Bypass SSL on localhost when hitting nginx status

Question

I have a location for /nginx_status, and I installed an SSL cert last night.

server {
    listen 443;
    ...
    location /nginx_status {
        stub_status on;
        access_log off;
        allow 127.0.0.1;
        deny all;
    }
}

This was working pre-cert installation when it was still on port 80. Now, I have redirects in place to redirect www.domain.tld and domain.tld traffic to https e.g.

server {
        listen 80;
        server_name domain.tld;
        return 301 https://domain.tld$request_uri;
}

server {
        listen 80;
        server_name www.domain.tld;
        return 301 https://domain.tld$request_uri;
}

I'm using graphdat-relay to monitor nginx stats, and now curl http://127.0.0.1/nginx_status just gets the redirect page e.g.

<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.6.2</center>
</body>
</html>

How do I tell nginx to bypass SSL and allow /nginx_status locally only?

score 9 · Accepted Answer · answered Oct 10 '14 at 12:30

9

Add a special server for this that only listens on the local host.

server {
    listen 127.0.0.1:80;
    listen [::1]:80;
    ...
    location /nginx_status {
        stub_status on;
        access_log off;
        allow 127.0.0.1;
        deny all;
    }
}

answered Oct 10 '14 at 12:30

Christopher Perrin

4,741
17
32

1

Note that if this server block is the first in the configuration load process, requests from the outside with Host headers not matching configured server blocks will all end up with HTTP 403 codes as the default vhost listen on an unreachable interface. – Xavier Lucas Oct 10 '14 at 15:06

Bypass SSL on localhost when hitting nginx status

1 Answers1