Nginx with SSL connection error
14,208
Solution 1
This configuration makes what you ask:
server {
listen 80;
listen [::]:80;
server_name www.example.com example.com;
# redirects both www and non-www to https
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.example.com;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
# redirects www to non-www
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
charset utf-8;
# rest of my config
}
I changed rewrite
to return
, since that is a bit more efficient.
With return
one has to use $request_uri
to get the request path and arguments into the redirect URL.
Then I changed the server_name example.com;
with listen 443;
block to serve the actual contents of the site, and server_name www.example.com;
with listen 443;
to make redirect.
Solution 2
Please try by using below method and update rest ssl info:
server {
listen 80;
listen [::]:80;
server_name www.example.com example.com;
return 301 https://www.example.com$request_uri;
}
And For ssl provide the ssl key path:
server {
listen 443 ssl;
ssl on;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /path of certificate;
ssl_certificate_key /path of server.key;
}
Related videos on Youtube
Author by
gregory
Updated on September 18, 2022Comments
-
gregory over 1 year
I'm trying to migrate a site from HTTP to HTTPS, however, my nginx (version: 1.10.3) config seems not to be working.
The following behavior is desired:
-
http://www.example.com/path/to/content
should redirect tohttps://example.com/path/to/content
-
http://example.com/path/to/content
should redirect tohttps://example.com/path/to/content
-
https://www.example.com/path/to/content
should redirect tohttps://example.com/path/to/content
With my current config browsers wont connect to the site using HTTPS:
server { listen 80; listen [::]:80; server_name www.example.com example.com; # redirects both www and non-www to https rewrite ^(.*) https://www.example.com$1 permanent; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name example.com; # redirects non-www to www rewrite ^(.*) https://www.example.com$1 permanent; } server { listen 443 ssl http2; listen [::]:443 ssl http2; include snippets/ssl-example.com.conf; include snippets/ssl-params.conf; charset utf-8; # rest of my config }
- What do I have to change to achieve the above mentioned behavior?
- Is it possible to accept (and later redirect) HTTP requests in a first step in order to keep the page "live" and let me test it?
- My site has very good SEO rankings (indexed as "http://www.example.com"), so properly redirecting is a must.
-
Michael Hampton about 7 years
-
msrd0 about 7 yearsDid you try to include the ssl files in both server blocks that describe a ssl connection?
-
gregory about 7 yearsNo, I didn't. Good catch, will try that later!
-
-
gregory about 7 yearsSo, basically you're suggesting to replace
rewrite ^(.*) https://www.example.com$1 permanent;
withreturn 301 https://www.example.com$request_uri;
in the first server block? All SSL related config is inssl-example.com.conf
andssl-params.conf
which are then included. -
anand about 7 yearsyes, where return 301 is redirecting http request into https.Also can use: return 301 https://$server_name$request_uri;
-
Tero Kilkanen about 7 years
return 301 https://$server_name$request_uri
introduces one useless 301 redirect when you accesshttp://example.com
. First redirect will be tohttps://example.com
, and then tohttps://www.example.com
. You don't want that. -
gregory about 7 yearsAwesome, will try that! Could you explain the difference between the second and the fourth server block? Why is the fourth server block needed? The only difference I see is the
permanent
keyword. -
Tero Kilkanen about 7 yearsThat was a mistake from my part, I was partly copy-pasting your question to form my answer and mistakingly copy-pasted one part too much. I fixed the answer now.
-
gregory about 7 yearsKiitos, Tero :)
-
jobima over 2 yearsWriting "listen 443 ssl http2" instead of just "listen 443" solved my problem. Thanks!