Share

Question

Hi guys,

This is my first time here asking questions, untill now I read and learned from the best of you.
So, I installed Ubuntu 14.04 on my Droplet, configured EasyEngine on it with nginx / php5-fpm and fastcgi.
I bought a Positive SSL from namecheap and now I want to use it on my Wordpress site.
So I put the ssl-bundle.crt and the domain_com.key in /var/www/domain.com/cert and after that I modified the file in /etc/nginx/sites-available/domain.com and put the following configuration:

# WPSINGLE FAST CGI NGINX CONFIGURATION

server {
        listen 80;
        listen 443 ssl;
        server_name devly.co www.devly.co;
        ssl on;
        ssl_certificate /var/www/devly.co/cert/ssl-bundle.crt;
        ssl_certificate_key /var/www/devly.co/cert/devly_co.key;
        access_log   /var/log/nginx/devly.co.access.log rt_cache;
        error_log    /var/log/nginx/devly.co.error.log;
        root /var/www/devly.co/htdocs;
        index index.php index.htm index.html;

        include common/wpfc.conf;
        include common/wpcommon.conf;
        include common/locations.conf;

# force https-redirects
    if ($scheme = http) {
        return 301 https://$server_name$request_uri;
}


}

The thing is, the redirect doesn't work, if I enter http://domain.com it won't automaticaly redirect to https.
What did I do wrong ?
Also any recomendations ? My first time using SSL on a server.

Accepted Answer

ryanpq MOD October 8, 2014

Instead of specifying your http and https sites in the same server block I would recommend formatting your configuration in two server blocks, one for http and one for https.

server {
       listen         80;
       server_name    my.domain.com;
       return         301 https://$server_name$request_uri;
}

server {
       listen         443 ssl;
       server_name    my.domain.com;

       [....]
}

Reply

DianaM October 8, 2014

@ryanpq Do I need to add to the separate server block the same settings like the first one ?
Let's say if I want to include some *.conf, do I need to duplicate it to the other server block ?
I managed to get it working using this configuration:

# WPSINGLE FAST CGI NGINX CONFIGURATION

server {
        listen 80;
        listen 443 ssl spdy;
        server_name devly.co www.devly.co;
        ssl_certificate /var/www/devly.co/cert/ssl-bundle.crt;
        ssl_certificate_key /var/www/devly.co/cert/devly_co.key;
        access_log   /var/log/nginx/devly.co.access.log rt_cache;
        error_log    /var/log/nginx/devly.co.error.log;
        root /var/www/devly.co/htdocs;
        index index.php index.htm index.html;

        include common/wpfc.conf;
        include common/wpcommon.conf;
        include common/locations.conf;
# force https-redirects
    if ($scheme = http) {
        return 301 https://$server_name$request_uri;

}


}

Can you check if it redirects you to https ?

Thank you so much guys !

ryanpq MOD October 8, 2014

The server block for port 80 can be used as it is in my example since any traffic handled by this server block would simply be redirected to the other (https) one. Any other configuration you need would be added only to the server block for port 443.

DianaM October 8, 2014

Ok Ryan, I'm trying to do the setup now.

As of right now the config for the domain shows like this:

server {
       listen         80;
       server_name    devly.co www.devly.co;
       return         301 https://$server_name$request_uri;
}


server {
        listen 443 ssl spdy;
        server_name devly.co www.devly.co;
        ssl on;
        ssl_certificate /var/www/devly.co/cert/ssl-bundle.crt;
        ssl_certificate_key /var/www/devly.co/cert/devly_co.key;
        access_log   /var/log/nginx/devly.co.access.log rt_cache;
        error_log    /var/log/nginx/devly.co.error.log;
        root /var/www/devly.co/htdocs;
        index index.php index.htm index.html;

        include common/wpfc.conf;
        include common/wpcommon.conf;
        include common/locations.conf;

}

DianaM October 8, 2014

OK WORKS GREAT.

Thanks a lot :)
Can you verify if it shows you https and if not, redirects you ?
Also, do you have any suggestions how to tweak the SSL settings for performance ?

Thanks :D
ryanpq MOD October 9, 2014

Confirmed :)

There are a few things you can do to optimize your ssl configuration on nginx. A quick search returned several blog posts and articles on the subject. This one looks like a good place to start.

Answer 2

DianaM October 8, 2014

@ryanpq Do I need to add to the separate server block the same settings like the first one ?
Let's say if I want to include some *.conf, do I need to duplicate it to the other server block ?
I managed to get it working using this configuration:

# WPSINGLE FAST CGI NGINX CONFIGURATION

server {
        listen 80;
        listen 443 ssl spdy;
        server_name devly.co www.devly.co;
        ssl_certificate /var/www/devly.co/cert/ssl-bundle.crt;
        ssl_certificate_key /var/www/devly.co/cert/devly_co.key;
        access_log   /var/log/nginx/devly.co.access.log rt_cache;
        error_log    /var/log/nginx/devly.co.error.log;
        root /var/www/devly.co/htdocs;
        index index.php index.htm index.html;

        include common/wpfc.conf;
        include common/wpcommon.conf;
        include common/locations.conf;
# force https-redirects
    if ($scheme = http) {
        return 301 https://$server_name$request_uri;

}


}

Can you check if it redirects you to https ?

Thank you so much guys !

ryanpq MOD October 8, 2014

The server block for port 80 can be used as it is in my example since any traffic handled by this server block would simply be redirected to the other (https) one. Any other configuration you need would be added only to the server block for port 443.

DianaM October 8, 2014

Ok Ryan, I'm trying to do the setup now.

As of right now the config for the domain shows like this:

server {
       listen         80;
       server_name    devly.co www.devly.co;
       return         301 https://$server_name$request_uri;
}


server {
        listen 443 ssl spdy;
        server_name devly.co www.devly.co;
        ssl on;
        ssl_certificate /var/www/devly.co/cert/ssl-bundle.crt;
        ssl_certificate_key /var/www/devly.co/cert/devly_co.key;
        access_log   /var/log/nginx/devly.co.access.log rt_cache;
        error_log    /var/log/nginx/devly.co.error.log;
        root /var/www/devly.co/htdocs;
        index index.php index.htm index.html;

        include common/wpfc.conf;
        include common/wpcommon.conf;
        include common/locations.conf;

}

DianaM October 8, 2014

OK WORKS GREAT.

Thanks a lot :)
Can you verify if it shows you https and if not, redirects you ?
Also, do you have any suggestions how to tweak the SSL settings for performance ?

Thanks :D
ryanpq MOD October 9, 2014

Confirmed :)

There are a few things you can do to optimize your ssl configuration on nginx. A quick search returned several blog posts and articles on the subject. This one looks like a good place to start.

Accepted Answer

mrgusmuller May 2, 2015

If you are using CloudFlare HTTPS

server {
   ...
   if ($**http_x_forwarded_proto** = "http") {
     return 301 https://$server_name$request_uri;
   }
   ... 
}

Peace!

Reply

Accepted Answer

LinuxMovement1 February 26, 2015

[deleted]

Reply

Accepted Answer

doriancosentino March 16, 2015

hello, more one question about redirect

when put ip address for example http://ipofsitewithssl rediret to https://mysite but whe try access https://the ip address not redirect and load the site

this is my config

server {
listen 80;
servername mydomain.com.br www.mydomain.com.br;
return 301 https://www.mydomaincom.br$requesturi;
}

server {
listen 80;
servername my ip xx.xx.xx.xx;
return 301 https://www.mydomain.com.br$requesturi;
}

server {
listen 443;
servername www.mydomain.com.br;
ssl on;
sslcertificate /var/www/mydomain.com.br/cert/wwwselfboxcombr.crt;
sslcertificatekey /var/www/mydomain.com.br/cert/wwwselfboxcombr.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

Reply

aghimire December 30, 2016

This seems to be something technically impossible at the moment. You get SSLERRORBADCERTDOMAIN error when you request https://your-ip-address
Even google.com and several other top sites have this error when you request as above.
If anybody is expert in this and something to share, please!!
- halfcab123 May 20, 2017
  
  Definitely not impossible by any stretch. I just setup my reverse proxy with NGINX to allow one site only to always redirect to SSL, and the other site to only use HTTP. Very simple setup and works like a charm.
  
  aghimire May 20, 2017
  
  I think, the OP is talking about setting up SSL for the IP address, and not the domain name.
  It is all possible to get http://domain.com and https://domain.com running but it is not possible (or I don't know) to get https://192.168.1.1 (Https with IP address) without that SSL error. You can add exception in browser and use it though.

Answer 6

aghimire December 30, 2016

This seems to be something technically impossible at the moment. You get SSLERRORBADCERTDOMAIN error when you request https://your-ip-address
Even google.com and several other top sites have this error when you request as above.
If anybody is expert in this and something to share, please!!
- halfcab123 May 20, 2017
  
  Definitely not impossible by any stretch. I just setup my reverse proxy with NGINX to allow one site only to always redirect to SSL, and the other site to only use HTTP. Very simple setup and works like a charm.
  
  aghimire May 20, 2017
  
  I think, the OP is talking about setting up SSL for the IP address, and not the domain name.
  It is all possible to get http://domain.com and https://domain.com running but it is not possible (or I don't know) to get https://192.168.1.1 (Https with IP address) without that SSL error. You can add exception in browser and use it though.

http-https redirect / Positive SSL on nginx

Leave a Comment

Share

Share your Question

http-https redirect / Positive SSL on nginx

Leave a Comment

Almost there!

Report a Bug