Redirecting wildcard subdomains to a different top-level domain with nginx - ssl

We have a bunch of wildcard subdomains (_foo.example.com, bar.example.com, etc) that, when accessed via HTTPS should redirect to the equivalent subdomain on our secure domain.
Some examples:
https://foo.example.com => https://foo.secure.com
https://foo.example.com/some/path => https://bar.secure.com/some/path
https://bar.example.com => https://bar.secure.com
I think this can be accomplished with nginx rewrites but I'm not sure about the syntax. Here's what I'm attempting:
server {
listen 443;
server_name *.example.com;
rewrite ^(.*) https://*.secure.com$1 permanent;
}
This obviously won't work because I'm not capturing the incoming subdomain and using it in the rewrite.

Try something like this (untested):
server {
listen 80;
listen 443 default ssl;
server_name "~^(?<name>\w\d+)\.example\.com$";
rewrite ^(.*) https://$name.secure.com$1 permanent;
}

Found this on http://forum.slicehost.com/comments.php?DiscussionID=730
# redirects arbitrary subdomain (some.random.sub.example.com) to (some.random.sub.example.org)
if ($host ~* "^([^.]+(\.[^.]+)*)\.example.com$"){
set $subd $1;
rewrite ^(.*)$ http://$subd.example.org$1 permanent;
break;
}
# Simply redirects example.com to example.org
if ($host ~* "^example.com$"){
rewrite ^(.*)$ http://example.org$1 permanent;
break;
}

Related

Cloudflare page rules for removing multiple trailing slash

I want to set up the below things in Cloudflare.
https://example.com// OR https://example.com// OR https://example.com/// OR onwards
are redirecting to https://example.com/
How can I set up this using the Cloudflare page rule?
It will be quicker to set that in your webserver(Nginx) virtual host than doing it on Cloudflare.
Add below in your Nginx config:
if ($request_uri ~* "\/\/") {
rewrite ^/(.*) https://$host/$1 permanent;
}

NGINX Redirect HTTPS to HTTP getting Cert Error

I have the following NGINX configuration to redirect https to http and then run 301 redirects. The problem is, if people are visiting https://domain.com instead of being redirected they are stuck on a certificate error page.
server {
listen 443;
server_name domain.com www.domain.com;
rewrite ^(.*) http://$host$1 permanent;
}
server {
listen 80;
server_name domain.com www.domain.com;
location ~ /assets/img/images/(.*)$ {
return 301 https://domain.xyz/images/legacy/$1;
}
location ~ /frame/(.*)$ {
return 301 https://domain.xyz/embeded/$1;
}
}
It is a bit of a chicken-and-egg problem such that there is no real way to say that you don't support TLS/SSL without first supporting TLS/SSL.
So, in order to service the redirect, you still must serve a valid certificate.
Once you obtain a certificate (for example a free one from Let's Encrypt), you just add this to your first server block:
listen 443 ssl;
ssl_certificate /path/to/certificate.crt;
ssl_certificate_key /path/to/private.key;

Convert Apache RewriteCond to Nginx

I want to convert following Apache config to Nginx compatible config.
What it currently does is redirect all traffic which DOESN'T contain ^/nexus/content* in uri to HTTPS. That means even if I access http:// example.com/nexus only, it should go to HTTPS.
Bottom line is I want keep http:// example.com/nexus/content* in HTTP but http:// example.com/nexus should redirect to HTTPS. Hope the question is clear :)
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/nexus/content*
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
I tried following Nginx configs but didn't work so far. Appreciate any help.
if ($request_uri != ^/nexus/content*) {
rewrite (.*) https://example.com$request_uri;
}
And
location ~ ^/nexus/content* {
}
location / {
rewrite ^(.*)$ https://$http_host$request_uri redirect;
}
I'm not sure if this will work, but here goes:
server {
listen 80;
server_name example.com;
if ($request_uri !~ "^/nexus/content*") {
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 ssl;
server_name example.com;
add_header Strict-Transport-Security "max-age=31536000"; # MiTM Mitigation
// your normal rules here
}
Similar to yours, but it does a redirect and not a rewrite.

Force www. and https in nginx.conf (SSL)

After purchasing a SSL certificate I have been trying to force all pages to secured https and to www.
https://www.exampl.com is working and secure but only if type it in exactly. www.example.com or example.com are still pointing to http.
We use nginx as a proxy and need to input the rewrite there. I have SSH / root access via Putty. I have accessed nginx.conf by inputting into putty.
Now what? Do I input the nginx commands on this page? Starting where the cursor is? Any command lines first?
HTTPS:
.htacess – Original code I was given before I found out I had to input into nginx
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
Nginx code converter – This is how it shows on the converter. Is everything on the correct lines?
# nginx configuration location / {
if ($http_host ~* "^example.com"){
rewrite ^(.*)$ http://example.com/$1 redirect; } }
and then
WWW
.htacess – Original code I was given before I found out I had to input into nginx
#Force www:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301,NC]
Nginx code converter – This is how it shows on the converter. Is everything on the correct line?
# nginx configuration location / {
if ($http_host ~* "^example.com"){
rewrite ^(.*)$ http://www.example.com/$1 redirect; }
}
Do I then save? Restart?
Any help would be greatly appreciated. I have been battling this for weeks. My Hosting company helped as far as they could, now I am learning on the fly…. Or should I just stop and hire a developer? $$$
Thanks
The best way to implement WWW and HTTPS redirection is to create a new server section in Nginx config:
server {
listen 80; #listen for all the HTTP requests
server_name example.com www.example.com;
return 301 https://www.example.com$request_uri;
}
You will also have to perform https://example.com to https://www.example.com redirection. This may be done with code similar to the following:
server {
listen 443 ssl;
server_name example.com;
ssl_certificate ssl.crt; #you have to put here...
ssl_certificate_key ssl.key; # ...paths to your certificate files
return 301 https://www.example.com$request_uri;
}
And of course, you must reload Nginx config after each change. Here are some useful commands:
check for errors in the configuration:
sudo service nginx configtest
reload configuration (this would be enough to make changes "work"):
sudo service nginx reload
restart the whole webserver:
sudo service nginx restart
Important note:
All your server sections must be inside http section (or in a file included in http section):
http {
# some directives ...
server {
# ...
}
server {
# ...
}
# ...
}
The following solution seems to be clear and simple, everything defined in one server block. So with this setup I force everything to https://www.domain.tld, so both handlers are here non-HTTPS and non-WWW on HTTPS.
There are two IF's but if you don't want to duplicate entire SSL block two times to handle it... this is the way to do it.
server {
listen 80;
listen 443 ssl;
server_name domain.tld www.domain.tld;
# global HTTP handler
if ($scheme = http) {
return 301 https://www.domain.tld$request_uri;
}
# global non-WWW HTTPS handler
if ($http_host = domain.tld){
return 303 https://www.domain.tld$request_uri;
}
}
And even better solution to avoid IF's:
# Redirect all traffic from HTTP to HTTPS
server {
listen 80;
server_name example.com www.example.com;
# Destination redirect base URI
set $RURI https://www.example.com;
location / {return 301 $RURI$request_uri;}
}
# Redirect non-WWW HTTPS traffic to WWW HTTPS
server {
listen 443 ssl;
# NOTE: SSL configuration is defined elsewhere
server_name example.com;
return 301 $scheme://www.$host$request_uri;
}
# MAIN SERVER BLOCK
server {
listen 443 ssl;
# NOTE: SSL configuration is defined elsewhere
server_name www.example.com;
}
If you have a sites-enabled directory, do not use the "http" top directive. Just create another file (with any name) in the site-enabled directory that has:
server {
listen 80; #listen for all the HTTP requests
server_name example.com www.example.com;
return 301 https://www.example.com$request_uri;
}
and comment out the line
listen 80;
where the server_name is the same in the other file that serves www.example.com
I searched a lot , finally this is my right answer.
also remember to add a www A record in your domain registar's dns control panel.
# Force all users to https://www.example.com
server {
listen 80;
server_name example.com www.example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/nginx/ssl/www.example.com.pem;
ssl_certificate_key /etc/nginx/ssl/www.example.com.key;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl;
server_name www.example.com;
root /var/www/html
error_page 403 /error/404.html;
error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html;
ssl_certificate /etc/nginx/ssl/www.example.com.pem;
ssl_certificate_key /etc/nginx/ssl/www.example.com.key;
}

Redirecting base domain to HTTPS, and sub-domains to HTTP

I've been using Apache for a project, and have now decided to convert over to nginx for performance reasons as the project has grown quite a bit.
For this project, we serve our base domain and www sub-domain over HTTPS, but need to serve all other sub-domains over HTTP.
In Apache, I was able to accomplish this with the RewriteEngine doing the following:
RewriteEngine On
#Redirect domain and www to HTTPS
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} =mydomain.com [OR]
RewriteCond %{HTTP_HOST} =www.mydomain.com
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#Redirect wildcard subdomains to HTTP
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^(.+)\.mydomain\.com [NC]
RewriteCond %{HTTP_HOST} !=www.mydomain.com
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I have my website about half setup with nginx, and this portion of the configuration has stumped me. How do I go about converting this to work with nginx?
I divided the answer in 4 virtual host. The first two solve the http to https redirect among the main domains. And the second part catches the subdomains and redirects from https to http:
# FIRST PART ---------------
# from http to https on main domains
server {
listen 80;
server_name domain www.domain;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name domain www.domain;
# blah, blah, https and virtualhost configuration
}
# SECOND PART ---------------
# from https to http and others subdomains
server {
listen 443 ssl;
server_name *.domain;
# blah, blah, https configuration
location / {
return 301 http://$host$request_uri
}
}
server {
listen 80;
server *.domain;
# virtual with http configuration
}