Related

Tool NGINX Config Generator Tool
Nginx, Prestashop - TTFB too much slow Question Question
Nginx users list - how to display Question Question

Question

HTTP redirection to HTTPS not working properly

Posted March 17, 2020 1.4k views
Nginx

I have set up Nginx as a reverse proxy as well as using SSL.

My website works on https://example.com as well as https://www.example.com.

But when I open a private browser tab and search for http://example.com it loads for ever. My nginx config looks as following (example.com is of course for this purpose):

map $sent_http_content_type $expires {
    "text/html"                 epoch;
    "text/html; charset=utf-8"  epoch;
    default                     off;
}


server {

        server_name example.com www.example.com;
        root /var/www/html;

    # G-Zip config
        gzip off;

        # Entry point for all requests (redirect to frontend)
        location / {
                expires $expires;

                proxy_redirect off;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_cache_bypass $http_upgrade;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_read_timeout 1m;
                proxy_connect_timeout 1m;
                proxy_pass http://localhost:3000;
        }

        # Redirect to API-Endpoint of the backend
        location /api {
                proxy_pass http://localhost:8080/api;
        }

        # Redirect to public/images endpoint of the backend
        # The frontend path is always /img for images
        location /img {
                proxy_pass http://localhost:8080/images;
        }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}


server {

    if ($host = www.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80 default_server;

    server_name example.com www.example.com;
    return 404; # managed by Certbot
}
Add a comment
Effection
By:
Effection
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
3 answers
Effection March 17, 2020

Hey KDSys,

thanks!

I changed it to your suggestion.

When I run curl I get the following:

HTTP/1.1 301 Moved Permanently
Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 17 Mar 2020 15:06:02 GMT
Content-Type: text/html
Content-Length: 194
Connection: keep-alive
Location: https://example.com

HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 17 Mar 2020 15:06:02 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 299678
Connection: keep-alive
Accept-Ranges: none
Vary: Accept-Encoding
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache

But still: typing http://example.com in a private tab, it loads forever

Reply Report
KFSys March 17, 2020

Hi @Effection,

I can’t spot anything out of order at the moment however cam you try removing the block

server {

    if ($host = www.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80 default_server;

    server_name example.com www.example.com;
    return 404; # managed by Certbot
}

and replacing it with

server {
    listen 80;

    server_name foo.com;
    return 301 https://foo.com$request_uri;
}

You should of course change foo.com with your domain.

Additionally, make sure you take a copy of the removed blocked in case you need to remove it.

Additionally, try to load load your website via CURL to see what’s going on. Most probably, you have an infinite loop/redirection. To test it, try the following in your terminal

CURL -IL example.com

Regards,
KDSys

Reply Report
Effection March 22, 2020

Hi KDSys!

I found the issue: my UFW just allowed “Nginx HTTPS” and not “Nginx HTTP” which is essential I think. Or is there another way? HTTP listens on port 80 so it seems to be plausible.

Thanks!

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help