HTTP returns an octet stream instead of redirecting

#1

My mastodon is working just fine on https://orng.social however, whenever I visit a new browser and enter orng.social (http://orng.social) then it returns a binary of 57bytes I have tried redirects in many ways but nothing is working! any clue where to start investigating?

using stock nginx configuration as provided at github with hostname set correctly to orng.social in both blocks.

However, due to enforced HSTS, this can only be seen if you are using a browser for the first time (or in incognito) but once the site is opened with https everything works fine.

#2

Hey o/

This is really strange. Can you post your nginx configurations present in sites-enabled/ ?

#3 

map $http_upgrade $connection_upgrade {default upgrade; '' close;}

server {
  listen 80;
  listen [::]:80;
  server_name orng.social;
  root /home/mastodon/live/public;
  # Useful for Let's Encrypt
  # location /.well-known/acme-challenge/ { allow all; }
  location / { return 301 https://$host$request_uri; }
}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name orng.social;

  ssl_session_cache shared:SSL:10m;

    ssl_certificate /etc/letsencrypt/live/orng.social/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/orng.social/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


  keepalive_timeout    70;
  sendfile             on;
  client_max_body_size 8m;

  root /home/mastodon/live/public;

  gzip on;
  gzip_disable "msie6";
  gzip_vary on;
  gzip_proxied any;
  gzip_comp_level 6;
  gzip_buffers 16 8k;
  gzip_http_version 1.1;
  gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

  add_header Strict-Transport-Security "max-age=31536000";

  location / {
    try_files $uri @proxy;
  }

  location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) {
    add_header Cache-Control "public, max-age=31536000, immutable";
    try_files $uri @proxy;
  }

  location /sw.js {
    add_header Cache-Control "public, max-age=0";
    try_files $uri @proxy;
  }

  location @proxy {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header Proxy "";
    proxy_pass_header Server;

    proxy_pass http://127.0.0.1:3000;
    proxy_buffering off;
    proxy_redirect off;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;

    tcp_nodelay on;
  }

  location /api/v1/streaming {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header Proxy "";

    proxy_pass http://127.0.0.1:4000;
    proxy_buffering off;
    proxy_redirect off;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;

    tcp_nodelay on;
  }

  error_page 500 501 502 503 504 /500.html;
}
#4 
> curl -sSv http://orng.social/
*   Trying 195.154.241.217...
* TCP_NODELAY set
* Connected to orng.social (195.154.241.217) port 80 (#0)
> GET / HTTP/1.1
> Host: orng.social
> User-Agent: curl/7.59.0
> Accept: */*
>
{ [57 bytes data]
* Connection #0 to host orng.social left intact

It contains:

00000000  00 00 12 04 00 00 00 00  00 00 03 00 00 00 80 00  |................|
00000010  04 00 01 00 00 00 05 00  ff ff ff 00 00 04 08 00  |................|
00000020  00 00 00 00 7f ff 00 00  00 00 08 07 00 00 00 00  |................|
00000030  00 00 00 00 00 00 00 00  01                       |.........|
00000039

What is in root /home/mastodon/live/public; ? What happens if you remove the location / line?

Also, can you disable HTTP/2 upgrade ?

#5

on another note, I’d never enable STS until the site is fully running.

#6

That directory doesn’t exist. (It was a part of recommended configuration so I just copy-pasted it without thinking much)

What does that exactly mean?
Do I have to remove http2 from the HTTPS block or some thing else?

Nothing about the problem changes.

Site is fully running on https. HTTP is what’s bothering me. :frowning:

#7

I just did some additional tinkering overall,

#1: removed the HTTP redirect block from mastodon’s config file.
#2: removed http2 from the other server block that was handling another website’s redirect
#3: merged mastodon’t redirect into a common block by adding orng.social as a domain in other server block
#4: Removed the root /home/mastodon/live/public; line from the https block!

Then reloaded nginx and everything seems stable and working.

#8

I’m glad you manage to solve your issue !
I think this was the root /home/mastodon/live/public; pointing nowhere, but I’m not sure.

#9

The root is supposed to point to the public directory inside the cloned Mastodon repository, wherever it may be. The documentation assumes the user is called mastodon and the repository has been cloned into the folder named live.

#10

nah, It was the http2 added to another server’s redirect block.
What I’ve understood so far is that the location / return 301 https://$host$request_uri; can work without a root being specified, also, the HTTPS requests are being proxied to docker anyway so a root isn’t required there either (confirmed, I amended the root to point to exact folder at /root/mastodon/public but that didn’t solve anything to me). So I’d blame it to the redirect block for my other app having http2 added to the port 80 server blocks because that was the only thing I hadn’t noticed or removed earlier.