Nginx $scheme doesn't always work while using SSL for one specific page

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by jjiceman on Server Fault See other posts from Server Fault or by jjiceman
Published on 2012-06-03T03:56:43Z Indexed on 2012/06/03 4:42 UTC
Read the original article Hit count: 454

Filed under:
|
|

I read and followed this question in order to configure nginx to force SSL for one page (admin.php for XenForo), and it is working well for a few of the site administrators but is not for myself. I was wondering if anyone has any advice on how to improve this configuration:

...

ssl_certificate      example.net.crt;
ssl_certificate_key  example.key;

server {
    listen 80 default;
    listen 443 ssl;

    server_name www.example.net example.net;
    access_log /srv/www/example.net/logs/access.log;
    error_log /srv/www/example.net/logs/error.log;

    root /srv/www/example.net/public_html;
    index index.php index.html;

    location / {
        if ( $scheme = https ){
            rewrite ^ http://example.net$request_uri? permanent;
        }
        try_files $uri $uri/ /index.php?$uri&$args;
        index index.php index.html;
    }

    location ^~ /admin.php {
        if ( $scheme = http ) {
            rewrite ^ https://example.net$request_uri? permanent;
        }
        try_files $uri /index.php;
        include fastcgi_params;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param HTTPS on;
    }

    location ~ \.php$ {
        try_files $uri /index.php;
        include fastcgi_params;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param HTTPS off;
    }
}

...

It seems that the extra information in the location ^~ /admin.php block is unecessary, does anyone know of an easy way to avoid duplicate code? Without it it skips the php block and just returns the php files.

Currently it applies https correctly in Firefox when I navigate to admin.php. In Chrome, it downloads the admin.php page. When returning to the non-https website in Firefox, it does not correctly return to http but stays as SSL. Like I said earlier, this only happens for me, the other admins can go back and forth without a problem.

Is this an issue on my end that I can fix? And does anyone know of any ways I could reduce duplicate configuration options in the configuration? Thanks in advance!

© Server Fault or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about nginx

Related posts about ssl

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle