SSL Redirection Fails

Question

I have a server that runs both development and staging instances of a site and each version has to answer on ports 80 & 443. The staging instance -- there's only one -- works exactly as I'd expect, but the development instances -- configured for each user -- loads a given page on either protocol directly just fine, but if I'm on a page on one port and try to link to the other it fails.

My Config

  server {
    listen 80;
    server_name ~^dev\.(?<username>[^.]+)\.client\.tld\.net$
                ~^(?<username>[^.]+)\.client\.dev\.tld\.net$
                ~^(?<username>[^.]+)\.dev\.client\.tld\.net$;

    location / {
      rewrite ^(.*) http://$username.client.tld.net$1 permanent;
    }
  }
  # This is the primary host that will ultimately answer requests.
  server {
    listen      80;
    server_name ~^(?<username>[^.]+)\.client\.tld\.net$;
    root        /home/$username/client/www/app/webroot;
    index       index.php;

    access_log /var/log/nginx/client.sandbox.access.log;
    error_log  /var/log/nginx/client.sandbox.error.log;

    location / {
      try_files $uri $uri/ /index.php?url=$uri;
    }

    location ~ \.php$ {
      include /etc/nginx/conf/php;
    }

    include /etc/nginx/conf/expire_content;
    include /etc/nginx/conf/ignore;
  }

  server {
  listen 443 ssl;
  server_name ~^dev\.(?<username>[^.]+)\.client\.tld\.net$
              ~^(?<username>[^.]+)\.client\.dev\.tld\.net$
              ~^(?<username>[^.]+)\.dev\.client\.tld\.net$;

  location / {
    rewrite ^(.*) https://$username.client.tld.net$1 permanent;
  }
}
# This is the primary host that will ultimately answer requests.
server {
  listen      443 ssl;
  server_name ~^(?<username>[^.]+)\.client\.tld\.net$;
  root        /home/$username/client/www/app/webroot;
  index       index.php;

  include /etc/nginx/conf/ssl;

  access_log /var/log/nginx/client.sandbox.access.log;
  error_log  /var/log/nginx/client.sandbox.error.log;

  location / {
    try_files $uri $uri/ /index.php?url=$uri;
  }

  location ~ \.php$ {
    include /etc/nginx/conf/php;
  }

  include /etc/nginx/conf/expire_content;
  include /etc/nginx/conf/ignore;
}

Any idea where I've borked up my config?

Answer 1

First of all, there is no need to create four separate configurations, as both your servers (HTTP and HTTPS) have exactly the same body. You can use the $scheme variable which contains either http or https according to the context your're just working in (for the redirects). Secondly I don't see any root declaration in your dev configuration, also no certificates which might cause problems with browsers.

Other then that the configuration looks okay to me (well, you could move the index declaration to your http configuration; so you don't have to repeat it all the time).

Please check out the following (commented) example configuration I made up for you. Maybe it helps.

# Put this in http context!
index           index.php;

server {
  # One server configuration to rule them all!
  listen        80;
  listen        443 ssl;

  # Seems legit.
  server_name   ~^dev\.(?<username>[^.]+)\.client\.tld\.net$
                ~^(?<username>[^.]+)\.client\.dev\.tld\.net$
                ~^(?<username>[^.]+)\.dev\.client\.tld\.net$;

  # Where am I?
  #root          /home/$username/client/www/app/webroot;

  # No wildcard certificate? No need to specify /etc/nginx as all paths
  # in the configuration are relative to the installation path.
  #include       conf/ssl;

  location / {
    # May work as well, can't test.
    #rewrite ^(.*) $scheme://$server_name$1 permanent;
    rewrite ^(.*) $scheme://$username.client.tld.net$1 permanent;
  }
}

server {
  listen        80;
  listen        443 ssl;
  server_name   ~^(?<username>[^.]+)\.client\.tld\.net$;
  root          /home/$username/client/www/app/webroot;
  include       conf/ssl;
  access_log    /var/log/nginx/client.sandbox.access.log;
  error_log     /var/log/nginx/client.sandbox.error.log;

  location / {
    try_files $uri $uri/ /index.php?url=$uri;
  }

  location ~ \.php$ {
    include     conf/php;
  }

  include       conf/expire_content;
  include       conf/ignore;
}