http to https redirection on nginx

1
votes

I have a website running on EC2 machine behind an Amazon ELB.
I have configured SSL on ELB hence its handling http as well as https for me. All requests on https works perfectly. But I want to force(redirect) http requests to https. For some reason, it does not work

I have added redirect rule in nginx but whenever I enable that rule, the nginx server stops responding.

server {
listen 80;
server_name domain1.com;
gzip on;
gzip_proxied any;
gzip_types text/plain text/xml text/css application/x-javascript;
gzip_vary on;

access_log /var/log/nginx/domain1.access.log;

location / {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-NginX-Proxy true;
    proxy_pass    http://127.0.0.1:4000/;
   ###  Redirect http to https ####
   if ($http_x_forwarded_proto != "https") {
    rewrite ^(.*)$ https://$server_name$1 permanent;
   }
   add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;";
}
}

Here is the configuration of Load Balancer: Amazon ELB Config

Please help me where I am going wrong with the configuration. TIA.

2
nginxamazon-ec2amazon-elb
is there any reason you cant use return 301 https://$host$request_uri; ?Farhad Farahi

2 Answers

0
votes

Try the following:

server {
    listen 80;
    listen [::]:80;
    server_name domain1.com;
    return 301 https://$host$request_uri;
}
0
votes

I propose this code. Teste on my VPS, but not Amazon ELB

server {
server_name example.com www.example.com;
        listen 80;
        return 301 https://example.com$request_uri;
}
server {
server_name example.com;
        root /home/user/www/example/;
        include global.conf;
        include php.conf;
        include ssl.conf;
        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

}
server{
server_name www.example.com;
        include ssl.conf;
        return 301 https://example.com$request_uri;
        ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;
}

File ssl.conf containt:

listen 443 ssl http2;
listen [::]:443 ssl http2;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AES$
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;