Nginx HTTPS just forwards back to HTTP

Posted August 21, 2018 2.2k views
NginxUbuntu 18.04

I’m attempting to setup a server block to use an EssentialSSL Cert I purchased from namecheap. But for some reason, any request made to my site via https gets redirected back to just http. If I try to do the 301 redirect for http to https, I end up in a redirect loop for eternity.

Right now, the server block I setup looks like this:

server {

        listen 443 ssl;
        listen [::]:443 ssl;

        #SSL Settings
        ssl_certificate /var/www/;
        ssl_certificate_key /var/www/;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ecdh_curve secp384r1;
        ssl_session_cache shared:SSL:10m;
        ssl_session_tickets off;
        resolver valid=300s;
        resolver_timeout 5s;
        # Disable preloading HSTS for now.  You can use the commented out header line that includes
        # the "preload" directive if you understand the implications.
        #add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
        add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
        add_header X-Frame-Options DENY;
        add_header X-Content-Type-Options nosniff;

        root /var/www/;
        index index.html index.htm;

         location / {
                try_files $uri $uri/ =404;

I am running UFW but I have 443 wide open.


nginx -V 2>&1 | grep ssl

configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-mcUg8N/nginx-1.14.0=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/ --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
2 answers

Cloudflare, I use cloudflare!

If you use Cloudflare, you basically have to use their SSL. No way around it. I set the SSL to OFF under Crypto and Cloudflare stamps a 301 redirect onto your site. So when I added in my own 301 redirect to send http traffic to https, that resulted in a redirect loop.

Setting Cloudflare to Full(strict) has resolved the issue.