nginx redirect to https

[patrickf]

Hello,

I'am, just trying to redirect http requests to https on a site that is running with nginx and php-fpm. I added this code at Webserver Settings->Additional nginx directives.

return 301 https://$server_name$request_uri;

After that I'am getting an redirect error in the Browser. Then i opened the nginx.conf for that website and found something strange.

In the server {listen xxxx:443 ssl section there's this row:

include "/var/www/vhosts/system/domain.com/conf/vhost_nginx.conf";

And at the server {listen xxxx:80 section there's the same config file included.

include "/var/www/vhosts/system/domain.com/conf/vhost_nginx.conf";

I think that is the source of the problem.

Its A debian 7.9 Server with Plesk 12.0.18. The same happens with Plesk 12.5.30.

What do you think about that?


Regards,
Patrick

 

[UFHH01]

Hi patrickf,

that is the normal and expected behaviour, if you add additional directives... all your additional nginx settings and modifications are wriiten to "vhost_nginx.conf" and not to your standard nginx.conf for that domain.


In your case, you choosed to add a redirect after a redirect. Please have a look at the standard "/var/www/vhosts/system/example.com/conf/nginx.conf" ( or "/var/www/vhosts/system/example.com/conf/nginx_ip_default.conf", if the domain is the standard domain for the choosen IP ). You will see, that there might be already a redirect like:

if ($host ~* ^example.com$) {
rewrite ^(.*)$ https://www.example.com$1 permanent;
}

( ... and this is the example in your apache config - files ):

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example.com$ [NC]
RewriteRule ^(.*)$ https://www.example.com$1 [L,R=301]
</IfModule>

This depends on your "Hosting settings" for that domain, where you can choose the options: "none", "example.com" or "www.example.com". If you choose "example.com" or "www.example.com", then Plesk will automatically add the redirects to your configuration files for the specific domain. If you now add an additional redirect, all browsers will complain about "too many redirects".

 

[patrickf]

Hi,

thank you for your reply. I searched for redirect rules in the nginx.conf but there aren't any. The Hosting setting in Plesk is set to "none".

Then I tried to set the redirect rule you posted obove, but the clients were not redirected to https. Then i tried this rule

if ($ssl_protocol = "") {
    rewrite ^   https://$server_name$request_uri? permanent;
}

Now the clients are getting redirected to https.
Did i get it right that it isn't possible to set seperate nginx directives for http and https via plesk?

This is the nginx.conf:

Expand/Collapse Block: nginx.conf

#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.

server {
listen xxxxx:443 ssl;

server_name xxxxx.de;
server_name xxxxx.de;
server_name ipv4.xxxx.de;

ssl_certificate /opt/psa/var/certificates/certSVh83BS;
ssl_certificate_key /opt/psa/var/certificates/certSVh83BS;

client_max_body_size 128m;

proxy_read_timeout 60;

root "/var/www/vhosts/xx.de/httpdocs";
access_log "/var/www/vhosts/system/xx.de/logs/proxy_access_ssl_log";
error_log "/var/www/vhosts/system/xx.de/logs/proxy_error_log";

location / {
proxy_pass https://xxx:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Internal /internal-nginx-static-location;
access_log off;
}

location /internal-nginx-static-location/ {
alias /var/www/vhosts/xxx.de/httpdocs/;
add_header X-Powered-By PleskLin;
internal;
}

location ~ ^/files/ {
proxy_pass https://xx:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Internal /internal-nginx-static-location;
access_log off;
}

location ~ ^/(plesk-stat|webstat|webstat-ssl|ftpstat|anon_ftpstat|awstats-icon) {
proxy_pass https://xxx:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Internal /internal-nginx-static-location;
access_log off;
}

location ~ ^/~(.+?)(/.*?\.php)(/.*)?$ {
alias /var/www/vhosts/xxxx.de/web_users/$1/$2;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass "unix:///var/www/vhosts/system/xxx.de/php-fpm.sock";
include /etc/nginx/fastcgi.conf;
}

location ~ ^/~(.+?)(/.*)?$ {
proxy_pass https://xxxx:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Internal /internal-nginx-static-location;
access_log off;
}

location ~ \.php(/.*)?$ {
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass "unix:///var/www/vhosts/system/xxxx.de/php-fpm.sock";
include /etc/nginx/fastcgi.conf;
}

location ~ /$ {
index index.html index.cgi index.pl index.php index.xhtml index.htm index.shtml;
}

include "/var/www/vhosts/system/xxxx.de/conf/vhost_nginx.conf";
}

server {
listen xxxx:80;

server_name xxxx.de;
server_name xxxx.de;
server_name xxxx.de;

client_max_body_size 128m;

proxy_read_timeout 60;

root "/var/www/vhosts/xxxxx.de/httpdocs";
access_log "/var/www/vhosts/system/xxxxx.de/logs/proxy_access_log";
error_log "/var/www/vhosts/system/xxxx.de/logs/proxy_error_log";

location / {
proxy_pass http://xxxx:7080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Internal /internal-nginx-static-location;
access_log off;
}

location /internal-nginx-static-location/ {
alias /var/www/vhosts/xxxx.de/httpdocs/;
add_header X-Powered-By PleskLin;
internal;
}

location ~ ^/files/ {
proxy_pass http://xxxx:7080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Internal /internal-nginx-static-location;
access_log off;
}

location ~ ^/(plesk-stat|webstat|webstat-ssl|ftpstat|anon_ftpstat|awstats-icon) {
proxy_pass http://xxxx:7080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Internal /internal-nginx-static-location;
access_log off;
}

location ~ ^/~(.+?)(/.*?\.php)(/.*)?$ {
alias /var/www/vhosts/xxxxx.de/web_users/$1/$2;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass "unix:///var/www/vhosts/system/xxxx.de/php-fpm.sock";
include /etc/nginx/fastcgi.conf;
}

location ~ ^/~(.+?)(/.*)?$ {
proxy_pass http://xxxx:7080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Internal /internal-nginx-static-location;
access_log off;
}

location ~ \.php(/.*)?$ {
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass "unix:///var/www/vhosts/system/xxxx.de/php-fpm.sock";
include /etc/nginx/fastcgi.conf;
}

location ~ /$ {
index index.html index.cgi index.pl index.php index.xhtml index.htm index.shtml;
}

include "/var/www/vhosts/system/xxxx.de/conf/vhost_nginx.conf";
}

Thank you very much for your help.

 

[UFHH01]

Did i get it right that it isn't possible to set seperate nginx directives for http and https via plesk?

Correct. The additional nginx directive handles both, http and https requests.


But...., depending on your content of the domain, you might have some existing PHP - code included, as for example:

    if($_SERVER['SERVER_PORT'] != 80){
       header("HTTP/1.1 301 Moved Permanently");
       header("Location: http://example.com");
    }

Some content management software, as for example wordpress and/or drupal often use such PHP - Code in some plugins or standard installations, to redirect www.example.com to example.com. In such cases, your solution redirects to the desired https - location, before the client reaches the PHP - Code.

 

[patrickf]

As far as i know there's no code like that in that software. What would you recommend to prevent this if a web app uses such a PHP code?

 

[UFHH01]

Hi patrickf,

just comment it out, or de-install plugins, that use such code, because it's just bad coding.

 

[patrickf]

Hi UFHH01,

all right. Thank you very much for your help.

 

[blueberry]

I think it would be important to add some code to the redirection to prevent nginx to return a HTML BODY in the 301 redirect. By default nginx returns the following:

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>

By the way, I suspect Googlebot to have a bad behaviour when it reads this above.
I had nginx redirection from http to https using the permanent 301 redirect from plesk. (host settings?). So it returned the html body that i mentionned about for every 301 redirect.

I have noticed that many HTTP urls ended in my "crawl anomaly" category or soft 404 in google search console.
So, I think that when googlebot finds a HTML body in a 301 redirect, he thinks that it is a real document with the wrong HTTP code (301 instead of 200)

So, I think it would be clever to precede the redirection with a little code to delete the HTML body that is returned during a 301 nginx redirect. (you can see this HTML BODY by typing "curl and the url that should be redirected"

In the nginx additional settings you would type:

error_page 301 302 @30x;
location @30x {
default_type ""; # removes the Content-Type
return 300; # is needed but will never be used
}

if ($ssl_protocol = "") {
rewrite ^ https://$server_name$request_uri? permanent;
}

You think that what I say does not make sense? you are doubtful?
Check the redirect from twitter and facebook.

when you do "curl http://twitter.com" , you can't see anything right? That's because the twitter team remove the HTML body returned by a 301 redirect.
Twitter and facebook can't be wrong. On the other hand, if you type "curl http : // talk.plesk.com" you will see this HTML body returned by nginx. bad bad bad...