Hello Everyone,
This may have been covered before, but I was unable to find it with Search. Anyway, I have set up a Nginx host to accept incoming connections for port 80 and https on port 443. This is all working fine. However on some browsers, even if I request http (not https) it automatically switches me to https. Can't get it to use http. At first I thought maybe I have some SSL configuration in there that uses Strict-Transport-Security, but that's not the case. At one point I did, but I commented it out and now totally removed it from the configuration file. Still that OS X 10.11 Safari browser only loads the site in https. it will switch from http to https automatically.
I also tried emptying the browser cache here, but nothing. Does not help.
Any ideas? Here is my config file. Maybe I have it set up incorrect?
Thanks in advance for your time.
## Add www
server {
listen 80;
listen 443 ssl http2;
server_name domain.com;
return 301 $scheme://www.domain.com$request_uri;
## SSL CONFIGURATION
ssl_certificate /etc/nginx/ssl/www.domain.com.crt;
ssl_certificate_key /etc/nginx/ssl/www.domain.com.key;
}
## http on port 80
server {
include /etc/nginx/port.conf;
server_name www.domain.com;
root /var/www/www.domain.com/html;
access_log /var/log/nginx/access_www.domain.com.log main if=$writelog;
error_log /var/log/nginx/error_www.domain.com.log error;
## Pagespeed module
#include /etc/nginx/conf.d/pagespeed.conf;
## Bots trap
include /etc/nginx/conf.d/spider.conf;
## SSL CONFIGURATION
## Server maintenance block.
#include /etc/nginx/conf.d/maintenance.conf;
## Error log/page
#include /etc/nginx/conf.d/error_page.conf;
## These locations are protected
location ~ (app|includes|pkginfo|var|errors/local.xml)/ {
satisfy any;
allow 192.168.0.1/24;
allow 127.0.0.1;
auth_basic "Restricted Access Area";
auth_basic_user_file /var/www/www.domain.com/.htpasswd;
deny all;
}
include /etc/nginx/conf.d/extra_protect.conf;
## Images
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
access_log off;
add_header ETag "";
}
location =/js/index.php/x.js {
rewrite ^(.*\.php)/ $1 last;
}
## Main Magento @location
location / {
try_files $uri $uri/ @rewrite;
}
location @rewrite {
rewrite / /index.php?$args;
}
## I added the location @missing below to allow advanced URL rewrites
location @missing {
rewrite / /index.php;
}
## Execute PHP scripts
location ~ \.php$ {
include /etc/nginx/conf.d/headers.conf;
##try_files $uri =404;
## I disabled the line above and added the 2 lines below
fastcgi_intercept_errors on;
try_files = $uri @missing;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
## Store code with multi domain
#fastcgi_param MAGE_RUN_CODE $mage_code;
#fastcgi_param MAGE_RUN_TYPE $mage_type;
## Default Store code
fastcgi_param MAGE_RUN_CODE default;
fastcgi_param MAGE_RUN_TYPE store; ## or website;
include fastcgi_params;
}
## Below we allow access to .php script inside the downloader directory - added that to get downloader functionality
location /downloader/ {
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root/downloader/index.php;
include /etc/nginx/fastcgi_params;
}
}
}
## https on port 443
server {
include /etc/nginx/port.conf;
listen 443 ssl http2;
server_name www.domain.com;
root /var/www/www.domain.com/html;
access_log /var/log/nginx/access_www.domain.com.log main if=$writelog;
error_log /var/log/nginx/error_www.domain.com.log error;
## Pagespeed module
#include /etc/nginx/conf.d/pagespeed.conf;
## Bots trap
include /etc/nginx/conf.d/spider.conf;
## SSL CONFIGURATION
ssl_certificate /etc/nginx/ssl/www.domain.com.crt;
ssl_certificate_key /etc/nginx/ssl/www.domain.com.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# modern configuration. tweak to your needs.
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
#add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
#ssl_stapling on;
#ssl_stapling_verify on;
## Server maintenance block.
#include /etc/nginx/conf.d/maintenance.conf;
## Error log/page
#include /etc/nginx/conf.d/error_page.conf;
## These locations are protected
location ~ (app|includes|pkginfo|var|errors/local.xml)/ {
satisfy any;
allow 192.168.0.1/24;
allow 127.0.0.1;
auth_basic "Restricted Access Area";
auth_basic_user_file /var/www/www.domain.com/.htpasswd;
deny all;
}
include /etc/nginx/conf.d/extra_protect.conf;
## Images
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
access_log off;
add_header ETag "";
}
location =/js/index.php/x.js {
rewrite ^(.*\.php)/ $1 last;
}
## Main Magento @location
location / {
try_files $uri $uri/ @rewrite;
}
location @rewrite {
rewrite / /index.php?$args;
}
## I added the location @missing below to allow advanced URL rewrites
location @missing {
rewrite / /index.php;
}
## Execute PHP scripts
location ~ \.php$ {
include /etc/nginx/conf.d/headers.conf;
##try_files $uri =404;
## I disabled the line above and added the 2 lines below
fastcgi_intercept_errors on;
try_files = $uri @missing;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
## Store code with multi domain
#fastcgi_param MAGE_RUN_CODE $mage_code;
#fastcgi_param MAGE_RUN_TYPE $mage_type;
## Default Store code
fastcgi_param MAGE_RUN_CODE default;
fastcgi_param MAGE_RUN_TYPE store; ## or website;
include fastcgi_params;
}
## Below we allow access to .php script inside the downloader directory - I added that to get downloader functionality
location /downloader/ {
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root/downloader/index.php;
include /etc/nginx/fastcgi_params;
}
}
}
This may have been covered before, but I was unable to find it with Search. Anyway, I have set up a Nginx host to accept incoming connections for port 80 and https on port 443. This is all working fine. However on some browsers, even if I request http (not https) it automatically switches me to https. Can't get it to use http. At first I thought maybe I have some SSL configuration in there that uses Strict-Transport-Security, but that's not the case. At one point I did, but I commented it out and now totally removed it from the configuration file. Still that OS X 10.11 Safari browser only loads the site in https. it will switch from http to https automatically.
I also tried emptying the browser cache here, but nothing. Does not help.
Any ideas? Here is my config file. Maybe I have it set up incorrect?
Thanks in advance for your time.
## Add www
server {
listen 80;
listen 443 ssl http2;
server_name domain.com;
return 301 $scheme://www.domain.com$request_uri;
## SSL CONFIGURATION
ssl_certificate /etc/nginx/ssl/www.domain.com.crt;
ssl_certificate_key /etc/nginx/ssl/www.domain.com.key;
}
## http on port 80
server {
include /etc/nginx/port.conf;
server_name www.domain.com;
root /var/www/www.domain.com/html;
access_log /var/log/nginx/access_www.domain.com.log main if=$writelog;
error_log /var/log/nginx/error_www.domain.com.log error;
## Pagespeed module
#include /etc/nginx/conf.d/pagespeed.conf;
## Bots trap
include /etc/nginx/conf.d/spider.conf;
## SSL CONFIGURATION
## Server maintenance block.
#include /etc/nginx/conf.d/maintenance.conf;
## Error log/page
#include /etc/nginx/conf.d/error_page.conf;
## These locations are protected
location ~ (app|includes|pkginfo|var|errors/local.xml)/ {
satisfy any;
allow 192.168.0.1/24;
allow 127.0.0.1;
auth_basic "Restricted Access Area";
auth_basic_user_file /var/www/www.domain.com/.htpasswd;
deny all;
}
include /etc/nginx/conf.d/extra_protect.conf;
## Images
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
access_log off;
add_header ETag "";
}
location =/js/index.php/x.js {
rewrite ^(.*\.php)/ $1 last;
}
## Main Magento @location
location / {
try_files $uri $uri/ @rewrite;
}
location @rewrite {
rewrite / /index.php?$args;
}
## I added the location @missing below to allow advanced URL rewrites
location @missing {
rewrite / /index.php;
}
## Execute PHP scripts
location ~ \.php$ {
include /etc/nginx/conf.d/headers.conf;
##try_files $uri =404;
## I disabled the line above and added the 2 lines below
fastcgi_intercept_errors on;
try_files = $uri @missing;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
## Store code with multi domain
#fastcgi_param MAGE_RUN_CODE $mage_code;
#fastcgi_param MAGE_RUN_TYPE $mage_type;
## Default Store code
fastcgi_param MAGE_RUN_CODE default;
fastcgi_param MAGE_RUN_TYPE store; ## or website;
include fastcgi_params;
}
## Below we allow access to .php script inside the downloader directory - added that to get downloader functionality
location /downloader/ {
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root/downloader/index.php;
include /etc/nginx/fastcgi_params;
}
}
}
## https on port 443
server {
include /etc/nginx/port.conf;
listen 443 ssl http2;
server_name www.domain.com;
root /var/www/www.domain.com/html;
access_log /var/log/nginx/access_www.domain.com.log main if=$writelog;
error_log /var/log/nginx/error_www.domain.com.log error;
## Pagespeed module
#include /etc/nginx/conf.d/pagespeed.conf;
## Bots trap
include /etc/nginx/conf.d/spider.conf;
## SSL CONFIGURATION
ssl_certificate /etc/nginx/ssl/www.domain.com.crt;
ssl_certificate_key /etc/nginx/ssl/www.domain.com.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# modern configuration. tweak to your needs.
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
#add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
#ssl_stapling on;
#ssl_stapling_verify on;
## Server maintenance block.
#include /etc/nginx/conf.d/maintenance.conf;
## Error log/page
#include /etc/nginx/conf.d/error_page.conf;
## These locations are protected
location ~ (app|includes|pkginfo|var|errors/local.xml)/ {
satisfy any;
allow 192.168.0.1/24;
allow 127.0.0.1;
auth_basic "Restricted Access Area";
auth_basic_user_file /var/www/www.domain.com/.htpasswd;
deny all;
}
include /etc/nginx/conf.d/extra_protect.conf;
## Images
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
access_log off;
add_header ETag "";
}
location =/js/index.php/x.js {
rewrite ^(.*\.php)/ $1 last;
}
## Main Magento @location
location / {
try_files $uri $uri/ @rewrite;
}
location @rewrite {
rewrite / /index.php?$args;
}
## I added the location @missing below to allow advanced URL rewrites
location @missing {
rewrite / /index.php;
}
## Execute PHP scripts
location ~ \.php$ {
include /etc/nginx/conf.d/headers.conf;
##try_files $uri =404;
## I disabled the line above and added the 2 lines below
fastcgi_intercept_errors on;
try_files = $uri @missing;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
## Store code with multi domain
#fastcgi_param MAGE_RUN_CODE $mage_code;
#fastcgi_param MAGE_RUN_TYPE $mage_type;
## Default Store code
fastcgi_param MAGE_RUN_CODE default;
fastcgi_param MAGE_RUN_TYPE store; ## or website;
include fastcgi_params;
}
## Below we allow access to .php script inside the downloader directory - I added that to get downloader functionality
location /downloader/ {
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root/downloader/index.php;
include /etc/nginx/fastcgi_params;
}
}
}