HowToRedirectHttpToHttps » History » Revision 19
Revision 18 (stefan741, 2009-10-20 20:49) → Revision 19/33 (stefan741, 2012-08-11 10:42)
h1. How to redirect HTTP requests to HTTPS
As of version 1.4.11 this is as simple as:
<pre>
$SERVER["socket"] == ":80" {
$HTTP["host"] =~ "example.org" {
url.redirect = ( "^/(.*)" => "https://example.org/$1" )
server.name = "example.org"
}
}
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/path/to/example.org.pem"
server.document-root = "..."
}
</pre>
(Note: this also works in versions prior to 1.4.11 providing you have not specified {{{server.port = 80}}} in your configuration file.)
To redirect _all_ hosts to their secure equivalents use the following in place of the socket 80 configuration above:
<pre>
$SERVER["socket"] == ":80" {
$HTTP["host"] =~ "(.*)" {
url.redirect = ( "^/(.*)" => "https://%1/$1" )
}
}
</pre>
----
The information was taken from two postings to the mailing list by Jan:
WARNING: unknown config-key: url.redirect (ignored)
* http://article.gmane.org/gmane.comp.web.lighttpd/3575
* http://article.gmane.org/gmane.comp.web.lighttpd/3580
If you see this error
<pre>
WARNING: unknown config-key: url.redirect (ignored)
</pre>
Then you need to add mod_redirect under server.modules in your lighttpd conf file:
<pre>
server.modules = (
"mod_rewrite",
"mod_redirect",
"mod_alias",
"mod_access",
...
)
</pre>
----
'''Comments:
It didn't work for me 1.4.13
Starting lighttpd: 2007-02-04 12:48:00: (network.c.300) can't bind to port: 80 Address already in use
Both with server.port = 80 and with that commented
Does server.bind has influence?(It was set)
'''
----
I had this trouble, darix on #lighttpd solved it for me:
This:
<pre>
$SERVER["socket"] == "1.2.3.5:443" {
protocol = "https://"
# Provide ssl
ssl.engine = "enable"
ssl.pemfile = "/path/to/pem"
fastcgi.server = ( ".fcgi" =>
( "localhost" =>
(
"min-procs" => 1,
"max-procs" => 5,
"socket" => "/tmp/example",
"bin-path" => "/path/to/dispatch.fcgi",
"bin-environment" => ( "RAILS_ENV" => "production" )
)
)
)
}
$SERVER["socket"] == "1.2.3.5:80" {
$HTTP["host"] =~ "(.*)" {
url.redirect = ( "^/(.*)" => "https://%1/$1" )
}
}
</pre>
Is the cause. This is the solution:
<pre>
$SERVER["socket"] == "1.2.3.5:443" {
protocol = "https://"
# Provide ssl
ssl.engine = "enable"
ssl.pemfile = "/path/to/pem"
fastcgi.server = ( ".fcgi" =>
( "localhost" =>
(
"min-procs" => 1,
"max-procs" => 5,
"socket" => "/tmp/example",
"bin-path" => "/path/to/dispatch.fcgi",
"bin-environment" => ( "RAILS_ENV" => "production" )
)
)
)
}
else $HTTP["host"] =~ "(.*)" {
url.redirect = ( "^/(.*)" => "https://%1/$1" )
}
</pre>
(following a socket statement)
----
I'm not satisfied with any of the above so here is my solution. First you need to apply "this":http://kenny.juvepoland.com/~swiergot/lighttpd-scheme.diff to lighty's source. After recompile you can use the following syntax:
<pre>
$HTTP["host"] == "sth.example.com" {
$HTTP["scheme"] == "http" {
url.redirect = ("^/(phpmyadmin/.*)" => "https://sth.example.com/$1")
}
}
</pre>
Nice, isn't it? /swiergot@gmail.com
I haven't applied the patch yet, but you should be able to simply do...
<pre>
$HTTP["scheme"] == "http" {
url.redirect = ("^/(phpmyadmin/.*)" => "https://%1/$1")
}
</pre>
NOTE: the patch is now in svn (Should be released with 1.5.x and 1.4.19).
-----
This worked for me on 1.4.13. Just redirects example.com/secure but not plain example.com.
<pre>
$SERVER["socket"] == ":8080" {
$HTTP["url"] =~ "(.*)/secure" { url.redirect = ( "^/(.*)" => "https://www.example.com/secure/" ) }
server.document-root = "/var/www"
}
</pre>