How to Redirect HTTP to HTTPS in Nginx

Nginx is an incredibly powerful tool for efficiently redirecting and managing web traffic. Configuring Nginx to redirect unencrypted HTTP web traffic to an encrypted HTTPS server is a crucial step in enhancing security, safeguarding user privacy, and guaranteeing the authenticity of your website.

Here’s a step-by-step guide on redirecting HTTP to HTTPS using Nginx.

Requirements

  • A Linux server running Nginx.
  • A user account with administrative privileges.
  • Access via the command line.

Implementing an HTTP to HTTPS redirect

Important: When connecting remotely, ensuring your connection is encrypted with SSL is crucial.

To implement an HTTP to HTTPS redirect, modify the configuration of your Nginx web server by making changes to the nginx.conf configuration file. Here are the steps to find and edit the nginx.conf file:

1. Open the file in a text editor, like Nano:

sudo nano /etc/nginx/nginx.conf

Just a reminder, the file is typically located in the /etc/nginx directory. If the directory is not found on the system, locate the file in /usr/local/nginx, /usr/local/etc/nginx, or a location specified by the system administrator.

2. To ensure the server only accepts SSL connections on port 443, you can add the following server block to the file:

server {
    listen 443 ssl default_server;
    server_name [domain];
}

Choose the website you wish to configure and replace [domain] with its name.

To configure multiple sites, you must add extra server blocks and remove the default_server parameter.

3. Choose one of the two sections below, based on your preference to redirect all websites on your server or only specific ones.

Move All Websites to HTTPS

To ensure that all websites are redirected from HTTP to HTTPS, you can create a single server block that listens on port 80. Within this block, you can use either the return directive or the rewrite directive to enforce the redirection.

Here are the steps you need to follow to configure a Nginx server:

Please insert the provided code into the nginx.conf file.

server {
    listen 80 default_server;
    server_name _;
    return 301 https://$host$request_uri;
}

Here is a breakdown of the instructions:

Port 80 is used to capture all HTTP traffic on the system.

Any hostname can be matched by using “server_name _;“.

The “return 301” command indicates to the browser and search engines that the redirect is permanent.

The URL “https://$host$request_uri” indicates the secure version of the user’s input.

The return directive is frequently utilized for straightforward responses, such as redirecting to HTTPS and displaying error pages. When Nginx encounters the return directive, the request processing is halted, and the response is promptly sent to the client.

If you need to perform a more complex URL manipulation, you can take advantage of the rewrite directive:

server {
    listen 80 default_server;
    server_name _;
    rewrite ^/[old-page]$ https://[domain]/[new-page] permanent;
}

 Here’s an example that demonstrates how to redirect an HTTP request for a specific page to an HTTPS request for a different page on example.com:

Please ensure the redirection instruction is the sole server block listening on port 80. Other blocks need to listen on port 443.

Nginx continues processing the request even after reading the rewrite directive. Instead, the request URL is modified based on the directive, and then the URL is processed again.

Once you’re done editing the file, make sure to save it and then exit.

2. Please restart the Nginx service using the command provided:

sudo service nginx restart

Redirecting all traffic from the HTTP default server to HTTPS.

Redirecting a specific website

For servers that need HTTPS redirection, you can create personalized redirection instructions by following the steps outlined below:

1. Please insert the server block below into the nginx.conf file. Please enter the server name in the designated line to properly redirect the server’s HTTP traffic.

server {
    listen 80 default_server;
    server_name [domain];
    return 301 https://[domain]$request_uri;
}

Alternatively, you might use the rewrite directive:

server {
    listen 80 default_server;
    server_name [domain];
    rewrite ^/[old-page]$ https://[domain]/[new-page] permanent;
}

 Enter the server name you want to redirect in place of [domain].

To redirect multiple servers, add extra server blocks with distinct names. Here’s an example of how to redirect example1.com and example2.com using the return directive:

server {
    listen 80;
    server_name [domain1];
    return 301 https://[domain1]$request_uri;
}
server {
    listen 80;
    server_name [domain2];
    return 301 https://[domain2]$request_uri;
}

 Here’s an example that demonstrates how to redirect multiple domains:

2. Please save the file and exit.

3. Please restart the Nginx service using the command provided:

sudo service nginx restart

The selected servers now have Nginx configured to redirect all HTTP traffic to HTTPS.

Why should you redirect HTTP to HTTPS?

Multiple factors justify the redirection of HTTP traffic to HTTPS:

  • Implementing a more robust, fortified connection.
  • Ensuring the utmost security of user data, safeguarding login credentials, personal details, and financial information.
  • Enhancing the website’s credibility for both users and search engines.
  • Ensuring adherence to regulations and standards, such as GDPR and PCI DSS.

Just a heads up: If you encounter the ERR_TOO_MANY_REDIRECTS error in your browser, it indicates that the browser is caught in a never-ending loop of redirections.

In conclusion

Configuring your Nginx server to redirect HTTP traffic to HTTPS is an essential security practice that enhances user trust and complies with regulatory standards. This guide has detailed the necessary steps to update your Nginx configuration to ensure a secure, encrypted connection. By following the outlined directives, you can effectively protect user data and improve your website’s credibility. Remember, a successful HTTPS implementation will secure your server and position your website favorably for future web standards.

By the end of this article, you will understand how to redirect HTTP to HTTPS in Nginx. The tutorial provided a comprehensive explanation of editing the Nginx configuration file to handle redirections and an introduction to the necessary directives.

FAQs

Nginx is a powerful web server software that is used to handle web traffic and can also serve as a reverse proxy, load balancer, and HTTP cache.

Redirecting HTTP to HTTPS enhances security by encrypting data, protecting user information, and improving credibility and search engine rankings.

You need a Linux server running Nginx, administrative privileges, and access to the command line.

Edit the nginx.conf file to include a server block that listens on port 80 and uses a return directive to redirect all traffic to HTTPS.

Yes, create server blocks for each domain in the nginx.conf file that listens on port 80 and includes a redirection rule to HTTPS.

This error occurs when there is a misconfiguration causing the browser to get stuck in an endless redirection loop.

Ensure your redirection directives are correctly configured and that HTTPS requests are not being redirected back to HTTP.

Use the return directive for simple redirects to improve performance, and ensure SSL parameters are properly set to secure all communications.