NGINX 2 domains on the same IP, want to redirect both to HTTPS -
i have 2 domains running on server, nginx proxies them node apps. have certificate one, other i'm using cloudflare provide https. want ensure when users visit either domain, redirected https version of domain, without www. current configuration, uncommenting block domain2 configuration file seems break both sites :(
domain1 config file:
upstream domain1.com { server 127.0.0.1:8000; keepalive 8; } server { listen 0.0.0.0:80; server_name domain1.com www.domain1.com; return 301 https://domain1.com$request_uri; } server { #listen 80; listen 443 ssl http2; server_name domain1.com; access_log /var/log/nginx/domain1.com.log; root /var/www/domain1.com/client/public; include /etc/nginx/global/cloudflare-allow.conf; ssl_certificate /etc/nginx/ssl/domain1.crt; ssl_certificate_key /etc/nginx/ssl/domain1.key; if ($bad_referer) { return 444; } location / { proxy_http_version 1.1; proxy_set_header x-real-ip $remote_addr; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; proxy_set_header host $http_host; proxy_set_header x-nginx-proxy true; proxy_set_header connection ""; proxy_pass http://domain1.com; proxy_redirect off; } location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|webp)$ { expires 1m; access_log off; add_header cache-control "public"; } # css , javascript location ~* \.(?:css|js)$ { expires 1y; access_log off; add_header cache-control "public"; } location ~* \.(?:rss|atom)$ { expires 1h; add_header cache-control "public"; } location ~* \.(?:manifest|appcache|html?|xml|json)$ { expires -1; } } server { listen 443 ssl http2; server_name www.domain1.com; return 301 https://domain1.com$request_uri; } domain2 config file:
upstream domain2.com { server 127.0.0.1:9000; keepalive 8; } #server { # listen 80; # server_name domain2.com www.domain2.com; # return 301 https://$server_name$request_uri; #} server { listen 80; #listen 443 ssl http2; server_name domain2.com; access_log /var/log/nginx/domain2.com.log; root /var/www/domain2.com; include /etc/nginx/global/cloudflare-allow.conf; if ($bad_referer) { return 444; } location / { proxy_http_version 1.1; proxy_set_header x-real-ip $remote_addr; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; proxy_set_header host $http_host; proxy_set_header x-nginx-proxy true; proxy_set_header connection ""; proxy_pass http://domain2.com; proxy_redirect off; } location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|webp)$ { expires 1m; access_log off; add_header cache-control "public"; } # css , javascript location ~* \.(?:css|js)$ { expires 1y; access_log off; add_header cache-control "public"; } location ~* \.(?:rss|atom)$ { expires 1h; add_header cache-control "public"; } location ~* \.(?:manifest|appcache|html?|xml|json)$ { expires -1; } }
when ssl done through cloudflare's flexible ssl mode, communication origin http traffic on port 80.
in order detect whether traffic https can't use https environment variable, must check if x-forwarded-proto header set https instead.
you can in nginx follows:
if ($http_x_forwarded_proto != "https") { rewrite ^(.*)$ https://$server_name$1 permanent; } the easier way set "always use https" page rule in cloudflare.
Comments
Post a Comment