Wayne Werner asked:
I’m not entirely sure what it is I’m looking for here, so I’m not able to effectively search for my answer.
I’m using dehydrated for LetsEncrypt’s TLS-ALPN challenges. I’m hosting the service behind nginx by using
stream {
map $ssl_preread_alpn_protocols $tls_port {
~\bacme-tls/1\b 10443;
default 3443;
}
server {
listen 443;
listen [::]:443;
proxy_pass 127.0.0.1:$tls_port;
ssl_preread on;
}
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 3443 ssl;
listen [::]:3443 ssl;
server_name wanderingwerners.com www.wanderingwerners.com;
ssl_certificate /path/to/my/fullchain.pem;
ssl_certificate_key /path/to/my/privkey.pem;
index index.html;
root /var/www/wanderingwerners.com/;
}
This works pretty great – I can get new certs with zero downtime, and my website is accessible. However, when I access my page it works fine. When I hover over a link it shows me https://www.wanderingwerners.com/a-beginning/
Clicking on that link, though, takes me to https://www.wanderingwerners.com:3443/a-beginning/
This is undesirable – I’d prefer it show up as plain ol’ https://www.wanderingwerners.com/a-beginning/
I’m assuming that something I have setup here in nginx is what’s causing the confusion, but I’m not positive.
Is there a way that I can update my nginx config to still allow the dehydrated server to work, but also tell the browser that :3443
isn’t really what they should be connecting to? (Or at least, don’t show it in the address bar)
Update
When I do curl https://www.wanderingwerners.com/a-beginning
it gives me a 301 redirect. Something is definitely happening with my nginx config here.
Another Update
When I do curl https://www.wanderingwernerx.com/a-beginning/
it works just fine so it looks like it’s doing something with the trailing /
My answer:
The redirect you described comes from nginx when you omitted the trailing slash from a URL. You should be able to suppress it with port_in_redirect off;
.
View the full question and any other answers on Server Fault.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.