Is there any way to make your nginx proxy not forward HTTP -> HTTPS for a specific URL only?

Question

I have auto SSL enabled for a VHOST, but I need to disabled that for a specific URL that needs to accept only non SSL requests.

This, put into vhosts, is working fine if the specific old URL was HTTPS, but it is HTTP. I cannot use HTTPS_METHOD=noredirect disabling auto SSL for the entire VHOST. Is it possible just to disable it for the context of this custom nginx location? I can see in the nginx-proxy logs that it gets a 301 before it even hits this nginx customization. So unfortunately I've only been able to get this proxy_pass config to work with HTTPS URLs, not HTTP.

Thanks for your help.

location /specific/old/http/URL {
    proxy_pass http://service.new.tld/new;
    proxy_set_header host http://service.new.tld;
    proxy_ssl_certificate /etc/nginx/certs/new.tld/fullchain.pem;
    proxy_ssl_certificate_key /etc/nginx/certs/new.tld/key.pem;
}

location /upstream {
    proxy_pass http://service.new.tld;
    proxy_ssl_certificate 
    /etc/nginx/certs/service.new.tld/fullchain.pem;
      proxy_ssl_certificate_key         
    /etc/nginx/certs/service.new.tld/key.pem;
}

score 1 · Accepted Answer · answered Nov 08 '19 at 20:45

You need to Have one server directive for both http and https (will listen on 80 and 443) and you need to add the redirect script only on the wanted locations. See example:

server {
    listen 80;
    listen 443 ssl;
    server_name example.com www.example.com;
    ssl on;
    ssl_certificate example.crt;
    ssl_certificate_key example.key;


    location /specific/old/http/URL {
        proxy_pass http://service.new.tld/new;
        proxy_set_header host http://service.new.tld;
        proxy_ssl_certificate /etc/nginx/certs/new.tld/fullchain.pem;
        proxy_ssl_certificate_key /etc/nginx/certs/new.tld/key.pem;
    }

    location /upstream {
        # add this condition only on the locations you want to redirect to https
        if ($scheme = http) { 
            return 301 https://$server_name$request_uri;
        }

        proxy_pass http://service.new.tld;
        proxy_ssl_certificate  /etc/nginx/certs/service.new.tld/fullchain.pem;
        proxy_ssl_certificate_key /etc/nginx/certs/service.new.tld/key.pem;
}

This looks good, thanks so much. Any idea how to do this for jwilder's nginx proxy (https://github.com/jwilder/nginx-proxy)? I am pretty sure my nginx code is only working for incoming https and not http because my server block cannot be controlled from within the custom VHOST files. It seems nginx.tmpl (https://github.com/jwilder/nginx-proxy/blob/master/nginx.tmpl) would have to be rewritten for this functionality. Do you think so too? — Matt Barnicle, Nov 12 '19 at 11:13
It's not possible to generate this config with this template. I would just runt it with my own config. See line 363 in the repo README for example — ofirule, Nov 12 '19 at 11:30

Is there any way to make your nginx proxy not forward HTTP -> HTTPS for a specific URL only?

1 Answers1