Force HTTPS Requests

From Littledamien Wiki
Jump to navigation Jump to search

Overview[edit]

How to force all requests to a web server to be secure, i.e. https.

nginx[edit]

Edit the following to the nginx server configuration file, e.g. /etc/nginx/nginx.conf: 

server {
    listen        80 default_server;
    server_name   _;
    return 301    https://$host$request_uri;
}

Some sources claim that this can be put into a separate configuration file, e.g. /etc/nginx/conf.d/000_https_redirect_custom.conf, but I did not have luck doing this. http and https requests were still both successfully, but http requests were not redirected.

Also I was not able to create configuration directives that were capable of inserting this configuration on the server. With each application deploy nginx configuration files are set back to their defaults, wiping out SSL/TLS certificate and HTTPS redirects. These must be manually reinstated through a ssh connection to the server and manually editing /etc/nginx/nginx.conf. (There is a bash script that will make the edits in the ec2-user home directory.

Retrieved from "https://wiki.dbarchowsky.com/index.php?title=Force_HTTPS_Requests&oldid=2871"