Question

Having trouble with HTTP redirect to HTTPS under specific circumstances (NGINX)

Posted February 28, 2018 2.2k views
NginxUbuntu 16.04

I’ve set up a Nginx server on Ubuntu 16.04

I’ve done what I normally do (which works), except this time I have two sites, and not just one.

One site is www.domain.com, and the other is staging.domain.com

I have a redirect rule in the www.domain.com conf file, to direct non-www to www, and also to direct HTTP requests to HTTPS (on that domain).

The trouble is that if I type domain.com into a browser (with no http or https in front) I end up on a browser error page telling me the certificate is for an invalid domain. For some reason it redirects to https://domain.com, and tries to load the SSL certificate from staging.domain.com

If I put https://domain.com into a browser, it redirects to https://www.domain.com as expected.
If I put http://www.domain.com into browser, it redirects to https as expected.

Here is the conf files from each site:

For www.domain.com

fastcgi_cache_path /home/waiheke26/sites/www.domain.co.nz/public/cache levels=1:2 keys_zone=www.domain.co.nz:100m inactive=60m;
server {
    listen 80;
    listen [::]:80;
    server_name domain.co.nz www.domain.co.nz;
    return 301 https://www.domain.co.nz$request_uri;
}
server {
    listen 443;
    listen [::]:443;
    server_name domain.co.nz;
# Note: I added following ssl_certificate lines in case that was the issue. This made no difference.
       ssl_certificate /etc/letsencrypt/live/www.domain.co.nz/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/www.domain.co.nz/privkey.pem;
    return 301 https://www.domain.co.nz$request_uri;
}
server {
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    server_name www.domain.co.nz;
    root /home/waiheke26/sites/www.domain.co.nz/public;
    ssl_certificate /etc/letsencrypt/live/www.domain.co.nz/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.domain.co.nz/privkey.pem;
    index index.php;
    access_log /home/waiheke26/sites/www.domain.co.nz/logs/access.log;
    error_log /home/waiheke26/sites/www.domain.co.nz/logs/error.log;
    include global/server/defaults.conf;
    include global/server/fastcgi-cache.conf;
    include global/server/ssl.conf;
    location / {
        try_files $uri $uri/ /index.php?$args;
    }
    location ~ \.php$ {
        try_files $uri =404;
        include global/fastcgi-params.conf;
        fastcgi_pass   $upstream;
        fastcgi_cache_bypass $skip_cache;
        fastcgi_no_cache $skip_cache;
        fastcgi_cache www.domain.co.nz;
        fastcgi_cache_valid 60m;
    }
    rewrite ^/robots.txt$ /index.php last;
    location ~ /purge(/.*) {
        fastcgi_cache_purge www.domain.co.nz "$scheme$request_method$host$1";
    }
}

For staging.domain.com

fastcgi_cache_path /home/waiheke26/sites/staging.domain.co.nz/public/cache levels=1:2 keys_zone=staging.domain.co.nz:100m inactive=60m;
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name staging.domain.co.nz;
    root /home/waiheke26/sites/staging.domain.co.nz/public;
    ssl_certificate /etc/letsencrypt/live/staging.domain.co.nz/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/staging.domain.co.nz/privkey.pem;
    index index.php;
    access_log /home/waiheke26/sites/staging.domain.co.nz/logs/access.log;
    error_log /home/waiheke26/sites/staging.domain.co.nz/logs/error.log;
    include global/server/defaults.conf;
    include global/server/fastcgi-cache.conf;
    include global/server/ssl.conf;
    location / {
        try_files $uri $uri/ /index.php?$args;
    }
    location ~ \.php$ {
        try_files $uri =404;
        include global/fastcgi-params.conf;
        fastcgi_pass   $upstream;
        fastcgi_cache_bypass $skip_cache;
        fastcgi_no_cache $skip_cache;
        fastcgi_cache staging.domain.co.nz;
        fastcgi_cache_valid 60m;
    }
    rewrite ^/robots.txt$ /index.php last;
    location ~ /purge(/.*) {
        fastcgi_cache_purge staging.domain.co.nz "$scheme$request_method$host$1";
    }
}

For default

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;
    return 444;
}

If any other config data would be useful, please let me know.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers

This is odd. I am not seeing anything in your configuration that would redirect http://domain.com to https://domain.com (without the www being added).

By any chance are you running any browser addons, specifically any https everywhere type plugins that force https? Since I do not see a cause in the server configuration after taking a quick look I want to rule out the browser causing the redirect you’re seeing.

Thanks for the input Ryan. I am not sure why, but eventually (a day or two later) this issue ceased occurring. I am thinking perhaps it’s the way browsers store the “memory” of whether a domain was accessed over HTTPS or HTTP. I read something about it being “cached” (in a sense) but clearing the cache doesn’t clear that.

Submit an Answer