0

My company is running a webserver with nginx. The configuration is set so that every request on a certain server block are forcefully rewritten to https, using a location block. This is the full configuration for a specific domain:

# HTTP server

server {
    listen       80;
    server_name  www.mydomain.it mydomain.it admin.mydomain.it;
    rewrite ^(.*) https://$host$1 permanent;
}

# HTTPS server

server {
    listen       443;
    server_name  www.mydomain.it mydomain.it admin.mydomain.it;
    root         /usr/share/nginx/html/mydomain_server;

    ssl                   on;
    ssl_certificate       /etc/certs/mydomain-bundle.crt;
    ssl_certificate_key   /etc/certs/mydomain.key;

    ssl_session_timeout  5m;

    ssl_protocols  SSLv2 SSLv3 TLSv1;
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;

    access_log  /var/log/nginx/mydomain.ssl.access.log  main;
    error_log   /var/log/nginx/mydomain.ssl.error.log   error;

    location / {
            try_files $uri $uri/ =404;
    }

    error_page 404 /404-mydomain.html;
    error_page 500 502 503 504 /50x.html;

    location ~ \.php$ {
        fastcgi_buffer_size 128k;
        fastcgi_buffers 4 256k;
        fastcgi_busy_buffers_size 256k;
        try_files $uri =404;
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

This domain serves several implementations of the same software to different customers, and works like this:

Customer John: www.domain.com/John
Customer Ada: www.domain.com/Ada
etc...

Obviously, as you can see, all accesses to such URLS are redirected to HTTPS.

Now, there is a particular need for a single customer not this to happen.

I've been reading the official doc here about locations, which tells I can't non-match a particular expression (as stated here too), and I can't find a way to have it work.

I've tried to add another location block matching the customer path before the default one, like this:

server {
    listen       80;
    server_name  www.mydomain.it mydomain.it admin.mydomain.it;
    root         /usr/share/nginx/html/mydomain_server;

    location ^~ /Mole/ {
            try_files $uri $uri/ =404;
    }

    location / {
            rewrite ^(.*) https://$host$1 permanent;
            try_files $uri $uri/ =404;
    }    
}

which is not working, as Mole is still being redirected to HTTPS. I've tried using "~", "=" and even simply "location /Mole/", without success. Not a browser cache problem as I've tried already flushing it. What am I missing?

Community
  • 1
  • 1
Seether
  • 1,524
  • 1
  • 14
  • 28
  • Have you checked with curl/wget? You have permanent redirect and your browser probably cached it. – Alexey Ten Sep 24 '14 at 11:47
  • As stated at the very end, I checked that. Tried with different browsers with anonymous sessions / flushed caches. – Seether Sep 24 '14 at 13:02
  • Caches are not relevant for 301. Browser history is. In your history window right click an entry for that site and look for an option "forget about this site". This should also clear any Strict Transport Security header you may have set. And do try with curl always, browsers are unreliable - too many hidden features. But your error is likely that you have no webroot defined in your server block, so what is the try_files matching against? –  Sep 25 '14 at 16:55
  • @Melvyn, although I forgot to mention it, I replicated the "root /usr/share/nginx/html/mydomain_server;" line in the plain http server block. Concerning the tests with curl, I'll try as soon as possibile. – Seether Sep 25 '14 at 19:48

1 Answers1

2

You could try using the map directive to identify customers who prefer to use http:

map $uri $use_https {
    default 1;
    ~^/Mole/ 0; # add other exceptions as needed
}

server {
    listen  80;
    server_name  www.mydomain.it mydomain.it admin.mydomain.it;
    root    /usr/share/nginx/html/mydomain_server;

    location / {
        if ($use_https) { # consider using 302 for testing
            return 301 https://$host$request_uri;
        }
        try_files $uri $uri/ =404;
    }
}
Cole Tierney
  • 9,571
  • 1
  • 27
  • 35