Skip to content

Commit 090ce08

Browse files
rvalitovrvalitov
committed
improved nginx http to https redirect
1 parent 05fe404 commit 090ce08

File tree

1 file changed

+22
-7
lines changed

1 file changed

+22
-7
lines changed

server/conf/nginx_vhost.conf.master

Lines changed: 22 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,32 @@
1+
<tmpl_if name='ssl_enabled'>
2+
<tmpl_if name='rewrite_to_https' op='==' value='y'>
3+
server {
4+
listen <tmpl_var name='ip_address'>:<tmpl_var name='http_port'>;
5+
<tmpl_if name='ipv6_enabled'>
6+
listen [<tmpl_var name='ipv6_address'>]:<tmpl_var name='http_port'>;
7+
</tmpl_if>
8+
server_name <tmpl_var name='domain'> <tmpl_var name='alias'>;
9+
access_log off;
10+
rewrite ^ https://$http_host$request_uri? permanent;
11+
}
12+
</tmpl_if>
13+
</tmpl_if>
14+
115
server {
16+
<tmpl_unless name='ssl_enabled'>
217
listen <tmpl_var name='ip_address'>:<tmpl_var name='http_port'>;
318
<tmpl_if name='ipv6_enabled'>
419
listen [<tmpl_var name='ipv6_address'>]:<tmpl_var name='http_port'>;
520
</tmpl_if>
21+
</tmpl_if>
622

723
<tmpl_if name='ssl_enabled'>
24+
<tmpl_if name='rewrite_to_https' op='!=' value='y'>
25+
listen <tmpl_var name='ip_address'>:<tmpl_var name='http_port'>;
26+
<tmpl_if name='ipv6_enabled'>
27+
listen [<tmpl_var name='ipv6_address'>]:<tmpl_var name='http_port'>;
28+
</tmpl_if>
29+
</tmpl_if>
830
listen <tmpl_var name='ip_address'>:<tmpl_var name='https_port'> ssl{tmpl_if name='enable_http2' op='==' value='y'} http2{/tmpl_if}{tmpl_if name='enable_spdy' op='==' value='y'} spdy{/tmpl_if};
931
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
1032
# ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
@@ -35,13 +57,6 @@ server {
3557
rewrite ^<tmpl_var name='local_redirect_exclude'>(.*)$ <tmpl_var name='local_redirect_target'>$2 <tmpl_var name='local_redirect_type'>;
3658
}
3759
</tmpl_loop>
38-
<tmpl_if name='ssl_enabled'>
39-
<tmpl_if name='rewrite_to_https' op='==' value='y'>
40-
if ($scheme != "https") {
41-
rewrite ^ https://$http_host$request_uri? permanent;
42-
}
43-
</tmpl_if>
44-
</tmpl_if>
4560

4661
<tmpl_loop name="own_redirects">
4762
<tmpl_if name='use_rewrite'>

0 commit comments

Comments
 (0)