Symfony2: How to force HTTPS for the whole app?
How to force HTTPS or HTTP for Different URLs
The Security component provides a way to enforce HTTPs via the
requires_channel
setting. This alternative method is better suited to secure an "area" of your website (all URLs under /admin) or when you want to secure URLs defined in a third party bundle.
access_control: - path: ^/secure roles: ROLE_ADMIN requires_channel: https
It seems we misconfigured our webserver. For reference, here is the now working config:
server { listen x.x.x.x:80; server_name domain.tld; listen 80; location / { rewrite ^(.*) https://domain.tld$1 permanent; } } server { gzip on; gzip_types text/plain text/css application/x-javascript text/xml application/xml application/rss+xml text/javascript image/x-icon; gzip_min_length 1000; gzip_comp_level 6; gzip_http_version 1.0; gzip_vary on; gzip_proxied expired no-cache no-store private auth; gzip_disable msie6; listen x.x.x.x:443; ssl on; ssl_certificate /etc/nginx/wildcard_ssl/cert.pem; ssl_certificate_key /etc/nginx/wildcard_ssl/cert.key; server_name domain.tld; root /var/www/domain.tld/current/web/; access_log /var/log/nginx/domain.tld/access.log main; error_log /var/log/nginx/domain.tld/error.log; rewrite ^/app\.php/?(.*)$ /$1 permanent; location / { index app.php; try_files $uri @rewriteapp; } location @rewriteapp { rewrite ^(.*)$ /app.php/$1 last; } location @long_time { fastcgi_pass tldpass; fastcgi_split_path_info ^(.+\.php)(/.*)$; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root/app.php; fastcgi_param HTTPS on; fastcgi_read_timeout 300; } location ~ ^/app\.php(/|$) { include fastcgi_params; fastcgi_pass tldpass; fastcgi_split_path_info ^(.+\.php)(/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param HTTPS on; fastcgi_read_timeout 600s; access_log /var/log/nginx/domain.tld/php-only.log; } location ~* ^.+\.(jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|wav|bmp|rtf|htc)$ { expires 31d; add_header Cache-Control private; } }