Hej again Melvyn,
On 07/03/2018 12:13 AM, Melvyn Sopacua wrote:
The only reason to set it up like that for HTTPS is that it's possible the SNI
name differs from the HTTP Host header. For HTTP redirects it makes no sense:
the HTTP header is in plain text and is used to determine the server block to
pick. So putting an if statement there, is just doing it again, on every
request, because electrons are cheap. Save the electrons!
Thanks for your explanation.
So, if I understand you correctly, it does make sense to explicitly test
for the host header in a HTTPS request, like I have done, but not in the
setup I got from letsencrypt where HTTP traffic is redirected to HTTPS
if the HOST headers matches?
Anyhow - instead of return 404, I would do:
return 301 https://$server_name$request_uri
I guess I could do that as well, but then I guess whatever is trying to
crawl, exploit whatever my host would get redirected to the actual site,
which I find unnecessary. Right?
How I normally set things up:
server {
listen 443 default_server ssl http2;
server_name localhost;
return 301 https://djangoserver.example.com$request_uri
}
Wouldn't this require having at least a self signed certifate for this
server section, even if it's just used to redirect? Admittedly, I
haven't tried it.
Thanks a lot for your help.
Kind regards,
Kasper Laudrup
--
You received this message because you are subscribed to the Google Groups "Django
users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/1c39fb17-cc6f-86fa-03e7-ed3699638997%40stacktrace.dk.
For more options, visit https://groups.google.com/d/optout.
