search

bunkerity / bunkerweb

🛡️ Open-source and next-generation Web Application Firewall (WAF)
https://www.bunkerweb.io
GNU Affero General Public License v3.0
6.12k stars 339 forks source link

[FEATURE] Redirect whole vhost to another one (REDIRECT_TO) #153

Closed peterkimzz closed 3 years ago

peterkimzz commented 3 years ago

What's needed and why ?

Hi, this is Peter.

I have been running my website using bunkerzied-nginx. It works good, but there is no option to redirect apex domain to www domain. (example.com -> www.example.com only)

I found a solution like below.

# redirect.conf
if ($http_x_forwarded_proto = 'http'){
    return 301 https://$host$request_uri;
}

if ($host = 'example.com') {
    return 301 http://www.example.com$request_uri;
}

Actually first block is not required when we give REDIRECT_HTTP_TO_HTTPS options to yes. However, it is not worked with my second block. might bug?

docker-compose.yml

version: "3"

services:
  nginx:
    image: bunkerity/bunkerized-nginx
    ports:
      - 80:8080
      - 443:8443
    volumes:
      - ./server-confs:/server-confs:ro

# ...

Implementations ideas (optional)

I think It'll be very useful if we can give an option just APEX_TO_SUB_DOMAIN=www.example.com like this.

fl0ppy-d1sk commented 3 years ago

Hello @peterkimzz,

The redirection feature looks like a good idea. IMO, we should have something generic like REDIRECT_TO=https://www.example.com which will redirect every requests made to a server to another one. Here is an example where we redirect www.example.com to example.com (which might be another use case afterall) : 

SERVER_NAME=www.example.com example.com
MULTISITE=yes
www.example.com_REDIRECT_TO=https://example.com

What do you think ?

Before it's implemented, I would recommend you to use two differents server blocks : one for apex and the other one for www subdomain. The apex one will contain a return 301 directive redirecting to the www subdomain.

It should be easy to do it with bunkerized-nginx thanks to the MULTISITE=yes configuration. Here is a quick test I've made : 

$ tree
.
├── docker-compose.yml
├── server-confs
│   └── example.com
│       └── redirect.conf
└── www
    └── www.example.com
        └── index.html

4 directories, 3 files

Content of docker-compose.yml : 

version: "3"
services:
  nginx:
    image: bunkerity/bunkerized-nginx
    ports:
      - 80:8080
      - 443:8443
    volumes:
      - ./server-confs:/server-confs:ro
      - ./www:/www:ro
    environment:
      - SERVER_NAME=www.example.com example.com
      - MULTISITE=yes
      - GENERATE_SELF_SIGNED_SSL=yes # just for testing
      - REDIRECT_HTTP_TO_HTTPS=yes

Content of files : 

$ cat server-confs/example.com/redirect.conf
return 301 https://www.example.com$request_uri;

$ cat www/www.example.com/index.html
Hello from www.example.com

Testing the HTTP redirection : 

$ curl --resolve example.com:80:127.0.0.1 http://example.com -H "Host: example.com" -H "User-Agent: Legit" -vvv
...
HTTP/1.1 301 Moved Permanently
...
Location: https://www.example.com/
...

Testing the HTTPS redirection : 

$ curl -k --resolve example.com:443:127.0.0.1 https://example.com -H "Host: example.com" -H "User-Agent: Legit" -vvv
...
HTTP/2 301
...
Location: https://www.example.com/
...

Checking that www.example.com still works : 

$ curl -k --resolve www.example.com:443:127.0.0.1 https://www.example.com -H "Host: www.example.com" -H "User-Agent: Legit"
Hello from www.example.com
peterkimzz commented 3 years ago

Thanks for fast reply, @fl0ppy-d1sk

Your solution works good. I think this code block www.example.com_REDIRECT_TO=https://example.com is enough.

fl0ppy-d1sk commented 3 years ago

Hello @peterkimzz,

The REDIRECT_TO is now available in the v1.3.0 release. See the environment variables list for more information.