Unraid 6.7.0
Server name is Server-2, local TLD is set to "home.insanegenius.net".
Static IP, DNS entry for server-2.home.insanegenius.net.
I am using my own wildcard certificate for *.home.insanegenius.net.
CN = *.home.insanegenius.net OU = PositiveSSL Wildcard OU = Domain Control Validated
I copy my PEM file to config/ssl/certs/certficate_bundle.pem
This server is called server-2.home.insanegenius.net.
When I access https://server-2.home.insanegenius.net all is well, and it uses the *.home.insanegenius.net certificate as expected.
When I access http://server-2.home.insanegenius.net, I get a 302 redirect, and the browser tries to open https://%2A.home.insanegenius.net/.
I use Google Chrome developer tools, and I can see the 302 redirect as follows:
Request: Request URL: http://server-2.home.insanegenius.net/ Request Method: GET Status Code: 302 Moved Temporarily Remote Address: 192.168.1.36:80 Referrer Policy: no-referrer-when-downgrade Response: Connection: keep-alive Content-Length: 154 Content-Type: text/html Date: Thu, 16 May 2019 15:56:28 GMT Location: https://*.home.insanegenius.net:443/ Server: nginx
Nginx incorrectly returns an invalid URI, "https://*.insanegenius.net:443" instead of the correct "https://server-2.home.insanegenius.net".
When I look in the Nginx emhttp-servers.conf file, I can see that whatever code created this config, created an invalid 302 redirect value.
server { # # Redirect http requests to https # listen *:80 default_server; listen [::]:80 default_server; return 302 https://*.home.insanegenius.net:443$request_uri; }
It looks like the logic incorrectly uses the SSL cert CN instead of the server FQDN.
The logic should be fixed, or can be avoided by using something generic like "return 302 https://$host$request_uri;"
- 1
Recommended Comments
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.