So, you got yourself an SSL. Great! Now you want to redirect all traffic to https but without the “www” part. The easiest way is to use htaccess file, but if you are on Nginx that would be a waste of server’s time.
If you would put rewrite rules in htaccess, then the server would check those rules every time for every single url request coming towards your website. Okay, it is not like this is something bad, but there is a way to do it better. You can put those rules inside your ssl configuration file for server to have those rules in advance. To accomplish this you need exactly 3 (three) “server” blocks, no more no less.
1. The first block will redirect all http traffic to non-www https.
server {
listen 80;
server_name
www.domain.com
domain.com;
return 301 https://domain.com$request_uri;
}
2. The second block will redirect https-www requests to non-www https.
In order to make this server block working and not to crash nginx, you have to include an ssl configuration right after the redirect part:
server {
listen 443 ssl;
server_name domain.com;
return 301 $scheme://domain.com$request_uri;
ssl on;
ssl_certificate /etc/letsencrypt/live/appname/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/appname/privkey.pem;
root /srv/users/serverpilot/apps/appname/public;
access_log /srv/users/serverpilot/log/appname/dev_nginx.access.log main;
error_log /srv/users/serverpilot/log/appname/dev_nginx.error.log;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-SSL on;
proxy_set_header X-Forwarded-Proto $scheme;
include /etc/nginx-sp/vhosts.d/appname.d/*.nonssl_conf;
include /etc/nginx-sp/vhosts.d/appname.d/*.conf;
}
3. The third block will be the final output (https://domain.com) which will handle everything else. Here you can add whatever you might need in your ssl configuration.
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name
domain.com
;
ssl on;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
root /srv/users/serverpilot/apps/appname/public;
access_log /srv/users/serverpilot/log/appname/dev_nginx.access.log main;
error_log /srv/users/serverpilot/log/appname/dev_nginx.error.log;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-SSL on;
proxy_set_header X-Forwarded-Proto $scheme;
include /etc/nginx-sp/vhosts.d/appname.d/*.nonssl_conf;
include /etc/nginx-sp/vhosts.d/appname.d/*.conf;
}
To test your configuration, normally you would do that with nginx -t command. On Serverpilot you have to use this:
nginx-sp -t
If it is successful, then in order to see the changes, you need to restart the nginx:
service nginx restart
or if you run it on a Serverpilot:
service nginx-sp restart
If, by any chance you crashed the website, or something is not working, then you should checked your file paths inside the configuration or something else, because this config is bulletproof.
