Nginx, read as engine-x, is a high-performing open-source HTTP and reverse proxy server. It is one of the most popular and well-known web servers for its enhanced performance, ease of use of configuration, stability, and minimum resource utilization. One of the highlighted exploit of Nginx is redirecting HTTP to HTTPS and redirecting only specified apps.
Why is it important to redirect HTTP to HTTPS?
Unlike HTTP, where requests and responses are sent and returned in plain text, HTTPS uses TLS/SSL to encrypt the communication between the client and the server. This way, information and data exchange between the client and the server will have more protection against potential attacks that may intercept and alter the exchanges to their advantage.
Aside from that, here are other benefits of redirecting HTTP to https:
Traffic – all communications between clients and servers will be encrypted and secure.
SEO ranking – correct redirection types will significantly affect and improve your website’s rankings on the search engines.
Maintenance – if your site is down, you don’t have to worry about your visitors not knowing as redirecting http to https includes notifying and sending your site’s traffic to an “Under maintenance” page.
How to redirect all HTTP to HTTPS
HTTP and HTTPS use different ports – the former uses port 80 while the latter uses port 443. For this method to work, you need to have an SSL already set up for the port 443. You can redirect the visitors to the HTTPS version of your page by creating a single catch-all HTTP block. To do this, open your Nginx configuration file and make the following changes:
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;}Let's analyze the code line by line:
/ This listens on port 80, the default server. It's assumed that it's the only server block listening on port 80. /
server_name _; / It matches any hostname used. /
return 301 https://$host$request_uri; /* We know all requests reaching this server block is http, because it only listens for port 80 requests. So we return a 301 redirect to the https version of whatever URI was requested. */
Important Reminder: If you wish to redirect the page as a temporary movement of the page, you can use redirect response code 302. This is a good practice when the page is still under maintenance or unavailable.
How to Redirect Specific Sites
When an SSL certificate is installed on a domain, you will have two server blocks for that domain. Now we will use port 443 in redirecting to specific sites.
server {
listen 80; /*Again, this server block will only listen for incoming connections on port 80 for the specified domain */
server_name sample.com www.sample.com; /* In this line, you will specify the server block’s domain names. Change the domain name “sample” to your own domain name. */
return 301 https://sample.com$request_uri; /* redirects traffic to the HTTPS version of your but hard-codes the domain name*/ }
Notice that in the server_name there are two domain names, a HTTPS www version and a non-www version. In Nginx, we generally want to avoid if statements. Similar to how we redirect between www and non-www subdomains, we’ll use a server block to redirect HTTP to HTTPS requests. But the recommended way to do the redirect is to create a separate server block for both www and non-www versions.
server {listen 80;server_name sample.com www.sample.com;return 301 https://sample.com$request_uri;}server { /* server block that redirects in www version */listen 443 ssl http2;server_name www.sample.com;# . . . other code /* you can add another line of codes here and other conditions, it is up to you */return 301 https://sample.com$request_uri;}server { /* server block that redirects in non-www version */listen 443 ssl http2;server_name sample.com;# . . . other code}
In conclusion, Nginx is a very reliable, convenient and straightforward way to maximize the use of web servers, which allow you to make different redirect ways as described above. By making sure you use the correct redirection types, it will significantly affect your rankings, security, and your site structure.
