[Solved] Force http to https redirect not working for me
Added by chrisphl over 9 years ago
Hi folks,
I installed lighttpd on Raspian and want to make it force secure client server connection. Therefore I integrated this into config file:
# Redirect http to https:
$SERVER["socket"] == ":443" {
protocoll = "https://"
ssl.engine = "enable"
ssl.pemfile = "/path/to/my/personal/pem_file"
} else $HTTP["scheme"] == "http" {
$HTTP["host"] =~ "^/(.*)$" {
url.redirect = ("^/(.*)$" => "https://$1")
}
}
This works so far but here's what goes wrong on my setup:
My call to the server contains subfolder like this: "http://raspi/subfolder". The url.redirect makes "https://raspisubfolder". It ate the "/" between host and subfolder o_O!
Could anybody tell me why it behaves so? How to fix this? Why is the regex "^/(.*)$" that kind of greedy?
Any hint is appreciated.
I tried to change the regex to some more simple ".*" as shown in on many web sites but that does the same.
Lighttpd ver. 1.4.31 and Lighttpd ver. 1.4.37
kind regards
Christian
Replies (8)
RE: Force http to https redirect not working for me - Added by stbuehler over 9 years ago
Hostnames don't start with "/". See HowToRedirectHttpToHttps.
RE: Force http to https redirect not working for me - Added by chrisphl over 9 years ago
Sorry, I do not understand what you want to tell me? What the url.redirect cuts out is the slash between hostname ("raspi") and subfolder ("subfolder").
Every of the samples in the "HowTo" you linked does behave exactly as I described in my first post and does not solve the issue.
kind regards
Christian
RE: Force http to https redirect not working for me - Added by stbuehler over 9 years ago
$HTTP["host"] =~ "^/(.*)$" - you try to match a slash at the beginning of the hostname. there is none. and neither do the examples try to match one.
RE: Force http to https redirect not working for me - Added by chrisphl over 9 years ago
I'm a little bit confused, wondering if you really read my initial post carefully.
As I sayd above even the regex ".*" shows the same errornous behavior.
It is a "match every character unlimited times". This should include the slash between hostname and subfolder. In fact lighttpd v.1.4.31 does not match it. View first thread entry: http://raspi/subfolder --> https://raspisubfolder.
Btw.: You're right, "^/..." shouldn't match any hostname because of the prepended slash. In fact lighttpd v.1.4.31 ignores that and works exactly the way I described above o_O.
kind regards
Christian
RE: Force http to https redirect not working for me - Added by stbuehler over 9 years ago
Yes, I did not read your complete post, because the config is crap; why do it differently than our well working example?
# Redirect http to https:
$SERVER["socket"] == ":443" {
protocoll = "https://"
ssl.engine = "enable"
ssl.pemfile = "/path/to/my/personal/pem_file"
} else $HTTP["scheme"] == "http" {
$HTTP["host"] =~ ".*" {
url.redirect = (".*" => "https://%0$0")
}
}
RE: Force http to https redirect not working for me - Added by chrisphl over 9 years ago
I started my experiments with "Example 1 - redirect everything" with no luck (same creepy behaviour). Since it does not work for me, I searched the web... the config shown above is my last try before trying to get help here...
RE: Force http to https redirect not working for me ver.1.4.31 - Added by stbuehler over 9 years ago
It's possible that $HTTP["scheme"] is not working reliably in 1.4.31 (which is over 3 years old btw).
Also you could test with curl -v, and try debug logging with DebugVariables.
RE: [solved] Force http to https redirect not working for me ver.1.4.31 - Added by chrisphl over 9 years ago
Thanks for your help, stbuehler! You got me to experiment with lighttpd lots more...
The server didn't do anything wrong with my configuration but Mozilla Firefox made use of some creepy cache function that did the erroneous redirect without "/" ***grimbl-$%&"?!***. Using another browser or even Firefox Private Window worked fine. I tried lighttpd v.1.4.31 and v. 1.4.37 (compiled on my own from source).
But only configuration that worked for me is this one (shortened):
# let the server respond to port 80:
server.port = 80
# Redirect http to https:
$SERVER["socket"] == ":443" {
# switch server.port to 443:
protocoll = "https://"
ssl.engine = "enable"
ssl.pemfile = "/path/to/my/pem-file"
} else $HTTP["scheme"] == "http" {
# This should be always true for insecure incomming connections:
$HTTP["host"] =~ ".*" {
# redirect to https, port 443:
url.redirect = (".*" => "https://%0$0")
}
}
Maybe there's a better way to configure that.