Date: Mon, 12 Sep 2022 18:39:28 -0700 From: paul beard <paulbeard@gmail.com> To: Waitman Gobble <gobble.wa@gmail.com> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: any nginx/letsencrypt experts out there? Message-ID: <CAMtcK2pi=m8m0SCqe0%2Bg2uaW8Nry3xgYTR%2BULdVJuxM=riXC8Q@mail.gmail.com> In-Reply-To: <CAFuo_fxb0Tb5FRSbBPLD-XnjMgAUp2nb-k7sUxVD2f7doOmQiw@mail.gmail.com> References: <CAMtcK2reN%2BDGjvdaJJ=3ppz4uK0RU8gJ1f4BY1kvJ%2B5xHqgOsg@mail.gmail.com> <1832f40c8af.10b332ee2406187.6375306777861801560@eye-of-odin.com> <CAMtcK2oo_5vS8AAyd6jPgniggKvYNWbiJwpQZvPb5yeAPENJGA@mail.gmail.com> <1832f85d371.10bae82d3411853.462587170353998748@eye-of-odin.com> <CAFuo_fwRcLRaSb9bDOe3BV_W0dUkbAjL3_P=TpifYQrxjXD5rQ@mail.gmail.com> <1832fe45fb5.df336718422020.6612482456577931531@eye-of-odin.com> <CAMtcK2qW=ih8w6UgkxPL_Fp62=b%2BPzCSFN4u-uR15tnPm5=3oQ@mail.gmail.com> <CAMtcK2ogAN_5BnuXtDyvdt=-mcJ4fNw53e05cq0O_hGGSYqp=A@mail.gmail.com> <CAFuo_fwkgS4emq9cOaWMi6cuHaqXGEnkXVNFfou63c_xT326cg@mail.gmail.com> <CAMtcK2qFcNaqJy1sQhqpzDTQN=bfZ3SCyqNa%2BbE0xwwZM5xL5g@mail.gmail.com> <CAMtcK2qSoKNMZHQUfUaCQoVEN3-y-KOTX=d_9QZsmDYQ%2BRw-tA@mail.gmail.com> <CAFuo_fxb0Tb5FRSbBPLD-XnjMgAUp2nb-k7sUxVD2f7doOmQiw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--000000000000e87a1a05e8851535 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, Sep 12, 2022 at 5:30 PM Waitman Gobble <gobble.wa@gmail.com> wrote: > On Mon, Sep 12, 2022 at 11:46 PM paul beard <paulbeard@gmail.com> wrote: > > > > > > > > On Mon, Sep 12, 2022 at 11:45 AM paul beard <paulbeard@gmail.com> wrote= : > >> > >> > >> > >> On Mon, Sep 12, 2022 at 7:23 AM Waitman Gobble <gobble.wa@gmail.com> > wrote: > >>> > >>> On Mon, Sep 12, 2022 at 2:01 PM paul beard <paulbeard@gmail.com> > wrote: > >>> > > >>> > > >>> > > >>> > On Sun, Sep 11, 2022 at 9:27 PM paul beard <paulbeard@gmail.com> > wrote: > >>> >> > >>> >> > >>> >> > >>> >> On Sun, Sep 11, 2022 at 9:11 PM Ty John <ty-ml@eye-of-odin.com> > wrote: > >>> >>> > >>> >>> > >>> >>> > >>> >>> > >>> >>> > >>> >>> > >>> >>> ---- On Mon, 12 Sep 2022 13:21:30 +0930 Waitman Gobble wrote --- > >>> >>> > >>> >>> > On Mon, Sep 12, 2022 at 2:42 AM Ty John ty-ml@eye-of-odin.com> > wrote: > >>> >>> > > > >>> >>> > > That order should be fine. The more specific locations shoul= d > be listed first which is what you have. The redirect will trigger a new > request which will match the first stanza. > >>> >>> > > > >>> >>> > > Anyway, it looks fine to me as long as the certs themselves > are right. > >>> >>> > > I just checked the certs on https://paulbeard.org, > https://www.paulbeard.org and https://cloud.paulbeard.org and they all > seem fine to me. > >>> >>> > > I suspect it might be a browser issue as you mentioned. What > happens in safari? > >>> >>> > >>> >> > >>> > > >>> > Hmm. So Safari is still having issues. It is able to load the root > as www.paulbeard.org but not without it. And the link to wordpress > explicitly uses www but it gets rewritten without and then fails for lack > of a secure connection. I'll need to track down how that rewriting is > happening. Who knew Safari was so rigorous? > >>> > > >>> > This is the unadorned/non-www stanza: do I even need that in the > year 2022? > >>> > > >>> > 71 server { > >>> > > >>> > 72 #listen 443 ssl http2; > >>> > > >>> > 73 listen [::]:443 ssl http2; > >>> > > >>> > 74 server_name paulbeard.org; > >>> > > >>> > 75 # if ($request ~* https://paulbeard.org) { > >>> > > >>> > 76 # return 301 https://www.paulbeard.org; > >>> > > >>> > 77 # } > >>> > > >>> > 78 ssl_certificate /usr/local/etc/letsencrypt/live/ > paulbeard.org/fullchain.pem; # managed by Certbot > >>> > > >>> > 79 ssl_certificate_key /usr/local/etc/letsencrypt/live/ > paulbeard.org/privkey.pem; # managed by Certbot > >>> > > >>> > 80 include > /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot > >>> > > >>> > 81 ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem= ; > # managed by Certbot > >>> > > >>> > 82 > >>> > > >>> > 83 add_header X-Clacks-Overhead "GNU Terry Pratchett"; > >>> > > >>> > 84 # add Strict-Transport-Security to prevent man in the > middle attacks > >>> > > >>> > 85 add_header Strict-Transport-Security "max-age=3D1555200= 0; > includeSubDomains" always; > >>> > > >>> > 86 #rewrite ^(.*) https://www.paulbeard.org$1 permanent; #= + > >>> > > >>> > 87 #return 301 https://$host$request_uri; > >>> > > >>> > 88 > >>> > > >>> > 89 > >>> > > >>> > 90 root /usr/local/www/; > >>> > > >>> > 91 disable_symlinks off; > >>> > > >>> > 92 > >>> > > >>> > 93 } > >>> > > >>> > > >>> > > >>> > >>> > >>> > >>> Maybe your certs are kinda jumbled up? > >>> > >> > >> This is pretty accurate. I realized I wasn't pulling a certificate for > the base domain/host name, since i had commented it out in the config. > Seems like things have gotten jumbled indeed. I don't touch any of the > config that certbot adds so I am wary of how I can unmuddle it. I have > since restored that but now I see what I think is the real problem. > >> > >> This is the full list of certs I have=E2=80=A6I seem to have gotten ho= st and > domain mixed up here, as these are hosts, not domains, and ideally should > have just one certificate for all of them. Some cleanup seems to be > required. > >> > >> Found the following certs: > >> > >> Certificate Name: cloud.paulbeard.org > >> > >> Serial Number: 4bdb35a6e5308f47e7934453b6d1552a330 > >> > >> Key Type: RSA > >> > >> Domains: paulbeard.org cloud.paulbeard.org www.paulbeard.org > >> > >> Expiry Date: 2022-12-04 16:14:05+00:00 (VALID: 82 days) > >> > >> Certificate Path: /usr/local/etc/letsencrypt/live/ > cloud.paulbeard.org/fullchain.pem > >> > >> Private Key Path: /usr/local/etc/letsencrypt/live/ > cloud.paulbeard.org/privkey.pem > >> > >> Certificate Name: paulbeard.org > >> > >> Serial Number: 44c82383b1da739543404608a77c9174d79 > >> > >> Key Type: RSA > >> > >> Domains: paulbeard.org > >> > >> Expiry Date: 2022-11-11 10:45:26+00:00 (VALID: 59 days) > >> > >> Certificate Path: /usr/local/etc/letsencrypt/live/ > paulbeard.org/fullchain.pem > >> > >> Private Key Path: /usr/local/etc/letsencrypt/live/ > paulbeard.org/privkey.pem > >> > >> Certificate Name: www.paulbeard.org-0001 > >> > >> Serial Number: 4a865592d7d31d1465df0e7245eb88d9d13 > >> > >> Key Type: RSA > >> > >> Domains: www.paulbeard.org > >> > >> Expiry Date: 2022-12-10 23:29:48+00:00 (VALID: 89 days) > >> > >> Certificate Path: > /usr/local/etc/letsencrypt/live/www.paulbeard.org-0001/fullchain.pem > >> > >> Private Key Path: > /usr/local/etc/letsencrypt/live/www.paulbeard.org-0001/privkey.pem > >> > >> Certificate Name: www.paulbeard.org > >> > >> Serial Number: 4a730b954fead25d08fb8281c374c11014e > >> > >> Key Type: RSA > >> > >> Domains: cloud.paulbeard.org www.paulbeard.org > >> > >> Expiry Date: 2022-12-10 21:33:36+00:00 (VALID: 89 days) > >> > >> Certificate Path: /usr/local/etc/letsencrypt/live/ > www.paulbeard.org/fullchain.pem > >> > >> Private Key Path: /usr/local/etc/letsencrypt/live/ > www.paulbeard.org/privkey.pem > > > > > > Some things about this are not making sense=E2=80=A6sometimes the wordp= ress > pages will load but not always. Sometimes different servers answer to the > generic "paulbeard.org" URI (the cloud instance, for some reason, would > be served). Something to do with listen [::]:443 ssl http2; being set > which makes no sense at all. I have removed it everywhere for now. IP6 > traffic is far down my list of things to be bothered with. > > > > My main issue seems to be URI rewriting that I can't seem to find in th= e > config. I get an error about 20 redirects and I don't see where that is > happening. The rewrites are being logged=E2=80=A6 > > > > 2022/09/12 16:41:57 [notice] 5920#100651: *1742 rewritten redirect: " > https://www.paulbeard.org/wordpress/", client: 192.168.0.5, server: > paulbeard.org, request: "GET /wordpress/ HTTP/2.0", host: "paulbeard.org"= , > referrer: "https://www.paulbeard.org/" > > > > 2022/09/12 16:41:57 [notice] 5920#100651: *1742 rewritten redirect: " > https://www.paulbeard.org/wordpress/", client: 192.168.0.5, server: > paulbeard.org, request: "GET /wordpress/ HTTP/2.0", host: "paulbeard.org"= , > referrer: "https://www.paulbeard.org/" > > > > 2022/09/12 16:41:57 [notice] 5920#100651: *1742 rewritten redirect: " > https://www.paulbeard.org/wordpress/", client: 192.168.0.5, server: > paulbeard.org, request: "GET /wordpress/ HTTP/2.0", host: "paulbeard.org"= , > referrer: "https://www.paulbeard.org/" > > > > 2022/09/12 16:41:58 [notice] 5920#100651: *1742 rewritten redirect: " > https://www.paulbeard.org/wordpress/", client: 192.168.0.5, server: > paulbeard.org, request: "GET /wordpress/ HTTP/2.0", host: "paulbeard.org"= , > referrer: "https://www.paulbeard.org/" > > > > 2022/09/12 16:41:58 [notice] 5920#100651: *1742 rewritten redirect: " > https://www.paulbeard.org/wordpress/", client: 192.168.0.5, server: > paulbeard.org, request: "GET /wordpress/ HTTP/2.0", host: "paulbeard.org"= , > referrer: "https://www.paulbeard.org/" > > > > 2022/09/12 16:41:58 [notice] 5920#100651: *1742 rewritten redirect: " > https://www.paulbeard.org/wordpress/", client: 192.168.0.5, server: > paulbeard.org, request: "GET /wordpress/ HTTP/2.0", host: "paulbeard.org"= , > referrer: "https://www.paulbeard.org/" > > > > 2022/09/12 16:41:58 [notice] 5920#100651: *1742 rewritten redirect: " > https://www.paulbeard.org/wordpress/", client: 192.168.0.5, server: > paulbeard.org, request: "GET /wordpress/ HTTP/2.0", host: "paulbeard.org"= , > referrer: "https://www.paulbeard.org/" > > > > > > This is the paulbeard.org stanza: > > > > 74 server { > > > > 75 listen 443 ssl http2; > > > > 76 server_name paulbeard.org; > > > > 77 root /usr/local/www/; > > > > 78 ssl_certificate /usr/local/etc/letsencrypt/live/ > paulbeard.org/fullchain.pem; # managed by Certbot > > > > 79 ssl_certificate_key /usr/local/etc/letsencrypt/live/ > paulbeard.org/privkey.pem; # managed by Certbot > > > > 80 include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; = # > managed by Certbot > > > > 81 ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # > managed by Certbot > > > > 82 > > > > 83 add_header X-Clacks-Overhead "GNU Terry Pratchett"; > > > > 84 # add Strict-Transport-Security to prevent man in the middl= e > attacks > > > > 85 add_header Strict-Transport-Security "max-age=3D15552000; > includeSubDomains" always; > > > > 86 rewrite ^(.*) https://www.paulbeard.org$1 permanent; > > > > 87 #return 301 https://$host$request_uri; > > > > 88 > > > > 89 > > > > 90 disable_symlinks off; > > > > 91 > > > > 92 } > > > > > > The only active thing that looks like a rewrite is on line 86 and if I > comment that out, the php pages are downloaded, rather than parsed and > displayed. That's not what I want. > > > > I have no idea how this got so messed up. I am working from a config > that worked 3-4 days ago. I tried ripping out that stanza but something > somewhere depends on it. > > -- > > Paul Beard / www.paulbeard.org/ > > > It looks like you just want to redirect traffic to your www. ? 034 > This is all you need for that. I don't know what that Terry Pratchett > header is but whatevers, and I think you don't really need http2 for a > redirect but it probably shouldn't break anything. > > You don't presently have an AAAA record for your domain in DNS so IPv6 > isn't going to be an issue. > > server { > listen 443 ssl http2; > server_name paulbeard.org; > ssl_certificate > /usr/local/etc/letsencrypt/live/paulbeard.org/fullchain.pem; # managed > by Certbot > ssl_certificate_key > /usr/local/etc/letsencrypt/live/paulbeard.org/privkey.pem; # managed > by Certbot > include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # > managed by Certbot > ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # managed > by Certbot > add_header X-Clacks-Overhead "GNU Terry Pratchett"; > add_header Strict-Transport-Security "max-age=3D15552000; > includeSubDomains" always; > return 301 https://www.paulbeard.org$request_uri; > } > > > > -- > Waitman Gobble > > You know, I tried that very thing. It *should* work. It doesn't. And I can't see where the "more than 20 redirects" are creeping in. I assume it's ping ponging back and forth between www and non-ww but I can't see where that is explicitly declared/defined. After 20 or so it quits. grep redi nginx.conf rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; grep rewr nginx.conf rewrite_log on; rewrite ^(.*) https://www.paulbeard.org$1 permanent; rewrite ^/wp-json/(.*?)$ /?rest_route=3D/$1 last; rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; #rewrite ^/.well-known/host-meta /public.php?service=3Dhost-meta last; #rewrite ^/.well-known/host-meta.json /public.php?service=3Dhost-meta-json last; rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; and I see traffic being logged so this is partly an nginx mystery and a Safari bug. Firefox has the same issue. I also don't understand why this breaks the php interpreter: rewrite ^(.*) https://www.paulbeard.org$1 permanent; Ideally, the redirect would push the request to the www. listener and all the work would get done there. But that doesn't seem to be the case. Almost to the point where I copy in the last known-good config and see where I am but that doesn't seem to make much difference. Occasionally it will work but not consistently over time. --=20 Paul Beard / www.paulbeard.org/ --000000000000e87a1a05e8851535 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote">= <div dir=3D"ltr" class=3D"gmail_attr">On Mon, Sep 12, 2022 at 5:30 PM Waitm= an Gobble <<a href=3D"mailto:gobble.wa@gmail.com">gobble.wa@gmail.com</a= >> wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px= 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-co= lor:rgb(204,204,204);padding-left:1ex">On Mon, Sep 12, 2022 at 11:46 PM pau= l beard <<a href=3D"mailto:paulbeard@gmail.com" target=3D"_blank">paulbe= ard@gmail.com</a>> wrote:<br> ><br> ><br> ><br> > On Mon, Sep 12, 2022 at 11:45 AM paul beard <<a href=3D"mailto:paul= beard@gmail.com" target=3D"_blank">paulbeard@gmail.com</a>> wrote:<br> >><br> >><br> >><br> >> On Mon, Sep 12, 2022 at 7:23 AM Waitman Gobble <<a href=3D"mail= to:gobble.wa@gmail.com" target=3D"_blank">gobble.wa@gmail.com</a>> wrote= :<br> >>><br> >>> On Mon, Sep 12, 2022 at 2:01 PM paul beard <<a href=3D"mail= to:paulbeard@gmail.com" target=3D"_blank">paulbeard@gmail.com</a>> wrote= :<br> >>> ><br> >>> ><br> >>> ><br> >>> > On Sun, Sep 11, 2022 at 9:27 PM paul beard <<a href=3D= "mailto:paulbeard@gmail.com" target=3D"_blank">paulbeard@gmail.com</a>> = wrote:<br> >>> >><br> >>> >><br> >>> >><br> >>> >> On Sun, Sep 11, 2022 at 9:11 PM Ty John <<a href= =3D"mailto:ty-ml@eye-of-odin.com" target=3D"_blank">ty-ml@eye-of-odin.com</= a>> wrote:<br> >>> >>><br> >>> >>><br> >>> >>><br> >>> >>><br> >>> >>><br> >>> >>><br> >>> >>> ---- On Mon, 12 Sep 2022 13:21:30 +0930 Waitman G= obble=C2=A0 wrote ---<br> >>> >>><br> >>> >>>=C2=A0 > On Mon, Sep 12, 2022 at 2:42 AM Ty Joh= n <a href=3D"mailto:ty-ml@eye-of-odin.com" target=3D"_blank">ty-ml@eye-of-o= din.com</a>> wrote:<br> >>> >>>=C2=A0 > ><br> >>> >>>=C2=A0 > > That order should be fine. The mo= re specific locations should be listed first which is what you have. The re= direct will trigger a new request which will match the first stanza.<br> >>> >>>=C2=A0 > ><br> >>> >>>=C2=A0 > > Anyway, it looks fine to me as lo= ng as the certs themselves are right.<br> >>> >>>=C2=A0 > > I just checked the certs on <a hr= ef=3D"https://paulbeard.org" rel=3D"noreferrer" target=3D"_blank">https://p= aulbeard.org</a>, <a href=3D"https://www.paulbeard.org" rel=3D"noreferrer" = target=3D"_blank">https://www.paulbeard.org</a>; and <a href=3D"https://clou= d.paulbeard.org" rel=3D"noreferrer" target=3D"_blank">https://cloud.paulbea= rd.org</a> and they all seem fine to me.<br> >>> >>>=C2=A0 > > I suspect it might be a browser i= ssue as you mentioned. What happens in safari?<br> >>> >>><br> >>> >><br> >>> ><br> >>> > Hmm. So Safari is still having issues. It is able to load= the root as <a href=3D"http://www.paulbeard.org" rel=3D"noreferrer" target= =3D"_blank">www.paulbeard.org</a> but not without it. And the link to wordp= ress explicitly uses www but it gets rewritten without and then fails for l= ack of a secure connection. I'll need to track down how that rewriting = is happening. Who knew Safari was so rigorous?<br> >>> ><br> >>> > This is the unadorned/non-www stanza: do I even need that= in the year 2022?<br> >>> ><br> >>> >=C2=A0 =C2=A0 =C2=A0 71=C2=A0 =C2=A0 =C2=A0server {<br> >>> ><br> >>> >=C2=A0 =C2=A0 =C2=A0 72=C2=A0 =C2=A0 =C2=A0#listen 443 ssl= http2;<br> >>> ><br> >>> >=C2=A0 =C2=A0 =C2=A0 73=C2=A0 =C2=A0 =C2=A0listen [::]:443= ssl http2;<br> >>> ><br> >>> >=C2=A0 =C2=A0 =C2=A0 74=C2=A0 =C2=A0 =C2=A0server_name=C2= =A0 <a href=3D"http://paulbeard.org" rel=3D"noreferrer" target=3D"_blank">p= aulbeard.org</a>;<br> >>> ><br> >>> >=C2=A0 =C2=A0 =C2=A0 75 #=C2=A0 =C2=A0 if ($request ~* <a = href=3D"https://paulbeard.org" rel=3D"noreferrer" target=3D"_blank">https:/= /paulbeard.org</a>) {<br> >>> ><br> >>> >=C2=A0 =C2=A0 =C2=A0 76 #=C2=A0 =C2=A0 return 301 <a href= =3D"https://www.paulbeard.org" rel=3D"noreferrer" target=3D"_blank">https:/= /www.paulbeard.org</a>;<br> >>> ><br> >>> >=C2=A0 =C2=A0 =C2=A0 77 #=C2=A0 =C2=A0 }<br> >>> ><br> >>> >=C2=A0 =C2=A0 =C2=A0 78=C2=A0 =C2=A0 =C2=A0ssl_certificate= /usr/local/etc/letsencrypt/live/<a href=3D"http://paulbeard.org/fullchain.= pem" rel=3D"noreferrer" target=3D"_blank">paulbeard.org/fullchain.pem</a>; = # managed by Certbot<br> >>> ><br> >>> >=C2=A0 =C2=A0 =C2=A0 79=C2=A0 =C2=A0 =C2=A0ssl_certificate= _key /usr/local/etc/letsencrypt/live/<a href=3D"http://paulbeard.org/privke= y.pem" rel=3D"noreferrer" target=3D"_blank">paulbeard.org/privkey.pem</a>; = # managed by Certbot<br> >>> ><br> >>> >=C2=A0 =C2=A0 =C2=A0 80=C2=A0 =C2=A0 =C2=A0include /usr/lo= cal/etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot<br> >>> ><br> >>> >=C2=A0 =C2=A0 =C2=A0 81=C2=A0 =C2=A0 =C2=A0ssl_dhparam /us= r/local/etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot<br> >>> ><br> >>> >=C2=A0 =C2=A0 =C2=A0 82<br> >>> ><br> >>> >=C2=A0 =C2=A0 =C2=A0 83=C2=A0 =C2=A0 =C2=A0add_header X-Cl= acks-Overhead "GNU Terry Pratchett";<br> >>> ><br> >>> >=C2=A0 =C2=A0 =C2=A0 84=C2=A0 =C2=A0 =C2=A0# add Strict-Tr= ansport-Security to prevent man in the middle attacks<br> >>> ><br> >>> >=C2=A0 =C2=A0 =C2=A0 85=C2=A0 =C2=A0 =C2=A0add_header Stri= ct-Transport-Security "max-age=3D15552000; includeSubDomains" alw= ays;<br> >>> ><br> >>> >=C2=A0 =C2=A0 =C2=A0 86=C2=A0 =C2=A0 =C2=A0#rewrite ^(.*) = <a href=3D"https://www.paulbeard.org" rel=3D"noreferrer" target=3D"_blank">= https://www.paulbeard.org</a>$1 permanent; #+<br> >>> ><br> >>> >=C2=A0 =C2=A0 =C2=A0 87=C2=A0 =C2=A0 =C2=A0#return=C2=A0 = =C2=A0 =C2=A0 301 https://$host$request_uri;<br>; >>> ><br> >>> >=C2=A0 =C2=A0 =C2=A0 88<br> >>> ><br> >>> >=C2=A0 =C2=A0 =C2=A0 89<br> >>> ><br> >>> >=C2=A0 =C2=A0 =C2=A0 90=C2=A0 =C2=A0 =C2=A0root=C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0/usr/local/www/;<br> >>> ><br> >>> >=C2=A0 =C2=A0 =C2=A0 91=C2=A0 =C2=A0 =C2=A0disable_symlink= s off;<br> >>> ><br> >>> >=C2=A0 =C2=A0 =C2=A0 92<br> >>> ><br> >>> >=C2=A0 =C2=A0 =C2=A0 93 }<br> >>> ><br> >>> ><br> >>> ><br> >>><br> >>><br> >>><br> >>> Maybe your certs are kinda jumbled up?<br> >>><br> >><br> >> This is pretty accurate. I realized I wasn't pulling a certifi= cate for the base domain/host name, since i had commented it out in the con= fig. Seems like things have gotten jumbled indeed. I don't touch any of= the config that certbot adds so I am wary of how I can unmuddle it. I have= since restored that but now I see what I think is the real problem.<br> >><br> >> This is the full list of certs I have=E2=80=A6I seem to have gotte= n host and domain mixed up here, as these are hosts, not domains, and ideal= ly should have just one certificate for all of them. Some cleanup seems to = be required.<br> >><br> >> Found the following certs:<br> >><br> >>=C2=A0 =C2=A0Certificate Name: <a href=3D"http://cloud.paulbeard.or= g" rel=3D"noreferrer" target=3D"_blank">cloud.paulbeard.org</a><br> >><br> >>=C2=A0 =C2=A0 =C2=A0Serial Number: 4bdb35a6e5308f47e7934453b6d1552a= 330<br> >><br> >>=C2=A0 =C2=A0 =C2=A0Key Type: RSA<br> >><br> >>=C2=A0 =C2=A0 =C2=A0Domains: <a href=3D"http://paulbeard.org" rel= =3D"noreferrer" target=3D"_blank">paulbeard.org</a> <a href=3D"http://cloud= .paulbeard.org" rel=3D"noreferrer" target=3D"_blank">cloud.paulbeard.org</a= > <a href=3D"http://www.paulbeard.org" rel=3D"noreferrer" target=3D"_blank"= >www.paulbeard.org</a><br> >><br> >>=C2=A0 =C2=A0 =C2=A0Expiry Date: 2022-12-04 16:14:05+00:00 (VALID: = 82 days)<br> >><br> >>=C2=A0 =C2=A0 =C2=A0Certificate Path: /usr/local/etc/letsencrypt/li= ve/<a href=3D"http://cloud.paulbeard.org/fullchain.pem" rel=3D"noreferrer" = target=3D"_blank">cloud.paulbeard.org/fullchain.pem</a><br> >><br> >>=C2=A0 =C2=A0 =C2=A0Private Key Path: /usr/local/etc/letsencrypt/li= ve/<a href=3D"http://cloud.paulbeard.org/privkey.pem" rel=3D"noreferrer" ta= rget=3D"_blank">cloud.paulbeard.org/privkey.pem</a><br> >><br> >>=C2=A0 =C2=A0Certificate Name: <a href=3D"http://paulbeard.org" rel= =3D"noreferrer" target=3D"_blank">paulbeard.org</a><br> >><br> >>=C2=A0 =C2=A0 =C2=A0Serial Number: 44c82383b1da739543404608a77c9174= d79<br> >><br> >>=C2=A0 =C2=A0 =C2=A0Key Type: RSA<br> >><br> >>=C2=A0 =C2=A0 =C2=A0Domains: <a href=3D"http://paulbeard.org" rel= =3D"noreferrer" target=3D"_blank">paulbeard.org</a><br> >><br> >>=C2=A0 =C2=A0 =C2=A0Expiry Date: 2022-11-11 10:45:26+00:00 (VALID: = 59 days)<br> >><br> >>=C2=A0 =C2=A0 =C2=A0Certificate Path: /usr/local/etc/letsencrypt/li= ve/<a href=3D"http://paulbeard.org/fullchain.pem" rel=3D"noreferrer" target= =3D"_blank">paulbeard.org/fullchain.pem</a><br> >><br> >>=C2=A0 =C2=A0 =C2=A0Private Key Path: /usr/local/etc/letsencrypt/li= ve/<a href=3D"http://paulbeard.org/privkey.pem" rel=3D"noreferrer" target= =3D"_blank">paulbeard.org/privkey.pem</a><br> >><br> >>=C2=A0 =C2=A0Certificate Name: www.paulbeard.org-0001<br> >><br> >>=C2=A0 =C2=A0 =C2=A0Serial Number: 4a865592d7d31d1465df0e7245eb88d9= d13<br> >><br> >>=C2=A0 =C2=A0 =C2=A0Key Type: RSA<br> >><br> >>=C2=A0 =C2=A0 =C2=A0Domains: <a href=3D"http://www.paulbeard.org" r= el=3D"noreferrer" target=3D"_blank">www.paulbeard.org</a><br> >><br> >>=C2=A0 =C2=A0 =C2=A0Expiry Date: 2022-12-10 23:29:48+00:00 (VALID: = 89 days)<br> >><br> >>=C2=A0 =C2=A0 =C2=A0Certificate Path: /usr/local/etc/letsencrypt/li= ve/www.paulbeard.org-0001/fullchain.pem<br> >><br> >>=C2=A0 =C2=A0 =C2=A0Private Key Path: /usr/local/etc/letsencrypt/li= ve/www.paulbeard.org-0001/privkey.pem<br> >><br> >>=C2=A0 =C2=A0Certificate Name: <a href=3D"http://www.paulbeard.org"= rel=3D"noreferrer" target=3D"_blank">www.paulbeard.org</a><br> >><br> >>=C2=A0 =C2=A0 =C2=A0Serial Number: 4a730b954fead25d08fb8281c374c110= 14e<br> >><br> >>=C2=A0 =C2=A0 =C2=A0Key Type: RSA<br> >><br> >>=C2=A0 =C2=A0 =C2=A0Domains: <a href=3D"http://cloud.paulbeard.org"= rel=3D"noreferrer" target=3D"_blank">cloud.paulbeard.org</a> <a href=3D"ht= tp://www.paulbeard.org" rel=3D"noreferrer" target=3D"_blank">www.paulbeard.= org</a><br> >><br> >>=C2=A0 =C2=A0 =C2=A0Expiry Date: 2022-12-10 21:33:36+00:00 (VALID: = 89 days)<br> >><br> >>=C2=A0 =C2=A0 =C2=A0Certificate Path: /usr/local/etc/letsencrypt/li= ve/<a href=3D"http://www.paulbeard.org/fullchain.pem" rel=3D"noreferrer" ta= rget=3D"_blank">www.paulbeard.org/fullchain.pem</a><br> >><br> >>=C2=A0 =C2=A0 =C2=A0Private Key Path: /usr/local/etc/letsencrypt/li= ve/<a href=3D"http://www.paulbeard.org/privkey.pem" rel=3D"noreferrer" targ= et=3D"_blank">www.paulbeard.org/privkey.pem</a><br> ><br> ><br> > Some things about this are not making sense=E2=80=A6sometimes the word= press pages will load but not always. Sometimes different servers answer to= the generic "<a href=3D"http://paulbeard.org" rel=3D"noreferrer" targ= et=3D"_blank">paulbeard.org</a>" URI (the cloud instance, for some rea= son, would be served). Something to do with=C2=A0 =C2=A0 =C2=A0listen [::]:= 443 ssl http2; being set which makes no sense at all. I have removed it eve= rywhere for now. IP6 traffic is far down my list of things to be bothered w= ith.<br> ><br> > My main issue seems to be URI rewriting that I can't seem to find = in the config. I get an error about 20 redirects and I don't see where = that is happening. The rewrites are being logged=E2=80=A6<br> ><br> > 2022/09/12 16:41:57 [notice] 5920#100651: *1742 rewritten redirect: &q= uot;<a href=3D"https://www.paulbeard.org/wordpress/" rel=3D"noreferrer" tar= get=3D"_blank">https://www.paulbeard.org/wordpress/</a>", client: 192.= 168.0.5, server: <a href=3D"http://paulbeard.org" rel=3D"noreferrer" target= =3D"_blank">paulbeard.org</a>, request: "GET /wordpress/ HTTP/2.0"= ;, host: "<a href=3D"http://paulbeard.org" rel=3D"noreferrer" target= =3D"_blank">paulbeard.org</a>", referrer: "<a href=3D"https://www= .paulbeard.org/" rel=3D"noreferrer" target=3D"_blank">https://www.paulbeard= .org/</a>"<br> ><br> > 2022/09/12 16:41:57 [notice] 5920#100651: *1742 rewritten redirect: &q= uot;<a href=3D"https://www.paulbeard.org/wordpress/" rel=3D"noreferrer" tar= get=3D"_blank">https://www.paulbeard.org/wordpress/</a>", client: 192.= 168.0.5, server: <a href=3D"http://paulbeard.org" rel=3D"noreferrer" target= =3D"_blank">paulbeard.org</a>, request: "GET /wordpress/ HTTP/2.0"= ;, host: "<a href=3D"http://paulbeard.org" rel=3D"noreferrer" target= =3D"_blank">paulbeard.org</a>", referrer: "<a href=3D"https://www= .paulbeard.org/" rel=3D"noreferrer" target=3D"_blank">https://www.paulbeard= .org/</a>"<br> ><br> > 2022/09/12 16:41:57 [notice] 5920#100651: *1742 rewritten redirect: &q= uot;<a href=3D"https://www.paulbeard.org/wordpress/" rel=3D"noreferrer" tar= get=3D"_blank">https://www.paulbeard.org/wordpress/</a>", client: 192.= 168.0.5, server: <a href=3D"http://paulbeard.org" rel=3D"noreferrer" target= =3D"_blank">paulbeard.org</a>, request: "GET /wordpress/ HTTP/2.0"= ;, host: "<a href=3D"http://paulbeard.org" rel=3D"noreferrer" target= =3D"_blank">paulbeard.org</a>", referrer: "<a href=3D"https://www= .paulbeard.org/" rel=3D"noreferrer" target=3D"_blank">https://www.paulbeard= .org/</a>"<br> ><br> > 2022/09/12 16:41:58 [notice] 5920#100651: *1742 rewritten redirect: &q= uot;<a href=3D"https://www.paulbeard.org/wordpress/" rel=3D"noreferrer" tar= get=3D"_blank">https://www.paulbeard.org/wordpress/</a>", client: 192.= 168.0.5, server: <a href=3D"http://paulbeard.org" rel=3D"noreferrer" target= =3D"_blank">paulbeard.org</a>, request: "GET /wordpress/ HTTP/2.0"= ;, host: "<a href=3D"http://paulbeard.org" rel=3D"noreferrer" target= =3D"_blank">paulbeard.org</a>", referrer: "<a href=3D"https://www= .paulbeard.org/" rel=3D"noreferrer" target=3D"_blank">https://www.paulbeard= .org/</a>"<br> ><br> > 2022/09/12 16:41:58 [notice] 5920#100651: *1742 rewritten redirect: &q= uot;<a href=3D"https://www.paulbeard.org/wordpress/" rel=3D"noreferrer" tar= get=3D"_blank">https://www.paulbeard.org/wordpress/</a>", client: 192.= 168.0.5, server: <a href=3D"http://paulbeard.org" rel=3D"noreferrer" target= =3D"_blank">paulbeard.org</a>, request: "GET /wordpress/ HTTP/2.0"= ;, host: "<a href=3D"http://paulbeard.org" rel=3D"noreferrer" target= =3D"_blank">paulbeard.org</a>", referrer: "<a href=3D"https://www= .paulbeard.org/" rel=3D"noreferrer" target=3D"_blank">https://www.paulbeard= .org/</a>"<br> ><br> > 2022/09/12 16:41:58 [notice] 5920#100651: *1742 rewritten redirect: &q= uot;<a href=3D"https://www.paulbeard.org/wordpress/" rel=3D"noreferrer" tar= get=3D"_blank">https://www.paulbeard.org/wordpress/</a>", client: 192.= 168.0.5, server: <a href=3D"http://paulbeard.org" rel=3D"noreferrer" target= =3D"_blank">paulbeard.org</a>, request: "GET /wordpress/ HTTP/2.0"= ;, host: "<a href=3D"http://paulbeard.org" rel=3D"noreferrer" target= =3D"_blank">paulbeard.org</a>", referrer: "<a href=3D"https://www= .paulbeard.org/" rel=3D"noreferrer" target=3D"_blank">https://www.paulbeard= .org/</a>"<br> ><br> > 2022/09/12 16:41:58 [notice] 5920#100651: *1742 rewritten redirect: &q= uot;<a href=3D"https://www.paulbeard.org/wordpress/" rel=3D"noreferrer" tar= get=3D"_blank">https://www.paulbeard.org/wordpress/</a>", client: 192.= 168.0.5, server: <a href=3D"http://paulbeard.org" rel=3D"noreferrer" target= =3D"_blank">paulbeard.org</a>, request: "GET /wordpress/ HTTP/2.0"= ;, host: "<a href=3D"http://paulbeard.org" rel=3D"noreferrer" target= =3D"_blank">paulbeard.org</a>", referrer: "<a href=3D"https://www= .paulbeard.org/" rel=3D"noreferrer" target=3D"_blank">https://www.paulbeard= .org/</a>"<br> ><br> ><br> > This is the <a href=3D"http://paulbeard.org" rel=3D"noreferrer" target= =3D"_blank">paulbeard.org</a> stanza:<br> ><br> >=C2=A0 =C2=A0 =C2=A0 74=C2=A0 =C2=A0 =C2=A0server {<br> ><br> >=C2=A0 =C2=A0 =C2=A0 75=C2=A0 =C2=A0 =C2=A0listen 443 ssl http2;<br> ><br> >=C2=A0 =C2=A0 =C2=A0 76=C2=A0 =C2=A0 =C2=A0server_name=C2=A0 <a href=3D= "http://paulbeard.org" rel=3D"noreferrer" target=3D"_blank">paulbeard.org</= a>;<br> ><br> >=C2=A0 =C2=A0 =C2=A0 77=C2=A0 =C2=A0 =C2=A0root=C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0/usr/local/www/;<br> ><br> >=C2=A0 =C2=A0 =C2=A0 78=C2=A0 =C2=A0 =C2=A0ssl_certificate /usr/local/e= tc/letsencrypt/live/<a href=3D"http://paulbeard.org/fullchain.pem" rel=3D"n= oreferrer" target=3D"_blank">paulbeard.org/fullchain.pem</a>; # managed by = Certbot<br> ><br> >=C2=A0 =C2=A0 =C2=A0 79=C2=A0 =C2=A0 =C2=A0ssl_certificate_key /usr/loc= al/etc/letsencrypt/live/<a href=3D"http://paulbeard.org/privkey.pem" rel=3D= "noreferrer" target=3D"_blank">paulbeard.org/privkey.pem</a>; # managed by = Certbot<br> ><br> >=C2=A0 =C2=A0 =C2=A0 80=C2=A0 =C2=A0 =C2=A0include /usr/local/etc/letse= ncrypt/options-ssl-nginx.conf; # managed by Certbot<br> ><br> >=C2=A0 =C2=A0 =C2=A0 81=C2=A0 =C2=A0 =C2=A0ssl_dhparam /usr/local/etc/l= etsencrypt/ssl-dhparams.pem; # managed by Certbot<br> ><br> >=C2=A0 =C2=A0 =C2=A0 82<br> ><br> >=C2=A0 =C2=A0 =C2=A0 83=C2=A0 =C2=A0 =C2=A0add_header X-Clacks-Overhead= "GNU Terry Pratchett";<br> ><br> >=C2=A0 =C2=A0 =C2=A0 84=C2=A0 =C2=A0 =C2=A0# add Strict-Transport-Secur= ity to prevent man in the middle attacks<br> ><br> >=C2=A0 =C2=A0 =C2=A0 85=C2=A0 =C2=A0 =C2=A0add_header Strict-Transport-= Security "max-age=3D15552000; includeSubDomains" always;<br> ><br> >=C2=A0 =C2=A0 =C2=A0 86=C2=A0 =C2=A0 =C2=A0rewrite ^(.*) <a href=3D"htt= ps://www.paulbeard.org" rel=3D"noreferrer" target=3D"_blank">https://www.pa= ulbeard.org</a>$1 permanent;<br> ><br> >=C2=A0 =C2=A0 =C2=A0 87=C2=A0 =C2=A0 =C2=A0#return=C2=A0 =C2=A0 =C2=A0 = 301 https://$host$request_uri;<br>; ><br> >=C2=A0 =C2=A0 =C2=A0 88<br> ><br> >=C2=A0 =C2=A0 =C2=A0 89<br> ><br> >=C2=A0 =C2=A0 =C2=A0 90=C2=A0 =C2=A0 =C2=A0disable_symlinks off;<br> ><br> >=C2=A0 =C2=A0 =C2=A0 91<br> ><br> >=C2=A0 =C2=A0 =C2=A0 92 }<br> ><br> ><br> > The only active thing that looks like a rewrite is on line 86 and if I= comment that out, the php pages are downloaded, rather than parsed and dis= played. That's not what I want.<br> ><br> > I have no idea how this got so messed up. I am working from a config t= hat worked 3-4 days ago.=C2=A0 I tried ripping out that stanza but somethin= g somewhere depends on it.<br> > --<br> > Paul Beard / <a href=3D"http://www.paulbeard.org/" rel=3D"noreferrer" = target=3D"_blank">www.paulbeard.org/</a><br> <br> <br> It looks like you just want to redirect traffic to your www. ? 034<br> This is all you need for that. I don't know what that Terry Pratchett<b= r> header is but whatevers, and I think you don't really need http2 for a<= br> redirect but it probably shouldn't break anything.<br> <br> You don't presently have an AAAA record for your domain in DNS so IPv6<= br> isn't going to be an issue.<br> <br> server {<br> =C2=A0 =C2=A0 listen 443 ssl http2;<br> =C2=A0 =C2=A0 server_name=C2=A0 <a href=3D"http://paulbeard.org" rel=3D"nor= eferrer" target=3D"_blank">paulbeard.org</a>;<br> =C2=A0 =C2=A0 ssl_certificate<br> /usr/local/etc/letsencrypt/live/<a href=3D"http://paulbeard.org/fullchain.p= em" rel=3D"noreferrer" target=3D"_blank">paulbeard.org/fullchain.pem</a>; #= managed<br> by Certbot<br> =C2=A0 =C2=A0 ssl_certificate_key<br> /usr/local/etc/letsencrypt/live/<a href=3D"http://paulbeard.org/privkey.pem= " rel=3D"noreferrer" target=3D"_blank">paulbeard.org/privkey.pem</a>; # man= aged<br> by Certbot<br> =C2=A0 =C2=A0 include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; #<= br> managed by Certbot<br> =C2=A0 =C2=A0 ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # ma= naged<br> by Certbot<br> =C2=A0 =C2=A0 add_header X-Clacks-Overhead "GNU Terry Pratchett";= <br> =C2=A0 =C2=A0 add_header Strict-Transport-Security "max-age=3D15552000= ;<br> includeSubDomains" always;<br> =C2=A0 =C2=A0 return=C2=A0 =C2=A0 =C2=A0 301 <a href=3D"https://www.paulbea= rd.org" rel=3D"noreferrer" target=3D"_blank">https://www.paulbeard.org</a>$= request_uri;<br> }<br> <br> <br><br> -- <br> Waitman Gobble<br> <br> </blockquote></div><div>You know, I tried that very thing. It *should* work= . It doesn't. And I can't see where the "more than 20 redirect= s" are creeping in. I assume it's ping ponging back and forth betw= een www and non-ww but I can't see where that is explicitly declared/de= fined. After 20 or so it quits.=C2=A0<br></div><div><br></div><div><br></di= v><p style=3D"margin:0px;font-stretch:normal;font-size:11px;line-height:nor= mal;font-family:Menlo;color:rgb(0,0,0)"><span style=3D"font-variant-ligatur= es:no-common-ligatures">grep redi nginx.conf</span></p> <p style=3D"margin:0px;font-stretch:normal;font-size:11px;line-height:norma= l;font-family:Menlo;color:rgb(0,0,0)"><span style=3D"font-variant-ligatures= :no-common-ligatures"><span class=3D"gmail-Apple-converted-space">=C2=A0=C2= =A0 =C2=A0 </span>rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;</spa= n></p> <p style=3D"margin:0px;font-stretch:normal;font-size:11px;line-height:norma= l;font-family:Menlo;color:rgb(0,0,0)"><span style=3D"font-variant-ligatures= :no-common-ligatures"><span class=3D"gmail-Apple-converted-space">=C2=A0=C2= =A0 =C2=A0 </span>rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;</s= pan></p> <p style=3D"margin:0px;font-stretch:normal;font-size:11px;line-height:norma= l;font-family:Menlo;color:rgb(0,0,0)"><span style=3D"font-variant-ligatures= :no-common-ligatures"><span class=3D"gmail-Apple-converted-space">=C2=A0=C2= =A0 =C2=A0 </span>rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;</spa= n></p> <p style=3D"margin:0px;font-stretch:normal;font-size:11px;line-height:norma= l;font-family:Menlo;color:rgb(0,0,0)"><span style=3D"font-variant-ligatures= :no-common-ligatures"><span class=3D"gmail-Apple-converted-space">=C2=A0 = =C2=A0 </span>rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;<= /span></p> <p style=3D"margin:0px;font-stretch:normal;font-size:11px;line-height:norma= l;font-family:Menlo;color:rgb(0,0,0)"><span style=3D"font-variant-ligatures= :no-common-ligatures"><span class=3D"gmail-Apple-converted-space">=C2=A0 = =C2=A0 </span>rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;</s= pan></p><p style=3D"margin:0px;font-stretch:normal;font-size:11px;line-heig= ht:normal;font-family:Menlo;color:rgb(0,0,0)"><span style=3D"font-variant-l= igatures:no-common-ligatures"><br></span></p><div><p style=3D"margin:0px;fo= nt-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color= :rgb(0,0,0)"><span style=3D"font-variant-ligatures:no-common-ligatures">gre= p rewr nginx.conf</span></p> <p style=3D"margin:0px;font-stretch:normal;font-size:11px;line-height:norma= l;font-family:Menlo;color:rgb(0,0,0)"><span style=3D"font-variant-ligatures= :no-common-ligatures"><span class=3D"gmail-Apple-converted-space">=C2=A0 = =C2=A0 </span>rewrite_log on;</span></p> <p style=3D"margin:0px;font-stretch:normal;font-size:11px;line-height:norma= l;font-family:Menlo;color:rgb(0,0,0)"><span style=3D"font-variant-ligatures= :no-common-ligatures"><span class=3D"gmail-Apple-converted-space">=C2=A0 = =C2=A0 </span>rewrite ^(.*) <a href=3D"https://www.paulbeard.org">https://w= ww.paulbeard.org</a>$1 permanent;</span></p> <p style=3D"margin:0px;font-stretch:normal;font-size:11px;line-height:norma= l;font-family:Menlo;color:rgb(0,0,0)"><span style=3D"font-variant-ligatures= :no-common-ligatures"><span class=3D"gmail-Apple-converted-space">=C2=A0 = =C2=A0 </span>rewrite ^/wp-json/(.*?)$ /?rest_route=3D/$1 last;</span></p> <p style=3D"margin:0px;font-stretch:normal;font-size:11px;line-height:norma= l;font-family:Menlo;color:rgb(0,0,0)"><span style=3D"font-variant-ligatures= :no-common-ligatures"><span class=3D"gmail-Apple-converted-space">=C2=A0=C2= =A0 =C2=A0 </span>rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;</spa= n></p> <p style=3D"margin:0px;font-stretch:normal;font-size:11px;line-height:norma= l;font-family:Menlo;color:rgb(0,0,0)"><span style=3D"font-variant-ligatures= :no-common-ligatures"><span class=3D"gmail-Apple-converted-space">=C2=A0=C2= =A0 =C2=A0 </span>rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;</s= pan></p> <p style=3D"margin:0px;font-stretch:normal;font-size:11px;line-height:norma= l;font-family:Menlo;color:rgb(0,0,0)"><span style=3D"font-variant-ligatures= :no-common-ligatures"><span class=3D"gmail-Apple-converted-space">=C2=A0=C2= =A0 =C2=A0 </span>rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;</spa= n></p> <p style=3D"margin:0px;font-stretch:normal;font-size:11px;line-height:norma= l;font-family:Menlo;color:rgb(0,0,0)"><span style=3D"font-variant-ligatures= :no-common-ligatures"><span class=3D"gmail-Apple-converted-space">=C2=A0 = =C2=A0 </span>#rewrite ^/.well-known/host-meta /public.php?service=3Dhost-m= eta last;</span></p> <p style=3D"margin:0px;font-stretch:normal;font-size:11px;line-height:norma= l;font-family:Menlo;color:rgb(0,0,0)"><span style=3D"font-variant-ligatures= :no-common-ligatures"><span class=3D"gmail-Apple-converted-space">=C2=A0 = =C2=A0 </span>#rewrite ^/.well-known/host-meta.json /public.php?service=3Dh= ost-meta-json last;</span></p> <p style=3D"margin:0px;font-stretch:normal;font-size:11px;line-height:norma= l;font-family:Menlo;color:rgb(0,0,0)"><span style=3D"font-variant-ligatures= :no-common-ligatures"><span class=3D"gmail-Apple-converted-space">=C2=A0 = =C2=A0 </span>rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;<= /span></p> <p style=3D"margin:0px;font-stretch:normal;font-size:11px;line-height:norma= l;font-family:Menlo;color:rgb(0,0,0)"><span style=3D"font-variant-ligatures= :no-common-ligatures"><span class=3D"gmail-Apple-converted-space">=C2=A0 = =C2=A0 </span>rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;</s= pan></p> <p style=3D"margin:0px;font-stretch:normal;font-size:11px;line-height:norma= l;font-family:Menlo;color:rgb(0,0,0)"><span style=3D"font-variant-ligatures= :no-common-ligatures"><span class=3D"gmail-Apple-converted-space">=C2=A0 = =C2=A0 </span>rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;</span></p> </div><div><br></div><div>and I see traffic being logged so this is partly = an nginx mystery and a Safari bug. Firefox has the same issue.=C2=A0</div><= div><br></div><div>I also don't understand why this breaks the php inte= rpreter:=C2=A0</div><div>=C2=A0 =C2=A0 rewrite ^(.*) <a href=3D"https://www= .paulbeard.org">https://www.paulbeard.org</a>$1 permanent;<br></div><div><b= r></div><div>Ideally, the redirect would push the request to the www. liste= ner and all the work would get done there. But that doesn't seem to be = the case.=C2=A0</div><div><br></div><div>Almost to the point where I copy i= n the last known-good config and see where I am but that doesn't seem t= o make much difference. Occasionally it will work but not consistently over= time.=C2=A0</div>--=C2=A0<div><div dir=3D"ltr" class=3D"gmail_signature">P= aul Beard / <a href=3D"http://www.paulbeard.org/" target=3D"_blank">www.pau= lbeard.org/</a><br></div></div></div> --000000000000e87a1a05e8851535--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAMtcK2pi=m8m0SCqe0%2Bg2uaW8Nry3xgYTR%2BULdVJuxM=riXC8Q>