[BlueOnyx:24136] Re: Question
Harm van Houten
harm.vanhouten at united4all.nl
Sun Jul 26 02:27:07 -05 2020
Hi Michael,
That does explain a lot,
What would be the best way to redirect towards https then? Cause indeed we use an WordPress plugin
Outlook voor Android<https://aka.ms/ghei36> downloaden
________________________________
From: Blueonyx <blueonyx-bounces at mail.blueonyx.it> on behalf of Michael Stauber <mstauber at blueonyx.it>
Sent: Friday, July 24, 2020 9:18:28 PM
To: blueonyx at mail.blueonyx.it <blueonyx at mail.blueonyx.it>
Subject: [BlueOnyx:24131] Re: Question
Hi Harm,
> If i turn on the NGINX HTTPS proxy function the https websites are
> redirected to the admin page suddenly (on port 444) ?
>
> I don’t understand why this is ... the websites i tested with are
> running lets encrypt certificates.. also the browsers says the
> certificate is not valid.
When "Nginx as SSL proxy" is enabled, Apache will continue to serve HTTP
requests. But it will no longer serve HTTPS. Instead Nginx receives
config files in /etc/nginx/vsites/siteX format to serve HTTPS and proxy
these HTTPS requests to the HTTP port of said Vsite.
There are things that *can* interfere with this. Like Apache having HSTS
enabled. Or .htaccess files that force the connection to be rewritten to
HTTPS and trigger Apache to throw a fit, because it no longer *knows*
how to do HTTPS, as that has been offloaded to Nginx. Also some CMS
systems such as Wordpress have mechanisms that can force HTTPS and that
will equally trip Apache in that scenario, as it then refuses to serve
HTTP, even if the connection actually is via HTTPS and Nginx and Nginx
asks Apache to just serve the page to it to pass it along via HTTPS.
To troubleshoot the issue try to connect to the domain in question via
HTTP. See if that works. Check if the connection is forced to HTTPS. If
it is, then you might have one of the above forceful redirects to HTTPS
in place, which cause issues.
A good way to still force HTTPS via other means is to enable HSTS in
Nginx (and not in Apache). Then modify the template for the webpage to
load one image or CSS file via HTTPS. That will automatically trigger
the entire Vsite to be loaded via HTTPS.
--
With best regards
Michael Stauber
_______________________________________________
Blueonyx mailing list
Blueonyx at mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20200726/67b427ae/attachment.html>
More information about the Blueonyx
mailing list