connordphillips
By:
connordphillips

NGINX - Redirect to HTTPS

June 25, 2017 14.9k views
Nginx Let's Encrypt Ubuntu 16.04

I have been following the NGINX SSL with Let's Encrypt tutorial and appear to have successfully configured SSL for my server, but it doesn't appear to default to that. When I access my website with www.mysite.com it defaults to http, but if I use https://www.mysite.com, I am able to access the server, but it displays the NGINX server landing page ("Welcome to nginx!") page on an initially created server. I followed the instructions outside of the ufw firewall setup, but I was wondering if that could actually be related to this problem or if a scenario like this would be related the NGINX server configuration. Can anyone provide some guidance?

1 comment
  • connordphillips June 25, 2017

    Here is my nginx config: 

    server {
    listen 80;
    listen [::]:80; #Added IPv6 here too
    server_name mysite.com;
    #We remove any location-blocks from here, since this server-block just redirects everything
    return 301 http://www.$server_name$request_uri; #We use a variable to have less hardcoding
}

server {
    # SSL configuration

    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    include snippets/ssl-www.mysite.com.conf;
    include snippets/ssl-params.conf;
}


server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

    server_name www.mysite.com;

    client_max_body_size 100M; #There's no reason to have it set to 10 GigaBytes

    location ~ ^/\.well-known {
        root /var/www/ghost; #We set root, since it's not set anywhere else
        allow all;
    }

    location / {
        #Added a few extra headers to allow proper https - not sure if it will mess with plain http - otherwise just use the ones you had already
        proxy_pass http://127.0.0.1:2368;
        proxy_buffering off;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Referer "";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_http_version 1.1;
    }
}
Log In to Comment
3 Answers
hansen June 25, 2017
Accepted Answer

@connordphillips

Here's a new config for http to https redirect:

#This server block will redirect http:// to https://www.mysite.com
server {
    listen 80;
    listen [::]:80;
    server_name mysite.com www.mysite.com;
    return 301 https://www.mysite.com$request_uri;
}

#This server block will redirect https://mysite.com to https://www.mysite.com (expecting that you have a certificate for mysite.com as well as www.mysite.com
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    include snippets/ssl-www.mysite.com.conf;
    include snippets/ssl-params.conf;
    server_name mysite.com;
    return 301 https://www.$server_name$request_uri;
}

#This is the server block actually delivering content to the visitor
server {
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    include snippets/ssl-www.mysite.com.conf;
    include snippets/ssl-params.conf;

    server_name www.mysite.com;

    client_max_body_size 100M;

    location ~ ^/\.well-known {
        root /var/www/ghost;
        allow all;
    }

    location / {
        proxy_pass http://127.0.0.1:2368;
        proxy_buffering off;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Referer "";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_http_version 1.1;
    }
}
Reply
  • connordphillips June 25, 2017

    @hansen thank you again for your help with this. Since I don't have a certificate for the non-www , should I remove that server block?

    • hansen June 25, 2017

      But since it's a Let's Encrypt certificate, then you simply just run this command and leave the server-block:

      sudo certbot certonly --webroot --webroot-path=/var/www/ghost -d www.mysite.com -d mysite.com

      It will automatically update the current certificate (www.mysite.com) to include the mysite.com certificate.

      Remember to setup a cronjob to automatically renew certificates, since they only have a lifespan of 90 days.

jgbneatdesign June 25, 2017
How To Deploy a Laravel Application with Nginx on Ubuntu 16.04
Laravel is one of the most popular open-source web application frameworks written in PHP. It aims to help developers build both simple and complex applications by making frequently-used application tasks (like caching and authentication) easier. In this tutorial, we will deploy a simple Laravel application with a production environment in mind.
Reply
grrrero January 23, 2018

Hi, I'm having the same problem but I'm not getting anywhere. The https site still shows the nginx webpage. :(

Here's my nginx config (with stuff that was added by Certbot):

server {
        listen 85;
        listen [::]:85;
        server_name mydomain.com www.mydomain.com;
        return 301 https://mydomain.com$request_uri;
}
server {
        # SSL configuration

        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name mydomain.com;
        return 301 https://www.$server_name$request_uri;
}
server {

        listen 443 ssl http2 default_server;
        listen [::]:443 ssl http2 default_server;

        root /var/www/html;

        index index.html index.htm index.nginx-debian.html;

        server_name mydomain.com www.mydomain.com;

        location / {
                try_files $uri $uri/ =404;
        }
ssl_certificate /etc/letsencrypt/live/.../fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/.../privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
Reply
Have another answer? Share your knowledge.

Related Questions