NGINX - Redirect to HTTPS

June 25, 2017 238 views
Nginx Let's Encrypt Ubuntu 16.04

I have been following the NGINX SSL with Let's Encrypt tutorial and appear to have successfully configured SSL for my server, but it doesn't appear to default to that. When I access my website with www.mysite.com it defaults to http, but if I use https://www.mysite.com, I am able to access the server, but it displays the NGINX server landing page ("Welcome to nginx!") page on an initially created server. I followed the instructions outside of the ufw firewall setup, but I was wondering if that could actually be related to this problem or if a scenario like this would be related the NGINX server configuration. Can anyone provide some guidance?

1 comment
  • Here is my nginx config:

    server {
        listen 80;
        listen [::]:80; #Added IPv6 here too
        server_name mysite.com;
        #We remove any location-blocks from here, since this server-block just redirects everything
        return 301 http://www.$server_name$request_uri; #We use a variable to have less hardcoding
    }
    
    server {
        # SSL configuration
    
        listen 443 ssl http2 default_server;
        listen [::]:443 ssl http2 default_server;
        include snippets/ssl-www.mysite.com.conf;
        include snippets/ssl-params.conf;
    }
    
    
    server {
        listen 80 default_server;
        listen [::]:80 default_server ipv6only=on;
    
        server_name www.mysite.com;
    
        client_max_body_size 100M; #There's no reason to have it set to 10 GigaBytes
    
        location ~ ^/\.well-known {
            root /var/www/ghost; #We set root, since it's not set anywhere else
            allow all;
        }
    
        location / {
            #Added a few extra headers to allow proper https - not sure if it will mess with plain http - otherwise just use the ones you had already
            proxy_pass http://127.0.0.1:2368;
            proxy_buffering off;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header Referer "";
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_http_version 1.1;
        }
    }
    
    
2 Answers
hansen June 25, 2017
Accepted Answer

@connordphillips

Here's a new config for http to https redirect:

#This server block will redirect http:// to https://www.mysite.com
server {
    listen 80;
    listen [::]:80;
    server_name mysite.com www.mysite.com;
    return 301 https://www.mysite.com$request_uri;
}

#This server block will redirect https://mysite.com to https://www.mysite.com (expecting that you have a certificate for mysite.com as well as www.mysite.com
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    include snippets/ssl-www.mysite.com.conf;
    include snippets/ssl-params.conf;
    server_name mysite.com;
    return 301 https://www.$server_name$request_uri;
}

#This is the server block actually delivering content to the visitor
server {
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    include snippets/ssl-www.mysite.com.conf;
    include snippets/ssl-params.conf;

    server_name www.mysite.com;

    client_max_body_size 100M;

    location ~ ^/\.well-known {
        root /var/www/ghost;
        allow all;
    }

    location / {
        proxy_pass http://127.0.0.1:2368;
        proxy_buffering off;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Referer "";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_http_version 1.1;
    }
}
  • @hansen thank you again for your help with this. Since I don't have a certificate for the non-www , should I remove that server block?

    • But since it's a Let's Encrypt certificate, then you simply just run this command and leave the server-block:

      sudo certbot certonly --webroot --webroot-path=/var/www/ghost -d www.mysite.com -d mysite.com
      

      It will automatically update the current certificate (www.mysite.com) to include the mysite.com certificate.

      Remember to setup a cronjob to automatically renew certificates, since they only have a lifespan of 90 days.

Laravel is one of the most popular open-source web application frameworks written in PHP. It aims to help developers build both simple and complex applications by making frequently-used application tasks (like caching and authentication) easier. In this tutorial, we will deploy a simple Laravel application with a production environment in mind.
Have another answer? Share your knowledge.