DigitalOcean

Report this

What is the reason for this report?
Question

HTTP redirection to HTTPS not working properly

Posted on March 17, 2020
Nginx
Effection

By Effection

I have set up Nginx as a reverse proxy as well as using SSL.

My website works on https://example.com as well as https://www.example.com.

But when I open a private browser tab and search for http://example.com it loads for ever. My nginx config looks as following (example.com is of course for this purpose):

map $sent_http_content_type $expires {
    "text/html"                 epoch;
    "text/html; charset=utf-8"  epoch;
    default                     off;
}


server {

        server_name example.com www.example.com;
        root /var/www/html;

	# G-Zip config
        gzip off;

        # Entry point for all requests (redirect to frontend)
        location / {
                expires $expires;

                proxy_redirect off;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_cache_bypass $http_upgrade;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_read_timeout 1m;
                proxy_connect_timeout 1m;
                proxy_pass http://localhost:3000;
        }

        # Redirect to API-Endpoint of the backend
        location /api {
                proxy_pass http://localhost:8080/api;
        }

        # Redirect to public/images endpoint of the backend
        # The frontend path is always /img for images
        location /img {
                proxy_pass http://localhost:8080/images;
        }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}


server {

    if ($host = www.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80 default_server;

    server_name example.com www.example.com;
    return 404; # managed by Certbot
}


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
KFSys
KFSys
March 17, 2020

Hi @Effection,

I can’t spot anything out of order at the moment however cam you try removing the block

server {

    if ($host = www.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80 default_server;

    server_name example.com www.example.com;
    return 404; # managed by Certbot
}

and replacing it with

server {
    listen 80;

    server_name foo.com;
    return 301 https://foo.com$request_uri;
}

You should of course change foo.com with your domain.

Additionally, make sure you take a copy of the removed blocked in case you need to remove it.

Additionally, try to load load your website via CURL to see what’s going on. Most probably, you have an infinite loop/redirection. To test it, try the following in your terminal

CURL -IL example.com

Regards, KDSys

0
Effection
Effection
March 22, 2020

Hi KDSys!

I found the issue: my UFW just allowed “Nginx HTTPS” and not “Nginx HTTP” which is essential I think. Or is there another way? HTTP listens on port 80 so it seems to be plausible.

Thanks!

0
Effection
Effection
March 17, 2020

Hey KDSys,

thanks!

I changed it to your suggestion.

When I run curl I get the following:

HTTP/1.1 301 Moved Permanently
Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 17 Mar 2020 15:06:02 GMT
Content-Type: text/html
Content-Length: 194
Connection: keep-alive
Location: https://example.com

HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Tue, 17 Mar 2020 15:06:02 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 299678
Connection: keep-alive
Accept-Ranges: none
Vary: Accept-Encoding
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache

But still: typing http://example.com in a private tab, it loads forever

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and AI-native businesses

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2026 DigitalOcean, LLC.Sitemap.