Hi,
I've stripped out most of the SSL parameters, obfuscated a few paths and
removed a few unrelated rewrite rules, but here it is:
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server ipv6only=on;
server_name joeshaw.org;
charset utf-8;
ssl on;
ssl_certificate /etc/redacted.pem;
ssl_certificate_key /etc/redacted.key;
root /srv/www/joeshaw.org/;
index index.html;
error_page 404 /404.html;
location / {
try_files $uri $uri/ $uri/index.html =404;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.joeshaw.org;
charset utf-8;
return 301 https://joeshaw.org$request_uri;
}
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name joeshaw.org www.joeshaw.org;
charset utf-8;
return 301 https://joeshaw.org$request_uri;
}
Hope this helps.
On a related note, after I was looking at my config I realized that I
probably wanted the second server clause to be the default_server (so it
always redirected to my main domain regardless of what Host/:authority
header was provided) and I tried swapping them. Then whenever I hit
https://joeshaw.org/ I was entered into a redirection loop. It seemed like
it was not checking the :authority pseudo-header and always serving from
the default_server.
Joe
On Wed, Aug 12, 2015 at 1:24 PM, Valentin V. Bartenev <vb...@nginx.com>
wrote:
> On Wednesday 12 August 2015 10:53:20 Joe Shaw wrote:
> > Hi,
> >
> > I've been taking the alpha HTTP/2 support for a spin, and noticed that
> 301
> > redirects are missing the Location response header. Thus, browsers don't
> > redirect and just show an HTML page instead.
> >
> > Here's the output of nginx -V:
> >
> > nginx version: nginx/1.9.3
> > built by gcc 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04)
> > built with OpenSSL 1.0.2d 9 Jul 2015
> > TLS SNI support enabled
> > configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx
> > --conf-path=/etc/nginx/nginx.conf
> --error-log-path=/var/log/nginx/error.log
> > --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid
> > --lock-path=/var/run/nginx.lock
> > --http-client-body-temp-path=/var/cache/nginx/client_temp
> > --http-proxy-temp-path=/var/cache/nginx/proxy_temp
> > --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp
> > --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp
> > --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx
> --group=nginx
> > --with-http_ssl_module --with-http_realip_module
> > --with-http_addition_module --with-http_sub_module --with-http_dav_module
> > --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module
> > --with-http_gzip_static_module --with-http_random_index_module
> > --with-http_secure_link_module --with-http_stub_status_module
> > --with-http_auth_request_module --with-threads --with-stream
> > --with-stream_ssl_module --with-mail --with-mail_ssl_module
> --with-file-aio
> > --with-http_v2_module --with-cc-opt='-g -O2 -fstack-protector
> > --param=ssp-buffer-size=4 -Wformat -Werror=format-security'
> > --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro' --with-ipv6
> >
> > I'm testing using the URL https://joeshaw.org/about (which redirects to
> > /about/).
> >
> > Here's the output of a HTTP/1.1 request from curl:
> >
> > < HTTP/1.1 301 Moved Permanently
> > * Server nginx is not blacklisted
> > < Server: nginx
> > < Date: Wed, 12 Aug 2015 14:43:41 GMT
> > < Content-Type: text/html
> > < Content-Length: 178
> > < Location: https://joeshaw.org/about/
> > < Connection: keep-alive
> > < Strict-Transport-Security: max-age=15768000; preload
> > < Public-Key-Pins:
> > pin-sha256="aBBtZy0hiXFCr7RV/RqoJoTCMHEhrwtB6IfgSPCY2sA=";
> > pin-sha256="d6qzvu9zOKCb90Uez27xWltNsj0e1Md7GkYYkVoZwmm="; max-age=86400
> > < X-Frame-Options: DENY
> >
> > Here's the HTTP/2 output from h2i (
> > https://github.com/bradfitz/http2/tree/master/h2i):
> >
> > [FrameHeader HEADERS flags=END_HEADERS stream=1 len=284]
> > :status = "301"
> > server = "nginx"
> > date = "Wed, 12 Aug 2015 14:44:31 GMT"
> > content-type = "text/html"
> > content-length = "178"
> > strict-transport-security = "max-age=15768000; preload"
> > public-key-pins =
> > "pin-sha256=\"aBBtZy0hiXFCr7RV/RqoJoTCMHEhrwtB6IfgSPCY2sA=\";
> > pin-sha256=\"d6qzvu9zOKCb90Uez27xWltNsj0e1Md7GkYYkVoZwmm=\";
> max-age=86400"
> > x-frame-options = "DENY"
> >
> > I hope this is helpful.
> >
>
>
> We are unable to reproduce the problem with a simple configuration.
> Could you provide your config?
>
> wbr, Valentin V. Bartenev
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
