How to redirect all http traffic to https using nginx

2024-02-26

A few gotchas:

Comment out everything in the default nginx config, for the default block to work here: /etc/nginx/sites-available/default Otherwise, you would likely get errors wrt multiple default_server's.
Run sudo nginx -t to check if your config is valid
Run sudo systemctl reload nginx to apply your checked config

Here is a nginx config that you might want to start with, this configuration snippet tells Nginx to listen for all HTTP traffic (both IPv4 and IPv6) on port 80, regardless of the domain name requested, and to redirect all of those requests to the HTTPS equivalent URL, using a 301 Moved Permanently response. This is a common setup for enforcing HTTPS across a website, ensuring that all traffic is encrypted:

server {
	listen 80 default_server;
	listen [::]:80 default_server;
	server_name _;
	return 301 https://$host$request_uri;
}

`server {`

This line begins the definition of a server block. Everything between the curly braces {} is part of the server block configuration. It tells Nginx that we're starting to define a new set of directives (rules) for how a particular site or service should be handled.

`listen 80 default_server;`

listen 80; tells Nginx to listen on port 80 for incoming connections. Port 80 is the default port for HTTP traffic, which means this server block is set up to handle regular, unencrypted web traffic.
default_server; specifies that this server block should be considered the default for requests on port 80. If Nginx receives a request and none of the server blocks explicitly match the requested domain, it will fall back to using this server block.

`listen [::]:80 default_server;`

This line is very similar to the previous one, but it's for IPv6 addresses.

listen [::]:80; is telling Nginx to listen on port 80 for incoming IPv6 connections. The [::] represents an IPv6 address.
default_server; again, marks this server block as the default for IPv6 requests on port 80.

`server_name _;`

server_name specifies which domain names this server block will respond to.
The underscore _ is a catch-all or wildcard character in Nginx, meaning this server block will respond to any hostname that doesn't have a more specific server block defined. It's often used in a default server block like this one.

`return 301 https://$host$request_uri;`

return 301 tells Nginx to return a 301 Moved Permanently status code. This is a type of HTTP response status code that is used for URL redirection.
https://$host$request_uri; specifies the new location to which the browser is redirected.
- $host is a variable in Nginx that represents the host name from the request line, or the host name from the 'Host' request header field, or the server name matching the request.
- $request_uri is another variable that includes the original request URI as received from the client, including the query string if any.
Together, https://$host$request_uri; means "redirect the request to the HTTPS version of whatever URL was requested, preserving the full path and query string." This line effectively forces all traffic to use HTTPS instead of HTTP, enhancing the security of the connection.

Sources:

https://vegastack.com/tutorials/redirect-http-to-https-in-nginx