[Bug] Double Redirection Issue with "Enable automatic HTTPS redirection" and "Enable domain redirection"

[Ismail-elkorchi]

Describe the bug

In HestiaCP, when both "Enable automatic HTTPS redirection" and "Enable domain redirection" (either from non-www to www or vice versa) are activated, the system creates an unnecessary double redirection for certain URLs. This issue is detrimental to SEO, as search engines prefer a single redirect. The problem manifests in two primary scenarios:

1. From www to non-www: Accessing http://www.example.com results in a two-step redirect: firstly to http://example.com, and subsequently to https://example.com.
2. From non-www to www: Accessing http://example.com leads to an initial redirection to http://www.example.com, followed by a second redirect to https://www.example.com.

This behavior contrasts with the expected single-step redirection directly to the HTTPS version of the targeted domain format (www or non-www).

Expected Behavior

A single-step redirection directly to the HTTPS version of the domain in the specified format (www or non-www) is expected, bypassing any intermediate redirection to the HTTP version.

Tell us how to replicate the bug

1. Initial Setup:

   • Install and configure HestiaCP.
   • Add a domain (e.g., example.com) to the control panel.

2. Configure SSL and Redirection:

   • In the domain settings, check "Enable SSL for this domain".
   • Then enable "Automatic HTTPS redirection".
   • Additionally, set up "Domain redirection" from www to non-www or vice versa.

3. Testing Redirection:

   • Access the domain in its opposite format using HTTP (e.g., http://www.example.com for non-www redirection).
   • Observe the redirection behavior.

4. Identify Double Redirection:

   • Use browser developer tools or tools like curl to trace the redirection steps.
   • Notice the two-step redirect process: initially to the HTTP version of the desired domain format, then to the HTTPS version.

Which components are affected by this bug?

(Backend) Web Server (Nginx, Apache2)

Hestia Control Panel Version

1.8.11

Operating system

Ubuntu 20.04

Log capture

No response

[jaapmarcus]

It is strictly not a bug if you check the code it is how it it is written.

It might be improved but wonder how much would be saved...

[Ismail-elkorchi]

Thank you for your response and for explaining that the current redirection behavior is in line with the existing codebase. I understand that from a code perspective, this might not be considered a bug. However, I'd like to share a practical scenario where the existing redirection mechanism significantly impacts SEO and user experience, which might not be immediately evident from the code's standpoint.

I have a website that was originally indexed in the http www version, and I recently migrated to the https non-www version. In this process, I also had to create several individual redirects for URLs that were removed or changed. Due to the existing mechanism in HestiaCP, these URLs now go through a triple redirection before reaching their final destination. This is causing "Redirect errors" in Google Search for these URLs, negatively impacting their link equity and search rankings.

The issue here extends beyond just the time saved by reducing redirects. It's also about the reliability and effectiveness of the redirection process, especially in more complex migration scenarios like mine. Search engines typically handle single redirects well, but multiple redirects can lead to errors, loss of link equity, and potentially poorer user experience. This can have a substantial impact on the SEO health of websites undergoing migration or restructuring.

While I appreciate that the current behavior is by design, I believe that optimizing the redirection process to minimize steps could significantly benefit users dealing with SEO and site migration issues. A more streamlined redirection approach would not only enhance performance but also improve reliability in handling search engine crawlers and user requests, especially in cases where multiple individual redirects are in play.

I hope this practical example helps illustrate the potential benefits of revising the current redirection mechanism. An update to enable more direct redirections could be a valuable improvement for many HestiaCP users facing similar challenges.

Thank you for considering this feedback and for your commitment to maintaining and improving HestiaCP.

[jaapmarcus]

It looks like the force ssl takes priority over

jaapmarcus@Jaaps-MacBook-Air hestiacp % curl -IL http://mydomain.nl
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 21 Jan 2024 22:42:16 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://mydomain.nl/

HTTP/2 301 
server: nginx
date: Sun, 21 Jan 2024 22:42:16 GMT
content-type: text/html
content-length: 162
location: https://www.mydomain.nl/
strict-transport-security: max-age=31536000;

HTTP/2 200 
server: nginx
date: Sun, 21 Jan 2024 22:42:16 GMT
content-type: text/html; charset=utf-8
content-length: 6
last-modified: Tue, 18 Oct 2022 18:00:17 GMT
etag: "634ee9b1-6"
strict-transport-security: max-age=31536000;
accept-ranges: bytes

If it was the other way around its would be a lot easier ..

[Ismail-elkorchi]

Thank you for the clarification. Understanding that SSL takes priority, is there a possibility to tweak this behavior within the current framework to avoid multiple redirects?

[Skamasle]

The easy way is not use panel redirect.

You can create custom template with redirect as you need.