On this setup, there is a server directive listening to port 80 that
returns www to non www and returns 80 to 443.
The second server is Nginx as SSL terminator, so it’s an SSL virtual
host,
that proxies the request to Varnish, and the last server is the last
host
on the chain, that processes and serves back the requests.
Now, when I bypass the chain and do a curl -v 127.0.0.1:8081
( this is
the backend vhost, the last in the chain ) I get a 302 redirect instead
a
200. This is causing problems on my CMS and also with Varnish
communicating
to the backend.
This is the curl response :
* Rebuilt URL to: 127.0.0.1:8081/
* Hostname was NOT found in DNS cache
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 8081 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.38.0
> Host: 127.0.0.1:8081
> Accept: */*
>
< HTTP/1.1 302 Found
* Server nginx/1.9.9 is not blacklisted
< Server: nginx/1.9.9
< Date: Sat, 19 Dec 2015 16:04:14 GMT
< Content-Type: text/html
< Transfer-Encoding: chunked
< Connection: keep-alive
< X-Powered-By: HHVM/3.11.0
< Vary: Accept-Encoding
< Location: https://domain.com
<
* Connection #0 to host 127.0.0.1 left intact
And this is my nginx configuration :
server {
listen 80;
server_name www.domain.com;
return 301 $scheme://domain.com$request_uri;
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 default_server ssl http2;
server_name domain.com;
access_log off;
ssl_certificate /etc/ssl/private/cert_chain.crt;
ssl_certificate_key /etc/ssl/private/server.key;
if ($allow = no) {
return 403;
}
if ($bad_referer) {
return 444;
}
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Host $host;
proxy_redirect off;
proxy_set_header HTTPS "on";
}
}
server {
listen 127.0.0.1:8081;
root /var/www/domain.com/wordpress;
index index.php index.html index.htm;
server_name domain.com;
error_log /var/log/nginx/upstream.log info;
if ($allow = no) {
return 403;
}
if ($bad_referer) {
return 444;
}
location ~*
^.+.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|css|js)$
{
add_header Cache-Control “public, max-age=600”;
add_header Access-Control-Allow-Headers “X-Requested-With”;
add_header Access-Control-Allow-Methods “GET, HEAD,
OPTIONS”;
add_header Access-Control-Allow-Origin “*”;
access_log off;
}
client_body_buffer_size 124K;
client_header_buffer_size 1k;
client_max_body_size 100m;
large_client_header_buffers 4 16k;
error_page 404 /404.html;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types application/json application/x-javascript
application/xml text/javascript text/plain text/css
application/javascript
text/xml application/xml+rss;
try_files $uri $uri/ /index.php?$args;
# Rewrites for Yoast SEO XML Sitemap
rewrite ^/sitemap_index.xml$ /index.php?sitemap=1 last;
rewrite ^/([^/]+?)-sitemap([0-9]+)?.xml$
/index.php?sitemap=$1&sitemap_n=$2 last;
include hhvm.conf;
# include domain.com-ps.conf;
# include multisite.conf;
rewrite /wp-admin$ $scheme://$server_name$uri/ permanent;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
if ($bad_client) { return 403; }
#location / {
#try_files $uri $uri/ /index.php?$args;
#}
}
–
ELSITAR