How to redirect http to https mender-api

evk1206 · July 22, 2020, 8:32am

Hello,

I have the self-hosted mender running on aws. eg URL: mender.myiotproject.link.

Using https works fine, https://mender.myiotproject.link.
If I try to use http, http://mender.myiotproject.link, I expect the openresty to redirect it to https. But it’s not happening. I looked into the nginx config and see that the config to redirect is already present.

github.com

mendersoftware/mender-api-gateway-docker/blob/5f93dc149fcfa99dd0482efb1708a3f5459b7ac8/ssl.nginx.conf

# redirect http to https
server {
	listen 80;

	server_name _;

	return 301 https://$http_host$request_uri;
}

server {
	listen 443 ssl;
	server_name @ALLOWED_HOSTS@;

	ssl_certificate /var/www/mendersoftware/cert/cert.crt;
	ssl_certificate_key /var/www/mendersoftware/cert/private.key;

	ssl_protocols TLSv1.1 TLSv1.2;
	ssl_ciphers HIGH:!aNULL:!MD5:!SHA;
	ssl_prefer_server_ciphers on;
	ssl_session_cache shared:SSL:10m;

This file has been truncated. show original

Should I need to configure something additional to redirect http to https for the mender URL?

Thanks & Regards,
Vinoth

dellgreen · July 22, 2020, 9:01am

Can you give more details as to what redirect address your browser is being handed.

You might want to use curl/wget to get more verbose logging on what’s happening.

evk1206 · August 17, 2020, 3:22pm

Hi,

There’s no setting on my browser.

curl logs:

curl http://mender.iot-gateway-test.de -v

Rebuilt URL to: http://mender.iot-gateway-test.de/
Trying 52.59.217.*…
TCP_NODELAY set
Connected to mender.iot-gateway-test.de (52.59.217.*) port 80 (#0)

GET / HTTP/1.1
Host: mender.iot-gateway-test.de
User-Agent: curl/7.58.0
Accept: /

I expect the mender API Gateway to accept the http and redirect it to https. But it’s not working.

I am using the mender server 2.4

dellgreen · August 17, 2020, 4:06pm

It seems strange your client is not receiving the redirect header from the server

Its possible there has been a regression, as when I test 2.2 which i’m running i get a correct redirect header sent from the server (ignore the fact i’m running on port 9443)

 curl -v http://<myhost>:9443
 
 Trying <myhost>:9443...
* TCP_NODELAY set
* Connected to <myhost> (<myip>) port 9443 (#0)
> GET / HTTP/1.1
> Host: <myhost>:9443
> User-Agent: curl/7.68.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Server: openresty/1.13.6.2
< Date: Mon, 17 Aug 2020 15:56:46 GMT
< Content-Type: text/html
< Content-Length: 191
< Connection: close
< Location: https://<myhost>:9443/
< Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
< X-Frame-Options: DENY
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store
< Pragma: no-cache
< 
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>openresty/1.13.6.2</center>
</body>
</html>

evk1206 · August 18, 2020, 8:43am

This is working for me :

curl -v http://myhost:443

I want this to work :
curl -v http://myhost:80

http is redirected to https

dellgreen · August 19, 2020, 12:07pm

I havent tried this, so dont know if it will work but maybe you can add an extra entry in your prod.yml file “80:443” for the api gateway.

evk1206 · August 19, 2020, 4:25pm

Setting “80:80” is working.

dellgreen · August 19, 2020, 6:49pm

just to clarify, you now have it working how you want it?

Topic		Replies	Views
[Self-hosted Mender 1.7] Non-SSL API-Gateway General Discussions	3	354	February 21, 2019
Mender client HTTP proxy support General Discussions proxy	23	2597	July 3, 2020
Hosted Mender URL details for Mender client HTTP proxy settings General Discussions	1	949	October 21, 2020
Integration Server Non-SSL setup General Discussions	3	720	January 23, 2020
How to add self signed https certificate to mender 1.7.0 standalone mode client? General Discussions yocto , sumo , rocko , nxp	2	1122	August 31, 2022

How to redirect http to https mender-api

Related Topics