Level 1
Hi! Did you find an answer? I am scratching my head too... and the only answer i get from the forge support is "it's not possible" which is rather weird.
May 14, 2016
5
Level 1
Allow site to run on both HTTP and HTTPS
I'm trying to set up a clients old site on one of our forge boxes whilst we build a new one. The kicker is that only part of the site is set up to be on HTTPs and the rest is on HTTP.
How can I achieve this in Forge?
I thought I could just apply the SSL, then edit the NGINX config duplicating the 443 section and changing it to port 80 without the SSL chunks. However, that doesn't seem to work and is always trying to force it onto HTTPS which in turn is causing and redirect loop.
Here's the NGINX config.
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/testsite.co.uk/before/*;
server {
listen 80;
server_name testsite.co.uk;
root /home/forge/testsite.co.uk/public;
# FORGE SSL (DO NOT REMOVE!)
#ssl_certificate /etc/nginx/ssl/testsite.co.uk/89631/server.crt;
#ssl_certificate_key /etc/nginx/ssl/testsite.co.uk/89631/server.key;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers ... ;
#ssl_prefer_server_ciphers on;
#ssl_dhparam /etc/nginx/dhparams.pem;
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/testsite.co.uk/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/testsite.co.uk-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
ssl_certificate_key /etc/nginx/ssl/testsite.co.uk/89631/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ... ;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/testsite.co.uk/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/testsite.co.uk-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
server {
listen 443 ssl http2;
server_name testsite.co.uk;
root /home/forge/testsite.co.uk/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/testsite.co.uk/89631/server.crt;
ssl_certificate_key /etc/nginx/ssl/testsite.co.uk/89631/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ...;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/testsite.co.uk/server/*;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/testsite.co.uk-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/testsite.co.uk/after/*;
If someone could help me out in how I can get Forge to serve both HTTP and HTTPS version of the website you will forever be a star in my eyes!
Thanks Matt
Level 11
Well, it's quite a specific thing (and I would never recommend to run your site partially on HTTPS), so I understand why Forge does not support this :)
Level 1
Ok! I finally found the culprit. I am a bit sad that the nice guys at forge (which I love) did not help more with this,
I tried all the possible nginx configurations with two servers (one for port 80 and one for port 443 for ssl) and the damn server kept redirecting to https all my http requests.
It turns out the issue is here:
include forge-conf/testsite.co.uk/before/*;
That include prepends a file generated by forge that has an entry like this
server {
listen 80;
listen [::]:80;
server_name .example.site.co.uk;
return 301 https://$host$request_uri;
}
Just ssh to your server, go to the nginx config folder, and then you will find a forge-conf and some folders for your domains... and just comment those lines.
Works beautifully now!
And yes, there are many many scenarios when you need to run some stuff in http and https (like serving iframes, for example).
Level 1
Hi, @hannasdeli
I have commented those lines on a server, but still redirecting to https.
Any help, please
Level 1
This is possible.. RESUME:
We have to change nginx forge before file configuration.
By using this solution, you will need to use www. to access without SSL (To avoid it to tell you nginx: [warn] conflicting server name)
We will need to create a block to listen port 80 in nginx configuration file.
Step by step:
Login into your server through ssh with root user.
Go to:
cd /etc/nginx/forge-conf/siteUrl/before
Then:
nano ssl_redirect.conf
Inside the file change the first block redirection, where server is listening to port 80 to:
return 301 http://www.websiteURL$request_uri;
Then save.
After this go to Forge site configuration, scroll down to end of website and press on Files -> Edit nginx configuration
Copy the entire block server { .. } and paste it above the original one:
Change in the new block the following lines:
listen 443 ssl http2;
listen [::]:443 ssl http2;
to
listen 80;
listen [::]:80;
server_name www.websiteURL;
(IMPORTANT, add www. before the url)
Then comment SSL configs
# FORGE SSL (DO NOT REMOVE!)
# ssl_certificate;
# ssl_certificate_key;
# ssl_protocols TLSv1.2;
# ssl_ciphers ;
# ssl_prefer_server_ciphers on;
# ssl_dhparam /etc/nginx/dhparams.pem;
Thats all, hope it helps!
Please or to participate in this conversation.