Question

HTTP redirection to HTTPS not working properly

Posted March 17, 2020 534 views
Nginx

I have set up Nginx as a reverse proxy as well as using SSL.

My website works on https://example.com as well as https://www.example.com.

But when I open a private browser tab and search for http://example.com it loads for ever. My nginx config looks as following (example.com is of course for this purpose):

map $sent_http_content_type $expires {
    "text/html"                 epoch;
    "text/html; charset=utf-8"  epoch;
    default                     off;
}


server {

        server_name example.com www.example.com;
        root /var/www/html;

    # G-Zip config
        gzip off;

        # Entry point for all requests (redirect to frontend)
        location / {
                expires $expires;

                proxy_redirect off;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_cache_bypass $http_upgrade;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_read_timeout 1m;
                proxy_connect_timeout 1m;
                proxy_pass http://localhost:3000;
        }

        # Redirect to API-Endpoint of the backend
        location /api {
                proxy_pass http://localhost:8080/api;
        }

        # Redirect to public/images endpoint of the backend
        # The frontend path is always /img for images
        location /img {
                proxy_pass http://localhost:8080/images;
        }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}


server {

    if ($host = www.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80 default_server;

    server_name example.com www.example.com;
    return 404; # managed by Certbot
}

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
3 answers

Hey KDSys,

thanks!

I changed it to your suggestion.

When I run curl I get the following:

HTTP/1.1 301 Moved Permanently
Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 17 Mar 2020 15:06:02 GMT
Content-Type: text/html
Content-Length: 194
Connection: keep-alive
Location: https://example.com

HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 17 Mar 2020 15:06:02 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 299678
Connection: keep-alive
Accept-Ranges: none
Vary: Accept-Encoding
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache

But still: typing http://example.com in a private tab, it loads forever

Hi @Effection,

I can’t spot anything out of order at the moment however cam you try removing the block

server {

    if ($host = www.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80 default_server;

    server_name example.com www.example.com;
    return 404; # managed by Certbot
}

and replacing it with

server {
    listen 80;

    server_name foo.com;
    return 301 https://foo.com$request_uri;
}

You should of course change foo.com with your domain.

Additionally, make sure you take a copy of the removed blocked in case you need to remove it.

Additionally, try to load load your website via CURL to see what’s going on. Most probably, you have an infinite loop/redirection. To test it, try the following in your terminal

CURL -IL example.com

Regards,
KDSys

Hi KDSys!

I found the issue: my UFW just allowed “Nginx HTTPS” and not “Nginx HTTP” which is essential I think. Or is there another way? HTTP listens on port 80 so it seems to be plausible.

Thanks!

Submit an Answer