Always Redirect Http To Https Nginx

What is Nginx?

Nginx is an open source web server that is responsible for handling HTTP and other internet traffic requests, capable of configuring static and dynamic caching, handling TCP, UDP and other connection protocols, media streaming, and other related web server functions.

Nginx was initially released in 2004 and since then it has gained huge popularity among web developers and system administrators due to its high performance, scalability, simplicity, and reliability.

Nginx is also known for its ability to redirect requests from HTTP to HTTPS, allowing websites to serve encrypted web content securely over the internet.

How To Configure Nginx To Force Redirect From HTTP To HTTPS

To configure Nginx to redirect all requests from HTTP to HTTPS, you will have to edit the Nginx configuration file, often known as “nginx.conf”.

This nginx.conf file can usually be found in either the /etc/nginx or/usr/local/nginx/ directories, depending on your Linux distribution.

Once you’ve identified and opened the nginx.conf file, you will find a section dedicated to “server” configuration, which is responsible for handling requests from clients.

You will need to add the following code block within the “server” configuration block, which will tell Nginx to redirect all requests from HTTP to HTTPS.

server {
listen 80;
server_name YourWebSite.com;
return 301 https://www.Yoursite.example.com$request_uri;
}

This code will tell Nginx to listen on port 80, which is the standard port used by HTTP requests, and redirect any requests to port 443, which is the port used by https.

The “return 301” line will ensure that the requests are redirected with a “301 Moved Permanently” status code, which will help ensure that search engine crawlers will index the correct version of your website.

Configure Nginx To Redirect To WWW Version

If you want to force all requests from http://yoursite.example.com to the www version (ie http://www.yoursite.example.com) you will need to add the following configuration to the nginx.conf file.

server {
listen 80;
server_name Yoursite.example.com;
return 301 https://www.yourwebsite.example.com$request_uri;
}

This code will tell Nginx to listen on port 80, and redirect all requests from the non-www version of the website to the www version, using a 301 redirect.

Once you’ve saved the changes to the nginx.conf file, you will need to restart the Nginx service for the changes to take effect.

Configure Nginx To Redirect Specific Domains

If you want to force specific domains to use the https version, you can do so by adding additional configuration blocks to the nginx.conf file.

For example, if you want to redirect all requests from http://www.example1.com to https://www.example1.com and all requests from http://www.example2.com to https://www.example2.com, you can add the following configuration blocks.

server {
listen 80;
server_name example1.com;
return 301 https://www.example1.com$request_uri;
}

server {
listen 80;
server_name example2.com;
return 301 https://www.example2.com$request_uri;
}

You will need to replace the domain names “example1.com” and “example2.com” with the domains you’d like to redirect, and add additional configuration blocks for each domain you’d like to redirect.

Using The HTTP Strict Transport Security (HSTS) Header

In addition to the Nginx configuration, you will also want to use the HTTP Strict Transport Security (HSTS) header to help ensure that all requests sent to your website are sent over HTTPS.

The HSTS header is a special header that is sent along with every response from the server, and tells the web browser to always use HTTPS when connecting to the website.

It’s important to note that the HSTS header should only be used if your website is using HTTPS and is properly configured, as it can have a negative impact if the website is not properly configured.

You can set the HSTS header in the nginx.conf file, under the “server” configuration block, as follows.

add_header Strict-Transport-Security “max-age=31536000; includeSubDomains; preload”;

This will tell the browser to always use HTTPS for the website, and include all subdomains. The “max-age” parameter sets the length of time that the header will be in effect, and the “preload” parameter will add the website to the HSTS Preload List, which is a list of websites that are known to always use HTTPS.

Testing The Redirects

Once you’ve configured Nginx and set the HSTS header, you will want to test the redirects to ensure that they are configured properly.

You can use a tool such as the HSTS Preload Tester to test the redirects and verify that they’re working properly.

The HSTS Preload Tester will allow you to enter the domains you’d like to test and check whether they are redirecting properly from HTTP to HTTPS.

You can also use a tool such as SSL Labs’ Server Test to test your HTTPS configuration and check for any potential issues with your SSL certificate.

Conclusion

Setting up Nginx to redirect requests from HTTP to HTTPS is a simple process that can help ensure that your website is served securely over the internet. It’s important to ensure that the redirects are configured properly and that the HSTS header is set, in order to ensure that your website is as secure as possible.

Thank You For Reading This Article

Thank you for reading this article. If you have any other questions about Nginx or web security, please feel free to contact us or check out our other articles. Thank you!