Hello,

maybe somebody here could help me. How can I set Nginx to force https? I user nginx as reverse proxy for my node.js app. Configured as DigitalOcean’s tutorial said, with pm2 and Express router. I also configured Certbot, that was supposed to force https, but it does not. Here is my sites-available/sites-enabled conf:

server {

        listen 80 default_server;
        listen [::]:80 default_server;

        server_name pawelkleczek.pl www.pawelkleczek.pl;

        location ~ ^/build/ {
                root /home/pablo/pawelkleczek.pl/build/;
                access_log off;
                expires 24h;
        }

        location / {
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $http_host;
                proxy_set_header X-NginX-Proxy true;
                proxy_pass http://127.0.0.1:3000/;
                proxy_redirect off;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_redirect off;
                proxy_set_header X-Forwarded-Proto $scheme;
        }

        listen [::]:443 ssl ipv6only=on;
        listen 443 ssl;
        ssl_certificate /etc/letsencrypt/live/pawelkleczek.pl/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/pawelkleczek.pl/privkey.pem;
        include /etc/letsencrypt/options-ssl-nginx.conf;
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

}

server {

        if ($host = www.pawelkleczek.pl) {
            return 301 https://$host$request_uri;
        }

        if ($host = pawelkleczek.pl) {
            return 301 https://$host$request_uri;
        }
}

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

I think your server blocks should only have one listen directive. Think that’s where your issue is with your last block where you redirect.

Here’s one of my configs:

server {
  server_name _;
  return 404;
}

server {
  listen 80;
  server_name doesnotscale.com;
  return 301 https://$host$request_uri;
}

server {
  server_name doesnotscale.com;
  listen 443 ssl http2;

  include /etc/nginx/snippets/letsencrypt.conf;

  client_max_body_size 10m;

  include /etc/nginx/snippets/ssl.conf;
  ssl_certificate /etc/letsencrypt/live/doesnotscale.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/doesnotscale.com/privkey.pem;
  ssl_trusted_certificate /etc/letsencrypt/live/doesnotscale.com/fullchain.pem;

  gzip off;

  resolver 8.8.8.8 8.8.4.4;

  location / {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-NginX-Proxy true;
    proxy_pass http://127.0.0.1:2368;
    proxy_redirect off;
  }
}

Also see https://mozilla.github.io/server-side-tls/ssl-config-generator/

Submit an Answer