I'm using following settings:
s1.conf
# Default website
server {
listen 80;
server_name test.com www.test.com;
return 301 https://test.com$request_uri; # enforce https
server_name_in_redirect off;
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log warn;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host:80;
proxy_set_header< X-Forwarded-Host $http_host
set $proxyserver "http://127.0.0.1:8888";
set $docroot "/home/bitrix/www";
index index.php;
root /home/bitrix/www;
# Redirect to ssl if need
if (-f /home/bitrix/www/.htsecure) { rewrite ^(.*)$ https://$host$1 permanent; }
# Include parameters common to all websites
include bx/conf/bitrix.conf;
# Include server monitoring locations
include bx/server_monitor.conf;
}
s1_ssl.conf
# Default SSL certificate enabled website
server {
listen 443 default_server ssl;
server_name test.com;
# Enable SSL connection
include bx/conf/ssl.conf;
server_name_in_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host:443;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header HTTPS YES;
set $proxyserver "http://127.0.0.1:8888";
set $docroot "/home/bitrix/www";
index index.php;
root /home/bitrix/www;
# Include parameters common to all websites
include bx/conf/bitrix.conf;
# Include server monitoring API's
include bx/server_monitor.conf;
}
When I try link http://test.com/xyz/ or https://test.com/xyz/ all is OK. But when I try link like http://test.com/xyz or https://test.com/xyz I'm get 400 Bad Request, The plain HTTP request was sent to HTTPS port
This curl output:
curl -I -k https://test.com/xyz
HTTP/1.1 301 Moved Permanently
Server: nginx/1.6.2
Date: Mon, 22 Feb 2016 09:13:28 GMT
Content-Type: text/html; charset=iso-8859-1
Connection: keep-alive
Location: http://test.com:443/xyz/
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Why protocol change to http?
you forgot to say that the reference to http://test.com/xyz is directory.
what is evil: mod_dir
A "trailing slash" redirect is issued when the server receives a request for a URL http://servername/foo/dirname where dirname is a directory. Directories require a trailing slash, so mod_dir issues a redirect to http://servername/foo/dirname/.
and for him "HTTPS on" not working, scheme https: // not be
what should be done:
1) nginx configurations do not touch anything
2) in httpd configurations for your domain, example: /etc/httpd/bx/conf/bx_ext_site.local.conf
where string contains name your server, example: ServerName site.local
supplemented by the following: https://
to be so: ServerName https://site.local
that's all you need
it works without any redirects
meaning the problem is hidden in the manual http://httpd.apache.org/docs/2.2/mod/core.html#servername
Sometimes, the server runs behind a device that processes SSL, such as a reverse proxy, load balancer or SSL offload appliance. When this is the case, specify the https:// scheme and the port number to which the clients connect in the ServerName directive to make sure that the server generates the correct self-referential URLs.