Under nginx and codeigniter how do i redirect certain pages from http to https

Question

I want that certain pages to be available on https but not on http. I have a Code Igniter framework there.

Here is the code from nginx conf:

server {
   listen         80;
   ......
        #enforce https
        if ($request_uri ~ "^(winkelmandje|(index.php/)?winkelmandje|(index.php/)?history|(index.php/)?mobile/winkelmandje|(index.php/)?winkelmandje/voegtoe)"){
                rewrite ^/(.*)$ https://$http_host/$1 permanent;
        }
....
}

server {
  listen      443;
  ssl         on;
   ....
        #enforce http
        if ($request_uri ~ "^(!(index.php/)?winkelmandje|!(index.php/)!mobile/winkelmandje|!(index.php/)?history|assets/|!lib_desktop/|!lib_mobile/|!images/|!widget/|!(index.php/)?winkelmandje/voegtoe)"){
                rewrite ^/(.*)$ http://$http_host/$1 permanent;
        }

   .....
}

if i go to my domain/winkelmandje (this page is the cart) on http i do not get redirected to https.

Another example is if i access the domain index on https i do not get redirected on http

You're unlikely to achieve your security goals that way. Why do you want *any* pages to not use SSL? — Ladadadada, Feb 14 '14 at 08:36
Well i want only the basket, secure checkout and order history to be on https. The rest of the pages must be on http — user3116300, Feb 14 '14 at 09:35
I asked *why*. The reason I ask is that I suspect you're worried about the SSL overhead. The overhead is tiny and not worth worrying about. But if you share session cookies between the SSL and non-SSL parts of the site then anyone who can see the non-SSL traffic can just log in as that user using their cookie. So if you don't have the `secure` attribute in your cookies, you might as well not bother having SSL at all. If you want security, make the whole site SSL. — Ladadadada, Feb 14 '14 at 11:02
I made it work! I removed the ! in the ssl and removed the ^ from http and https (because request_uri contains the domain as well). — user3116300, Feb 14 '14 at 12:28

score 1 · Answer 1 · edited Dec 08 '16 at 18:58

Remove the ! in the https server directive and remove the ^ from http and https (because request_uri contains the domain as well).

server {
   listen         80;
   ......
        #enforce https
        if ($request_uri ~ "(winkelmandje|(index.php/)?winkelmandje|(index.php/)?history|(index.php/)?mobile/winkelmandje|(index.php/)?winkelmandje/voegtoe)"){
                rewrite ^/(.*)$ https://$http_host/$1 permanent;
        }
....
}

server {
  listen      443;
  ssl         on;
   ....
        #enforce http
        if ($request_uri ~ "(!(index.php/)?winkelmandje|!(index.php/)!mobile/winkelmandje|!(index.php/)?history|assets/|!lib_desktop/|!lib_mobile/|!images/|!widget/|!(index.php/)?winkelmandje/voegtoe)"){
                rewrite ^/(.*)$ http://$http_host/$1 permanent;
        }

   .....
}

Under nginx and codeigniter how do i redirect certain pages from http to https

1 Answers1