nginx rewrite only specific servername to https

Question

It's about two subdomains. The first one (www) should be accessed via http. The second one (cloud) should be accessed via https.

These are the relevant parts of my entries:

server {
        listen 80;
        server_name cloud.example.de;
        rewrite ^ https://$server_name$request_uri? permanent;  # enforce https
}

server {
        listen 443 ssl;
        server_name cloud.example.de;
        root /home/user/web/cloud;
}

server {
        listen 80;
        server_name www.example.de;
        root /home/user/web/cms;

        #etc.
}

When I now call http://cloud.example.de I am redirected to https://cloud.example.de, fine. But when I call http://www.example.de I am also redirected, to https://www.example.de, which leads me to the content of cloud.example.com, because this is the only servername set as used by port 443.

There is no entry in the access-log of the www-subdomain.
There is another subdomain pointing to a phpPgAdmin. This I can access as normal, it's not rewritten.

server {
        listen 80;
        server_name pgsql.example.de;
        root /home/user/web/phppgadmin;

        #etc
}

What is missing? The rewrite should be only done if the servername matches cloud.example.de.
And is there a relevance in the order of the server entries or does it not matter?

Using nginx 0.8.54 on Ubuntu 11.04.

score 9 · Accepted Answer · answered Mar 20 '13 at 20:29

The sample config that you provide looks about right, and I doubt it would work as you describe (you probably made too many changes when trying to simplify it).

Are you getting wrong redirects in something like curl, or only in the browser? I've dealt with cases where permanent is permanently cached in Mozilla (e.g. from a prior nginx.conf), without any way to invalidate a single 301 cache entry, so, are you sure it's not a cache issue?

In any case, you could also try using if to make the redirects conditional (perhaps the first server gets chosen as the default server):

    if ($host = "cloud.example.de") {
            rewrite ^ https://$server_name$request_uri? redirect;
    }
    return 403;

Or, another option,

server {
    listen 80;
    listen 443 ssl;
    server_name cloud.example.de;
    if ($scheme != "https") {
        rewrite ^ https://$server_name$request_uri? redirect;
    }
    root /home/user/web/cloud;
}

And try curl -v to make sure you're seeing what is there.

Seems it's really a browserrelated issue. I now tried your second option, it works fine in chromium and new profile in firefox. I cleared the cache in my default profile but it keeps redirecting me...but thats nothing related to nginx. Many thanks for the help. — 32bitfloat, Mar 21 '13 at 09:04
I don't think you have to go as far as creating a new profile. The issue is that Shift-Refresh doesn't work to clear the `301` page from cache, unlike it does for all other pages. I stopped using `301` `permanent` for this reason; most of my redirects are now `302` `redirect`. Another way to avoid a stale `301` is append `?21T0911` to the URL, where "21T0911" is something like the current date/time. — cnst, Mar 21 '13 at 16:14

nginx rewrite only specific servername to https

1 Answers1