Is it ok to strip nginx_server.conf to only redirect to https?

flexjoly

flexjoly

Verified User
Joined
Nov 2, 2016
Messages
86
Location
Apeldoorn, Netherlands
Hi,

I am updating our nginx custom configs.

I want to strip everything in the config voor http, except the redirecting.

It looks like nginx_server.conf is a full config with all features, so it could work in stead of the secure-variant (https).
Why is that? Since it is best practice to use and redirect to https and not use http anymore.

In my current config I have stripped everything except the redirecting. That works ok. But since DA is still featuring a full config for http://, I am wondering if there is a specific reason for that and that it is better to not strip it.

My config for http:// now is:
NGINX: 
?DOCROOT=`HOME`/domains/`DOMAIN`/public_html|
|?REALDOCROOT=`HOME`/domains/`DOMAIN`/public_html|
|?HOST_DOMAIN=`DOMAIN`|
|*if HOST_POINTER|
|?HOST_DOMAIN=`HOST_POINTER`|
|*endif|
server
{
    listen |IP|:|PORT_80|;
    |MULTI_IP|

    server_name |HOST_DOMAIN| www.|HOST_DOMAIN| |SERVER_ALIASES|;

    access_log /var/log/nginx/domains/|DOMAIN|.log;
    access_log /var/log/nginx/domains/|DOMAIN|.bytes bytes;
    error_log /var/log/nginx/domains/|DOMAIN|.error.log;
   
    root |DOCROOT|;
 
    index index.php index.html index.htm;
   
    |FORCE_SSL_REDIRECT|
   
|NGINX_REDIRECTS|
|HOTLINK_PROTECTION|

    #include /etc/nginx/webapps.conf;  
}
NB. I also stripped the proxy-part because we do not use that.


Thanks in advance,
Greetz, flexJoly
 
Last edited:
Hello,

You found your setup, their setup might differ. DirectAdmin allows a customization, so it can be configured to best fit their needs too.
 
Hi @zEitEr ,

Thanks for your reply. That is indeed one of the many ? powerfull functions of DA.

But I am a little bit unsure as to why the nginx_server.conf is not 'downgraded' by DA to only redirect when https is required?
Knowing that DA has many things right, I wonder if the reason for this is more then a kind of 'one-size-fits-all' -reason.

Why are the other parts not inside something like: |*if IS_FORCE_SSL_REDIRECT!="1"| ?

Does DA have a specific reason for the extended nginx_server-conf, that I overlooked? And why I should NOT strip this conf to only redirect.

I hope my question is not to vague.
Thanks in advance!
flexJoly

Ps.
my new server gets maintained by a company of a family member. But they had only plesk so far..... I tried plesk again.... ?
But asked if they can give me DA, for the internal structure is far better and secure.
And they did! Now it is my job the get them in love with DA also ?. So far.... I could show them some nice features. But the learning-curve is really steep.
 
Last edited:
I believe the main reason is the same as why they still have Squirrelmail, PHP 5.x, Apache 1.x and TLS 1.0, 1.1, CentOS 6 on their servers. And answering the question is more philosophical than technic.
 
You must log in or register to reply here.
Back
Top