Trellis SSL not forcing HTTPS on canonical domain

Hello,

I have a strange issue where my site is not being forced through https on the canonical domain.

canonical → ustna-medicina.com
Website Speed Test | Pingdom Tools

redirect → www.ustna-medicina.com
Website Speed Test | Pingdom Tools

You can check the pingdom links, the first one returns No data received. If you type the canonical into the url you the browser will try to visit the site from http:// and get blocked. If you try with www.ustna-medicina.com you will get redirected to https://ustna-medicina.com and the browser will store the HSTS header.

This is my wordpress_sites.

This is my nginx wordpress extra include which works perfectly.

57

This reminds me of roots/trellis#889

Could you check whether you have that update?

The upstream update may have a couple advantages over your child template:

  • #889 includes directives related to acme-challenge and nginx-includes
  • #889 yields only one server block matching www.example.com on port 80 whereas I think your /etc/nginx/sites-enabled/example.com.conf will have two such server blocks

Yes I do have the release. And also my child template servers a different purpose. It is redirecting another domain (smejseposvoje.si) to one of the pages on my website.

Do you think that extra include that I have may be causing the problems?

It is, I removed it and not both ustna-medicina.com and www.ustna-medicina.com work. But I still do need that redirect, any ideas how I might do that without interfering with trellis.

I see now. Sorry I didn’t review carefully enough to notice the different domain name in your child template.

Good job figuring out that the child template was the problem. I believe the problem is that your child template was completely replacing the redirects_https block, so you didn’t end up having any https redirect for the regular site_hosts.

One option would be to use the server_before block (because it is empty and can be replaced completely) instead of the redirects_https block.

If you want to stick with the redirects_https block, you would want to add {{ super() }} inside the block. The nginx-includes docs mention

{{ super() }}, which represents the original block content from the base template

1 Like

I moved it to server_before and it works like a charm now. Good catch! I’ve been stuck with this problem for a few hours. Thank you very much for your help.

1 Like