By pavelkleczek
Hello,
maybe somebody here could help me. How can I set Nginx to force https? I user nginx as reverse proxy for my node.js app. Configured as DigitalOcean’s tutorial said, with pm2 and Express router. I also configured Certbot, that was supposed to force https, but it does not. Here is my sites-available/sites-enabled conf:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name pawelkleczek.pl www.pawelkleczek.pl;
location ~ ^/build/ {
root /home/pablo/pawelkleczek.pl/build/;
access_log off;
expires 24h;
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:3000/;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/pawelkleczek.pl/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pawelkleczek.pl/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
if ($host = www.pawelkleczek.pl) {
return 301 https://$host$request_uri;
}
if ($host = pawelkleczek.pl) {
return 301 https://$host$request_uri;
}
}
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
I think your server blocks should only have one listen directive. Think that’s where your issue is with your last block where you redirect.
Here’s one of my configs:
server {
server_name _;
return 404;
}
server {
listen 80;
server_name doesnotscale.com;
return 301 https://$host$request_uri;
}
server {
server_name doesnotscale.com;
listen 443 ssl http2;
include /etc/nginx/snippets/letsencrypt.conf;
client_max_body_size 10m;
include /etc/nginx/snippets/ssl.conf;
ssl_certificate /etc/letsencrypt/live/doesnotscale.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/doesnotscale.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/doesnotscale.com/fullchain.pem;
gzip off;
resolver 8.8.8.8 8.8.4.4;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:2368;
proxy_redirect off;
}
}
Also see https://mozilla.github.io/server-side-tls/ssl-config-generator/
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.