CODEWITHSUNDEEP
http-redirectnginxhttps
Roman Cherepanov
Roman Cherepanov

Reputation: 1805

How to forward particular requests to https in Nginx

I have configured Nginx in this way:

#/etc/nginx/conf.d/default.conf
server {
        listen 8081 default_server;
        listen [::]:8081 default_server ipv6only=on;

        server_name localhost;

        listen 443 ssl;

        location /site/ {
            proxy_pass http://127.0.0.1:8084/;
        }

        # 404 occured
        #location /site/secure/ {
        #    proxy_redirect http://localhost:8081/site/secure/ https://localhost/site/secure/;
        #}


        location / {
            root /srv;
            index index.html index.htm;

            try_files $uri $uri/ /index.html;
        }

        ssl_certificate /etc/nginx/ssl/nginx.crt;
        ssl_certificate_key /etc/nginx/ssl/nginx.key;

}

I have enabled https. I have several urls:

http://127.0.0.1:8081/site/secure/
http://127.0.0.1:8081/sute/path1/...
http://127.0.0.1:8081/sute/path2/...

I want to redirect only http://127.0.0.1:8081/site/secure/* requests to https://127.0.0.1/site/secure/* so that user can't use this url with simple http.

But when I run Nginx with this redirect:

location /site/secure/ {
    proxy_redirect http://localhost:8081/site/secure/ https://localhost/site/secure/;
}

I get 404 response:

<html>
    <head>
        <title>404 Not Found</title>
    </head>
    <body bgcolor="white">
        <center>
            <h1>404 Not Found</h1>
        </center>
        <hr>
        <center>nginx/1.4.6 (Ubuntu)</center>
    </body>
</html>

How can I configure nginx to redirect some request to https in right way?

Upvotes: 1

Views: 86

Answers (1)

Richard Smith
Richard Smith

Reputation: 49692

proxy_redirect is the wrong directive. You need to use something like return 301 https://... to move the client from http to https.

The cleanest approach is to use two server blocks, and pull in common configuration statements with an include directive. For example:

server {
    listen 8081 default_server;
    listen [::]:8081 default_server ipv6only=on;

    include /path/to/common/bits;

    location ^~ /site/secure/ {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl;
    ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;

    include /path/to/common/bits;
}

Upvotes: 1

Related Questions