTP. I read something about it being “cached” (in a sense) but clearing the cache doesn’t clear that.

Ryan QuinnFebruary 28, 2018

This is odd. I am not seeing anything in your configuration that would redirect http://domain.com to https://domain.com (without the www being added).

By any chance are you running any browser addons, specifically any https everywhere type plugins that force https? Since I do not see a cause in the server configuration after taking a quick look I want to rule out the browser causing the redirect you’re seeing.

ToolNGINX Config GeneratorTool

Related

after installing iRedMail my nginx 404 error
Question
SSL Security (HTTPS) in Django one-click-install configuration
Question

Try DigitalOcean for free

Click below to sign up and get $100 of credit to try our products over 60 days!

Sign up