0
0
Nginxdevops~5 mins

HTTP to HTTPS redirect in Nginx - Commands & Configuration

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Introduction
Websites should use HTTPS to keep data safe. Redirecting HTTP to HTTPS makes sure visitors always use the secure version of the site without typing it manually.
When you want to protect user passwords and personal data on your website.
When you want to improve your website's trust and ranking on search engines.
When you want to avoid visitors seeing security warnings in their browsers.
When you have both HTTP and HTTPS enabled and want to force secure connections.
When you want to comply with security standards and regulations.
Config File - nginx.conf
nginx.conf
server {
    listen 80;
    server_name example.com www.example.com;

    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name example.com www.example.com;

    ssl_certificate /etc/ssl/certs/example.com.crt;
    ssl_certificate_key /etc/ssl/private/example.com.key;

    location / {
        root /var/www/html;
        index index.html index.htm;
    }
}

The first server block listens on port 80 (HTTP) and redirects all requests to the same URL but with HTTPS using a 301 permanent redirect.

The second server block listens on port 443 (HTTPS) and serves the website content securely with SSL certificates.

Commands
Check the nginx configuration file for syntax errors before applying changes.
Terminal
sudo nginx -t
Expected OutputExpected
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
Reload nginx to apply the new configuration without stopping the server.
Terminal
sudo systemctl reload nginx
Expected OutputExpected
No output (command runs silently)
Test the HTTP URL to verify it redirects to HTTPS with status code 301.
Terminal
curl -I http://example.com
Expected OutputExpected
HTTP/1.1 301 Moved Permanently Server: nginx Date: Wed, 01 Jan 2025 12:00:00 GMT Content-Type: text/html Content-Length: 178 Location: https://example.com/ Connection: keep-alive
Test the HTTPS URL to verify the site responds securely with status code 200.
Terminal
curl -I https://example.com
Expected OutputExpected
HTTP/1.1 200 OK Server: nginx Date: Wed, 01 Jan 2025 12:00:01 GMT Content-Type: text/html Content-Length: 612 Connection: keep-alive
Key Concept

If you remember nothing else from this pattern, remember: redirect all HTTP traffic to HTTPS using a 301 redirect to keep connections secure.

Common Mistakes
Not reloading nginx after changing the configuration.
The changes won't take effect until nginx reloads or restarts.
Always run 'sudo nginx -t' to check syntax, then 'sudo systemctl reload nginx' to apply changes.
Using a 302 temporary redirect instead of 301 permanent redirect.
Browsers and search engines may not update bookmarks or rankings properly with temporary redirects.
Use 'return 301 https://$host$request_uri;' for a permanent redirect.
Forgetting to configure SSL certificates in the HTTPS server block.
Without SSL certificates, HTTPS connections will fail or show security warnings.
Include valid 'ssl_certificate' and 'ssl_certificate_key' paths in the HTTPS server block.
Summary
Create an nginx server block listening on port 80 that redirects all HTTP requests to HTTPS with a 301 status.
Configure the HTTPS server block with SSL certificates to serve secure content on port 443.
Test the configuration syntax and reload nginx to apply changes without downtime.
Verify the redirect works by checking HTTP returns 301 and HTTPS returns 200 status codes.