Non-SSL site listening on https


#1

Hi Everyone,

i am new to EasyEngine and i am already in love with it.

My issue is that all sites on my vps where i haven not setup any ssl are listening on https:// and redirecting to another site ssl site.

i am wondering if it is a bug or i an doing something wrong


#2

If you haven’t setup letsencrypt on your vps yet, it could be a bug, because nginx should not listen on the port 443. Check the nginx configuration to see if there is something listening on https


#3

Actually i have 5 websites on this vps and 3 of them are using letsencrypt and 2 others using http.

Those 2 domains that are not configured to use ssl should not listen on port 443. but when i check using https these to sites simply redirect to a that is on ssl. I haven’t manually edited any config file yet.


#4

Yes but it could be a bug with the force-ssl settings. Check /etc/nginx/conf.d/ files to see if it can be that.


#5

In my opinion the way EasyEngine forces SSL by placing a force-ssl.conf file in /etc/nginx/conf.d is wrong. Everything in /etc/nginx/conf.d is included by default in the main nginx.conf file, thus force-ssl.conf is included even when accessing a non-https site. I believe the force-ssl code should be added to the vhost for each individual site as a separate server block, e.g. here’s one of my vhosts for an SSL-enabled site:

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name www.purbeckpixels.com;
    include /var/www/purbeckpixels.com/conf/nginx/*.conf;
    return 301 https://purbeckpixels.com$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name purbeckpixels.com;
    
    access_log /var/log/nginx/purbeckpixels.com.access.log rt_cache;
    error_log /var/log/nginx/purbeckpixels.com.error.log;

    root /var/www/purbeckpixels.com/htdocs;
        
    index index.php index.html index.htm;

    include common/wpfc-php7.conf;      
    include common/wpcommon-php7.conf;
    include common/locations-php7.conf;
    include /var/www/purbeckpixels.com/conf/nginx/*.conf;
}

server {
    listen 80;
    listen [::]:80;
    server_name www.purbeckpixels.com purbeckpixels.com;
    return 301 https://purbeckpixels.com$request_uri;
}

The last server block is what’s usually added as a force-ssl.conf file in /etc/nginx/conf.d.

I’m not sure whether this is the issue hsg944 is having, but it does sound like it’s something to do with the forcing of SSL.

By the way, I don’t use EasyEngine’s built in Let’s Encrypt functionality, I prefer to do it manually.


#6

Are you sure EE automatically force SSL to all sites by default? If you check /etc/nginx/conf.d directory you will see that

force-ssl-domain.conf config files are DOMAIN specific. It’s not one force-ssl.conf file that automatically applies to all sites, it rather:

force-ssl-domain1.conf force-ssl-domain2.conf force-ssl-domain3.conf

etc.

Why would they do this then?


#7

Hello - I’m not saying EE is automatically forcing all sites to use SSL - that’s why I said I’m not sure whether this is the issue hsg944 is having - it’s just my contention that domain specific commands like forcing SSL should be part of the individual domain’s vhost (or perhaps placed in /var/www/example.com/conf/nginx) rather than in /etc/nginx/conf.d. Like you say, if you wanted to force all sites on a server to use SSL, then it’s correct to place a single non domain specific file in /etc/nginx/conf.d, but otherwise not. I see someone has raised this as an issue on Github as well:


#8

i think issue is mentioned here https://github.com/EasyEngine/easyengine/issues/698

for testing i removed all force-ssl-.conf files from conf.d and reloaded nginx configuration but it did not have any affect on https redirection.

Wondering, if anyone else having similar issue on their server.


#9

This is very weird, I have many sites hosted with my EE – some with SSL enabled and some not but i have never experienced what you describe.

Perhaps you can post a list of urls/domains that doing this redirection and some of your config files, b/c without seeing them it’s really hard to help you troubleshoot the issue. Are these sites WP, or just HTML/PHP? Any caching used with these sites?

I’m inclined to believe it;s more of a misconfiguration issue then a EE bug.

Also what are your DNS config for these sites?


#10

I’m with tyrro, without seeing specific config files and knowing the URLs/domains involved it’s difficult to help troubleshoot further.

I had similar redirection issues when setting up my EE Ubuntu 16.04 LTS server - http/https redirects and non-www/www redirects in nginx caused me all manner of issues during the migration from my old server and the setting up of my new one, but I got to the bottom of them and feel that I learned a lot more about nginx so hopefully can help.

Out of interest, is there any reason why you’re still using http for some sites? Now that SSL certs are free via Let’s Encrypt there’s no reason to use http any more (I decided to enable https on every domain and sub-domain on my server). https is the future.


#11

sounds like this issue is not related to easyengine as it is the default behavior of nginx / apache when you have ssl implemented on shared ip. i noticed even cpanel server has same issue and there are other folks complaining about the same issue. have a look at http://www.webhostingtalk.com/showthread.php?t=1566348&p=9680462#post9680462

i ended up moving both sites to https

Thanks everyone :slight_smile:


#12