Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hiera Variables and return 301. #665

Closed
joshuagordondba opened this issue Aug 5, 2015 · 4 comments
Closed

Hiera Variables and return 301. #665

joshuagordondba opened this issue Aug 5, 2015 · 4 comments
Labels
needs-feedback Further information is requested

Comments

@joshuagordondba
Copy link

I am attempting to create a configuration using Hiera that would appear like this when finished I am having issues specifically with the first section and the line "return 301 https://$host$request_uri;"
I have not been able to figure out how to do this in Hiera any help would be appreciated. I have put the Hiera details at the bottom of this but they do not work so I don't know how much help they will be.
Thanks

server {
listen 80;
server_name www.example.com;
return 301 https://$host$request_uri;
}
ssl_stapling on;
ssl_stapling_verify on;
resolver 192.168.0.100 valid=300s;
resolver_timeout 5s;
location / {
resolver 127.0.0.1;
proxy_pass http://proxy;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 32 4k;
}
}

server{
listen 443 ssl;
allow all;
server_name www.example.com;
access_log /var/log/nginx/www.example.com.access.log logtls;
error_log /var/log/nginx/www.example.com.error.log;
ssl_certificate /etc/ssl/private/example.crt;
ssl_certificate_key /etc/ssl/private/example/example/example.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4';
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;

    keepalive_timeout 60;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;

#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
#add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";

}

nginx::nginx_vhosts:
'www.example.com':
rewrite_www_to_non_www: true
ensure: present
listen_port: 80
location_cfg_append: 'return 301 https://$host$request_uri'
@jyaworski
Copy link
Member

Hello:

This is what I did, for example to redirect http to https:

nginx::nginx_vhosts_defaults:
   ssl: true
   ssl_port: 443
   listen_port: 443
   ssl_protocols: 'SSLv3 TLSv1 TLSv1.1 TLSv1.2'
   ssl_cert:    '/etc/pki/tls/certs/localhost.crt'
   ssl_key:  '/etc/pki/tls/private/localhost.key'
   index_files: []
   proxy_read_timeout: '180s'

nginx::nginx_vhosts:
  'rundeck':
      server_name:
        - 'host.example.com'
      proxy:    'http://rundeck'
  'rundeck_nossl':
      server_name:
        - 'host.example.com'
      proxy:    'http://rundeck'
      listen_port: 80
      ssl: false
      location_cfg_append:
        return: '301 https://$server_name$request_uri'

@joshuagordondba
Copy link
Author

Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Cannot create a location reference without a www_root, proxy, location_alias, fastcgi, uwsgi, stub_status, internal, or location_custom_cfg defined at /etc/puppet/modules/nginx/manifests/resource/location.pp:326 on node nginx.example.com
So, in your example you have proxy: 'http://rundeck' on the rundeck_nossl Wouldn't this pass the traffic to the upstream server rundeck on port 443? I am looking to not send anything down to the rundeck server unless it comes in on 443. I may be missing something here. If so please let me know.

Thanks

@joshuagordondba
Copy link
Author

To avoid needing a proxy on rundeck_nossl I removed the proxy and changed the line location_cfg_append: to location_custom_config. I hope this helps others.

@3flex
Copy link
Contributor

3flex commented Aug 12, 2015

@joshuagordondba if this fixed your issue can you consider closing this? Thanks!

@3flex 3flex added the needs-feedback Further information is requested label Aug 12, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs-feedback Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@3flex @jyaworski @joshuagordondba