2

Firefox is the only browser I am having issues with. I have found similar issues, but no solutions seem to work.

When I visit http://example.com nginx rewrites it as http://www.example.com. I did this because the site used ssl sitewide, where now that has remains on the initial server using a subdomain, so is https://subdomain.example.com. Search engines, old bookmarks, and other old links attempted to take the user to https://example.com.

In all Browsers this works like a charm, except in firefox.

The Problem: Firefox takes the users request of http://example.com and forwards them to https://subdomain.example.com.

And then from the search engine link that reads https://example.com, an SSL error is raised because it's trying to read subomain.example's.

I'm getting confused and now it's 430 in the morning. Does someone have any clues here?

Here's my nginx conf:

    upstream thin_server {
    server 0.0.0.0:8080 fail_timeout=0;
    }

server {
listen   80 default;
listen 443 ssl;
ssl off;
root /home/example/public;
server_name example.com www.example.com;
ssl_certificate /etc/nginx/ssl/www.example.com.chained.crt;
ssl_certificate_key /etc/nginx/ssl/example.key;
index index.htm index.html;

if ($host = 'example.com') {
    rewrite  ^/(.*)$  http://www.example.com/$1;
}

location / {
    try_files $uri/index.html $uri.html $uri @app;
}

location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|mp3|flv|mpeg|avi)$ {
        try_files $uri @app;
    }

 location @app {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;
    proxy_pass http://thin_server;
}

error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}

UPDATE Just started working randomly a couple of days later

nil
  • 2,238
  • 1
  • 19
  • 28
  • 1
    It might be a cache issue try ctrl + shift + delete and choose the cache only and mark it to delete all cache – Mohammad AbuShady Oct 27 '13 at 05:59
  • Hey @Mohammad, yes I had a fresh install of browser, and continuously have cleared all user data when testing. – nil Oct 27 '13 at 17:03

1 Answers1

1

I had the a similar issue, Chrome was working fine, IE and firefox did not working with the http to https redirect. I was searching for a day, build various configurations but nothing helped.

By accident I checked my firewall (ufw status) and realized that port 80 was not open, only 443.
After allowing port 80 it worked.

Here is my nginx config which is working ( I know it is not optimized )

# Redirect http to https
server {
    listen 80 default_server;
    listen [::]:80 default_server; 
    server_name domain.tl www.domain.tl *.domain.tl;    
    return 301 https://www.domain.tl$request_uri;
}

#HTTPS config for SSL with certificate
server {
    listen 443 ssl;
    listen [::]:443 ssl;    
    server_name www.domain.tl www.domain.tl;  

#Limited Cipers to avoid MD5 etc attacks 
   ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
   ssl_prefer_server_ciphers on;
   ssl_session_cache shared:SSL:10m;

#Limit to TLSv1.2 for security 
    ssl_protocols TLSv1.2;

#Chained certificate to make sure the intermediate is in
    ssl_certificate /etc/nginx/ssl/certificate.chain.crt;
    ssl_certificate_key /etc/nginx/ssl/certificat_key.key;

#PHP, Wordpress etc config
    root /var/www/html;
    index index.php index.html index.htm;

    # unless the request is for a valid file, send to bootstrap

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        #try_files $uri $uri/ =404;
        #Rewrite rule fuer Wordpress
    try_files $uri $uri/ /index.php?$args;
    }

# PHP7 specific
    location ~ \.php$ {
        try_files $uri =404;
        #fastcgi_pass 127.0.0.1:9000;
        # With php5-fpm:
        #fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }

    # OLD CONFIG for php5
    # location ~ \.php$ {
    #    try_files $uri =404;
    #    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    #    fastcgi_pass unix:/var/run/php5-fpm.sock;
    #    fastcgi_index index.php;
    #    include fastcgi_params;
    #}
}
byteslam
  • 11
  • 1