In this article, we will work on how to redirect the web traffic from HTTP to a secure HTTPS in Nginx.
The responses and requests are returned in the form of plaintext in HTTP, whereas the HTTPS uses SSL/TLS to encrypt the communication between the client and server system. Therefore due to many reasons, HTTPS is used over the HTTP, which are listed below:
- All the data between the client-server in both directions is encrypted. However, anyone cannot access sensitive information if intercepted.
- When you are using HTTPS, Google Chrome and other browsers will consider your website domain as safe.
- HTTPS version improves your specified website performance using the HTTP/2 protocol.
- If you serve your website domain via HTTPS, then the website will rank better on Google, as it favors all HTTPS secured websites.
It is preferred to redirect traffic HTTP to HTTPS in Nginx in a separate server block for each site version. It is also recommended to avoid redirecting traffic using “if” direction which may cause unusual behavior of the server.
Redirect all traffic from HTTP to HTTPS
Add the following changes into the Nginx configuration file in order to redirect all traffic from HTTP to HTTPS version:
Below, we have elaborated each above-mentioned term:
Listen 80 default_server – this will signal your system that catches all HTTP traffic on Port 80.
Server_name _ – it is the domain that will match with any hostname.
Return 301 https://$host$request_uri – this tells your search engines that redirect it permanently. It specifies that the variable $host holds the domain names.
Once you change the configuration settings, you need to reload the Nginx services on your system. So, reload your Nginx services by using the following command:
Redirect HTTP to HTTPS version for Specified domain in Nginx
After installing the SSL certificate on your domain, you will have two server blocks options for this domain. One block is for the HTTP version listening on port 80, and the second version is HTTPS on port 443. However, to redirect a single website domain from HTTP to HTTPS, you need to open the Nginx configuration. You can locate this configuration file in the /etc/nginx/sites-available directory. In any case, if you didn’t find this file, you can search for it with /etc/nginx/nginx.conf, /usr/local/nginx/conf or /usr/local/etc/nginx, and then perform the following changes in this file:
listen 80;
server_name domain-name.com www.domain-name.com;
return 301 https://domain-name.com$request_uri;
}
Let’s understand the above code line by line.
Listen 80 – using port 80, the server will listen for all incoming connections specified domain.
Server_name domain-name.com www.domain-name.com – it specifies the domain names. So, replace it with your website domain name that you want to redirect.
Return 301 https://domain-name.com$request_uri – it moves the traffic to the HTTPS version of the site. The $request_uri variable is used for the full original request URI in which arguments are also included.
Using the following method, you can redirect traffic to the HTTPS www version to the non-www version of the site. It is recommended to create a redirect in a separate server block for both non- www and www versions.
Let’s explain with an example. If you want to redirect the www HTTPS requests to the non-www version, then you would follow the following configuration:
listen 80;
server_name domain-name.com www.domain-name.com;
return 301 https://domain-name.com$request_uri;
}
server {
listen 443 ssl http2;
server_name www.domain-name.com;
# . . . other code
return 301 https://domain-name.com$request_uri;
}
server {
listen 443 ssl http2;
server_name domain-name.com;
# . . . other code
}
Replace the domain name with your domain, like www.linuxhint.com.
Conclusion
We have discussed how to redirect traffic from HTTP version to the HTTPS on the Nginx server. By changing the Nginx configuration file setting, you can easily redirect traffic to HTTPS either for a specified domain or redirect all. This method, which we have mentioned in this article, may help you make your website more secure by making any changes in the user experience.