Nginx 301 redirect https to http

Drifter104 asked:

I have a strange issue with a trailing /

I’m using nginx and it is functioning correctly with one small exception.
I have the following site config

    server {
listen         80;
return         301 https://$server_name$request_uri/;
server_name    sub1.sub2.domain.com;
}
    server {
 listen              443 ssl; # The ssl directive tells NGINX to decrypt
                              # the traffic
 server_name         sub1.sub2.domain.com;
 ssl_certificate     /etc/nginx/ssl/sub1.sub2.domain.com/server.crt; # This is the certificate file
 ssl_certificate_key /etc/nginx/ssl/sub1.sub2.domain.com/server.key; # This is the private key file
 location / {
            proxy_pass http://1.1.1.1:8880;
            proxy_redirect off;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;    
    }
}

I have an offsite authentication service running and securing a subfolder called secure, so if a request for either /secure or /secure/ is requested they are sent to the off-site authentication service. Once they are authenticated they are redirected back to the whatever url they initial requested. If after authentication they happen to request /secure/ everything works perfectly. If they type /secure (no trailing /) nginx does a 301 redirect after authentication and replaces the https with http, so they get to http://sub1.sub2.domain.com/secure and then go through another redirect back to https

From what I’ve read here http://nginx.org/en/docs/http/ngx_http_core_module.html#location this is the correct behaviour, but the solution to define /secure/ and /secure as seperate location files doesn’t seem to work, and it also doesn’t mention anything in that example about the https to http change. Any help would be greatly appreciated.

My answer:


You are explicitly adding the trailing slash in your redirect:

return         301 https://$server_name$request_uri/;

This obviously isn’t what you want.

So don’t add a trailing slash:

return         301 https://$server_name$request_uri;

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.