On Thu, Mar 08, 2018 at 08:57:29AM +0000, Lucas Rolff wrote:
Hi there,
> I indeed thought about having a separate server {} block in case there’s the
> http to https redirect for a specific domain.
> Since it depends on the domain, I can’t make a general one to match
> everything.
So, if I read this correctly, the new "requirement statement" is: some
domains want to redirect everything (apart from the letsencrypt piece)
from http to https; and some domains do not want to redirect anything
from http to https.
In that case, the one server with "listen 80 default;" and the two
locations, one with "return 301" and the other with "proxy_pass"; plus
the multiple servers with "listen 443" should Just Work.
If you do want the to-https redirect for this domain, do not add "listen
80" in the 443 server. If you do not want the to-https redirect for that
domain, do add "listen 80" in the 443 server.
Am I missing something?
> > Or: you use $sslproxy_protocol. Where does that come from?
>
> $sslproxy_protocol is a simple map doing:
>
> map $https $sslproxy _protocol {
> default "http";
> SSL "https";
> on "https";
> }
Because I don't know what else you use that variable for, perhaps you
could make a new variable $redirect_to_https, like so (untested):
map $https$uri $redirect_to_https {
default "yes";
~^SSL "no";
~^on "no";
~^/.well-known/ "no";
}
and then redirect based on the value of that variable, where it might matter.
(I presume that $https is empty in http-mode, per http://nginx.org/r/$https)
I prefer the first solution, without the extra variable-and-if; but it's
not my server.
Good luck with it,
f
--
Francis Daly fran...@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
