Having trouble with HTTP redirect to HTTPS under specific circumstances (NGINX)

February 28, 2018 671 views
Nginx Ubuntu 16.04

I've set up a Nginx server on Ubuntu 16.04

I've done what I normally do (which works), except this time I have two sites, and not just one.

One site is www.domain.com, and the other is staging.domain.com

I have a redirect rule in the www.domain.com conf file, to direct non-www to www, and also to direct HTTP requests to HTTPS (on that domain).

The trouble is that if I type domain.com into a browser (with no http or https in front) I end up on a browser error page telling me the certificate is for an invalid domain. For some reason it redirects to https://domain.com, and tries to load the SSL certificate from staging.domain.com

If I put https://domain.com into a browser, it redirects to https://www.domain.com as expected.
If I put http://www.domain.com into browser, it redirects to https as expected.

Here is the conf files from each site:

For www.domain.com

fastcgi_cache_path /home/waiheke26/sites/www.domain.co.nz/public/cache levels=1:2 keys_zone=www.domain.co.nz:100m inactive=60m;
server {
    listen 80;
    listen [::]:80;
    server_name domain.co.nz www.domain.co.nz;
    return 301 https://www.domain.co.nz$request_uri;
}
server {
    listen 443;
    listen [::]:443;
    server_name domain.co.nz;
# Note: I added following ssl_certificate lines in case that was the issue. This made no difference.
       ssl_certificate /etc/letsencrypt/live/www.domain.co.nz/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/www.domain.co.nz/privkey.pem;
    return 301 https://www.domain.co.nz$request_uri;
}
server {
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    server_name www.domain.co.nz;
    root /home/waiheke26/sites/www.domain.co.nz/public;
    ssl_certificate /etc/letsencrypt/live/www.domain.co.nz/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.domain.co.nz/privkey.pem;
    index index.php;
    access_log /home/waiheke26/sites/www.domain.co.nz/logs/access.log;
    error_log /home/waiheke26/sites/www.domain.co.nz/logs/error.log;
    include global/server/defaults.conf;
    include global/server/fastcgi-cache.conf;
    include global/server/ssl.conf;
    location / {
        try_files $uri $uri/ /index.php?$args;
    }
    location ~ \.php$ {
        try_files $uri =404;
        include global/fastcgi-params.conf;
        fastcgi_pass   $upstream;
        fastcgi_cache_bypass $skip_cache;
        fastcgi_no_cache $skip_cache;
        fastcgi_cache www.domain.co.nz;
        fastcgi_cache_valid 60m;
    }
    rewrite ^/robots.txt$ /index.php last;
    location ~ /purge(/.*) {
        fastcgi_cache_purge www.domain.co.nz "$scheme$request_method$host$1";
    }
}

For staging.domain.com

fastcgi_cache_path /home/waiheke26/sites/staging.domain.co.nz/public/cache levels=1:2 keys_zone=staging.domain.co.nz:100m inactive=60m;
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name staging.domain.co.nz;
    root /home/waiheke26/sites/staging.domain.co.nz/public;
    ssl_certificate /etc/letsencrypt/live/staging.domain.co.nz/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/staging.domain.co.nz/privkey.pem;
    index index.php;
    access_log /home/waiheke26/sites/staging.domain.co.nz/logs/access.log;
    error_log /home/waiheke26/sites/staging.domain.co.nz/logs/error.log;
    include global/server/defaults.conf;
    include global/server/fastcgi-cache.conf;
    include global/server/ssl.conf;
    location / {
        try_files $uri $uri/ /index.php?$args;
    }
    location ~ \.php$ {
        try_files $uri =404;
        include global/fastcgi-params.conf;
        fastcgi_pass   $upstream;
        fastcgi_cache_bypass $skip_cache;
        fastcgi_no_cache $skip_cache;
        fastcgi_cache staging.domain.co.nz;
        fastcgi_cache_valid 60m;
    }
    rewrite ^/robots.txt$ /index.php last;
    location ~ /purge(/.*) {
        fastcgi_cache_purge staging.domain.co.nz "$scheme$request_method$host$1";
    }
}

For default

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;
    return 444;
}

If any other config data would be useful, please let me know.

2 Answers

This is odd. I am not seeing anything in your configuration that would redirect http://domain.com to https://domain.com (without the www being added).

By any chance are you running any browser addons, specifically any https everywhere type plugins that force https? Since I do not see a cause in the server configuration after taking a quick look I want to rule out the browser causing the redirect you're seeing.

Thanks for the input Ryan. I am not sure why, but eventually (a day or two later) this issue ceased occurring. I am thinking perhaps it's the way browsers store the "memory" of whether a domain was accessed over HTTPS or HTTP. I read something about it being "cached" (in a sense) but clearing the cache doesn't clear that.

Have another answer? Share your knowledge.