Https on a specific directory only?

Dobai-Pataky_BSSSSl · December 6, 2010, 8:50am

Hi all,

I recently purchased a SSL certificate and I would like to use it only
on a specific location:

server {
  listen        10.30.1.50:80 default_server backlog=1024 rcvbuf=32k
sndbuf=8k;
  listen        10.30.1.50:443 ssl;
  server_name      www.domain.com;
  ssl_certificate      domain.com.crt;
  ssl_certificate_key    domain.com.key;
...
  location / {
    try_files    $uri $uri/ /index.php?$uri&$args;
  }

  location /dir/ {
    auth_basic    "Restricted Access";
    auth_basic_user_file  htpasswd;
    rewrite    ^  https://www.domain.com/dir$request_uri? permanent;
  }
...
}

In other words, if you access the scheme with a http value, it redirects
you to the https scheme.
I really don’t want to use any IF’s as conditionals.
Right now, the rewrite creates a redirect loop. How can I fix that?

Thanks for your help.

Posted at Nginx Forum:

teck · December 6, 2010, 9:01am

2010/12/6 TECK [email protected]:

   server_name                     www.domain.com;
           rewrite         ^       https://www.domain.com/dir$request_uri?

permanent;

   }
…
}
[/code]

In other words, if you access the scheme with a http value, it redirects
you to the https scheme.
I really don’t want to use any IF’s as conditionals.
Right now, the rewrite creates a redirect loop. How can I fix that?

You can create separate servers for HTTPS and HTTP or use a rewrite
like this (not tested this config):

   location /dir/ {
           auth_basic              "Restricted Access";
           auth_basic_user_file    htpasswd;
           if ($server_port = 80) {
             rewrite         ^

https://www.domain.com/dir$request_uri? permanent;
}
}

Also, it seems that you should remove extra ‘/dir’ from rewrite rule
and write it like this:
rewrite ^ https://www.domain.com$request_uri? permanent;

Hope it helps.

teck · December 6, 2010, 9:02am

Le lundi 06 décembre 2010 à 02:48 -0500, TECK a écrit :

Right now, the rewrite creates a redirect loop. How can I fix that?

Use two server locations, one for http and the other one for https, like
this:

server
{
listen 80;
…
location /dir
{
rewrite ^/(.*) https://example.com/$1 permanent;
}
}

server
{
listen 443;
ssl on;
…
location /dir
{
auth_basic “Restricted Access”;
auth_basic_user_file htpasswd;
…
}
}

Best regards

teck · December 6, 2010, 1:05pm

On Mon, Dec 06, 2010 at 03:13:45AM -0500, TECK wrote:

Thanks for the reply, guys.
The idea of “listen ssl” directive is to keep the configuration
compact:
listen 10.30.1.50:80 default_server backlog=1024 rcvbuf=32k
sndbuf=8k;
listen 10.30.1.50:443 ssl;

I only want to use SSL, in one directory. I know I can use the “long”
method, my goal was to find out how I could do it in a compact form,
like in my first post example. Thanks a lot for your help.

 location /dir/ {
     if ($scheme != https) {
         rewrite  ^  https://www.domain.com/dir$request_uri?

permanent;
}
}

However, I do not recommend this .htaccess-way.
It’s much better to use seprate servers.

–
Igor S.
http://sysoev.ru/en/

teck · December 6, 2010, 9:14am

Thanks for the reply, guys.
The idea of “listen ssl” directive is to keep the configuration
compact:
listen 10.30.1.50:80 default_server backlog=1024 rcvbuf=32k
sndbuf=8k;
listen 10.30.1.50:443 ssl;

I only want to use SSL, in one directory. I know I can use the “long”
method, my goal was to find out how I could do it in a compact form,
like in my first post example. Thanks a lot for your help.

Posted at Nginx Forum: