Redirections aren't working on NGINX Only

bicev8973 · September 18, 2023, 2:08pm

Hello,

When I tick the cases on hestiaCP for “Redirect www” and “Redirect https” it does work.

But it creates two redirections instead of one. http is redirected to https that is redirected to http s://www. which is not optimal for SEO.

So I disabled all of that and added that to my general nginx.conf (inside the php directive):

server {
listen 80 default_server;
server_name _;
return 301 https://www.$host$request_uri;
}

So all my websites could be redirect to htt ps://www. In only one redirection.

But it does nothing.

I really don’t understand why, I debugged everything, port 80 is correctly listened to, I have no error in my nginx journal, etc.

I tried to set up a “page to page redirection” like mysite.fr/go/ → anothersite.fr it didn’t work as well.

Is there something I’m missing?

Thanks!

sahsanu · September 18, 2023, 5:03pm

Hello @bicev8973,

That won’t work because that default server block is ignored due there are other server blocks that match the hosts.

To modify this behaviour a change in Hestia code must be made but you have a workaround, you can disable the option Enable domain redirection on your domain settings and assign a new template that will do the right redirection.

If your current web template for Nginx is default…
imagen

…I will show you a template that you could use to do the redirection you want.

Cheers,
sahsanu

bicev8973 · September 18, 2023, 5:14pm

Oh okay I understand, thank you so much for your answer!

Yes my template is default!

So I disable the option Enable domain redirection, but I keep https redirection activated + your template?

Thanks again for your answer!

sahsanu · September 18, 2023, 5:30pm

That’s right.

Now, to use the new template (keep in mind that this is an example and you can modify it) you must create 3 files in /usr/local/hestia/data/templates/web/nginx/php-fpm/

redirect_to_www.tpl
redirect_to_www.stpl
redirect_to_www.sh

The name of the template is redirect_to_www (if you change the template name you must change it on the three files)

Content of redirect_to_www.tpl

#=========================================================================#
# Default Web Domain Template                                             #
# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS   #
# https://hestiacp.com/docs/server-administration/web-templates.html      #
#=========================================================================#

server {
        listen      %ip%:%web_port%;
        server_name %domain_idn% %alias_idn%;
        root        %docroot%;
        index       index.php index.html index.htm;
        access_log  /var/log/nginx/domains/%domain%.log combined;
        access_log  /var/log/nginx/domains/%domain%.bytes bytes;
        error_log   /var/log/nginx/domains/%domain%.error.log error;

        include %home%/%user%/conf/web/%domain%/nginx.redirect_to_www;
        include %home%/%user%/conf/web/%domain%/nginx.forcessl.conf*;

        location ~ /\.(?!well-known\/) {
                deny all;
                return 404;
        }

        location / {
                location ~* ^.+\.(jpeg|jpg|png|webp|gif|bmp|ico|svg|css|js)$ {
                        expires max;
                        fastcgi_hide_header "Set-Cookie";
                }

                location ~ [^/]\.php(/|$) {
                        try_files $uri =404;

                        include /etc/nginx/fastcgi_params;

                        fastcgi_index index.php;
                        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

                        fastcgi_pass %backend_lsnr%;

                        include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
                }
        }

        location /error/ {
                alias %home%/%user%/web/%domain%/document_errors/;
        }

        location /vstats/ {
                alias   %home%/%user%/web/%domain%/stats/;
                include %home%/%user%/web/%domain%/stats/auth.conf*;
        }

        include /etc/nginx/conf.d/phpmyadmin.inc*;
        include /etc/nginx/conf.d/phppgadmin.inc*;
        include %home%/%user%/conf/web/%domain%/nginx.conf_*;
}

Content of redirect_to_www.stpl

#=========================================================================#
# Default Web Domain Template                                             #
# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS   #
# https://hestiacp.com/docs/server-administration/web-templates.html      #
#=========================================================================#

server {
        listen      %ip%:%web_ssl_port% ssl;
        server_name %domain_idn% %alias_idn%;
        root        %sdocroot%;
        index       index.php index.html index.htm;
        access_log  /var/log/nginx/domains/%domain%.log combined;
        access_log  /var/log/nginx/domains/%domain%.bytes bytes;
        error_log   /var/log/nginx/domains/%domain%.error.log error;

        ssl_certificate     %ssl_pem%;
        ssl_certificate_key %ssl_key%;
        ssl_stapling        on;
        ssl_stapling_verify on;

        # TLS 1.3 0-RTT anti-replay
        if ($anti_replay = 307) { return 307 https://$host$request_uri; }
        if ($anti_replay = 425) { return 425; }

        include %home%/%user%/conf/web/%domain%/nginx.ssl.redirect_to_www;
        include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;

        location ~ /\.(?!well-known\/) {
                deny all;
                return 404;
        }

        location / {
                location ~* ^.+\.(jpeg|jpg|png|webp|gif|bmp|ico|svg|css|js)$ {
                        expires max;
                        fastcgi_hide_header "Set-Cookie";
                }

                location ~ [^/]\.php(/|$) {
                        try_files $uri =404;

                        include /etc/nginx/fastcgi_params;

                        fastcgi_index index.php;
                        fastcgi_param HTTP_EARLY_DATA $rfc_early_data if_not_empty;
                        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

                        fastcgi_pass %backend_lsnr%;

                        include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
                }
        }

        location /error/ {
                alias %home%/%user%/web/%domain%/document_errors/;
        }

        location /vstats/ {
                alias   %home%/%user%/web/%domain%/stats/;
                include %home%/%user%/web/%domain%/stats/auth.conf*;
        }

        proxy_hide_header Upgrade;

        include /etc/nginx/conf.d/phpmyadmin.inc*;
        include /etc/nginx/conf.d/phppgadmin.inc*;
        include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
}

Content of redirect_to_www.sh

#!/usr/bin/env bash
user="$1"
domain="$2"
home="$4"
redirect_conf="nginx.redirect_to_www"
redirect_ssl_conf="nginx.ssl.redirect_to_www"
echo "if (\$host != "www.$domain") {
   return 301 https://www.${domain}\$request_uri;
}" > "$home/$user/conf/web/$domain/$redirect_conf"
ln -rsf "$home/$user/conf/web/$domain/$redirect_conf" "$home/$user/conf/web/$domain/$redirect_ssl_conf"

You must give execution perms to this last file:

chmod 755 /usr/local/hestia/data/templates/web/nginx/php-fpm/redirect_to_www.sh

Now, edit the domain, disable the redirection and assign this new template and all should be working as expected… I hope so

Warning: I didn’t test it in a domain that doesn’t have already a certificate so it is possible to have some issues if you add the template to a domain that doesn’t have a certificate already, test it to be sure.

Good luck,
sahsanu

bicev8973 · September 18, 2023, 5:48pm

Thaaaaankkkks!!! It wooorks!!!

Do you know if that would be easy to do the same but for a wordpress template?

eris · September 18, 2023, 5:52pm

Why not:

#=========================================================================#
# Default Web Domain Template                                             #
# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS   #
# https://hestiacp.com/docs/server-administration/web-templates.html      #
#=========================================================================#

server {
        listen      %ip%:%web_port%;
        server_name %domain_idn% %alias_idn%;
        root        %docroot%;
        index       index.php index.html index.htm;
        access_log  /var/log/nginx/domains/%domain%.log combined;
        access_log  /var/log/nginx/domains/%domain%.bytes bytes;
        error_log   /var/log/nginx/domains/%domain%.error.log error;

        location ~ /\.(?!well-known\/) {
                deny all;
                return 404;
        }

        location / {
             return 301 https://www.$host$request_uri;
        }

       include %home%/%user%/conf/web/%domain%/nginx.conf_*;
}

For .tpl template…

And it should work fine even without ssl enabled as long you request LE…

sahsanu · September 18, 2023, 5:57pm

Yes, it is better to use your template for .tpl so you have no issues with Let’s Encrypt

bicev8973 · September 18, 2023, 6:14pm

My bad, it works as well! Thanks both of you

sahsanu · September 18, 2023, 7:05pm

Following @eris tpl (thank you @eris), here are new versions to avoid using the remote_to_www.sh file:

Content of remote_to_www.tpl (is the same file @eris posted but I’ve replaced $host by %domain% to avoid that if you try to access http://www.example.com you would be redirected to https://www.www.example.com

server {
        listen      %ip%:%web_port%;
        server_name %domain_idn% %alias_idn%;
        root        %docroot%;
        index       index.php index.html index.htm;
        access_log  /var/log/nginx/domains/%domain%.log combined;
        access_log  /var/log/nginx/domains/%domain%.bytes bytes;
        error_log   /var/log/nginx/domains/%domain%.error.log error;

        location ~ /\.(?!well-known\/) {
                deny all;
                return 404;
        }

        location / {
             return 301 https://www.%domain%$request_uri;
        }

        include %home%/%user%/conf/web/%domain%/nginx.conf_*;
}

Content of remote_to_www.stpl:

server {
        listen      %ip%:%web_ssl_port% ssl;
        server_name %domain_idn% %alias_idn%;
        root        %sdocroot%;
        index       index.php index.html index.htm;
        access_log  /var/log/nginx/domains/%domain%.log combined;
        access_log  /var/log/nginx/domains/%domain%.bytes bytes;
        error_log   /var/log/nginx/domains/%domain%.error.log error;

        ssl_certificate     %ssl_pem%;
        ssl_certificate_key %ssl_key%;
        ssl_stapling        on;
        ssl_stapling_verify on;

        # TLS 1.3 0-RTT anti-replay
        if ($anti_replay = 307) { return 307 https://$host$request_uri; }
        if ($anti_replay = 425) { return 425; }

        if ($host != "www.%domain%") {
          return 301 https://www.%domain%$request_uri;
        }

        include %home%/%user%/conf/web/%domain%/nginx.hsts.conf*;

        location ~ /\.(?!well-known\/) {
                deny all;
                return 404;
        }

        location / {
                location ~* ^.+\.(jpeg|jpg|png|webp|gif|bmp|ico|svg|css|js)$ {
                        expires max;
                        fastcgi_hide_header "Set-Cookie";
                }

                location ~ [^/]\.php(/|$) {
                        try_files $uri =404;

                        include /etc/nginx/fastcgi_params;

                        fastcgi_index index.php;
                        fastcgi_param HTTP_EARLY_DATA $rfc_early_data if_not_empty;
                        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

                        fastcgi_pass %backend_lsnr%;

                        include %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
                }
        }

        location /error/ {
                alias %home%/%user%/web/%domain%/document_errors/;
        }

        location /vstats/ {
                alias   %home%/%user%/web/%domain%/stats/;
                include %home%/%user%/web/%domain%/stats/auth.conf*;
        }

        proxy_hide_header Upgrade;

        include /etc/nginx/conf.d/phpmyadmin.inc*;
        include /etc/nginx/conf.d/phppgadmin.inc*;
        include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
}

Regarding wordpress templates, take a look to wordpress.tlp and wordpress.stpl in /usr/local/hestia/data/templates/web/nginx/php-fpm/ and you will see that the changes for wordpress templates are basically the same.

bicev8973 · September 18, 2023, 7:17pm

Thanks I did the modifications, I hope that one day I’ll have your skills, that’s amazing!

I’ll look at that and try to do the same for wordpress, thanks again!

system · October 18, 2023, 7:18pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.