Question

http-https redirect / Positive SSL on nginx

Posted October 8, 2014 128.8k views

Hi guys,

This is my first time here asking questions, untill now I read and learned from the best of you.
So, I installed Ubuntu 14.04 on my Droplet, configured EasyEngine on it with nginx / php5-fpm and fastcgi.
I bought a Positive SSL from namecheap and now I want to use it on my Wordpress site.
So I put the ssl-bundle.crt and the domain_com.key in /var/www/domain.com/cert and after that I modified the file in /etc/nginx/sites-available/domain.com and put the following configuration:

# WPSINGLE FAST CGI NGINX CONFIGURATION

server {
        listen 80;
        listen 443 ssl;
        server_name devly.co www.devly.co;
        ssl on;
        ssl_certificate /var/www/devly.co/cert/ssl-bundle.crt;
        ssl_certificate_key /var/www/devly.co/cert/devly_co.key;
        access_log   /var/log/nginx/devly.co.access.log rt_cache;
        error_log    /var/log/nginx/devly.co.error.log;
        root /var/www/devly.co/htdocs;
        index index.php index.htm index.html;

        include common/wpfc.conf;
        include common/wpcommon.conf;
        include common/locations.conf;

# force https-redirects
    if ($scheme = http) {
        return 301 https://$server_name$request_uri;
}


}

The thing is, the redirect doesn’t work, if I enter http://domain.com it won’t automaticaly redirect to https.
What did I do wrong ?
Also any recomendations ? My first time using SSL on a server.

Add a comment
DianaM
By:
DianaM
Add a comment
1 comment
  • gparent October 8, 2014
    Reply Report

    Make sure you’re using www.devly.co and not “domain.com”

    Also, right now, your webserver is listening to port 80 using SSL, so the config you pasted above seems inaccurate or incomplete. (Possibly you didn`t reload nginx after editing it?)

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

4 answers
ryanpq October 8, 2014

Instead of specifying your http and https sites in the same server block I would recommend formatting your configuration in two server blocks, one for http and one for https. 

server {
       listen         80;
       server_name    my.domain.com;
       return         301 https://$server_name$request_uri;
}

server {
       listen         443 ssl;
       server_name    my.domain.com;

       [....]
}
Reply Report
  • DianaM October 8, 2014

    @ryanpq Do I need to add to the separate server block the same settings like the first one ?
    Let’s say if I want to include some *.conf, do I need to duplicate it to the other server block ?
    I managed to get it working using this configuration:

    # WPSINGLE FAST CGI NGINX CONFIGURATION

server {
        listen 80;
        listen 443 ssl spdy;
        server_name devly.co www.devly.co;
        ssl_certificate /var/www/devly.co/cert/ssl-bundle.crt;
        ssl_certificate_key /var/www/devly.co/cert/devly_co.key;
        access_log   /var/log/nginx/devly.co.access.log rt_cache;
        error_log    /var/log/nginx/devly.co.error.log;
        root /var/www/devly.co/htdocs;
        index index.php index.htm index.html;

        include common/wpfc.conf;
        include common/wpcommon.conf;
        include common/locations.conf;
# force https-redirects
    if ($scheme = http) {
        return 301 https://$server_name$request_uri;

}


}

    Can you check if it redirects you to https ?

    Thank you so much guys !

    Reply Report
  • ryanpq October 8, 2014

    The server block for port 80 can be used as it is in my example since any traffic handled by this server block would simply be redirected to the other (https) one. Any other configuration you need would be added only to the server block for port 443.

    Reply Report
  • DianaM October 8, 2014

    Ok Ryan, I’m trying to do the setup now.

    As of right now the config for the domain shows like this:

    server {
       listen         80;
       server_name    devly.co www.devly.co;
       return         301 https://$server_name$request_uri;
}


server {
        listen 443 ssl spdy;
        server_name devly.co www.devly.co;
        ssl on;
        ssl_certificate /var/www/devly.co/cert/ssl-bundle.crt;
        ssl_certificate_key /var/www/devly.co/cert/devly_co.key;
        access_log   /var/log/nginx/devly.co.access.log rt_cache;
        error_log    /var/log/nginx/devly.co.error.log;
        root /var/www/devly.co/htdocs;
        index index.php index.htm index.html;

        include common/wpfc.conf;
        include common/wpcommon.conf;
        include common/locations.conf;

}
    Reply Report
  • DianaM October 8, 2014

    OK WORKS GREAT.

    Thanks a lot :)
    Can you verify if it shows you https and if not, redirects you ?
    Also, do you have any suggestions how to tweak the SSL settings for performance ?

    Thanks :D

    Reply Report
  • ryanpq October 9, 2014

    Confirmed :)

    There are a few things you can do to optimize your ssl configuration on nginx. A quick search returned several blog posts and articles on the subject. This one looks like a good place to start.

    Reply Report
mrgusmuller May 2, 2015

If you are using CloudFlare HTTPS

server {
   ...
   if ($**http_x_forwarded_proto** = "http") {
     return 301 https://$server_name$request_uri;
   }
   ... 
}

Peace!

Reply Report
LinuxMovement1 February 26, 2015
[deleted]
Reply Report
doriancosentino March 16, 2015

hello, more one question about redirect

when put ip address for example http://ipofsitewithssl rediret to https://mysite but whe try access https://the ip address not redirect and load the site

this is my config

server {
listen 80;
servername mydomain.com.br www.mydomain.com.br;
return 301 https://www.mydomaincom.br$requesturi;
}

server {
listen 80;
servername my ip xx.xx.xx.xx;
return 301 https://www.mydomain.com.br$requesturi;
}

server {
listen 443;
servername www.mydomain.com.br;
ssl on;
sslcertificate /var/www/mydomain.com.br/cert/wwwselfboxcombr.crt;
sslcertificatekey /var/www/mydomain.com.br/cert/wwwselfboxcombr.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

Reply Report
  • aghimire December 30, 2016

    This seems to be something technically impossible at the moment. You get SSLERRORBADCERTDOMAIN error when you request https://your-ip-address
    Even google.com and several other top sites have this error when you request as above.
    If anybody is expert in this and something to share, please!!

    Reply Report
    • halfcab123 May 20, 2017

      Definitely not impossible by any stretch. I just setup my reverse proxy with NGINX to allow one site only to always redirect to SSL, and the other site to only use HTTP. Very simple setup and works like a charm.

      Reply Report
Submit an Answer

Looking for something else?

Ask a new question Search for more help