I am running an nginx web server where I redirect all http requests to https (with a self signed cert).
Problem is - I cannot seem to do so for an app running on a port. Example:
http://my.server.ip:1234
How can I modify the nginx config file to force that url through ssl?
try this:
return 301 https://my.server.ip:1234$request_uri;
Related
I know how to setup https for, say, clojure web app with nginx. How to do that for Phoenix?
In the prod.exs I have this:
config :my_app, MyApp.Endpoint,
url: [host: "my_website.com", port: 443],
http: [port: 4000],
# https: [port: 443,
# keyfile: System.get_env("SOME_APP_SSL_KEY_PATH"),
# certfile: System.get_env("SOME_APP_SSL_CERT_PATH")],
cache_static_manifest: "priv/static/manifest.json"
I have this:
ssl_certificate: /etc/letsencrypt/live/my_app.com/fullchain.pem;
ssl_certificate_key: /etc/letsencrypt/live/my_app.com/privkey.pem;
I want to use nginx with Phoenix as well.
1) Should I remove "http: [port: 4000]," compeletely from "prod.exs"?
2) Should I instead uncomment "https: [port: 443,...." ? Or should I have them both? I don't want to website to be accessible at http or I'd let nginx take care of it by redirecting a user from http to https.
3) Or should I remove https and http and let nginx handle that?
4) How about the key "url" and its "port"?
If you are using Nginx to terminate the SSL part of the connection, then you leave the app server configured for HTTP and any port you like (4000 is fine as long as you configure Nginx to forward to it). If your server is configured correctly, it will not answer HTTP port 4000 requests, thus the SSL cannot be bypassed.
The SSL configuration you are referring to at the app server level configures the app server to terminate the SSL connection (no Nginx necessary). Phoenix apps are all "full featured" web servers thanks to cowboy. Thus, they can handle the SSL termination as well as serving the application's dynamic and static assets.
The URL configuration is so your application knows its domain and can generate full urls as well as paths.
If you're set on using nginx in front of your Phoenix app then use nginx to terminate the ssl connection (your option 3). You still need to configure http in Phoenix though since nginx will proxy to your app using http. Therefore:
config :my_app, MyApp.Endpoint,
url: [host: "my_website.com", port: 4000],
http: [port: 4000]
Which assumes you will configure nginx to proxy to your app on port 4000. You will also want to adjust the host config key to be the base url of your site since any URL's you generate will use this base name (as Jason mentioned).
I am trying to setup a gitlab repository and I am quite new to the web server side of things. My setup is the following:
I have an apache server which is running my main website on port 8080.
I have the gitlab configured with SSL and Nginx and running on port 2443.
At the moment, the gitlab site can be accessed through https://www.example.com:2443.
What I would like to do is setup a redirect through my apache server where if someone comes to http://www.example.com/gitlab or https://www.example.com/gitlab, they get redirected to ``https://www.example.com:2443` (preferably without the web browser text field changing).
Could this be done easily with Apache? Also, since the redirect is to an SSL site, any special things we need to consider?
You can try adding the redirect directive to your Apache VirtualHosts (8080 and 443).
Redirect permanent /gitlab https://www.example.com:2443
currently I want to deploy my pyramid application on a server. Therefore I'am using NGINX in front of WSGI. There is no problem to configure SSL in NGINX, but for WSGI it is.
Because I have port-forwarding from 80 to 443, the user receives an:
Mixed Content: The page at 'https://example.com' was loaded over HTTPS, but requested an insecure stylesheet 'http://example.com/static/css/bootstrap-3.3.5.min.css'. This request has been blocked; the content must be served over HTTPS.
How can I enable SSL for WSGI?
Thx
Thanks to I can not connect to https waitress wsgi server i found the solution. Just add "url_scheme = https" to your production.ini / development.ini.
I created Jelastic environment with Jetty 9. Then I added SSL support - Jelastic created NGinx instance and my solution now available using https and provides certificate. Question is - how to deny access on old non secure way? I mean using ordinary http?
You just need to edit the nginx config. to redirect http requests to https.
Example configs:
NGINX Redirect http to https and non-www to ww
https://serverfault.com/questions/250476/how-to-force-or-redirect-to-ssl-in-nginx
If I get an ssl certificate - can I still access my web pages using http (instead of https) so they'll load faster?
Or perhaps have the ssl for only certain pages on my site? (I'm using web hosting, perhaps it matters.)
Yes. When you're setting up the certificate, you can configure your server to listen on port 443 (for SSL, where it will serve your certificate) as well as port 80 (where normal HTTP traffic will go). For pages where you absolutely want to have SSL, you'll need to force the user to visit the https:// URL.