Search code examples
nginxprerender

Having trouble getting prerender.io nginx config to work with https rewrite

I think I may have bitten off more than I can chew with this nginx config I am trying to write. I am a novice at nginx configs and I am trying to write a pretty complex config (at least to me). Any help would be very appreciated.

The config needs to:

  1. redirect http $http_x_forwarded_proto to https (https cuts off at the ec2 load balancer)
  2. work with prerender.io's nginx middleware (seo for crawlable single page application)
  3. pass any query parameters (_escaped_fragment_=) from http to https
  4. redirect all subdomain requests to https://example.com/c/$subdomain
  5. allow http://example.com/healthcheck.txt to pass through http (load balancer health check)

Here is my current config

server {
    listen 80;
    server_name example.com;

    root   /var/www/html/dist;
    index  index.html;

    error_log  /var/log/mysite/error.log;
    access_log /var/log/mysite/access.log;

    location /healthcheck.txt {
        break;
    }

    location / {
        try_files $uri @prerender;

        if ($http_x_forwarded_proto != "https") {
            set $urltest N;
        }

        if ($query_string) {
            set $urltest "${urltest}Y";
        }

        if ($urltest = N) {
            rewrite ^(.*)$ https://example.com$1 permanent;
        }

        if ($urltest = NY) {
            rewrite ^(.*)$ https://example.com$1?$query_string permanent;
        }
    }

    location @prerender {
        proxy_set_header X-Prerender-Token MY_TOKEN;

        set $prerender 0;
        if ($http_user_agent ~* "baiduspider|twitterbot|facebookexternalhit|rogerbot|linkedinbot|embedly|quora link preview|showyoubot|outbrain|pinterest|slackbot|vkShare|W3C_Validator") {
            set $prerender 1;
        }
        if ($args ~ "_escaped_fragment_") {
            set $prerender 1;
        }
        if ($http_user_agent ~ "Prerender") {
            set $prerender 0;
        }
        if ($uri ~ "\.(js|css|xml|less|png|jpg|jpeg|gif|pdf|doc|txt|ico|rss|zip|mp3|rar|exe|wmv|doc|avi|ppt|mpg|mpeg|tif|wav|mov|psd|ai|xls|mp4|m4a|swf|dat|dmg|iso|flv|m4v|torrent|ttf|woff)") {
            set $prerender 0;
        }

        #resolve using Google's DNS server to force DNS resolution and prevent caching of IPs
        resolver 8.8.8.8;

        if ($prerender = 1) {

            #setting prerender as a variable forces DNS resolution since nginx caches IPs and doesnt play well with load balancing
            set $prerender "service.prerender.io";
            rewrite .* /$scheme://$host$request_uri? break;
            proxy_pass http://$prerender;
        }
        if ($prerender = 0) {
            rewrite .* /index.html break;
        }
    }
}

server {
    listen 80;
    server_name ~^(?<sub>.+)\.example\.com$ ;

    rewrite ^ https://example.com/c/$sub;
}

This works for items 1 4 & 5, however items 2 & 3 do not work

  1. work with prerender.io's nginx middleware

this does not work at all, however it does work without the https redirect

  1. pass any query parameters (_escaped_fragment_=) from http to https

it works, but duplicates the query parameters like so: ?_escaped_fragment_=&_escaped_fragment_=

Anyone have any advice they could offer?

Solution

  • I was finally able to get it worked out. I made the SSL go through the load balancer and reach the servers themselves, with this I can not simply redirect http to https without having to worry about the complexities the load balancer was causing.

    Here is my updated config:

    server {
    listen 80;
    server_name ~^(?<sub>.+)\.example\.com$ ;

    if ($sub = 'www') {
        return 301 https://$host$request_uri;
    }

    if ($sub != '') {
        rewrite ^ https://example.com/c/$sub;
    }

    if ($sub = '') {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443;
    server_name example.com;

    ssl  on;
    ssl_certificate    /etc/ssl/star_example_com.pem;
    ssl_certificate_key    /etc/ssl/star_example_com.key;

    root /var/www/html/dist;
    index index.html;

    access_log /var/log/example/ssl.access.log;
    error_log /var/log/example/ssl.error.log;

    include /etc/nginx/content_redirects.conf;

    location / {
        try_files $uri @prerender;
    }

    location @prerender {
        proxy_set_header X-Prerender-Token MY_KEY;

        set $prerender 0;
        if ($http_user_agent ~* "baiduspider|twitterbot|facebookexternalhit|rogerbot|linkedinbot|embedly|quora link preview|showyoubot|outbrain|pinterest|slackbot|vkShare|W3C_Valid
ator") {
            set $prerender 1;
        }
        if ($args ~ "_escaped_fragment_") {
            set $prerender 1;
        }
        if ($http_user_agent ~ "Prerender") {
            set $prerender 0;
        }
        if ($uri ~ "\.(js|css|xml|less|png|jpg|jpeg|gif|pdf|doc|txt|ico|rss|zip|mp3|rar|exe|wmv|doc|avi|ppt|mpg|mpeg|tif|wav|mov|psd|ai|xls|mp4|m4a|swf|dat|dmg|iso|flv|m4v|torrent|
ttf|woff)") {
            set $prerender 0;
        }

        #resolve using Google's DNS server to force DNS resolution and prevent caching of IPs
        resolver 8.8.8.8;

        if ($prerender = 1) {

            #setting prerender as a variable forces DNS resolution since nginx caches IPs and doesnt play well with load balancing
            set $prerender "service.prerender.io";
            rewrite .* /https://$host$request_uri? break;
            proxy_pass http://$prerender;
        }
        if ($prerender = 0) {
            rewrite .* /index.html break;
        }
    }
}