URL forwarding (redirection) on nginx with only-www & only-HTTPS based on WordPress permanent links

Question

I've been trying to forward traffic from "http://example.com/...", "http://www.example.com/..." and "https://example.com/..." to "https://www.example.com/..." on my nginx server.

I'm running WordPress software with default site url "https://www.example.com/" and also using permanent links.

My current nginx configuration file looks as like as the following one: http://pastebin.com/MxHUNtCc

Did try implementing these forwarding rules into nginx but I have no idea how to support WordPress permanent urls.

Thanks for reading.

Chris

Answer 1

You need three server blocks in total

1. To handle redirection on Port 80 from http://example.com and http://www.example.com to https://www.example.com
2. To handle redirection on Port 443 from https://example.com to https://www.example.com
3. To serve requests and redirections to https://www.example.com on Port 443

The examples below are modified from your pastebin

#
# Server Block 1: Port 80 Redirection. 
#
server {
   listen 80;
   server_name example.com www.example.com;
   # Note that using "rewrite ^(.*)" is not optimal. 
   # See "pitfalls" link you already have at the top of your conf file.
   return 301 https://$host$request_uri;
}

#
# Server Block 2: Port 443 Redirection from https://example.com.
#
server {
    listen 443 ssl spdy;
    listen [::]:443 ssl spdy;
    server_name example.com;
    ssl        on;
    ssl_certificate         /etc/nginx/SSL/public.pem;
    ssl_certificate_key     /etc/nginx/SSL/private.pem;
    return 301 https://www.example.com$request_uri;
}

#
# Server Block 3: Port 443 Processing for https://www.example.com.
#
server {
    listen 443 ssl spdy;
    listen [::]:443 ssl spdy;
    server_name www.example.com;
    ssl        on;
    ssl_certificate         /etc/nginx/SSL/public.pem;
    ssl_certificate_key     /etc/nginx/SSL/private.pem;
    # Rest of your conf file follows

Some Notes

1. A request to http://example.com will hit Server Block 1 and get redirected to https://example.com and will be processed by Server Block 2 before being redirected again to https://www.example.com and be processed by Server Block 3. This double redirection is required to meet HTTP Strict Transport Security requirements.
2. A request to http://www.example.com will hit Server Block 1 and also get redirected to https://www.example.com and will be processed by Server Block 3.
3. A request to https://example.com will hit Server Block 2 and get redirected to https://www.example.com and will be processed by Server Block 3. Note that certificate checking is done before connection is finalised, I.E., well before any redirection and if you do not have a valid certificate for https://example.com, users will get a warning message in their browsers.
4. A request to https://www.example.com will hit Server Block 3 and be processed there.

Answer 2

Also you can play with server_name directive and $host to set redirection to specific scheme. If you want to redirect only the WWW subdomain then use following code.

server {
   listen 80;
   server_name www.example.com;
   return 301 https://www.example.com$request_uri;
}

I hope it works for you.

Answer 3

You can impliment a permanent redirection of http url to https using following new server block ...

server {
listen 80;
server_name example.com www.example.com;
return 301 https://$host$request_uri;
}

... and make sure existing server block is properly setup with 443 port and certificates.

It should work fine as many of users followed the same with WordPress as suggested here: https://atulhost.com/secure-nginx-letsencrypt-ubuntu