3

my nginx webserver does not do, what he should. All http:// requests to the server should be redirected with http 301 to https://, it worked fine for the last few days, until it stopped working without any changes.

Nginx returns an empty file with type "application/octet-stream" and following content (readable in sublime):

0000 1204 0000 0000 0000 0300 0000 8000
0400 0000 0000 0500 ffff ff00 0004 0800
0000 0000 7fff 0000 0000 0807 0000 0000
0000 0000 0000 0000 01

First I tried to remove the line 

default_type application/octet-stream;

from my nginx.conf, but it did not help.

The http-response header returns

Status: �����

My server block for the 301 redirect from http:// to https:// looks as follows

server {
   listen 80;
   listen [::]:80;
   server_name my.tld www.my.tld;
   return 301 https://$server_name$request_uri;
}

Nginx does not log anything, when it receives a http:// request. (/var/log/nginx/error.log | /var/log/nginx.access.log). Also PHP7.0-fpm.

Everything required is installed, updated & upgraded. A restart of the services and of the server itself did not help.

Here is the output from curl -v http://my.tld/

* Connected to my.tld (123.123.123.123) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.38.0
> Host: my.tld
> Accept: */*
> 
< HTTP/1.1 200 OK
< Mime-Version: 1.0
< Date: Thu, 06 Oct 2016 06:10:53 GMT
< X-Transformed-From: HTTP/0.9
< Transfer-Encoding: chunked
< Connection: keep-alive
< 
* Connection #0 to host my.tld left intact

Why nginx returns a 200 OK when it should return 301 permanent redirect?

I have not changed anything, it worked with the same configs ...I hope someone can help me :-(. Could it possibly be a DNS problem?

Best, Unkn0wn0x

Unkn0wn0x
  • 71
  • 1
  • 5
  • One things stands out, on the server_name line remove "http://". I'm not sure that's the problem, but it's not something I've ever seen anyone do before. – Tim Oct 06 '16 at 07:18
  • Sorry, in the config it's like you said it, I've edited it. – Unkn0wn0x Oct 06 '16 at 18:08

4 Answers4

4

I've solved the problem. It was a config file from a subdomain which had a own root-directory configured. The config file from the subdomain had 

listen 80 http2;
listen [::]:80 http2

which affected the whole webserver without any errors / log files or similar (nginx -t also positive). After I reinstalled nginx and backed up the config files step by step, I found the error.

Thanks for the support.

Best, Unkn0wn0x

Unkn0wn0x
  • 71
  • 1
  • 5
4

Adding this simply because this is one of the only pages that shows up for a google search of the related topic.

I had the same issue and finally found that the resolution was the same as you've outlined.

Apparently specifying http2 with listen 80 (no ssl) is no bueno. And it is further confusing because this slips past all the nginx config checks.

Winston Krauss
  • 51
  • 1
  • I am not sure why you say HTTP2 without SSL is no good, when the [http_v2_module docs](https://nginx.org/en/docs/http/ngx_http_v2_module.html) gives an example showing that http2 can be used in addition to ssl: `listen 443 ssl http2;`. HTTP2 does have a cleartext protocol (h2c, or http2c), as specified in [RFC7540](https://tools.ietf.org/html/rfc7540#section-9.2) - TLS is however useful in facilitating deployment, as indicated by the [High Performance Browser Networking](https://hpbn.co/http2/#upgrading-to-http2) entry on HTTP2 and TLS. – iwaseatenbyagrue Apr 24 '17 at 16:17
  • 2
    I know that `listen 443 ssl http2` works just fine, the problem was `listen 80 http2`. – Winston Krauss Apr 26 '17 at 13:01
  • @WinstonKrauss Man, this made me go nuts. Apparently, you're right - any domain or subdomain with this would cause all other domains on a host to go haywire in terms of port 80. Thanks for pointing that out, I wouldn't have found it otherwise. – physalis Apr 16 '23 at 11:51
0

The X-Transformed-From header looks suspicious. Check with netstat -lnp command if nginx is really listening to port 80, or if there is some other program listening to it.

Your system could be compromised. In that case, you need to restore from backups and update system before putting it online.

Tero Kilkanen
  • 36,796
  • 3
  • 41
  • 63
0

I have nothing found in relation to the X-Transformed-From header. My nginx is listening on following ports:

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 10282/nginx -g daem tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 10282/nginx -g daem tcp6 0 0 :::443 :::* LISTEN 10282/nginx -g daem tcp6 0 0 :::80 :::* LISTEN 10282/nginx -g daem

If I request https:// my.tld and after that http:// my.tld it works like a charm. On mobile, if I request in a incognito / private tab http://my.tld it redirects instantly to https://.

I tried the tool "HTTP lookup" from http://mxtoolbox.com/ with my domain, it returns an error:

HTTP connect The server committed a protocol violation. Section=ResponseStatusLine (http://my.tld)

I've checked if some firewall rules (ufw) or anything like this is blocking requests on port 80, but it was not so.

ufw status

80                         ALLOW       Anywhere
80 (v6)                    ALLOW       Anywhere (v6)
443                        ALLOW       Anywhere
443 (v6)                   ALLOW       Anywhere (v6)

On my.tld are only a few html-files, no php or similar.

The mxtoolbox errors says, that it could not connect to my server (http:// / port 80) but it's possible. DNS setup is also fine.

I am at a loss :-(

Regards, Unkn0wn0x

Unkn0wn0x
  • 71
  • 1
  • 5