Force https on certificate with multiple domains


#1

Hi, I’m using nginx on ubuntu, and I have a problem, I have multiple domains in my certificate, when I access my website with the .com.br domain the users are forced to use the https, but the same does not happen with the other domains.

If I enable this line, all domains redirect to the domain .com.br:
return 301 https://www.$server_name$request_uri;

How can I fix this?

Here is my nginx config file:

server {
        listen 80 default_server;
        listen [::]:80 default_server ipv6only=on;

        client_max_body_size 100M;

        root /var/www/robbu.com.br/public;
        index index.php index.html index.htm;

        # Make site accessible from http://localhost/
        server_name domain.com.br www.domain.com.br domain.com.ar www.domain.com.ar domain.global www.domain.global domain.net www.domain.net domain.solutions www.$

        #return 301 https://www.$server_name$request_uri;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ /index.php?$query_string;
                # Uncomment to enable naxsi on this location
                # include /etc/nginx/naxsi.rules
        }
        location ~ \.php$ {
                try_files $uri =404;
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
        }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/robbu.com.br/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/robbu.com.br/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

#2

Try this:

server {
        listen 80 default_server;
        listen [::]:80 default_server ipv6only=on;
        return 301 https://www.$server_name$request_uri;
}

#3

Incorrect redirect, Firefox has detected that the server is redirecting the request to this address in a way that will never be completed.


#4

sorry, i didn’t catch the www. that will do an endless loop.

try:

return 301 https://$server_name$request_uri;

The easiest way to handle many domains is to run a server block listens to all HTTP (default_server) and redirects it to HTTPS for the same server.


#5

I’m still getting the same error =/


#6

In your first post, you have a combined port 80 and port 443 server block. This is fine, but it means you can’t use a catch-all 301 line like that, and it also means you can’t have a separate port 80 block as suggested, because only one will apply.

Take a look at this post which is relevant to your case: https://serverfault.com/a/474345


#7

It uses just one server_name


#8

Use $host instead of $server_name, if you want it to match the request hostname.


#9

ah, yeah it’s http_host. i keep forgetting that.

server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;
    return 301 https://$http_host$request_uri;
}

tested.


#10

Hi,
I have a very easy way that I always use:
You can force https connection by putting this in your .htaccess BTW if you don’t have htaccess just create a .htaccess on your public folder (htdocs or what is the name of your public folder)
Enter the following code:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^yourdomain.com [NC]
RewriteRule ^(.*)$ https://yourdomain.com/$1 [L,R=301,NC]
*Oh and BTW this will only work if you insert your certificate through a cpanel or if you have a valid ssl certificate
(Change yourdomain.com to your own domain)

You can see mine here:

If you have any questions about my version, please don’t hesitate to reply, I will reply back.


#11

@arcenas090, these instructions are for Apache, but this topic is discussing nginx, so they won’t work here.


#12

Same error yet =/ Looping forever…


#13

All that does is redirect a HTTP host to the HTTPS version. It can’t cause an endless redirect, because that block won’t ever serve the redirected url (because the redireted url is HTTPS, and the block only serves HTTP).

You must have a redirect in your HTTPS server block that is causing the loop.


#14

Any tips on what I can do?


#15

You can also use curl -I http://example.com to see the returned redirect header (which should be httpS://example.com, then issue curl -I https://example.com to inspect that header too. That should help you find where the redirect loop is.

I believe you can debug redirects if you set the nginx error_log to notice.


#16

Oh sorry about that, I would say that I am not really good at nginx because almost all I use is Apache,
So here is an answer of me when I was researching for an answer, I hope this will help…
[quote="server {
listen 80 default_server;
listen [::]:80 default_server;
server_name example.com www.example.com;
return 301 https://$server_name$request_uri;
}
[/qoute]


#17

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.