CODEWITHSUNDEEP
http-redirectnginxport
Shutterfly
Shutterfly

Reputation: 199

Browser ignores new port from nginx redirect

I need to create a http redirect via nginx. The goal is:

http://subdomain.domain.tld/path -> https://subdomain.domain.tld/path http://subdomain.domain.tld:8090/path -> https://subdomain.domain.tld/path

This is my nginx configuration:

server {
    listen 80;
    listen 8090;
    server_name subdomain.domain.tld;
    return 301 https://$host$request_uri;
}

server {
    listen 443;
    server_name subdomain.domain.tld;

    [...]
}

The first case works correctly. The second case technically, but not at the client browsers. If I start a request via cURL everything looks fine:

curl -v "http://subdomain.domain.tld:8090/path"
* About to connect() to subdomain.domain.tld port 8090 (#0)
*   Trying XX.XX.XX.XX...
* Adding handle: conn: 0x1c94010
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x1c94010) send_pipe: 1, recv_pipe: 0
* Connected to subdomain.domain.tld (89.15.246.188) port 8090 (#0)
> GET /oath HTTP/1.1
> User-Agent: curl/7.30.0
> Host: subdomain.domain.tld:8090
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
* Server nginx is not blacklisted
< Server: nginx
< Date: Wed, 08 Jun 2016 10:28:15 GMT
< Content-Type: text/html
< Content-Length: 178
< Connection: keep-alive
< Location: https://subdomain.domain.tld/path
<
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>

But if I open the url http://subdomain.domain.tld:8090/path in my browser I get the url https://subdomain.domain.tld:8090/path. The browser switch to https but use the old port.

I checked it with Google Chrome, Firefox, Internet Explorer and Apple Safari. The result is the same and I dont understand why?

Upvotes: 0

Views: 704

Answers (1)

Alexey Ten
Alexey Ten

Reputation: 14344

You've got HSTS (Strict-Transport-Security header). So browsers do exactly what this policy requires:

https://www.rfc-editor.org/rfc/rfc6797#section-8.3

8.3.5 [...] The UA MUST replace the URI scheme with "https", and [...] if the URI contains an explicit port component that is not equal to "80", the port component value MUST be preserved;…

Upvotes: 2

Related Questions