lemmy.world should redirect to https (secure) site

overby@lemmy.world · 1 year ago

lemmy.world should redirect to https (secure) site

Ruud@lemmy.world · 1 year ago

Yes that’s on my to do list. I’ll do that today.

WhoRoger@lemmy.world · edit-2 1 year ago

Don’t all modern browsers try https by default?

(Not that I disagree.)

animist@lemmy.one · 1 year ago

Every time I set up FF on a new install I have to choose always on https

Ruud@lemmy.world · 1 year ago

Hmm , when I replace this:

http {
  server {
    listen 80;
    server_name lemmy.world;

    location / {
        proxy_pass http://lemmy-ui:1234;
        proxy_set_header Host $host;
    }
}

with this:

http {
  server {
    listen 80;
    server_name lemmy.world;

    location / {
        return 301 https://$host$request_uri;
    }
}

it breaks, gives 502 when visiting the site…

ideas? (I’m not that much into nginx…)

𝒍𝒆𝒎𝒂𝒏𝒏@lemmy.one · 1 year ago

You could try this

this config snippet is assuming thet you’ve already got the TLS cert/pem file for lemmy.world elsewhere in your nginx.config

http {
  server {
    listen 80;
    listen 443 ssl;
    server_name lemmy.world;

    if ($scheme = "http") {
        return 307 https://$host$request_uri;
    }

    location / {
        proxy_pass http://lemmy-ui:1234;
        proxy_set_header Host $host;
    }
}

If you get redirected to lemmy.world:1234, then add absolute_redirect off; in the ‘server’ block

Last thing - 307 is a temporary redirect, you might to change it to a permanent one once you’ve confirmed it’s working as intended

Ruud@lemmy.world · 1 year ago

Cool, thanks! I’ll try that.

Tom@lemmy.world · 1 year ago

Can we get an error log? If no, are you seeing any timeouts in there?

Slashzero@lemmy.world · edit-2 1 year ago

You might want to add the secure port (:443) in your redirect. Otherwise it might be trying to load https on port 80 still, which can’t work.

http: port 80
https: port 443

Notes:

just a guess. I haven’t looked at an nginx config in a while
make sure to try on multiple browsers as they all don’t behave the same way

Ruud@lemmy.world · 1 year ago

This piece I’ve pasted above isn’t the whole nginx.conf, there’s also a large block for the 443 traffic. It’s just the http traffic that I need to redirect to 443.

Slashzero@lemmy.world · 1 year ago

Ok. Now that I think about it, you shouldn’t have to specify the port.

CannaVet@lemmy.world · 1 year ago

I’ve been on the secure version by default so far myself.

Ruud@lemmy.world · 1 year ago

Yes most browsers automatically do, but some don’t…

CannaVet@lemmy.world · edit-2 1 year ago

Oooh I thought it was a backend thing, cause my NGINX has a force SSL option. I guess it can be done from either end.

Ruud@lemmy.world · 1 year ago

I think I now fixed it

Ruud@mastodon.world · 1 year ago

@ruud@lemmy.world Let me see if I can reply from Mastodon

Ruud@lemmy.world · 1 year ago

Ooh it worked!

Tom@lemmy.world · 1 year ago

deleted by creator