itpp2012 Wrote:
-------------------------------------------------------
> You call this high-maintenance: ??
>
> server {
> listen 80;
> server_name mydomain.com;
> location / { rewrite ^ https://$http_host$request_uri? permanent; }
> }
That is not what I have in my configurations. I have something like this:
server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/cert.crt;
ssl_certificate_key /etc/nginx/ssl/cert.key;
server_name mydomain.com;
[...]
a bunch of locations
[...]
location ~* /auth_required {
if ($scheme = 'http') {
rewrite ^ https://$http_host$request_uri? permanent;
}
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/auth/access.htpasswd;
root /var/www/restricted/;
index index.php index.html index.htm;
# PHP processor
include /etc/nginx/php.conf;
}
[...]
a bunch of locations
[...]
}
So with the previous solution I would need to have something like this:
server {
listen 80;
server_name mydomain.com;
[...]
a bunch of locations
[...]
location ~* /auth_required {
rewrite ^ https://$http_host$request_uri? permanent;
}
[...]
a bunch of locations
[...]
}
server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/cert.crt;
ssl_certificate_key /etc/nginx/ssl/cert.key;
server_name mydomain.com;
[...]
a bunch of locations equal to the one in port 80
[...]
location ~* /auth_required {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/auth/access.htpasswd;
root /var/www/restricted/;
index index.php index.html index.htm;
# PHP processor
include /etc/nginx/php.conf;
}
[...]
a bunch of locations equal to the one in port 80
[...]
}
So yes, it is not the best way to do it. I already have a lot of includes for different pourposes and several servers for redirects (from non-www to www) so yes, this complicates the things more quite a bit. If you want to make a change, you will have to do it in both the ssl and non-ssl version as they are suposed to be exactly the same except for this authenticated section which forces you to split the configuration.
It is a shame nginx does not have a solution for this kind of situation. It would be great to have an option for a "high priority" rewrite or an option to use a location only in one port when several ports are defined in the server.
-------------------------------------------------------
> You call this high-maintenance: ??
>
> server {
> listen 80;
> server_name mydomain.com;
> location / { rewrite ^ https://$http_host$request_uri? permanent; }
> }
That is not what I have in my configurations. I have something like this:
server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/cert.crt;
ssl_certificate_key /etc/nginx/ssl/cert.key;
server_name mydomain.com;
[...]
a bunch of locations
[...]
location ~* /auth_required {
if ($scheme = 'http') {
rewrite ^ https://$http_host$request_uri? permanent;
}
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/auth/access.htpasswd;
root /var/www/restricted/;
index index.php index.html index.htm;
# PHP processor
include /etc/nginx/php.conf;
}
[...]
a bunch of locations
[...]
}
So with the previous solution I would need to have something like this:
server {
listen 80;
server_name mydomain.com;
[...]
a bunch of locations
[...]
location ~* /auth_required {
rewrite ^ https://$http_host$request_uri? permanent;
}
[...]
a bunch of locations
[...]
}
server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/cert.crt;
ssl_certificate_key /etc/nginx/ssl/cert.key;
server_name mydomain.com;
[...]
a bunch of locations equal to the one in port 80
[...]
location ~* /auth_required {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/auth/access.htpasswd;
root /var/www/restricted/;
index index.php index.html index.htm;
# PHP processor
include /etc/nginx/php.conf;
}
[...]
a bunch of locations equal to the one in port 80
[...]
}
So yes, it is not the best way to do it. I already have a lot of includes for different pourposes and several servers for redirects (from non-www to www) so yes, this complicates the things more quite a bit. If you want to make a change, you will have to do it in both the ssl and non-ssl version as they are suposed to be exactly the same except for this authenticated section which forces you to split the configuration.
It is a shame nginx does not have a solution for this kind of situation. It would be great to have an option for a "high priority" rewrite or an option to use a location only in one port when several ports are defined in the server.