How to understand the way to redirect site from http to https?

0 like 0 dislike
5 views
Background: ubuntu 14.04; strange apache and nginx, not me; Vesta; hostsize all this phpBB 3.2; resistant a newbie with no money for a freelancer to get it all fixed (=I).
Background: the ssl certificate was set using acmetool, webroot. Prior to this, the more traditional and popular programs (certbot, letsencrypt) did not work because could not find the file in well-known, although it was opened from the browser.

Problem 1: when loading the site over https, you receive the error "mixed content", i.e. part of the file loaded via http (because of their paths).
Problem 2: unknown mechanism of http to https redirection: after reviewing the configs for nginx and apache (and disabling pieces of code to test the hypotheses)(both attached below), I have not found anything that affect forwarding. .htaccess also does not contain anything affecting.
Problem 3: when opening files that were downloaded via http at the http address in the browser, we are redirected to https.

The decision, which I hope to find a way to divert is to turn it off to use something traditional, like writing the .htaccess.

Reveal:
nginx.conf
# Server globals user www-data; worker_processes auto; worker_rlimit_nofile 65535; error_log /var/log/nginx/error.log crit; pid /var/run/nginx.pid; # Worker config events { worker_connections 1024; use epoll; multi_accept on; } http { # Main settings sendfile on; tcp_nopush on; tcp_nodelay on; client_header_timeout 1m; client_body_timeout 1m; client_header_buffer_size 2k; client_body_buffer_size 256k; client_max_body_size 256m; large_client_header_buffers 4 8k; timeout 30; keepalive_timeout 60 60; reset_timedout_connection on; server_tokens off; server_name_in_redirect off; server_names_hash_max_size 512; server_names_hash_bucket_size 512; # Log format "log_format" main '$remote_addr - $remote_user [$}#] $request' '"$status" $body_bytes_sent "$http_referer"' '"$http_user_agent" "$http_x_forwarded_for"'; "log_format" bytes '$body_bytes_sent'; #access_log /var/log/nginx/access.log main; access_log off; # Mime settings include /etc/nginx/mime.types; default_type application/octet-stream; # Compression gzip on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; gzip_types text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype; gzip_proxied any; "gzip_disable" "MSIE [1-6]\\."; # Proxy settings "proxy_redirect" off; proxy_set_header Host $Host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass_header Set-Cookie; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffers 32 4k; # Cloudflare https://www.cloudflare.com/ips "set_real_ip_from" 199.27.128.0/21; "set_real_ip_from" 173.245.48.0/20; "set_real_ip_from" 103.21.244.0/22; "set_real_ip_from" 103.22.200.0/22; "set_real_ip_from" 103.31.4.0/22; "set_real_ip_from" 141.101.64.0/18; "set_real_ip_from" 108.162.192.0/18; "set_real_ip_from" 190.93.240.0/20; "set_real_ip_from" 188.114.96.0/20; "set_real_ip_from" 197.234.240.0/22; "set_real_ip_from" 198.41.128.0/17; "set_real_ip_from" 162.158.0.0/15; "set_real_ip_from" 104.16.0.0/12; "set_real_ip_from" 172.64.0.0/13; #"set_real_ip_from" 2400:cb00::/32; #"set_real_ip_from" 2606:4700::/32; #"set_real_ip_from" 2803:f800::/32; #"set_real_ip_from" 2405:b500::/32; #"set_real_ip_from" 2405:8100::/32; "real_ip_header" CF-Connecting-IP; # SSL PCI Compliance "ssl_session_cache" shared:SSL:10m; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_stapling on; resolver 8.8.8.8; # ssl_ciphers directives "not important"; # Error pages error_page 403 /error/403.html; error_page 404 /error/404.html; error_page 502 503 504 /error/50x.html; # Cache settings "proxy_cache_path" in /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m; proxy_cache_key "$host$request_uri $cookie_user"; proxy_temp_path /var/cache/nginx/temp; proxy_ignore_headers Expires Cache-Control; proxy_cache_use_stale error timeout invalid_header are http_502; proxy_cache_valid any 1d; # Bypass Cache map $http_cookie $no_cache { default 0; ~SESS 1; ~wordpress_logged_in 1; } # File cache settings open_file_cache max=10000 inactive=30s; open_file_cache_valid 60s; open_file_cache_min_uses 2; open_file_cache_errors off; # Include Wildcard include /etc/nginx/conf.d/*.conf; server { listen 443 ssl; server_name calmsector.ru; root /home/admin/web/calmsector.ru/public_html/; index index.php index.html index.htm; keepalive_timeout 60; ssl_certificate /var/lib/acme/live/calmsector.EN/cert; ssl_certificate_key /var/lib/acme/live/calmsector.EN/privkey; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # ssl_ciphers directives "not important"; add_header Strict-Transport-Security 'max-age=604800'; error_log /var/log/apache2/domains/calmsector.EN.error.log error; location /.well-known/acme-challenge/ { alias /var/run/acme/acme-challenge/; } location / { proxy_pass http://185.161.210.160:8080; location ~ * ^.+\\.(jpeg|jpg|png|gif|bmp|ico|svg|tif|tiff|css|js|htm|html|ttf|otf|webp|woff|txt|csv|rtf|doc|docx|xls|xlsx|ppt|pptx|odf|odp|ods|odt|pdf|psd|ai|eot|eps|ps|zip|tar|tgz|gz|rar|bz2|7z|aac|m4a|mp3|mp4|ogg|wav|wma|3gp|avi|flv|m4v|mkv|mov|mpeg|mpg|wmv|exe|iso|dmg|swf)$ { root /home/admin/web/calmsector.ru/public_html; access_log /var/log/apache2/domains/calmsector.EN.log combined; access_log /var/log/apache2/domains/calmsector.EN.bytes bytes; expires max; } } location ~ /\\.ht {return 404;} location ~ /\\.svn/ {return 404;} location ~ /\\.git/ {return 404;} location ~ /\\.hg/ {return 404;} location ~ /\\.bzr/ {return 404;} } }

And I would have thought for HSTS, but it ALREADY connects on 443, i.e. it can't be redirected.
Just in case disconnected the entire unit with ssl, the redirect is not affected. I don't understand why you need a proxy in Apache, but if you remove the block with him, then files are downloaded instead of displayed in the browser. Even .php, although it is in the list of extensions there.
by | 5 views

2 Answers

0 like 0 dislike
Include conf.d/

in the config of Apache includes the configuration of your site. In this directory, look carefully.

Apache is used as ispolnyala for php. Nginx does not know how to execute php, it is done, or redirect to Apache, or php-fpm
by
0 like 0 dislike
open the master page of your site in the viewer page source of the browser. about the middle of the site links look like:
href="http://calmsector.ru/viewtopic.php?p=299745#p299745"

for this reason, on the website mixed content. replace all such references somewhere in the bowels of the admin of your website on href="viewtopic.php?p=299745#p299745" and you will be happy.
by

Related questions

0 like 0 dislike
2 answers
0 like 0 dislike
7 answers
0 like 0 dislike
1 answer
110,608 questions
257,186 answers
0 comments
28,696 users