rewrite

Leave a comment Posted on Tech articles

Nginx redirect all HTTP request to HTTPS rewrite rules

776px-Nginx-battleship.svgI have setup nginx as a secure reverse proxy server. How do I redirect all http://example.com/ requests (traffic) to https://example.com/ under nginx web server?

The syntax is as follows. You need to add the following in location or server directives:

 

if ($host ~* ^(example\.com|www\.example\.com)$ ){
rewrite ^/(.*)$ https://example.com/$1 permanent;
}

OR better use the following rewrite:

rewrite ^ https://$server_name$request_uri? permanent;

Edit nginx.conf, enter:

# vi nginx.conf

You need to define both http and https server as follows:

 
## our http server at port 80
server {
      listen      1.2.3.4:80 default;
      server_name example.com www.example.com;
      ## redirect http to https ##
      rewrite        ^ https://$server_name$request_uri? permanent;
}

## Our https server at port 443. You need to provide ssl config here###
server {
      access_log  logs/example.com/ssl_access.log main;
      error_log   logs/example.com/ssl_error.log;
      index       index.html;
      root        /usr/local/nginx/html;
      ## start ssl config ##
      listen      1.2.3.4:443 ssl;
      server_name example.com www.example.com;

     ## redirect www to nowww
      if ($host = 'www.example.com' ) {
         rewrite  ^/(.*)$  https://example.com/$1  permanent;
      }

    ### ssl config - customize as per your setup ###
     ssl_certificate      ssl/example.com/example.com_combined.crt;
     ssl_certificate_key  ssl/example.com/example.com.key_without_password;
     ssl_protocols        SSLv3 TLSv1 TLSv1.1 TLSv1.2;
     ssl_ciphers RC4:HIGH:!aNULL:!MD5;
     ssl_prefer_server_ciphers on;
     keepalive_timeout    70;
     ssl_session_cache    shared:SSL:10m;
     ssl_session_timeout  10m;

    ## PROXY backend
      location / {
        add_header           Front-End-Https    on;
        add_header  Cache-Control "public, must-revalidate";
        add_header Strict-Transport-Security "max-age=2592000; includeSubdomains";
        proxy_pass  http://exampleproxy;
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
        proxy_set_header        Host            $host;
        proxy_set_header        X-Real-IP       $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      }
}

Save and close the file. Reload or restart the nginx:

# nginx -s reload

Test it:

$ curl -I http://example.com
$ curl -I http://example.com/foo/bar/file.html

Sample outputs:

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 01 Dec 2012 23:49:52 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://example.com/