1. Introduction
In this tutorial, we’ll explore properly redirecting HTTP to HTTPS domains using Nginx. Securing our website with HTTPS protects user data and improves search engine rankings.
We’ll also discuss how to handle reverse proxy HTTPS to HTTP scheme redirects in Nginx.
2. Why Redirect HTTP to HTTPS?
Redirecting HTTP to HTTPS ensures that all traffic between the server and clients is encrypted using Transport Layer Security (TLS), enhancing the overall security of data transmission. This encryption helps protect sensitive information such as login credentials, personal data, and payment details from being intercepted by malicious actors.
By securing the communication channel, HTTPS prevents man-in-the-middle attacks where an attacker might try to eavesdrop or alter the communication between the client and the server. Furthermore, it ensures data integrity by guaranteeing that the data received by the client is exactly what the server sent, without any modifications.
Search engines like Google also prefer HTTPS over HTTP, which can improve our website’s SEO rankings. Google has clarified in its policies that HTTPS is a ranking signal, meaning that websites using HTTPS are more likely to rank higher in search results than their non-secure counterparts.
This preference should encourage us to adopt HTTPS to secure their sites and gain better visibility and traffic from search engines. Additionally, users are more likely to trust and engage with websites that display the secure padlock icon, leading to improved user experience and potentially higher conversion rates.
2.1. Architecture Setup Flowcharts
In our article, we cover two examples – HTTP to HTTPS and reverse configuration. Let’s explore the basic architecture design.
Below is a flowchart representing the basic setup for redirecting HTTP traffic to HTTPS using Nginx:
+-------------+
| Client |
+-------------+
|
v
+---------------------+
| Nginx Server |
| (Listen on Port 80) |
+---------------------+
|
v
+-----------------------------+
| Redirect to HTTPS (Port 443)|
+-----------------------------+
|
v
+---------------------+
| Nginx Server |
| (Listen on Port 443)|
+---------------------+
|
v
+-----------------------------+
| Serve HTTPS Content Securely|
+-----------------------------+
In this setup:
- The client initiates an HTTP request to the server
- Nginx listens on port 80 for HTTP traffic
- Nginx redirects the request to HTTPS on port 443
- The client connects to the server over HTTPS
- Nginx serves the content securely over HTTPS
In the following sections, we’ll also explore the reverse proxy HTTPS to HTTP setup. Let’s check the setup for handling HTTPS to HTTP scheme redirection using Nginx as a reverse proxy as a flowchart first:
+-------------+
| Client |
+-------------+
|
v
+---------------------+
| Nginx Server |
| (Listen on Port 443)|
+---------------------+
|
v
+-----------------------------+
| Forward to Backend Server |
| (HTTP, Port 80) |
+-----------------------------+
|
v
+---------------------------+
| Backend Application Server|
| (Listen on Port 80) |
+---------------------------+
|
v
+-----------------------------+
| Serve HTTP Content (Internal)|
+-----------------------------+
In this setup:
- The client initiates an HTTPS request to the server
- Nginx listens on port 443 for HTTPS traffic
- Nginx forwards the request to the backend server over HTTP on port 80
- The backend server processes the request and serves the content internally over HTTP
Now that we know the basic examples, let’s dive into the configuration code snippets.
3. Basic HTTP to HTTPS Redirection
Redirecting HTTP to HTTPS is a fundamental step in securing web traffic. In this section, we’ll cover the steps to configure Nginx to perform this redirection and then look at a more comprehensive setup that includes SSL configuration.
3.1. Nginx Configuration
First, we need to modify our Nginx configuration file to redirect HTTP to HTTPS. Here’s a simple example:
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
return 301 https://$host$request_uri;
}
In this configuration:
- listen 80 tells Nginx to listen on port 80 for HTTP traffic
- server_name specifies the domain names this server block should respond
- return 301 https://$host$request_uri redirects all HTTP requests to the corresponding HTTPS URL with a 301 Moved Permanently status code
This type of simple configuration will work for most of the simple examples, such as static websites. Sometimes, we might need to handle additional security, which we cover below.
3.2. Full Configuration With SSL
Here’s a more comprehensive example that includes the SSL certificate handling:
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name yourdomain.com www.yourdomain.com;
ssl_certificate /etc/nginx/ssl/yourdomain.com.crt;
ssl_certificate_key /etc/nginx/ssl/yourdomain.com.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
root /var/www/yourdomain.com;
index index.html index.htm;
}
}
In this configuration, the first server block handles HTTP requests and redirects them to HTTPS, while the second server block listens on port 443 for HTTPS traffic and includes SSL certificate and key configurations.
4. Handling Reverse Proxy HTTPS to HTTP Scheme Redirect
When Nginx is used as a reverse proxy, we might need to handle redirects from HTTPS to HTTP. Here’s how we can configure Nginx for such scenarios:
4.1. Basic Reverse Proxy Configuration
Let’s first check the basic HTTPS to HTTP configuration:
server {
listen 443 ssl;
server_name yourdomain.com;
ssl_certificate /etc/nginx/ssl/yourdomain.com.crt;
ssl_certificate_key /etc/nginx/ssl/yourdomain.com.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_pass http://backend_server;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}
In this configuration, proxy_pass http://backend\_server forwards requests to the backend server, while proxy_set_header directives set the appropriate headers for the proxied request.
4.2. Handling Backend HTTPS Redirects
We might be in a more advanced configuration situation if the backend server sends HTTP redirects. Then, we need to rewrite them back to HTTPS using the following config:
server {
listen 443 ssl;
server_name yourdomain.com;
ssl_certificate /etc/nginx/ssl/yourdomain.com.crt;
ssl_certificate_key /etc/nginx/ssl/yourdomain.com.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_pass http://backend_server;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect http:// https://;
}
}
The most important part of the configuration snippet above is the proxy_redirect http:// https://; directive that rewrites HTTP redirects from the backend server to HTTPS.
5. Conclusion
In this article, we discussed how to properly redirect HTTP to HTTPS using Nginx, including handling non-WWW to WWW redirections. We also covered how to handle reverse proxy scenarios where HTTPS is used on the front end and HTTP on the back end.
Implementing these configurations ensures secure and seamless user experiences, protects data integrity, and improves our website’s SEO.