• RuudMA
    link
    fedilink
    arrow-up
    7
    ·
    2 years ago

    Yes that’s on my to do list. I’ll do that today.

  • WhoRoger
    link
    fedilink
    arrow-up
    6
    ·
    edit-2
    2 years ago

    Don’t all modern browsers try https by default?

    (Not that I disagree.)

  • RuudMA
    link
    fedilink
    arrow-up
    4
    ·
    2 years ago

    Hmm , when I replace this:

    http {
      server {
        listen 80;
        server_name lemmy.world;
    
        location / {
            proxy_pass http://lemmy-ui:1234;
            proxy_set_header Host $host;
        }
    }
    

    with this:

    http {
      server {
        listen 80;
        server_name lemmy.world;
    
        location / {
            return 301 https://$host$request_uri;
        }
    }
    

    it breaks, gives 502 when visiting the site…

    ideas? (I’m not that much into nginx…)

    • 𝒍𝒆𝒎𝒂𝒏𝒏@lemmy.one
      link
      fedilink
      English
      arrow-up
      3
      ·
      2 years ago

      You could try this

      this config snippet is assuming thet you’ve already got the TLS cert/pem file for lemmy.world elsewhere in your nginx.config

      http {
        server {
          listen 80;
          listen 443 ssl;
          server_name lemmy.world;
      
          if ($scheme = "http") {
              return 307 https://$host$request_uri;
          }
      
          location / {
              proxy_pass http://lemmy-ui:1234;
              proxy_set_header Host $host;
          }
      }
      

      If you get redirected to lemmy.world:1234, then add absolute_redirect off; in the ‘server’ block

      Last thing - 307 is a temporary redirect, you might to change it to a permanent one once you’ve confirmed it’s working as intended

      • RuudMA
        link
        fedilink
        English
        arrow-up
        2
        ·
        2 years ago

        Cool, thanks! I’ll try that.

    • Tom
      link
      fedilink
      arrow-up
      3
      arrow-down
      1
      ·
      2 years ago

      Can we get an error log? If no, are you seeing any timeouts in there?

    • Slashzero
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      2 years ago

      You might want to add the secure port (:443) in your redirect. Otherwise it might be trying to load https on port 80 still, which can’t work.

      • http: port 80
      • https: port 443

      Notes:

      • just a guess. I haven’t looked at an nginx config in a while
      • make sure to try on multiple browsers as they all don’t behave the same way
      • RuudMA
        link
        fedilink
        arrow-up
        1
        ·
        2 years ago

        This piece I’ve pasted above isn’t the whole nginx.conf, there’s also a large block for the 443 traffic. It’s just the http traffic that I need to redirect to 443.

        • Slashzero
          link
          fedilink
          arrow-up
          1
          ·
          2 years ago

          Ok. Now that I think about it, you shouldn’t have to specify the port.

  • CannaVet
    link
    fedilink
    arrow-up
    3
    ·
    2 years ago

    I’ve been on the secure version by default so far myself.

    • RuudMA
      link
      fedilink
      arrow-up
      2
      ·
      2 years ago

      Yes most browsers automatically do, but some don’t…

      • CannaVet
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        2 years ago

        Oooh I thought it was a backend thing, cause my NGINX has a force SSL option. I guess it can be done from either end.