Hi,
Today I try to force piwik to use https, so after buy and install certificat, I try this :
[General]
force_ssl=1
But after that, i am unable to connect on piwik cause of too many redirections.
Piwik works on http and https, this only appear when force_ssl=1 is set.
What’s going on ?
Here is my nginx config file :
server {
listen 80;
listen 443 ssl;
server_name sub.domain.fr;
root /var/www;
index index.php;
ssl_certificate /etc/ssl/ssl/monssl.crt;
ssl_certificate_key /etc/ssl/makey.key;
## Block common exploits
set $block_common_exploits 0;
if ($query_string ~ "(<|%3C).*script.*(>|%3E)") {
set $block_common_exploits 1;
}
if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})") {
set $block_common_exploits 1;
}
if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})") {
set $block_common_exploits 1;
}
if ($query_string ~ "proc/self/environ") {
set $block_common_exploits 1;
}
if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|\%3D)") {
set $block_common_exploits 1;
}
if ($query_string ~ "base64_(en|de)code\(.*\)") {
set $block_common_exploits 1;
}
if ($block_common_exploits = 1) {
return 403;
}
fastcgi_buffer_size 8192;
## Try all locations and relay to index.php as a fallback.
location / {
## Disallow any usage of piwik assets if referer is non valid.
location ~* ^.+\.(?:css|gif|jpe?g|js|png|swf)$ {
## Defining the valid referers.
#valid_referers none blocked *.mysite.com othersite.com;
#if ($invalid_referer) {
# return 444;
#}
expires max;
access_log off;
log_not_found off;
}
## Redirect to the root if attempting to access a txt file.
location ~* (?:DESIGN|(?:gpl|README|LICENSE)[^.]*|LEGALNOTICE)(?:\.txt)*$ {
return 404;
}
## Disallow access to several helper files.
#location ~* \.(?:bat|html?|git|ini|sh|svn[^.]*|txt|tpl|xml)$ {
# return 404;
#}
## Supression de html dans la condition du a un soucis de chargement des vues.
location ~* \.(?:bat|git|ini|sh|svn[^.]*|txt|tpl|xml)$ {
return 404;
}
try_files $uri /index.php?$query_string;
}
## Support for favicon. Return a 1x1 transparent GIF it it doesn't
## exist. doesn't exist.
location = /favicon.ico {
try_files /favicon.ico @empty;
}
location @empty {
empty_gif;
}
## Relay all index.php requests to fastcgi.
location = /index.php {
fastcgi_cache nginx;
fastcgi_cache_key $host$request_uri;
fastcgi_cache_valid 200 301 5m;
fastcgi_cache_valid 302 3m;
fastcgi_cache_valid 404 1m;
fastcgi_pass unix:/var/run/php5-fpm.sock;
include fastcgi_params;
fastcgi_param GEOIP_ADDR $remote_addr;
fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name;
fastcgi_param GEOIP_REGION $geoip_region;
fastcgi_param GEOIP_REGION_NAME $geoip_region_name;
fastcgi_param GEOIP_CITY $geoip_city;
fastcgi_param GEOIP_AREA_CODE $geoip_area_code;
fastcgi_param GEOIP_LATITUDE $geoip_latitude;
fastcgi_param GEOIP_LONGITUDE $geoip_longitude;
fastcgi_param GEOIP_POSTAL_CODE $geoip_postal_code;
}
## Relay all piwik.php requests to fastcgi.
location = /piwik.php {
fastcgi_cache nginx;
fastcgi_cache_key $host$request_uri;
fastcgi_cache_valid 200 301 5m;
fastcgi_cache_valid 302 3m;
fastcgi_cache_valid 404 1m;
fastcgi_pass unix:/var/run/php5-fpm.sock;
include fastcgi_params;
fastcgi_param GEOIP_ADDR $remote_addr;
fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name;
fastcgi_param GEOIP_REGION $geoip_region;
fastcgi_param GEOIP_REGION_NAME $geoip_region_name;
fastcgi_param GEOIP_CITY $geoip_city;
fastcgi_param GEOIP_AREA_CODE $geoip_area_code;
fastcgi_param GEOIP_LATITUDE $geoip_latitude;
fastcgi_param GEOIP_LONGITUDE $geoip_longitude;
fastcgi_param GEOIP_POSTAL_CODE $geoip_postal_code;
}
## Any other attempt to access PHP files returns a 404.
location ~* ^.+\.php$ {
return 404;
}
## No crawling of this site for bots that obey robots.txt.
location = /robots.txt {
return 200 "User-agent: *\nDisallow: /\n";
}
} # server