Question

Nginx https to http

Posted March 29, 2017 38.9k views
NginxWordPressLEMPUbuntu 16.04

I have an issue with a freshly configured Nginx setup on Ubuntu 16.04. My site loads fine using http, but I get a connection refused error when I access it using https. I don’t need https at the moment, so I would like to redirect these request to http.

My server block looks almost exactly like the LEMP tutorial (https://www.digitalocean.com/community/tutorials/how-to-install-linux-nginx-mysql-php-lemp-stack-in-ubuntu-16-04) with the addition of a condition that checks for https, then redirects to http. For some reason, this is not working for me. Any help would be appreciated!

See my edited down server block:

server {
        listen 80 default_server;
        listen [::]:80 default_server;

        server_name domain.com www.domain.com;

        if ( $https = "on" ) {
                return 301 http://$host$request_uri;
        }
}
Add a comment
pixelment
By:
pixelment
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
3 answers
hansen March 29, 2017

@pixelment @jtittle
You should setup Lets Encrypt - and keep your site on HTTPS-only (with a redirect from HTTP).
There’s multiple advantages to HTTPS - first is that it allows http/2, which is version 2 of the HTTP protocol. This will speed up your site a lot, since all files on the site’s connection is streamed through the same tunnel.
And search engines are actually preferring HTTPS, so you’ll get a lower ranking if you don’t have it.

Reply Report
hansen March 29, 2017

Do you have a certificate or are you using Lets Encrypt?
Can you post all the configuration - it’s okay if you change your domain name to domain.com

Reply Report
  • pixelment March 29, 2017

    Neither. Initially, I wasn’t planning to use an SSL certificate but Let’s Encrypt sounds intriguing.

    Here is the full server block:

    server {
    listen 80 default_server;
    listen [::]:80 default_server;

    root /var/www/html;

    index index.php index.html index.htm index.nginx-debian.html;

    server_name domain.com www.domain.com;

    if ( $https = "on" ) {
        return 301 http://$host$request_uri;
    }

    location / {
        try_files $uri $uri/ /index.php$is_args$args;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    }

    location ~ /\.ht {
        deny all;
    }

    location = /favicon.ico { log_not_found off; access_log off; }
    location = /robots.txt { log_not_found off; access_log off; allow all; }
    location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
        expires max;
        log_not_found off;
    }
}

    That’s the only thing I’ve updated. Everything else is default Nginx.

    Reply Report
    • hansen March 29, 2017

      @pixelment

      Now I get it. I think I misunderstood first time.

      If you’ve never used HTTPS on your domain before, then there’s no need to do anything.

      If you used to have HTTPS, but not anymore, then we need to setup a server block with a certificate to redirect.

      I would highly recommend that you get HTTPS and make a redirect from HTTP to HTTPS.
      https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04

      By the way, remove this, since it doesn’t do anything. You’re asking if the connection is https, but it will never be in that server block, since it’s a http-only server block.

          if ( $https = "on" ) {
        return 301 http://$host$request_uri;
    }
      How To Secure Nginx with Let's Encrypt on Ubuntu 16.04
      by Mitchell Anicas
      In this tutorial, we will show you how to use Let's Encrypt to obtain a free SSL certificate and use it with Nginx on Ubuntu 16.04. We will also show you how to automatically renew your SSL certificate. If you're running a different web server, simply follow your web server's documentation to learn how to use the certificate with your setup.
      Reply Report
      • pixelment March 29, 2017

        This domain had a history of HTTPS, but with a newly developed site, we opt to go HTTP only since it’s just informational content (not collecting any personal information).

        Basically, users of the old site have the old HTTPS URL bookmarked and noticed they can no longer access the site, hence the reason for me to redirect HTTPS to HTTP.

        Let’s Encrypt sounds like a good solution. I’ll take a look!

        Reply Report
jtittle1 March 29, 2017

@pixelment

With the server block provided, SSL isn’t configured, thus will not work. If you’re not listening on port 443, then SSL/HTTPS is not active, thus requests for it will result in an error.

Instead of trying to trying to redirect HTTPS => HTTP, I would simply recommend setting up SSL and not worrying about redirects that are typically not standard and may cause issues.

Reply Report
  • pixelment March 29, 2017

    Ok I think I follow. So basically I’ll need to setup SSL even if I don’t need it?

    Reply Report
    • hansen March 29, 2017

      No, if you don’t want https, then you don’t need to do anything.

      Reply Report
    • jtittle1 March 29, 2017

      @pixelment

      Technically, yes.

      The reason for this is because with the server block you have now, NGINX isn’t listening on port 443 – thus requests that would normally be served on that port won’t work.

      For SSL/HTTPS to work, you have to listen on 443, even if your intention is to redirect away from it. There are some use cases for such, though ultimately, and from a security POV, you want SSL as it provides security/encryption – something normal HTTP requests on port 80 do not provide.

      Reply Report
      • pixelment March 29, 2017

        Alright, so I should create another server block to listen to 443, then apply a redirect rule there?

        server {
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;

    server_name domain.com www.domain.com;

    return 301 http://$host$request_uri;
}
        Reply Report
        • jtittle1 March 29, 2017

          @pixelment

          You’ll want to setup a certificate as well, otherwise some browsers may not actually redirect.

          Without a valid SSL Certificate, visitors will likely receive a warning telling them that the site is not secure and that they should leave (which Chrome is notorious for).

          Also consider people that have the HTTPS Everywhere plugin installed (I do). That only reinforces SSL over standard HTTP. In some cases, I may not even be able to browse your site depending on whether I’ve set the plugin to force SSL and block non-SSL connections.

          Reply Report
          • pixelment March 29, 2017

            Got it, for my situation I’ll need to purchase an SSL certificate or generate one using Let’s Encrypt correct?

            Since I’m already doing that, then I might as well just allow HTTPS and remove the redirect.

            Reply Report
pixelment March 29, 2017
[deleted]
Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help