2

Introduction:

  • I want to create a http (no secure) public url to process Redsys (payment gateway) callbacks.
  • Why http? Because I have Cloudflare and they don't like their shared certificates -> handshake error
  • Why not to upload my own certificate (single IP) to Cloudflare? Because I have to pay a monthly fee, and so far is a small project.
  • Workaround? Create a http url and process the callbacks there

Situation:

  • I'm using Laravel and I've created a route to my controller "/tpv"
  • I've all the Nginx configuration ready, listening to 80

Problem:

  • I've got too many redirects, because location /tpv calls Laravel (index.php/tpv) which is affected by location / {redirect to https}

Question:

  • Any creative idea to solve this?

Idea:

  • Create an external php script in a folder called tpv and from there call the Laravel controller, but no clue how to do this or if it's feasible.
  • Delete the Ngnix conf and manage the redirects directly with Laravel as per post Laravel 5 - redirect to HTTPS

  • Before changing to Nginx I was using Rewrites, it might be the solution:

    RewriteCond %{SERVER_PORT} 80 RewriteCond %{THE_REQUEST} !/tpv [NC]

Ngnix conf for reference:

server {
   listen 80;
   listen [::]:80;
   server_name .example.com;
   root /home/forge/example.com/public;
   location /tpv {
       return 301 http://example.com/index.php/tpv;
   }
   location /index.php/tpv {
       return 301 http://example.com/index.php/tpv;
   }
   location / {  # the default location redirects to https
        return 301 https://$host$request_uri;
   }
}
TrOnNe
  • 1,632
  • 16
  • 30
  • Are you using Flexible or Full SSL? You can use a (free) self-signed certificate on Full, if you're only useing Flexible, does that help? Or have you considered using Cloudflare page rules to disable SSL for that particular page? – LeonardChallis Jan 26 '18 at 14:40
  • Or of course, considering a payment gateway really, really should be secure, why not try https://letsencrypt.org/? – LeonardChallis Jan 26 '18 at 14:41
  • @LeonardChallis The problem is that the provider dislike shared SSL, I have full(Strict) so the first certificate that the provider is going to find is the Cloudflare one, then from Cloudflare to my server I'm already using Lets Encrypt, but the provider can't find that out. – TrOnNe Jan 26 '18 at 15:00

1 Answers1

1

Prior to the good ideas you've got, try this simple magic code in conf ;)

server {
   listen 80;
   listen [::]:80;
   server_name .example.com;
   root /home/forge/example.com/public;

   location ^~  /tpv* {
       return 301 https://$host$request_uri;
   }

   try_files $uri $uri/ /index.php?$query_string;

   location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }
}
Alberto rojas
  • 191
  • 3
  • just an small change to make it work better `location ^~ /tpv { try_files $uri $uri/ /index.php?$query_string; } location / { return 301 https://$host$request_uri; }` – TrOnNe Jan 26 '18 at 20:07