Redirect to https;//...
48 views
Skip to first unread message
Alexandr Kalenuk
Oct 31, 2012, 5:30:54 AM10/31/12
to nitro...@googlegroups.com
I want to make certain pages available only by https. I think it would
be ok to recognize protocol right in the page.erl and then redirect to
the right URL. Something like
case Protocol of
http -> wf:redirect('https://' ++ UrlWithNoProtocol);
_ -> ok
end
But the thing is, I don't know: how to get an actual URL of page?
be ok to recognize protocol right in the page.erl and then redirect to
the right URL. Something like
case Protocol of
http -> wf:redirect('https://' ++ UrlWithNoProtocol);
_ -> ok
end
But the thing is, I don't know: how to get an actual URL of page?
Jesse Gumm
Oct 31, 2012, 5:27:33 PM10/31/12
to nitrogenweb
Hi Alexandr,
--
Jesse Gumm
Owner, Sigma Star Systems
414.940.4866 || sigma-star.com || @jessegumm
I would do this one of two ways, and both of them mean putting Nitrogen behind a reverse proxy like Nginx.
The first way would be to have simple rewrite rules in nginx that force SSL for certain pages. For example, in nginx, if you wanted to redirect all requests that start with /admin to be over HTTPS, you could do this in your HTTP section.
location ^~ /admin {
rewrite ^ https://$http_host$request_uri? permanent;
}
You can read about configuring nginx to run over SSL at (all the way at the bottom): https://github.com/nitrogen/nitrogen_core/blob/master/doc/org-mode/config.org
The next alternative would be to (once again) put nitrogen behind a reverse proxy, but this time, check for the existence of a header indicating that the request is secure (this header would be inserted by nginx).
For example, you could add a rule in your 'ssl' section in your nginx configuration that sets a header like :
proxy_set_header X-Forwarded-SSL on;
Then you could check for the existence of the header with wf:header(x_forwarded_ssl).
If you're not using a reverse proxy, then the easiest check is probably to check which port the site is being served with by getting the request, then the socket port
Req = wf_context:get_request_bridge(),
Req:peer_port().
Then, the check is simply if the Port is 80, it's http, if it 443, then it's https.
Personally, I'd opt for the nginx solution, since with any degree of scaling, it'd be nice to simply scale out by adding additional servers and letting nginx do the load balancing and ssl handling for you.
-Jesse
--
You received this message because you are subscribed to the Google Groups "Nitrogen Project / The Nitrogen Web Framework for Erlang" group.
To post to this group, send email to nitro...@googlegroups.com.
To unsubscribe from this group, send email to nitrogenweb...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/nitrogenweb?hl=en.
Jesse Gumm
Owner, Sigma Star Systems
414.940.4866 || sigma-star.com || @jessegumm
Reply all
Reply to author
Forward
0 new messages