nginx returns 302 FOUND with http instead of https
12,295
Try this snippet:
server {
listen 443;
listen [::]:443;
server_name seafile.example.com;
include /etc/nginx/conf.d/ssl.conf;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://192.168.99.12:8000/;
proxy_http_version 1.1;
proxy_redirect http://192.168.99.12:8000/ https://seafile.example.com/;
proxy_read_timeout 1200s;
client_max_body_size 0;
}
ssl on;
ssl_certificate /etc/letsencrypt/live/seafile.example.com-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/seafile.example.com-0001/privkey.pem;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
}
Related videos on Youtube
Comments
-
user3549596 over 1 year
I try to access
https://seafile.example.com
, which is a proxied application. The application will return 302, but with HTTP instead of HTTPS. Should this be fixed in Nginx or the application (Seafile in this case), I tried it, but don't know what's wrong:Output from
curl -v https://seafile.example.com
< HTTP/1.1 302 FOUND < Server: nginx/1.12.2 < Date: Fri, 18 May 2018 03:08:02 GMT < Content-Type: text/html; charset=utf-8 < Transfer-Encoding: chunked < Connection: keep-alive < Vary: Accept-Language, Cookie < Location: http://seafile.example.com/accounts/login?next=/ < Content-Language: en
I would have expected https://seafile ...
Nginx config:
server { listen 80; server_name seafile.example.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name seafile.example.com; ssl_certificate /etc/letsencrypt/live/seafile.example.com-0001/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/seafile.example.com-0001/privkey.pem; # managed by Certbot include /etc/nginx/conf.d/ssl.conf; proxy_set_header X_Forwarded-For $remote_addr; location / { proxy_pass http://192.168.99.12:8000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Forwarded-Proto https; access_log /var/log/nginx/seahub.access.log; error_log /var/log/nginx/seahub.error.log; proxy_read_timeout 1200s; client_max_body_size 0; } location /seafhttp { rewrite ^/seafhttp(.*)$ $1 break; proxy_pass http://192.168.99.12:8082; client_max_body_size 0; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 36000s; proxy_read_timeout 36000s; proxy_send_timeout 36000s; send_timeout 36000s; }
seahub_settings.py
# -*- coding: utf-8 -*- SECRET_KEY = "random" DATABASES = { 'default': { 'ENGINE': 'django.db.backends.mysql', 'NAME': 'seahub-db', 'USER': 'seafile', 'PASSWORD': 'random', 'HOST': '127.0.0.1', 'PORT': '3306' } } FILE_SERVER_ROOT = 'https://seafile.example.com' EMAIL_USE_TLS = True EMAIL_HOST = 'mail.example.com' # smpt server EMAIL_HOST_USER = '' # username and domain EMAIL_HOST_PASSWORD = '' # password EMAIL_PORT = 25 DEFAULT_FROM_EMAIL = '[email protected]' SERVER_EMAIL = '[email protected]'
ccnet.conf
[General] USER_NAME = seafile ID = ranodm NAME = seafile SERVICE_URL = https://seafile.example.com [Client] PORT = 13419 [Database] ENGINE = mysql HOST = 127.0.0.1 PORT = 3306 USER = seafile PASSWD = random DB = ccnet-db CONNECTION_CHARSET = utf8
-
Michael Hampton almost 6 yearsThat redirect looks like it comes from your application. You should first attempt to reconfigure the application.
-
user3549596 almost 6 yearsYes I thought so too, but in seafile all URLs point to the https version... (seahub_settings, ccnet.conf)
-
Michael Hampton almost 6 yearsIf you think it is from nginx, then please post the nginx configuration. At minimum, the complete
server
block. -
user3549596 almost 6 yearsupdated the first post
-
Michael Hampton almost 6 yearsThere are no redirects to HTTP there. Check the application again.
-
user3549596 almost 6 yearsdid, don't know where to look else, can't I force a rewrite to https via nginx?
-
Michael Hampton almost 6 yearsYou can't force a rewrite to https because it's already https! That would just give you an infinite loop. The browser would tell you this redirect will never complete properly. At this point you should contact the application's developer, I think.
-
user3549596 almost 6 yearsWith rewrite I mean a rewrite from the applications response.
-
Alexey Ten almost 6 yearsCheck
proxy_redirect
directive. But that should be last resort. It's better to fix you application if possible -
Hunter Frazier almost 6 yearsHave you tried using
$scheme://$server_name$request_uri/
? This might resolve the lattermost request protocol. It's possible, but can't test right now.
-