From d733e8013fbc9508561d6fb8667f346bc2a83236 Mon Sep 17 00:00:00 2001
From: Kenneth Kalmer <kenneth.kalmer@ably.com>
Date: Tue, 12 Mar 2024 12:09:15 +0000
Subject: [PATCH] fix: prioritise HTTPS & static redirects in nginx configs

These redirects were too far down the config and meant they might not even have
triggered correctly if the previous locations & try_files directives matched.
---
 config/nginx.conf.erb | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/config/nginx.conf.erb b/config/nginx.conf.erb
index 2958e9c933..09fabf43fe 100644
--- a/config/nginx.conf.erb
+++ b/config/nginx.conf.erb
@@ -77,6 +77,18 @@ http {
     # Removes trailing slashes everywhere (by redirecting)
     rewrite ^/(.*)/$ <%= ENV['SKIP_HTTPS'] == 'true' ? '$scheme' : 'https' %>://$host/$1 permanent;
 
+    <% unless ENV['SKIP_HTTPS'] == 'true' %>
+    # Enforce HTTPS
+      if ($http_x_forwarded_proto != "https") {
+      return 301 https://$host$request_uri;
+    }
+    <% end %>
+
+    # Apply our redirects before rewriting
+    if ($redirected_url != "none") {
+      rewrite ^ $redirected_url permanent;
+    }
+
     # Strip /docs from the requests (we build with --prefix-paths and our files are in public/)
     rewrite ^/docs/(.*)$ /$1 last;
     rewrite ^/docs$ / last;
@@ -122,18 +134,6 @@ http {
       try_files $uri =404;
     }
 
-    <% unless ENV['SKIP_HTTPS'] == 'true' %>
-    # Enforce HTTPS
-    if ($http_x_forwarded_proto != "https") {
-      return 301 https://$host$request_uri;
-    }
-    <% end %>
-
-    # Apply our redirects
-    if ($redirected_url != "none") {
-      rewrite ^ $redirected_url permanent;
-    }
-
     # need this b/c setting $fallback to =404 will try #{root}=404 instead of returning a 404
     location @404 {
       return 404;