Non Https Domains redirect to Https domains
Non Https Domains redirect to Https domains
So to explain this, I have several domains hosted (Running on Ubuntu 12.04, Vesta with Apache+Nginx)
Some are configure to use SSL, others are not.
if I try to open a https connection to a domain the DOES NOT have SSL configured, it redirects to one of the sites that DOES, resulting in a) showing the wrong website! b) certificate errors (obviously)
Is there a way to specifically stop domains without SSL redirecting if an https request is made? Would I need to do this in a per domain basis?
Thanks in advance :)
Some are configure to use SSL, others are not.
if I try to open a https connection to a domain the DOES NOT have SSL configured, it redirects to one of the sites that DOES, resulting in a) showing the wrong website! b) certificate errors (obviously)
Is there a way to specifically stop domains without SSL redirecting if an https request is made? Would I need to do this in a per domain basis?
Thanks in advance :)
Re: Non Https Domains redirect to Https domains
Bump, anyone?
Re: Non Https Domains redirect to Https domains
I have the same proble. Any news?
-
flasher4401
- Posts: 3
- Joined: Wed Mar 23, 2016 6:43 pm
Re: Non Https Domains redirect to Https domains
I think its a behavior you can't suppress without manual reconfiguration. It's not a problem with VestaCP, it's just the way webservers like nginx and apache work. For what i have experienced by now it occurs in the following way:
You are trying to connect to a server_name that does not exist under the given ip:port (https uses a different port than http) --> ip:443, it only exists under ip:80.
Nginx can't find your server_name and delivers the first page that listens on ip:443.
You do not notice the same behavior the opposite around, because your SSL configured pages have server blocks for both, http and https connections.
The only way around is to adjust it manually. You could add server blocks for your http-only pages that listen on port 443 and redirect to port 80. This way you could enter https://example.com and you would be redirected to http://example.com.
Another way is to declare a server block with a listen directive for "default_server" (at port 443 of course) that could redirect to a standard page or throw a 404.
Unfortunately you need a SSL-cert for both ways -> and if you sign it yourself, you'll get a safety warning inside your browser. (#LetsEncrypt is the way to go)
You could do these configurations directly inside the config files or you could create some templates and use VestaCP. (I think I'll create HTTP-Only and HTTPS-Only for my own)
You are trying to connect to a server_name that does not exist under the given ip:port (https uses a different port than http) --> ip:443, it only exists under ip:80.
Nginx can't find your server_name and delivers the first page that listens on ip:443.
You do not notice the same behavior the opposite around, because your SSL configured pages have server blocks for both, http and https connections.
The only way around is to adjust it manually. You could add server blocks for your http-only pages that listen on port 443 and redirect to port 80. This way you could enter https://example.com and you would be redirected to http://example.com.
Another way is to declare a server block with a listen directive for "default_server" (at port 443 of course) that could redirect to a standard page or throw a 404.
Unfortunately you need a SSL-cert for both ways -> and if you sign it yourself, you'll get a safety warning inside your browser. (#LetsEncrypt is the way to go)
You could do these configurations directly inside the config files or you could create some templates and use VestaCP. (I think I'll create HTTP-Only and HTTPS-Only for my own)
Re: Non Https Domains redirect to Https domains
LetsEncrypt support added.
CLI commands for now, GUI will be later.
ENG: viewtopic.php?t=11927
RUS: viewtopic.php?t=11905
CLI commands for now, GUI will be later.
Code: Select all
v-add-letsencrypt-domain USER DOMAIN [ALIASES] [RESTART]
v-add-letsencrypt-user USER [EMAIL]
v-check-letsencrypt-domain USER DOMAIN
v-list-letsencrypt-user USER [FORMAT]
v-sign-letsencrypt-csr USER DOMAIN CSR_DIR [FORMAT]
v-update-letsencrypt-sslRUS: viewtopic.php?t=11905