Nginx server redirects

In this post you will learn: how to redirect all http requests to https, and how to redirect www to non-www but still https. The configuration can be used for any Nginx configuration, but my example will focus on Nginx configured via Serverpilot.

782

So, you got yourself an SSL. Great! Now you want to redirect all traffic to https but without the “www” part. The easiest way is to use htaccess file, but if you are on Nginx that would be a waste of server’s time.

If you would put rewrite rules in htaccess, then the server would check those rules every time for every single url request coming towards your website. Okay, it is not like this is something bad, but there is a way to do it better. You can put those rules inside your ssl configuration file for server to have those rules in advance. To accomplish this you need exactly 3 (three) “server” blocks, no more no less.

1. The first block will redirect all http traffic to non-www https.

server {
    listen 80;
    server_name
	www.domain.com
	domain.com;
    return 301 https://domain.com$request_uri;
}


2. The second block will redirect https-www requests to non-www https.

In order to make this server block working and not to crash nginx, you have to include an ssl configuration right after the redirect part:

server {
    listen 443 ssl;
    server_name domain.com;
    return 301 $scheme://domain.com$request_uri;
	
ssl on;

	ssl_certificate /etc/letsencrypt/live/appname/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/appname/privkey.pem;

	root /srv/users/serverpilot/apps/appname/public;

	access_log /srv/users/serverpilot/log/appname/dev_nginx.access.log main;
	error_log /srv/users/serverpilot/log/appname/dev_nginx.error.log;

	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-SSL on;
	proxy_set_header X-Forwarded-Proto $scheme;

	include /etc/nginx-sp/vhosts.d/appname.d/*.nonssl_conf;
	include /etc/nginx-sp/vhosts.d/appname.d/*.conf;
}


3. The third block will be the final output (https://domain.com) which will handle everything else. Here you can add whatever you might need in your ssl configuration.

server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;
	server_name
	domain.com

	;

	ssl on;

	ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;

	root /srv/users/serverpilot/apps/appname/public;

	access_log /srv/users/serverpilot/log/appname/dev_nginx.access.log main;
	error_log /srv/users/serverpilot/log/appname/dev_nginx.error.log;

	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-SSL on;
	proxy_set_header X-Forwarded-Proto $scheme;

	include /etc/nginx-sp/vhosts.d/appname.d/*.nonssl_conf;	
        include /etc/nginx-sp/vhosts.d/appname.d/*.conf;
	}

To test your configuration, normally you would do that with nginx -t command. On Serverpilot you have to use this:
nginx-sp -t
If it is successful, then in order to see the changes, you need to restart the nginx:
service nginx restart
or if you run it on a Serverpilot:
service nginx-sp restart

If, by any chance you crashed the website, or something is not working, then you should checked your file paths inside the configuration or something else, because this config is bulletproof.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

CAPTCHA